INFO    [2022-12-06 10:49:17,864] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:49:18,214] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:49:21,377] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:49:21,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:49:30,910] defence360agent.migrate: Applying database migrations...
INFO    [2022-12-06 10:49:30,911] peewee_migrate: Starting migrations
INFO    [2022-12-06 10:49:30,930] peewee_migrate: Running "001_initial"
INFO    [2022-12-06 10:49:30,932] peewee_migrate: Done 001_initial
INFO    [2022-12-06 10:49:30,938] peewee_migrate: Running "002_infected_domain_list"
INFO    [2022-12-06 10:49:30,939] peewee_migrate: Done 002_infected_domain_list
INFO    [2022-12-06 10:49:30,945] peewee_migrate: Running "003_import_from_list"
INFO    [2022-12-06 10:49:30,946] peewee_migrate: add_column ('iplist', 'imported_from', <peewee.CharField object at 0x7f89f25b2280>)
INFO    [2022-12-06 10:49:30,947] peewee_migrate: add_column ('iplist', 'ctime', <peewee.IntegerField object at 0x7f89f25b25b0>)
INFO    [2022-12-06 10:49:30,948] peewee_migrate: Done 003_import_from_list
INFO    [2022-12-06 10:49:30,951] peewee_migrate: Running "004_add_username_to_infected_domain_list"
INFO    [2022-12-06 10:49:30,951] peewee_migrate: add_column ('infected_domain_list', 'username', <peewee.CharField object at 0x7f89f25db310>)
INFO    [2022-12-06 10:49:30,953] peewee_migrate: Done 004_add_username_to_infected_domain_list
INFO    [2022-12-06 10:49:30,956] peewee_migrate: Running "005_timeout_in_iplist"
INFO    [2022-12-06 10:49:30,956] peewee_migrate: add_column ('iplist', 'deep', <peewee.IntegerField object at 0x7f89f25db2b0>)
INFO    [2022-12-06 10:49:30,957] peewee_migrate: Done 005_timeout_in_iplist
INFO    [2022-12-06 10:49:30,960] peewee_migrate: Running "006_comment_in_plist"
INFO    [2022-12-06 10:49:30,961] peewee_migrate: add_column ('iplist', 'comment', <peewee.CharField object at 0x7f89f2620bb0>)
INFO    [2022-12-06 10:49:30,962] peewee_migrate: Done 006_comment_in_plist
INFO    [2022-12-06 10:49:30,965] peewee_migrate: Running "007_add_country_code_fields"
INFO    [2022-12-06 10:49:30,966] peewee_migrate: add_column ('iplist', 'country_id', <peewee.ForeignKeyField object at 0x7f89f25db130>)
INFO    [2022-12-06 10:49:30,966] peewee_migrate: add_column ('incident', 'country_id', <peewee.ForeignKeyField object at 0x7f89f25db880>)
INFO    [2022-12-06 10:49:30,967] peewee_migrate: add_index ('iplist', ['country_id'])
INFO    [2022-12-06 10:49:30,967] peewee_migrate: add_index ('incident', ['country_id'])
INFO    [2022-12-06 10:49:30,968] peewee_migrate: Done 007_add_country_code_fields
INFO    [2022-12-06 10:49:30,972] peewee_migrate: Running "008_fill_countries"
INFO    [2022-12-06 10:49:30,973] peewee_migrate: Done 008_fill_countries
INFO    [2022-12-06 10:49:30,976] peewee_migrate: Running "009_drop_blocklist_history"
INFO    [2022-12-06 10:49:30,984] peewee_migrate: Done 009_drop_blocklist_history
INFO    [2022-12-06 10:49:30,988] peewee_migrate: Running "010_drop_country_entities"
INFO    [2022-12-06 10:49:30,989] peewee_migrate: drop_index ('iplist', 'iplist_country_id')
INFO    [2022-12-06 10:49:30,989] peewee_migrate: drop_index ('incident', 'incident_country_id')
INFO    [2022-12-06 10:49:30,990] peewee_migrate: drop_column ('iplist', 'country_id')
INFO    [2022-12-06 10:49:30,993] peewee_migrate: drop_column ('incident', 'country_id')
INFO    [2022-12-06 10:49:30,996] peewee_migrate: Done 010_drop_country_entities
INFO    [2022-12-06 10:49:31,002] peewee_migrate: Running "011_create_new_country_entities"
INFO    [2022-12-06 10:49:31,003] peewee_migrate: add_column ('iplist', 'country_id', <peewee.ForeignKeyField object at 0x7f89f25f0e20>)
INFO    [2022-12-06 10:49:31,003] peewee_migrate: add_column ('incident', 'country_id', <peewee.ForeignKeyField object at 0x7f89f25f0c70>)
INFO    [2022-12-06 10:49:31,004] peewee_migrate: add_index ('iplist', ['country_id'])
INFO    [2022-12-06 10:49:31,004] peewee_migrate: add_index ('incident', ['country_id'])
INFO    [2022-12-06 10:49:31,006] peewee_migrate: Done 011_create_new_country_entities
INFO    [2022-12-06 10:49:31,010] peewee_migrate: Running "012_fill_countries_and_subnets"
INFO    [2022-12-06 10:49:31,011] peewee_migrate: Done 012_fill_countries_and_subnets
INFO    [2022-12-06 10:49:31,013] peewee_migrate: Running "013_add_indexes_to_iplist"
INFO    [2022-12-06 10:49:31,014] peewee_migrate: add_index ('iplist', ['listname'])
INFO    [2022-12-06 10:49:31,015] peewee_migrate: Done 013_add_indexes_to_iplist
INFO    [2022-12-06 10:49:31,021] peewee_migrate: Running "014_add_malware_hits"
INFO    [2022-12-06 10:49:31,023] peewee_migrate: Done 014_add_malware_hits
INFO    [2022-12-06 10:49:31,028] peewee_migrate: Running "015_add_iplist_expiration_index"
INFO    [2022-12-06 10:49:31,028] peewee_migrate: add_index ('iplist', ['expiration'])
INFO    [2022-12-06 10:49:31,029] peewee_migrate: Done 015_add_iplist_expiration_index
INFO    [2022-12-06 10:49:31,037] peewee_migrate: Running "016_fix_autowhitelist_expiration"
INFO    [2022-12-06 10:49:31,039] peewee_migrate: Done 016_fix_autowhitelist_expiration
INFO    [2022-12-06 10:49:31,043] peewee_migrate: Running "017_remove_sensor_prefix"
INFO    [2022-12-06 10:49:31,044] peewee_migrate: Done 017_remove_sensor_prefix
INFO    [2022-12-06 10:49:31,053] peewee_migrate: Running "018_license_info"
INFO    [2022-12-06 10:49:31,054] peewee_migrate: Done 018_license_info
INFO    [2022-12-06 10:49:31,058] peewee_migrate: Running "019_purge_old_configs"
INFO    [2022-12-06 10:49:31,059] peewee_migrate: Done 019_purge_old_configs
INFO    [2022-12-06 10:49:31,062] peewee_migrate: Running "020_malware_scan_types"
INFO    [2022-12-06 10:49:31,062] peewee_migrate: Done 020_malware_scan_types
INFO    [2022-12-06 10:49:31,070] peewee_migrate: Running "021_add_testing_repo"
INFO    [2022-12-06 10:49:31,071] peewee_migrate: Done 021_add_testing_repo
INFO    [2022-12-06 10:49:31,081] peewee_migrate: Running "022_mod_security_vendors_migrations"
INFO    [2022-12-06 10:49:31,082] peewee_migrate: Done 022_mod_security_vendors_migrations
INFO    [2022-12-06 10:49:31,087] peewee_migrate: Running "023_add_default_rule_in_modsec_custom_conf"
INFO    [2022-12-06 10:49:31,277] peewee_migrate: Done 023_add_default_rule_in_modsec_custom_conf
INFO    [2022-12-06 10:49:31,281] peewee_migrate: Running "024_ignore_from_graylist"
INFO    [2022-12-06 10:49:31,282] peewee_migrate: Done 024_ignore_from_graylist
INFO    [2022-12-06 10:49:31,286] peewee_migrate: Running "025_malware_config_realtime"
INFO    [2022-12-06 10:49:31,385] peewee_migrate: Done 025_malware_config_realtime
INFO    [2022-12-06 10:49:31,389] peewee_migrate: Running "026_remove_old_temporary_file"
INFO    [2022-12-06 10:49:31,393] peewee_migrate: Done 026_remove_old_temporary_file
INFO    [2022-12-06 10:49:31,397] peewee_migrate: Running "027_disable_comdo_fp_rules"
INFO    [2022-12-06 10:49:31,399] peewee_migrate: Done 027_disable_comdo_fp_rules
INFO    [2022-12-06 10:49:31,402] peewee_migrate: Running "028_set_permanent_ttl_for_blacklist"
INFO    [2022-12-06 10:49:31,407] peewee_migrate: Done 028_set_permanent_ttl_for_blacklist
INFO    [2022-12-06 10:49:31,411] peewee_migrate: Running "029_custom_quarantine"
INFO    [2022-12-06 10:49:31,412] peewee_migrate: Done 029_custom_quarantine
INFO    [2022-12-06 10:49:31,416] peewee_migrate: Running "030_rename_max_incident_repetition"
INFO    [2022-12-06 10:49:31,487] peewee_migrate: Done 030_rename_max_incident_repetition
INFO    [2022-12-06 10:49:31,491] peewee_migrate: Running "031_add_mode_field"
INFO    [2022-12-06 10:49:31,491] peewee_migrate: add_column ('malware_hits', 'mode', <peewee.IntegerField object at 0x7f89f2564190>)
INFO    [2022-12-06 10:49:31,493] peewee_migrate: Done 031_add_mode_field
INFO    [2022-12-06 10:49:31,496] peewee_migrate: Running "031_modsec_config_for_plesk_include"
INFO    [2022-12-06 10:49:31,498] peewee_migrate: Done 031_modsec_config_for_plesk_include
INFO    [2022-12-06 10:49:31,501] peewee_migrate: Running "032_chmod_quarantine"
INFO    [2022-12-06 10:49:31,502] peewee_migrate: Done 032_chmod_quarantine
INFO    [2022-12-06 10:49:31,506] peewee_migrate: Running "033_disable_cphulk"
INFO    [2022-12-06 10:49:31,507] peewee_migrate: Done 033_disable_cphulk
INFO    [2022-12-06 10:49:31,510] peewee_migrate: Running "034_hits_extras"
INFO    [2022-12-06 10:49:31,513] peewee_migrate: Done 034_hits_extras
INFO    [2022-12-06 10:49:31,518] peewee_migrate: Running "035_add_dos_expiration_field"
INFO    [2022-12-06 10:49:31,519] peewee_migrate: add_column ('iplist', 'dos_expiration', <peewee.IntegerField object at 0x7f89f2564880>)
INFO    [2022-12-06 10:49:31,520] peewee_migrate: Done 035_add_dos_expiration_field
INFO    [2022-12-06 10:49:31,524] peewee_migrate: Running "036_add_block_port"
INFO    [2022-12-06 10:49:31,526] peewee_migrate: add_column ('iplist', 'full_access', <peewee.BooleanField object at 0x7f89f2564dc0>)
INFO    [2022-12-06 10:49:31,528] peewee_migrate: Done 036_add_block_port
INFO    [2022-12-06 10:49:31,536] peewee_migrate: Running "037_disabled_rules"
INFO    [2022-12-06 10:49:31,540] peewee_migrate: Done 037_disabled_rules
INFO    [2022-12-06 10:49:31,545] peewee_migrate: Running "038_disabled_rules_import"
WARNING [2022-12-06 10:49:31,603] builtins: Error during syncing disabled rules: Integration config is missing server_type field
INFO    [2022-12-06 10:49:31,636] peewee_migrate: Done 038_disabled_rules_import
INFO    [2022-12-06 10:49:31,640] peewee_migrate: Running "039_fix_malware_hits"
INFO    [2022-12-06 10:49:31,641] peewee_migrate: sql ('\n        CREATE TABLE "malware_hits_new" (\n            "id" INTEGER NOT NULL PRIMARY KEY,\n            "scanid_id" VARCHAR(255) NOT NULL,\n            "user" VARCHAR(255) NOT NULL,\n            "orig_file" VARCHAR(255) NOT NULL,\n            "type" VARCHAR(255) NOT NULL,\n            "restored" INTEGER NOT NULL,\n            "mode" INTEGER,\n            FOREIGN KEY ("scanid_id") REFERENCES "malware_scans" ("scanid"))\n    ',)
INFO    [2022-12-06 10:49:31,642] peewee_migrate: sql ('INSERT INTO malware_hits_new SELECT * FROM malware_hits',)
INFO    [2022-12-06 10:49:31,643] peewee_migrate: sql ('DROP TABLE malware_hits',)
INFO    [2022-12-06 10:49:31,643] peewee_migrate: sql ('ALTER TABLE malware_hits_new RENAME TO malware_hits',)
INFO    [2022-12-06 10:49:31,646] peewee_migrate: Done 039_fix_malware_hits
INFO    [2022-12-06 10:49:31,655] peewee_migrate: Running "040_ignore_mod_sec_rule_214920"
INFO    [2022-12-06 10:49:31,656] peewee_migrate: Done 040_ignore_mod_sec_rule_214920
INFO    [2022-12-06 10:49:31,661] peewee_migrate: Running "041_fix_invalid_ignore_filed"
INFO    [2022-12-06 10:49:31,663] peewee_migrate: Done 041_fix_invalid_ignore_filed
INFO    [2022-12-06 10:49:31,679] peewee_migrate: Running "042_rebuildinstalledssldb"
INFO    [2022-12-06 10:49:31,681] peewee_migrate: Done 042_rebuildinstalledssldb
INFO    [2022-12-06 10:49:31,685] peewee_migrate: Running "043_disable_dos_scan_by_default"
INFO    [2022-12-06 10:49:31,735] defence360agent.contracts.config_provider: CachedConfigReader <'/etc/sysconfig/imunify360/imunify360-merged.config', modified at 0.0, 0.0 bytes> modified: removed={}, added={"ADMIN_CONTACTS": {"emails": [], "enable_icontact_notifications": true}, "AUTO_WHITELIST": {"after_unblock_timeout": 1440, "timeout": 1440}, "BACKUP_RESTORE": {"cl_backup_allowed": true, "cl_on_premise_backup_allowed": false, "max_days_in_backup": 90}, "BLOCKED_PORTS": {"default_mode": "allowed"}, "CAPTCHA": {"cert_refresh_timeout": 3600}, "CAPTCHA_DOS": {"enabled": true, "max_count": 100, "time_frame": 21600, "timeout": 864000}, "CSF_INTEGRATION": {"catch_lfd_events": false}, "DOS": {"default_limit": 250, "enabled": true, "interval": 30, "port_limits": {}}, "ERROR_REPORTING": {"enable": true}, "FIREWALL": {"TCP_IN_IPv4": ["20", "21", "22", "25", "53", "80", "110", "443", "465", "587", "993", "995"], "TCP_OUT_IPv4": ["20", "21", "22", "25", "53", "80", "110", "113", "443", "587", "993", "995"], "UDP_IN_IPv4": ["20", "21", "53", "443"], "UDP_OUT_IPv4": ["20", "21", "53", "113", "123"], "internal_use_remote_iplist": false, "port_blocking_mode": "ALLOW"}, "INCIDENT_LOGGING": {"limit": 100000, "min_log_level": 4, "num_days": 100, "ui_autorefresh_timeout": 10}, "KERNELCARE": {"edf": false}, "LOGGER": {"backup_count": 5, "max_log_file_size": 62914560, "syscall_monitor": false}, "MALWARE_CLEANUP": {"keep_original_files_days": 14, "trim_file_instead_of_removal": true}, "MALWARE_DATABASE_SCAN": {"enable": false}, "MALWARE_SCANNING": {"cloud_assisted_scan": true, "default_action": "cleanup", "detect_elf": true, "enable_scan_cpanel": true, "enable_scan_inotify": true, "enable_scan_modsec": true, "enable_scan_pure_ftpd": true, "hyperscan": false, "max_cloudscan_size_to_scan": 10485760, "max_mrs_upload_file": 10485760, "max_signature_size_to_scan": 1048576, "notify_on_detect": false, "optimize_realtime_scan": true, "rapid_scan": true, "rapid_scan_rescan_unchanging_files_frequency": null, "scan_modified_files": null, "sends_file_for_analysis": true, "try_restore_from_backup_first": false}, "MALWARE_SCAN_INTENSITY": {"cpu": 2, "io": 2, "ram": 2048, "user_scan_cpu": 2, "user_scan_io": 2, "user_scan_ram": 1024}, "MALWARE_SCAN_SCHEDULE": {"day_of_month": 1, "day_of_week": 0, "hour": 3, "interval": "week"}, "MOD_SEC": {"app_specific_ruleset": true, "cms_account_compromise_prevention": false, "prev_settings": "", "ruleset": "FULL"}, "MOD_SEC_BLOCK_BY_CUSTOM_RULE": {"33332": {"check_period": 120, "max_incidents": 10}, "33339": {"check_period": 120, "max_incidents": 10}}, "MOD_SEC_BLOCK_BY_SEVERITY": {"check_period": 120, "denied_num_limit": 2, "enable": true, "max_incidents": 2, "severity_limit": 2}, "NETWORK_INTERFACE": {"eth6_device": null, "eth_device": null, "eth_device_skip": []}, "OSSEC": {"active_response": false}, "PAM": {"enable": true, "exim_dovecot_native": false, "exim_dovecot_protection": true, "ftp_protection": false}, "PERMISSIONS": {"advisor": true, "allow_malware_scan": false, "support_form": true, "upgrade_button": true, "user_ignore_list": false, "user_override_malware_actions": false, "user_override_proactive_defense": false}, "PROACTIVE_DEFENCE": {"blamer": true, "mode": "LOG", "php_immunity": false}, "RESOURCE_MANAGEMENT": {"cpu_limit": 2, "io_limit": 2, "ram_limit": 500}, "SEND_ADDITIONAL_DATA": {"enable": true}, "SMTP_BLOCKING": {"allow_groups": ["mail"], "allow_local": false, "allow_users": [], "enable": false, "ports": [25, 587, 465], "redirect": false}, "STOP_MANAGING": {"modsec_directives": false}, "WEBSHIELD": {"captcha_secret_key": "", "captcha_site_key": "", "enable": true, "invisible_captcha": false, "known_proxies_support": true, "splash_screen": true}, "WEB_SERVICES": {"http_ports": [], "https_ports": []}}, changed={}
INFO    [2022-12-06 10:49:31,859] peewee_migrate: Done 043_disable_dos_scan_by_default
INFO    [2022-12-06 10:49:31,863] peewee_migrate: Running "044_ignore_virtfs_on_cpanel"
INFO    [2022-12-06 10:49:31,866] peewee_migrate: Done 044_ignore_virtfs_on_cpanel
INFO    [2022-12-06 10:49:31,877] peewee_migrate: Running "045_ignore_vdserver_dir_in_csf"
INFO    [2022-12-06 10:49:31,880] peewee_migrate: Done 045_ignore_vdserver_dir_in_csf
INFO    [2022-12-06 10:49:31,884] peewee_migrate: Running "046_foreign_key_fix"
INFO    [2022-12-06 10:49:31,885] peewee_migrate: sql ('\n        CREATE TABLE "malware_hit_extras_new" (\n          "id" INTEGER NOT NULL PRIMARY KEY,\n          "hit_id" INTEGER NOT NULL,\n          "name" VARCHAR(255) NOT NULL,\n          "value" VARCHAR(255) NOT NULL,\n          FOREIGN KEY ("hit_id")\n            REFERENCES "malware_hits" ("id") ON DELETE CASCADE\n        )\n    ',)
INFO    [2022-12-06 10:49:31,887] peewee_migrate: sql ('INSERT INTO malware_hit_extras_new SELECT * FROM malware_hit_extras',)
INFO    [2022-12-06 10:49:31,887] peewee_migrate: sql ('DROP TABLE malware_hit_extras',)
INFO    [2022-12-06 10:49:31,888] peewee_migrate: sql ('ALTER TABLE malware_hit_extras_new RENAME TO malware_hit_extras',)
INFO    [2022-12-06 10:49:31,891] peewee_migrate: Done 046_foreign_key_fix
INFO    [2022-12-06 10:49:31,896] peewee_migrate: Running "047_license_in_file"
INFO    [2022-12-06 10:49:31,900] peewee_migrate: Done 047_license_in_file
INFO    [2022-12-06 10:49:31,905] peewee_migrate: Running "048_malware_hits_vendor_field"
INFO    [2022-12-06 10:49:31,906] peewee_migrate: add_column ('malware_hits', 'vendor', <peewee.CharField object at 0x7f89f25db790>)
INFO    [2022-12-06 10:49:31,913] peewee_migrate: Done 048_malware_hits_vendor_field
INFO    [2022-12-06 10:49:31,920] peewee_migrate: Running "049_add_auto_added_field_to_iplist"
INFO    [2022-12-06 10:49:31,921] peewee_migrate: add_column ('iplist', 'auto_whitelisted', <peewee.BooleanField object at 0x7f89f25f0880>)
INFO    [2022-12-06 10:49:31,923] peewee_migrate: Done 049_add_auto_added_field_to_iplist
INFO    [2022-12-06 10:49:31,927] peewee_migrate: Running "050_fill_auto_whitelisted"
INFO    [2022-12-06 10:49:31,928] peewee_migrate: Done 050_fill_auto_whitelisted
INFO    [2022-12-06 10:49:31,935] peewee_migrate: Running "051_cleanup_vd_license"
INFO    [2022-12-06 10:49:31,936] peewee_migrate: Done 051_cleanup_vd_license
INFO    [2022-12-06 10:49:31,941] peewee_migrate: Running "052_whitelisted_crawlers"
INFO    [2022-12-06 10:49:31,944] peewee_migrate: Done 052_whitelisted_crawlers
INFO    [2022-12-06 10:49:31,948] peewee_migrate: Running "053_populate_whitelisted_crawlers"
INFO    [2022-12-06 10:49:31,952] peewee_migrate: Done 053_populate_whitelisted_crawlers
INFO    [2022-12-06 10:49:31,956] peewee_migrate: Running "054_add_malicious_and_added_date_fileds"
INFO    [2022-12-06 10:49:31,957] peewee_migrate: add_column ('malware_hits', 'malicious', <peewee.BooleanField object at 0x7f89f25f0c10>)
INFO    [2022-12-06 10:49:31,962] peewee_migrate: add_column ('malware_ignore_path', 'added_date', <peewee.IntegerField object at 0x7f89f2567910>)
INFO    [2022-12-06 10:49:31,967] peewee_migrate: Done 054_add_malicious_and_added_date_fileds
INFO    [2022-12-06 10:49:31,974] peewee_migrate: Running "055_migrate_move_to_quar_option"
INFO    [2022-12-06 10:49:32,031] peewee_migrate: Done 055_migrate_move_to_quar_option
INFO    [2022-12-06 10:49:32,034] peewee_migrate: Running "056_populate_malicious_with_quarantined"
INFO    [2022-12-06 10:49:32,036] peewee_migrate: Done 056_populate_malicious_with_quarantined
INFO    [2022-12-06 10:49:32,039] peewee_migrate: Running "057_filename_is_blob"
INFO    [2022-12-06 10:49:32,040] peewee_migrate: sql ('\n        CREATE TABLE "malware_hits_new" (\n            "id" INTEGER NOT NULL PRIMARY KEY,\n            "scanid_id" VARCHAR(255) NOT NULL,\n            "user" VARCHAR(255) NOT NULL,\n            "orig_file" BLOB NOT NULL,\n            "type" VARCHAR(255) NOT NULL,\n            "restored" INTEGER NOT NULL,\n            "mode" INTEGER,\n            "vendor" VARCHAR(255) NOT NULL,\n            "malicious" INTEGER NOT NULL,\n            FOREIGN KEY ("scanid_id") REFERENCES "malware_scans" ("scanid"))\n    ',)
INFO    [2022-12-06 10:49:32,041] peewee_migrate: sql ('INSERT INTO malware_hits_new SELECT * FROM malware_hits',)
INFO    [2022-12-06 10:49:32,042] peewee_migrate: sql ('DROP TABLE malware_hits',)
INFO    [2022-12-06 10:49:32,042] peewee_migrate: sql ('ALTER TABLE malware_hits_new RENAME TO malware_hits',)
INFO    [2022-12-06 10:49:32,046] peewee_migrate: Done 057_filename_is_blob
INFO    [2022-12-06 10:49:32,050] peewee_migrate: Running "058_convert_license_last_attempt"
INFO    [2022-12-06 10:49:32,052] peewee_migrate: Done 058_convert_license_last_attempt
INFO    [2022-12-06 10:49:32,055] peewee_migrate: Running "059_scans_error_field"
INFO    [2022-12-06 10:49:32,056] peewee_migrate: add_column ('malware_scans', 'error', <peewee.TextField object at 0x7f89f2575970>)
INFO    [2022-12-06 10:49:32,058] peewee_migrate: Done 059_scans_error_field
INFO    [2022-12-06 10:49:32,062] peewee_migrate: Running "060_migrate_invisible_captcha_conf"
INFO    [2022-12-06 10:49:32,159] peewee_migrate: Done 060_migrate_invisible_captcha_conf
INFO    [2022-12-06 10:49:32,164] peewee_migrate: Running "061_migrate_backup_system_conf"
INFO    [2022-12-06 10:49:32,224] peewee_migrate: Done 061_migrate_backup_system_conf
INFO    [2022-12-06 10:49:32,227] peewee_migrate: Running "062_drop_malware_extra_data"
INFO    [2022-12-06 10:49:32,229] peewee_migrate: Done 062_drop_malware_extra_data
INFO    [2022-12-06 10:49:32,232] peewee_migrate: Running "062_fix_null_expiration"
INFO    [2022-12-06 10:49:32,234] peewee_migrate: Done 062_fix_null_expiration
INFO    [2022-12-06 10:49:32,237] peewee_migrate: Running "063_fix_graylist_doslist_expiration_discrepancy"
INFO    [2022-12-06 10:49:32,238] peewee_migrate: Done 063_fix_graylist_doslist_expiration_discrepancy
INFO    [2022-12-06 10:49:32,241] peewee_migrate: Running "064_chmod_i360deploy_log"
INFO    [2022-12-06 10:49:32,242] peewee_migrate: Done 064_chmod_i360deploy_log
INFO    [2022-12-06 10:49:32,245] peewee_migrate: Running "065_remove_capture_csf_lock_from_config"
INFO    [2022-12-06 10:49:32,269] peewee_migrate: Done 065_remove_capture_csf_lock_from_config
INFO    [2022-12-06 10:49:32,273] peewee_migrate: Running "066_eula_table"
INFO    [2022-12-06 10:49:32,274] peewee_migrate: Done 066_eula_table
INFO    [2022-12-06 10:49:32,278] peewee_migrate: Running "067_drop_fields_from_modsec_conf"
INFO    [2022-12-06 10:49:32,331] peewee_migrate: Done 067_drop_fields_from_modsec_conf
INFO    [2022-12-06 10:49:32,335] peewee_migrate: Running "068_remove_rules_check_interval_from_config"
INFO    [2022-12-06 10:49:32,337] peewee_migrate: Done 068_remove_rules_check_interval_from_config
INFO    [2022-12-06 10:49:32,339] peewee_migrate: Running "069_incidents_domain_field"
INFO    [2022-12-06 10:49:32,340] peewee_migrate: add_column ('incident', 'domain', <peewee.TextField object at 0x7f89f254cc40>)
INFO    [2022-12-06 10:49:32,341] peewee_migrate: Done 069_incidents_domain_field
INFO    [2022-12-06 10:49:32,345] peewee_migrate: Running "070_modsec_incident_names"
INFO    [2022-12-06 10:49:32,347] peewee_migrate: Done 070_modsec_incident_names
INFO    [2022-12-06 10:49:32,350] peewee_migrate: Running "071_malware_hits_hash_size_fields"
INFO    [2022-12-06 10:49:32,351] peewee_migrate: add_column ('malware_hits', 'size', <peewee.CharField object at 0x7f89f2511430>)
INFO    [2022-12-06 10:49:32,352] peewee_migrate: add_column ('malware_hits', 'hash', <peewee.CharField object at 0x7f89f25112e0>)
INFO    [2022-12-06 10:49:32,353] peewee_migrate: Done 071_malware_hits_hash_size_fields
INFO    [2022-12-06 10:49:32,357] peewee_migrate: Running "072_add_malware_history_table"
INFO    [2022-12-06 10:49:32,358] peewee_migrate: Done 072_add_malware_history_table
INFO    [2022-12-06 10:49:32,363] peewee_migrate: Running "072_captcha_stat"
INFO    [2022-12-06 10:49:32,365] peewee_migrate: Done 072_captcha_stat
INFO    [2022-12-06 10:49:32,370] peewee_migrate: Running "072_extend_last_synclist"
INFO    [2022-12-06 10:49:32,371] peewee_migrate: sql ('\n      CREATE TABLE "last_synclist_new" (\n        "timestamp" REAL,\n        "name" VARCHAR(255) NOT NULL PRIMARY KEY\n        )',)
INFO    [2022-12-06 10:49:32,372] peewee_migrate: sql ('INSERT INTO last_synclist_new SELECT timestamp, "ip" AS name FROM last_synclist LIMIT 1',)
INFO    [2022-12-06 10:49:32,372] peewee_migrate: sql ('DROP TABLE last_synclist',)
INFO    [2022-12-06 10:49:32,373] peewee_migrate: sql ('ALTER TABLE last_synclist_new RENAME TO last_synclist',)
INFO    [2022-12-06 10:49:32,376] peewee_migrate: Done 072_extend_last_synclist
INFO    [2022-12-06 10:49:32,382] peewee_migrate: Running "073_drop_dos_expiration"
INFO    [2022-12-06 10:49:32,383] peewee_migrate: add_column ('iplist', 'no_captcha', <peewee.BooleanField object at 0x7f89f25db100>)
INFO    [2022-12-06 10:49:32,389] peewee_migrate: sql ("UPDATE iplist SET no_captcha=1 WHERE listname='GRAY' AND dos_expiration",)
INFO    [2022-12-06 10:49:32,390] peewee_migrate: drop_column ('iplist', 'dos_expiration')
INFO    [2022-12-06 10:49:32,399] peewee_migrate: Done 073_drop_dos_expiration
INFO    [2022-12-06 10:49:32,405] peewee_migrate: Running "074_ip_as_int"
INFO    [2022-12-06 10:49:32,410] peewee_migrate: Done 074_ip_as_int
INFO    [2022-12-06 10:49:32,416] peewee_migrate: Running "075_ips_as_int"
INFO    [2022-12-06 10:49:32,417] peewee_migrate: sql ('DROP TABLE iplist',)
INFO    [2022-12-06 10:49:32,418] peewee_migrate: sql ('ALTER TABLE iplist_new RENAME TO iplist',)
INFO    [2022-12-06 10:49:32,420] peewee_migrate: sql ('CREATE INDEX "iplist_listname" ON "iplist" ("listname")',)
INFO    [2022-12-06 10:49:32,421] peewee_migrate: sql ('CREATE INDEX "iplist_expiration" ON "iplist" ("expiration")',)
INFO    [2022-12-06 10:49:32,422] peewee_migrate: sql ('CREATE INDEX "iplist_ip" ON "iplist" ("ip")',)
INFO    [2022-12-06 10:49:32,423] peewee_migrate: Done 075_ips_as_int
INFO    [2022-12-06 10:49:32,427] peewee_migrate: Running "076_hash_model"
INFO    [2022-12-06 10:49:32,428] peewee_migrate: Done 076_hash_model
INFO    [2022-12-06 10:49:32,432] peewee_migrate: Running "077_alter_malware_scan"
INFO    [2022-12-06 10:49:32,434] peewee_migrate: change_column ('malware_scans', 'path', <peewee.CharField object at 0x7f89f25b2490>)
INFO    [2022-12-06 10:49:32,438] peewee_migrate: change_column ('malware_scans', 'type', <peewee.CharField object at 0x7f89f2505e20>)
INFO    [2022-12-06 10:49:32,444] peewee_migrate: Done 077_alter_malware_scan
INFO    [2022-12-06 10:49:32,449] peewee_migrate: Running "078_fix_signatures_permissions"
INFO    [2022-12-06 10:49:32,450] peewee_migrate: Done 078_fix_signatures_permissions
INFO    [2022-12-06 10:49:32,453] peewee_migrate: Running "079_add_uid_gid_fields"
INFO    [2022-12-06 10:49:32,453] peewee_migrate: add_column ('malware_hits', 'uid', <peewee.IntegerField object at 0x7f89f25646a0>)
INFO    [2022-12-06 10:49:32,454] peewee_migrate: add_column ('malware_hits', 'gid', <peewee.IntegerField object at 0x7f89f2564e50>)
INFO    [2022-12-06 10:49:32,456] peewee_migrate: Done 079_add_uid_gid_fields
INFO    [2022-12-06 10:49:32,459] peewee_migrate: Running "080_populate_uid_gid_size_hash_fields"
INFO    [2022-12-06 10:49:32,460] peewee_migrate: Done 080_populate_uid_gid_size_hash_fields
INFO    [2022-12-06 10:49:32,463] peewee_migrate: Running "081_fix_clamscan_broken_symlink"
INFO    [2022-12-06 10:49:32,464] peewee_migrate: Done 081_fix_clamscan_broken_symlink
INFO    [2022-12-06 10:49:32,467] peewee_migrate: Running "082_add_cl_on_premise_backup_option"
INFO    [2022-12-06 10:49:32,468] peewee_migrate: Done 082_add_cl_on_premise_backup_option
INFO    [2022-12-06 10:49:32,474] peewee_migrate: Running "082_add_manual_flag"
INFO    [2022-12-06 10:49:32,475] peewee_migrate: add_column ('iplist', 'manual', <peewee.BooleanField object at 0x7f89f25b2af0>)
INFO    [2022-12-06 10:49:32,482] peewee_migrate: Done 082_add_manual_flag
INFO    [2022-12-06 10:49:32,486] peewee_migrate: Running "083_drop_no_captcha_field"
INFO    [2022-12-06 10:49:32,487] peewee_migrate: sql ("UPDATE iplist SET manual=0 WHERE listname='GRAY'",)
INFO    [2022-12-06 10:49:32,488] peewee_migrate: sql ("UPDATE iplist SET manual=1 WHERE listname='WHITE'",)
INFO    [2022-12-06 10:49:32,488] peewee_migrate: sql ("UPDATE iplist SET manual=1 WHERE listname='BLACK'",)
INFO    [2022-12-06 10:49:32,489] peewee_migrate: sql ("UPDATE iplist SET listname='BLACK'WHERE listname='GRAY' AND no_captcha=1",)
INFO    [2022-12-06 10:49:32,489] peewee_migrate: sql ("UPDATE iplist SET comment='Automatically blocked due to distributed attack', imported_from='Imunify360' WHERE listname='BLACK' AND manual=0",)
INFO    [2022-12-06 10:49:32,490] peewee_migrate: drop_column ('iplist', 'no_captcha')
INFO    [2022-12-06 10:49:32,495] peewee_migrate: Done 083_drop_no_captcha_field
INFO    [2022-12-06 10:49:32,505] peewee_migrate: Running "084_country_subnets_fields"
INFO    [2022-12-06 10:49:32,506] peewee_migrate: rename_column ('country_subnets', 'ip_net', 'ip')
INFO    [2022-12-06 10:49:32,510] peewee_migrate: add_column ('country_subnets', 'network_address', <peewee.IntegerField object at 0x7f89f2511190>)
INFO    [2022-12-06 10:49:32,511] peewee_migrate: add_column ('country_subnets', 'netmask', <peewee.IntegerField object at 0x7f89f2511ac0>)
INFO    [2022-12-06 10:49:32,512] peewee_migrate: add_column ('country_subnets', 'version', <peewee.IntegerField object at 0x7f89f2511a00>)
INFO    [2022-12-06 10:49:32,513] peewee_migrate: Done 084_country_subnets_fields
INFO    [2022-12-06 10:49:32,517] peewee_migrate: Running "085_country_subnets_fields"
INFO    [2022-12-06 10:49:32,518] peewee_migrate: sql ('DELETE FROM country_subnets',)
INFO    [2022-12-06 10:49:32,519] peewee_migrate: add_not_null ('country_subnets', 'network_address')
INFO    [2022-12-06 10:49:32,522] peewee_migrate: add_not_null ('country_subnets', 'netmask')
INFO    [2022-12-06 10:49:32,526] peewee_migrate: add_not_null ('country_subnets', 'version')
INFO    [2022-12-06 10:49:32,530] peewee_migrate: Done 085_country_subnets_fields
INFO    [2022-12-06 10:49:32,534] peewee_migrate: Running "086_ignored_by_port_fields"
INFO    [2022-12-06 10:49:32,534] peewee_migrate: add_column ('ignored_by_port_proto', 'network_address', <peewee.IntegerField object at 0x7f89f25640d0>)
INFO    [2022-12-06 10:49:32,535] peewee_migrate: add_column ('ignored_by_port_proto', 'netmask', <peewee.IntegerField object at 0x7f89f2564880>)
INFO    [2022-12-06 10:49:32,536] peewee_migrate: add_column ('ignored_by_port_proto', 'version', <peewee.IntegerField object at 0x7f89f2564310>)
INFO    [2022-12-06 10:49:32,537] peewee_migrate: add_column ('ignored_by_port_proto', 'country_id', <peewee.ForeignKeyField object at 0x7f89f2564340>)
INFO    [2022-12-06 10:49:32,538] peewee_migrate: Done 086_ignored_by_port_fields
INFO    [2022-12-06 10:49:32,542] peewee_migrate: Running "087_ignored_by_port_fields"
INFO    [2022-12-06 10:49:32,543] peewee_migrate: add_not_null ('ignored_by_port_proto', 'network_address')
INFO    [2022-12-06 10:49:32,549] peewee_migrate: add_not_null ('ignored_by_port_proto', 'netmask')
INFO    [2022-12-06 10:49:32,554] peewee_migrate: add_not_null ('ignored_by_port_proto', 'version')
INFO    [2022-12-06 10:49:32,559] peewee_migrate: Done 087_ignored_by_port_fields
INFO    [2022-12-06 10:49:32,563] peewee_migrate: Running "088_add_malware_i360_clamd_scan_option"
INFO    [2022-12-06 10:49:32,564] peewee_migrate: Done 088_add_malware_i360_clamd_scan_option
INFO    [2022-12-06 10:49:32,568] peewee_migrate: Running "089_proactive_tables"
INFO    [2022-12-06 10:49:32,572] peewee_migrate: Done 089_proactive_tables
INFO    [2022-12-06 10:49:32,578] peewee_migrate: Running "090_safe_user_config"
INFO    [2022-12-06 10:49:32,585] peewee_migrate: Done 090_safe_user_config
INFO    [2022-12-06 10:49:32,590] peewee_migrate: Running "091_compress_old_logs"
INFO    [2022-12-06 10:49:32,593] peewee_migrate: Done 091_compress_old_logs
INFO    [2022-12-06 10:49:32,597] peewee_migrate: Running "092_ignore_proc_sys_dirs"
INFO    [2022-12-06 10:49:32,599] peewee_migrate: Done 092_ignore_proc_sys_dirs
INFO    [2022-12-06 10:49:32,608] peewee_migrate: Running "092_remove_old_disabled_rules"
INFO    [2022-12-06 10:49:32,610] peewee_migrate: Done 092_remove_old_disabled_rules
INFO    [2022-12-06 10:49:32,614] peewee_migrate: Running "093_make_quarantined_files_immutable"
INFO    [2022-12-06 10:49:32,616] peewee_migrate: Done 093_make_quarantined_files_immutable
INFO    [2022-12-06 10:49:32,621] peewee_migrate: Running "094_ignore_cagefs_proc"
INFO    [2022-12-06 10:49:32,625] peewee_migrate: Done 094_ignore_cagefs_proc
INFO    [2022-12-06 10:49:32,629] peewee_migrate: Running "095_add_total_malicious_field"
INFO    [2022-12-06 10:49:32,631] peewee_migrate: add_column ('malware_scans', 'total_malicious', <peewee.IntegerField object at 0x7f89f25e8220>)
INFO    [2022-12-06 10:49:32,640] peewee_migrate: Done 095_add_total_malicious_field
INFO    [2022-12-06 10:49:32,646] peewee_migrate: Running "096_populate_total_malicious_field"
INFO    [2022-12-06 10:49:32,649] peewee_migrate: Done 096_populate_total_malicious_field
INFO    [2022-12-06 10:49:32,654] peewee_migrate: Running "097_remove_uid_and_gid"
INFO    [2022-12-06 10:49:32,655] peewee_migrate: drop_column ('malware_hits', 'uid')
INFO    [2022-12-06 10:49:32,659] peewee_migrate: drop_column ('malware_hits', 'gid')
INFO    [2022-12-06 10:49:32,664] peewee_migrate: Done 097_remove_uid_and_gid
INFO    [2022-12-06 10:49:32,669] peewee_migrate: Running "098_remote_proxy_tables"
INFO    [2022-12-06 10:49:32,673] peewee_migrate: Done 098_remote_proxy_tables
INFO    [2022-12-06 10:49:32,678] peewee_migrate: Running "099_remove_old_disabled_rules"
INFO    [2022-12-06 10:49:32,680] peewee_migrate: Done 099_remove_old_disabled_rules
INFO    [2022-12-06 10:49:32,683] peewee_migrate: Running "100_remove_captcha_ports_from_csf"
INFO    [2022-12-06 10:49:32,684] peewee_migrate: Done 100_remove_captcha_ports_from_csf
INFO    [2022-12-06 10:49:32,687] peewee_migrate: Running "101_remove_unneeded_acronis_ports_from_csf"
INFO    [2022-12-06 10:49:32,688] peewee_migrate: Done 101_remove_unneeded_acronis_ports_from_csf
INFO    [2022-12-06 10:49:32,692] peewee_migrate: Running "102_proactive_ignore_list"
INFO    [2022-12-06 10:49:32,694] peewee_migrate: add_column ('proactive', 'rule_id', <peewee.IntegerField object at 0x7f89f2520880>)
INFO    [2022-12-06 10:49:32,695] peewee_migrate: rename_column ('proactive', 'reason', 'rule_name')
INFO    [2022-12-06 10:49:32,700] peewee_migrate: Done 102_proactive_ignore_list
INFO    [2022-12-06 10:49:32,705] peewee_migrate: Running "102_replace_comodo"
INFO    [2022-12-06 10:49:32,706] peewee_migrate: sql ("UPDATE incident SET name=replace(name, 'COMODO WAF', 'IM360 WAF'), description=replace(description, 'COMODO WAF', 'IM360 WAF')",)
INFO    [2022-12-06 10:49:32,706] peewee_migrate: sql ("UPDATE disabled_rules SET name=replace(name, 'COMODO WAF', 'IM360 WAF')",)
INFO    [2022-12-06 10:49:32,707] peewee_migrate: Done 102_replace_comodo
INFO    [2022-12-06 10:49:32,710] peewee_migrate: Running "103_remove_vd_license"
INFO    [2022-12-06 10:49:32,711] peewee_migrate: Done 103_remove_vd_license
INFO    [2022-12-06 10:49:32,714] peewee_migrate: Running "104_add_feature_management_permissions"
INFO    [2022-12-06 10:49:32,715] peewee_migrate: Done 104_add_feature_management_permissions
INFO    [2022-12-06 10:49:32,724] peewee_migrate: Running "105_populate_default_feature_management_permissions"
INFO    [2022-12-06 10:49:32,728] peewee_migrate: Done 105_populate_default_feature_management_permissions
INFO    [2022-12-06 10:49:32,732] peewee_migrate: Running "106_add_malware_cleanup_in_config"
INFO    [2022-12-06 10:49:32,827] peewee_migrate: Done 106_add_malware_cleanup_in_config
INFO    [2022-12-06 10:49:32,832] peewee_migrate: Running "106_malware_hit_status_field_add"
INFO    [2022-12-06 10:49:32,833] peewee_migrate: add_column ('malware_hits', 'status', <peewee.CharField object at 0x7f89f2511250>)
INFO    [2022-12-06 10:49:32,838] peewee_migrate: add_column ('malware_hits', 'cleaned_at', <peewee.FloatField object at 0x7f89f2567280>)
INFO    [2022-12-06 10:49:32,839] peewee_migrate: Done 106_malware_hit_status_field_add
INFO    [2022-12-06 10:49:32,844] peewee_migrate: Running "107_add_bruteforce_rule_33339"
INFO    [2022-12-06 10:49:32,951] peewee_migrate: Done 107_add_bruteforce_rule_33339
INFO    [2022-12-06 10:49:32,955] peewee_migrate: Running "107_malware_hit_status_field_populate"
INFO    [2022-12-06 10:49:32,956] peewee_migrate: drop_column ('malware_hits', 'restored')
INFO    [2022-12-06 10:49:32,960] peewee_migrate: Done 107_malware_hit_status_field_populate
INFO    [2022-12-06 10:49:32,964] peewee_migrate: Running "108_feature_management_cleanup_add"
INFO    [2022-12-06 10:49:32,965] peewee_migrate: add_column ('feature_management_permissions', 'cleanup', <peewee.BooleanField object at 0x7f89f25647c0>)
INFO    [2022-12-06 10:49:32,972] peewee_migrate: Done 108_feature_management_cleanup_add
INFO    [2022-12-06 10:49:32,975] peewee_migrate: Running "108_validate_config"
INFO    [2022-12-06 10:49:33,052] peewee_migrate: Done 108_validate_config
INFO    [2022-12-06 10:49:33,057] peewee_migrate: Running "109_dos_detector"
INFO    [2022-12-06 10:49:33,157] peewee_migrate: Done 109_dos_detector
INFO    [2022-12-06 10:49:33,161] peewee_migrate: Running "110_ignore_list_ip_as_int"
INFO    [2022-12-06 10:49:33,163] peewee_migrate: Done 110_ignore_list_ip_as_int
INFO    [2022-12-06 10:49:33,167] peewee_migrate: Running "111_ignore_list_ip_as_int"
INFO    [2022-12-06 10:49:33,168] peewee_migrate: sql ('DROP TABLE ignore_list',)
INFO    [2022-12-06 10:49:33,169] peewee_migrate: sql ('ALTER TABLE ignore_list_new RENAME TO ignore_list',)
INFO    [2022-12-06 10:49:33,172] peewee_migrate: Done 111_ignore_list_ip_as_int
INFO    [2022-12-06 10:49:33,177] peewee_migrate: Running "112_hardened_php"
INFO    [2022-12-06 10:49:33,178] peewee_migrate: Done 112_hardened_php
INFO    [2022-12-06 10:49:33,182] peewee_migrate: Running "113_move_quarantined_files"
INFO    [2022-12-06 10:49:33,182] peewee_migrate: Done 113_move_quarantined_files
INFO    [2022-12-06 10:49:33,185] peewee_migrate: Running "114_disable_auto-quarantine"
INFO    [2022-12-06 10:49:33,187] peewee_migrate: Done 114_disable_auto-quarantine
INFO    [2022-12-06 10:49:33,190] peewee_migrate: Running "115_feature_management_fields"
INFO    [2022-12-06 10:49:33,191] peewee_migrate: add_column ('feature_management_permissions', 'proactive_new', <peewee.TextField object at 0x7f89f250a610>)
INFO    [2022-12-06 10:49:33,197] peewee_migrate: add_column ('feature_management_permissions', 'av', <peewee.TextField object at 0x7f89f2524910>)
INFO    [2022-12-06 10:49:33,203] peewee_migrate: sql ('UPDATE feature_management_permissions SET av=? WHERE cleanup=1', 'full')
INFO    [2022-12-06 10:49:33,203] peewee_migrate: sql ('UPDATE feature_management_permissions SET av=? WHERE cleanup=0', 'report')
INFO    [2022-12-06 10:49:33,204] peewee_migrate: sql ('UPDATE feature_management_permissions SET proactive_new=? WHERE proactive=1', 'full')
INFO    [2022-12-06 10:49:33,204] peewee_migrate: sql ('UPDATE feature_management_permissions SET proactive_new=? WHERE proactive=0', 'na')
INFO    [2022-12-06 10:49:33,205] peewee_migrate: drop_column ('feature_management_permissions', 'proactive')
INFO    [2022-12-06 10:49:33,209] peewee_migrate: drop_column ('feature_management_permissions', 'cleanup')
INFO    [2022-12-06 10:49:33,215] peewee_migrate: Done 115_feature_management_fields
INFO    [2022-12-06 10:49:33,219] peewee_migrate: Running "116_feature_management_fields"
INFO    [2022-12-06 10:49:33,220] peewee_migrate: rename_column ('feature_management_permissions', 'proactive_new', 'proactive')
INFO    [2022-12-06 10:49:33,230] peewee_migrate: Done 116_feature_management_fields
INFO    [2022-12-06 10:49:33,235] peewee_migrate: Running "117_remove_incorrect_fields"
INFO    [2022-12-06 10:49:33,339] peewee_migrate: Done 117_remove_incorrect_fields
INFO    [2022-12-06 10:49:33,343] peewee_migrate: Running "118_add_malware_user_infected"
INFO    [2022-12-06 10:49:33,344] peewee_migrate: Done 118_add_malware_user_infected
INFO    [2022-12-06 10:49:33,349] peewee_migrate: Running "118_remove_country_subnets"
INFO    [2022-12-06 10:49:33,350] peewee_migrate: Done 118_remove_country_subnets
INFO    [2022-12-06 10:49:33,354] peewee_migrate: Running "119_populate_malware_user_infected"
INFO    [2022-12-06 10:49:33,356] peewee_migrate: Done 119_populate_malware_user_infected
INFO    [2022-12-06 10:49:33,361] peewee_migrate: Running "120_scheduled_scan"
INFO    [2022-12-06 10:49:33,584] peewee_migrate: change_column ('malware_scans', 'type', <peewee.CharField object at 0x7f89f2567190>)
INFO    [2022-12-06 10:49:33,598] peewee_migrate: Done 120_scheduled_scan
INFO    [2022-12-06 10:49:33,605] peewee_migrate: Running "121_drop_captcha_stat"
INFO    [2022-12-06 10:49:33,607] peewee_migrate: Done 121_drop_captcha_stat
INFO    [2022-12-06 10:49:33,611] peewee_migrate: Running "122_cagefs_unmount"
INFO    [2022-12-06 10:49:33,612] peewee_migrate: Done 122_cagefs_unmount
INFO    [2022-12-06 10:49:33,617] peewee_migrate: Running "123_add_last_user_scan"
INFO    [2022-12-06 10:49:33,618] peewee_migrate: Done 123_add_last_user_scan
INFO    [2022-12-06 10:49:33,622] peewee_migrate: Running "123_disable_scheduled_scan"
INFO    [2022-12-06 10:49:33,624] peewee_migrate: Done 123_disable_scheduled_scan
INFO    [2022-12-06 10:49:33,629] peewee_migrate: Running "123_rename_plesk_vendor"
INFO    [2022-12-06 10:49:33,631] peewee_migrate: Done 123_rename_plesk_vendor
INFO    [2022-12-06 10:49:33,636] peewee_migrate: Running "124_add_hook_management_functionality"
INFO    [2022-12-06 10:49:33,638] peewee_migrate: Done 124_add_hook_management_functionality
INFO    [2022-12-06 10:49:33,643] peewee_migrate: Running "124_add_infected_domains_vendor"
INFO    [2022-12-06 10:49:33,644] peewee_migrate: add_column ('infected_domain_list', 'vendor', <peewee.TextField object at 0x7f89f25059a0>)
INFO    [2022-12-06 10:49:33,650] peewee_migrate: Done 124_add_infected_domains_vendor
INFO    [2022-12-06 10:49:33,655] peewee_migrate: Running "125_rescan_scan_type"
INFO    [2022-12-06 10:49:33,658] peewee_migrate: sql ('DELETE FROM "malware_scans" WHERE ("started" < ?)', 1667724573)
INFO    [2022-12-06 10:49:33,658] peewee_migrate: change_column ('malware_scans', 'type', <peewee.CharField object at 0x7f89f24a6760>)
INFO    [2022-12-06 10:49:33,672] peewee_migrate: Done 125_rescan_scan_type
INFO    [2022-12-06 10:49:33,678] peewee_migrate: Running "126_add_malware_scan_modified_files_option"
INFO    [2022-12-06 10:49:33,791] peewee_migrate: Done 126_add_malware_scan_modified_files_option
INFO    [2022-12-06 10:49:33,796] peewee_migrate: Running "126_move_malware_hits_list"
INFO    [2022-12-06 10:49:33,799] peewee_migrate: Done 126_move_malware_hits_list
INFO    [2022-12-06 10:49:33,804] peewee_migrate: Running "127_remove_malware_hit_mode"
INFO    [2022-12-06 10:49:33,805] peewee_migrate: drop_column ('malware_hits', 'mode')
INFO    [2022-12-06 10:49:33,814] peewee_migrate: Done 127_remove_malware_hit_mode
INFO    [2022-12-06 10:49:33,827] peewee_migrate: Running "128_move_cleanup_storage_files"
INFO    [2022-12-06 10:49:33,829] peewee_migrate: Done 128_move_cleanup_storage_files
INFO    [2022-12-06 10:49:33,834] peewee_migrate: Running "129_fixed_cagefs_unmount"
INFO    [2022-12-06 10:49:33,835] peewee_migrate: Done 129_fixed_cagefs_unmount
INFO    [2022-12-06 10:49:33,839] peewee_migrate: Running "130_add_messages_to_send"
INFO    [2022-12-06 10:49:33,842] peewee_migrate: Done 130_add_messages_to_send
INFO    [2022-12-06 10:49:33,845] peewee_migrate: Running "131_incident_timestamp_index"
INFO    [2022-12-06 10:49:33,846] peewee_migrate: sql ('CREATE INDEX IF NOT EXISTS incident_timestamp ON incident (timestamp)',)
INFO    [2022-12-06 10:49:33,848] peewee_migrate: Done 131_incident_timestamp_index
INFO    [2022-12-06 10:49:33,852] peewee_migrate: Running "132_add_timestamp_field"
INFO    [2022-12-06 10:49:33,853] peewee_migrate: add_column ('malware_hits', 'timestamp', <peewee.FloatField object at 0x7f89f2564e50>)
INFO    [2022-12-06 10:49:33,856] peewee_migrate: Done 132_add_timestamp_field
INFO    [2022-12-06 10:49:33,860] peewee_migrate: Running "133_add_scope_field_to_iplist"
INFO    [2022-12-06 10:49:33,860] peewee_migrate: add_column ('iplist', 'scope', <peewee.CharField object at 0x7f89f250a520>)
INFO    [2022-12-06 10:49:33,863] peewee_migrate: Done 133_add_scope_field_to_iplist
INFO    [2022-12-06 10:49:33,867] peewee_migrate: Running "134_change_default_of_intensity_ram"
INFO    [2022-12-06 10:49:34,213] peewee_migrate: Done 134_change_default_of_intensity_ram
INFO    [2022-12-06 10:49:34,218] peewee_migrate: Running "135_export_proactive"
INFO    [2022-12-06 10:49:34,221] peewee_migrate: Done 135_export_proactive
INFO    [2022-12-06 10:49:34,226] peewee_migrate: Running "135_make_completed_nullable"
INFO    [2022-12-06 10:49:34,227] peewee_migrate: change_column ('malware_scans', 'completed', <peewee.IntegerField object at 0x7f89f2505d90>)
INFO    [2022-12-06 10:49:34,236] peewee_migrate: Done 135_make_completed_nullable
INFO    [2022-12-06 10:49:34,240] peewee_migrate: Running "136_drop_proactive"
INFO    [2022-12-06 10:49:34,243] peewee_migrate: Done 136_drop_proactive
INFO    [2022-12-06 10:49:34,248] peewee_migrate: Running "137_swap_initiator_and_cause"
INFO    [2022-12-06 10:49:34,250] peewee_migrate: Done 137_swap_initiator_and_cause
INFO    [2022-12-06 10:49:34,254] peewee_migrate: Running "138_move_rapid_scan_dir"
WARNING [2022-12-06 10:49:34,273] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:49:34,274] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 10:49:34,279] peewee_migrate: Done 138_move_rapid_scan_dir
INFO    [2022-12-06 10:49:34,283] peewee_migrate: Running "139_generic_modsec_config"
INFO    [2022-12-06 10:49:34,285] peewee_migrate: Done 139_generic_modsec_config
INFO    [2022-12-06 10:49:34,289] peewee_migrate: Running "140_cast_malware_hit_orig_file_as_blob"
INFO    [2022-12-06 10:49:34,289] peewee_migrate: sql ('UPDATE malware_hits SET orig_file = CAST(orig_file AS BLOB) WHERE typeof(orig_file) != "blob";',)
INFO    [2022-12-06 10:49:34,291] peewee_migrate: Done 140_cast_malware_hit_orig_file_as_blob
INFO    [2022-12-06 10:49:34,297] peewee_migrate: Running "141_drop_last_user_scans"
INFO    [2022-12-06 10:49:34,299] peewee_migrate: Done 141_drop_last_user_scans
INFO    [2022-12-06 10:49:34,307] peewee_migrate: Running "143_malware_hit_cascade_delete"
INFO    [2022-12-06 10:49:34,307] peewee_migrate: sql ('ALTER TABLE malware_hits RENAME TO malware_hits_old;',)
INFO    [2022-12-06 10:49:34,313] peewee_migrate: sql ('INSERT INTO malware_hits (id,scanid_id,user,orig_file,type,malicious,vendor,hash,size,timestamp,status,cleaned_at) SELECT id,scanid_id,user,orig_file,type,malicious,vendor,hash,size,timestamp,status,cleaned_at FROM malware_hits_old;',)
INFO    [2022-12-06 10:49:34,313] peewee_migrate: sql ('DROP TABLE malware_hits_old;',)
INFO    [2022-12-06 10:49:34,314] peewee_migrate: Done 143_malware_hit_cascade_delete
INFO    [2022-12-06 10:49:34,320] peewee_migrate: Running "144_remove_clamav_config_options"
INFO    [2022-12-06 10:49:34,364] peewee_migrate: Done 144_remove_clamav_config_options
INFO    [2022-12-06 10:49:34,368] peewee_migrate: Running "144_remove_hash_table"
INFO    [2022-12-06 10:49:34,369] peewee_migrate: sql ('DROP TABLE IF EXISTS malware_hash;',)
INFO    [2022-12-06 10:49:34,371] peewee_migrate: Done 144_remove_hash_table
INFO    [2022-12-06 10:49:34,374] peewee_migrate: Running "145_move_quarantine"
INFO    [2022-12-06 10:49:34,376] peewee_migrate: Done 145_move_quarantine
INFO    [2022-12-06 10:49:34,379] peewee_migrate: Running "146_malware_user_infected_cascade_delete"
INFO    [2022-12-06 10:49:34,380] peewee_migrate: Done 146_malware_user_infected_cascade_delete
INFO    [2022-12-06 10:49:34,384] peewee_migrate: Running "147_remove_vendor_field"
INFO    [2022-12-06 10:49:34,384] peewee_migrate: drop_column ('malware_hits', 'vendor')
INFO    [2022-12-06 10:49:34,392] peewee_migrate: Done 147_remove_vendor_field
INFO    [2022-12-06 10:49:34,398] peewee_migrate: Running "147_user_scan_type"
INFO    [2022-12-06 10:49:34,399] peewee_migrate: change_column ('malware_scans', 'type', <peewee.CharField object at 0x7f89f25f0ca0>)
INFO    [2022-12-06 10:49:34,412] peewee_migrate: Done 147_user_scan_type
INFO    [2022-12-06 10:49:34,416] peewee_migrate: Running "148_reconstruct_pickled_scan_queue"
INFO    [2022-12-06 10:49:34,418] peewee_migrate: Done 148_reconstruct_pickled_scan_queue
INFO    [2022-12-06 10:49:34,421] peewee_migrate: Running "148_remove_malware_user_infected"
INFO    [2022-12-06 10:49:34,422] peewee_migrate: sql ('DROP TABLE IF EXISTS malware_user_infected',)
INFO    [2022-12-06 10:49:34,423] peewee_migrate: Done 148_remove_malware_user_infected
INFO    [2022-12-06 10:49:34,427] peewee_migrate: Running "149_add_captcha_passed_field_to_iplist"
INFO    [2022-12-06 10:49:34,428] peewee_migrate: add_column ('iplist', 'captcha_passed', <peewee.BooleanField object at 0x7f89f2524700>)
INFO    [2022-12-06 10:49:34,439] peewee_migrate: Done 149_add_captcha_passed_field_to_iplist
INFO    [2022-12-06 10:49:34,444] peewee_migrate: Running "149_make_config_inactive"
INFO    [2022-12-06 10:49:34,456] peewee_migrate: Done 149_make_config_inactive
INFO    [2022-12-06 10:49:34,462] peewee_migrate: Running "150_update_captcha_passed_field_for_iplist_entries"
INFO    [2022-12-06 10:49:34,465] peewee_migrate: Done 150_update_captcha_passed_field_for_iplist_entries
INFO    [2022-12-06 10:49:34,468] peewee_migrate: Running "151_change_constraint_for_iplist"
INFO    [2022-12-06 10:49:34,469] peewee_migrate: change_column ('iplist', 'listname', <peewee.CharField object at 0x7f89f25f05e0>)
INFO    [2022-12-06 10:49:34,488] peewee_migrate: Done 151_change_constraint_for_iplist
INFO    [2022-12-06 10:49:34,494] peewee_migrate: Running "152_add_listname_to_primary_key"
INFO    [2022-12-06 10:49:34,497] peewee_migrate: sql ('INSERT INTO tmpiplist (ip,listname,expiration,imported_from,ctime,deep,comment,captcha_passed,manual,full_access,auto_whitelisted,network_address,netmask,version,scope,country_id) SELECT ip,listname,expiration,imported_from,ctime,deep,comment,captcha_passed,manual,full_access,auto_whitelisted,network_address,netmask,version,scope,country_id FROM iplist',)
INFO    [2022-12-06 10:49:34,498] peewee_migrate: sql ('DROP TABLE iplist',)
INFO    [2022-12-06 10:49:34,498] peewee_migrate: sql ('ALTER TABLE tmpiplist RENAME TO iplist',)
INFO    [2022-12-06 10:49:34,500] peewee_migrate: add_index ('iplist', ['listname'])
INFO    [2022-12-06 10:49:34,501] peewee_migrate: add_index ('iplist', ['expiration'])
INFO    [2022-12-06 10:49:34,501] peewee_migrate: add_index ('iplist', ['ip'])
INFO    [2022-12-06 10:49:34,502] peewee_migrate: Done 152_add_listname_to_primary_key
INFO    [2022-12-06 10:49:34,509] peewee_migrate: Running "153_migrate_config_default_action"
INFO    [2022-12-06 10:49:34,511] peewee_migrate: Done 153_migrate_config_default_action
INFO    [2022-12-06 10:49:34,515] peewee_migrate: Running "153_update_incident_name"
INFO    [2022-12-06 10:49:34,515] peewee_migrate: sql ("UPDATE incident SET name='Login Blocked by cpHulk' where plugin='cphulk' and name=''",)
INFO    [2022-12-06 10:49:34,517] peewee_migrate: Done 153_update_incident_name
INFO    [2022-12-06 10:49:34,522] peewee_migrate: Running "154_migrate_config_user_override_malware_actions"
INFO    [2022-12-06 10:49:34,556] peewee_migrate: Done 154_migrate_config_user_override_malware_actions
INFO    [2022-12-06 10:49:34,560] peewee_migrate: Running "155_migrate_config_user_override_proactive_defense"
INFO    [2022-12-06 10:49:34,607] peewee_migrate: Done 155_migrate_config_user_override_proactive_defense
INFO    [2022-12-06 10:49:34,611] peewee_migrate: Running "156_remove_default_values_from_config"
INFO    [2022-12-06 10:49:34,613] peewee_migrate: Done 156_remove_default_values_from_config
INFO    [2022-12-06 10:49:34,617] peewee_migrate: Running "157_move_i360_modsec_disable_conf"
INFO    [2022-12-06 10:49:34,618] peewee_migrate: Done 157_move_i360_modsec_disable_conf
INFO    [2022-12-06 10:49:34,622] peewee_migrate: Running "158_move_i360_modsec_disable_conf_symlink"
INFO    [2022-12-06 10:49:34,623] peewee_migrate: Done 158_move_i360_modsec_disable_conf_symlink
INFO    [2022-12-06 10:49:34,627] peewee_migrate: Running "159_remove_defaults_from_local_config"
INFO    [2022-12-06 10:49:34,738] peewee_migrate: Done 159_remove_defaults_from_local_config
INFO    [2022-12-06 10:49:34,743] peewee_migrate: Running "160_remove_quarantine"
INFO    [2022-12-06 10:49:34,745] peewee_migrate: Done 160_remove_quarantine
INFO    [2022-12-06 10:49:34,749] peewee_migrate: Running "160_unmount_sigs_v1"
INFO    [2022-12-06 10:49:34,751] peewee_migrate: Done 160_unmount_sigs_v1
INFO    [2022-12-06 10:49:34,759] peewee_migrate: Running "161_remove_ea4_main_local_conf"
INFO    [2022-12-06 10:49:34,760] peewee_migrate: Done 161_remove_ea4_main_local_conf
INFO    [2022-12-06 10:49:34,764] peewee_migrate: Running "162_add_resource_type"
INFO    [2022-12-06 10:49:34,765] peewee_migrate: add_column ('malware_hits', 'resource_type', <peewee.CharField object at 0x7f89f2567700>)
INFO    [2022-12-06 10:49:34,771] peewee_migrate: add_column ('malware_hits', 'app_name', <peewee.CharField object at 0x7f89f2567190>)
INFO    [2022-12-06 10:49:34,772] peewee_migrate: add_column ('malware_hits', 'db_host', <peewee.CharField object at 0x7f89f2567cd0>)
INFO    [2022-12-06 10:49:34,773] peewee_migrate: add_column ('malware_hits', 'db_port', <peewee.CharField object at 0x7f89f2463f10>)
INFO    [2022-12-06 10:49:34,774] peewee_migrate: add_column ('malware_hits', 'db_name', <peewee.CharField object at 0x7f89f2463d00>)
INFO    [2022-12-06 10:49:34,775] peewee_migrate: add_column ('malware_scans', 'resource_type', <peewee.CharField object at 0x7f89f2479220>)
INFO    [2022-12-06 10:49:34,784] peewee_migrate: rename_column ('malware_scans', 'total_files', 'total_resources')
INFO    [2022-12-06 10:49:34,790] peewee_migrate: Done 162_add_resource_type
INFO    [2022-12-06 10:49:35,078] peewee_migrate: Running "163_drop_malware_scanned_stat"
INFO    [2022-12-06 10:49:35,080] peewee_migrate: Done 163_drop_malware_scanned_stat
INFO    [2022-12-06 10:49:35,085] peewee_migrate: Running "164_add_resource_type_to_ignore"
INFO    [2022-12-06 10:49:35,087] peewee_migrate: sql ("INSERT INTO tmp_malware_ignore_path(path,added_date,resource_type) SELECT path,added_date,'file' FROM malware_ignore_path",)
INFO    [2022-12-06 10:49:35,087] peewee_migrate: sql ('DROP TABLE malware_ignore_path',)
INFO    [2022-12-06 10:49:35,088] peewee_migrate: sql ('ALTER TABLE tmp_malware_ignore_path RENAME TO malware_ignore_path',)
INFO    [2022-12-06 10:49:35,090] peewee_migrate: add_index ('malware_ignore_path', ['resource_type'])
INFO    [2022-12-06 10:49:35,091] peewee_migrate: Done 164_add_resource_type_to_ignore
INFO    [2022-12-06 10:49:35,096] peewee_migrate: Running "165_add_db_fields_to_malware_history"
INFO    [2022-12-06 10:49:35,097] peewee_migrate: add_column ('malware_history', 'app_name', <peewee.CharField object at 0x7f89f27fdeb0>)
INFO    [2022-12-06 10:49:35,099] peewee_migrate: add_column ('malware_history', 'resource_type', <peewee.CharField object at 0x7f89f25644c0>)
INFO    [2022-12-06 10:49:35,105] peewee_migrate: Done 165_add_db_fields_to_malware_history
INFO    [2022-12-06 10:49:35,113] peewee_migrate: Running "166_add_id_field_to_malware_ignore_path"
INFO    [2022-12-06 10:49:35,113] peewee_migrate: sql ('ALTER TABLE malware_ignore_path RENAME TO malware_ignore_path_old;',)
INFO    [2022-12-06 10:49:35,119] peewee_migrate: sql ("INSERT INTO malware_ignore_path(path,added_date,resource_type) SELECT path,added_date,'file' FROM malware_ignore_path_old",)
INFO    [2022-12-06 10:49:35,120] peewee_migrate: sql ('DROP TABLE malware_ignore_path_old;',)
INFO    [2022-12-06 10:49:35,121] peewee_migrate: Done 166_add_id_field_to_malware_ignore_path
INFO    [2022-12-06 10:49:35,130] peewee_migrate: Running "167_remote_iplist"
INFO    [2022-12-06 10:49:35,132] peewee_migrate: Done 167_remote_iplist
INFO    [2022-12-06 10:49:35,137] peewee_migrate: Running "168_add_icontact_throttle"
INFO    [2022-12-06 10:49:35,139] peewee_migrate: Done 168_add_icontact_throttle
INFO    [2022-12-06 10:49:35,143] peewee_migrate: Running "169_add_record_to_throttle_scan_not_schedule_events"
INFO    [2022-12-06 10:49:35,144] peewee_migrate: Done 169_add_record_to_throttle_scan_not_schedule_events
INFO    [2022-12-06 10:49:35,149] peewee_migrate: Running "170_add_db_fields_to_malware_history"
INFO    [2022-12-06 10:49:35,150] peewee_migrate: add_column ('malware_history', 'db_host', <peewee.CharField object at 0x7f89f2447760>)
INFO    [2022-12-06 10:49:35,151] peewee_migrate: add_column ('malware_history', 'db_port', <peewee.CharField object at 0x7f89f2505250>)
INFO    [2022-12-06 10:49:35,152] peewee_migrate: add_column ('malware_history', 'db_name', <peewee.CharField object at 0x7f89f27fd310>)
INFO    [2022-12-06 10:49:35,153] peewee_migrate: Done 170_add_db_fields_to_malware_history
INFO    [2022-12-06 10:49:35,157] peewee_migrate: Running "180_move_captcha_configs"
INFO    [2022-12-06 10:49:35,158] peewee_migrate: Done 180_move_captcha_configs
INFO    [2022-12-06 10:49:35,162] peewee_migrate: Running "181_move_invisible_captcha"
WARNING [2022-12-06 10:49:35,163] builtins: invisible-captcha.conf exists, skipping...
INFO    [2022-12-06 10:49:35,164] peewee_migrate: Done 181_move_invisible_captcha
INFO    [2022-12-06 10:49:35,168] peewee_migrate: Running "182_remove_constraints_from_icontact_throttle"
INFO    [2022-12-06 10:49:35,168] peewee_migrate: sql ('ALTER TABLE icontact_throttle RENAME TO icontact_throttle_old',)
INFO    [2022-12-06 10:49:35,171] peewee_migrate: sql ('INSERT INTO icontact_throttle(message_type,timestamp) SELECT message_type,timestamp FROM icontact_throttle_old',)
INFO    [2022-12-06 10:49:35,172] peewee_migrate: sql ('DROP TABLE icontact_throttle_old',)
INFO    [2022-12-06 10:49:35,173] peewee_migrate: Done 182_remove_constraints_from_icontact_throttle
INFO    [2022-12-06 10:49:35,177] defence360agent.migrate: Starting main process...
INFO    [2022-12-06 10:49:37,963] defence360agent.utils.check_db: Database /var/imunify360/imunify360.db integrity check...
INFO    [2022-12-06 10:49:37,967] defence360agent.utils.check_db: Database integrity check succeeded.
ERROR   [2022-12-06 10:49:38,240] defence360agent.internals.iaid: need to register first
INFO    [2022-12-06 10:49:38,425] defence360agent.api.server: Performed request for url=https://api.imunify360.com/api/auth/agent/register method=POST body=None status=200
INFO    [2022-12-06 10:49:38,425] defence360agent.api.server: Response=b'{"iaid":"8fab579b95ee4f119a1d4b06723cb8ba","passwo' ...
ERROR   [2022-12-06 10:49:38,515] defence360agent.internals.iaid: something went wrong on activate APIError('request failed, reason: HTTP Error 400: Bad Request', 400) attempt 1
INFO    [2022-12-06 10:49:38,538] defence360agent.files: Updating all files
INFO    [2022-12-06 10:49:38,539] defence360agent.files: Updating ossec files via all.zip
INFO    [2022-12-06 10:49:38,882] defence360agent.files: Validating [ossec]: /var/imunify360/files/ossec/v1_2022-12-06T084938.539558Z
WARNING [2022-12-06 10:49:38,890] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/ossec [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:38,892] defence360agent.files: Updated ossec using all.zip
INFO    [2022-12-06 10:49:38,909] im360.subsys.ossec: Selecting 3.1.0-101l version of OSSEC configuration
INFO    [2022-12-06 10:49:41,263] defence360agent.files: ossec files update finished
INFO    [2022-12-06 10:49:41,263] defence360agent.files: Updating static-whitelist files via all.zip
INFO    [2022-12-06 10:49:41,619] defence360agent.files: Validating [static-whitelist]: /var/imunify360/files/whitelist/v2_2022-12-06T084941.264329Z
WARNING [2022-12-06 10:49:41,640] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/whitelist [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:41,643] defence360agent.files: Updated static-whitelist using all.zip
INFO    [2022-12-06 10:49:41,643] im360.subsys.webshield: Updating webshield internal whitelist using imunify360-webshield-compose-lists script
INFO    [2022-12-06 10:49:41,832] defence360agent.contracts.config_provider: CachedConfigReader <'/etc/sysconfig/imunify360/imunify360-merged.config', modified at 1670316570.9236832, 3901 bytes> modified: removed={}, added={}, changed={"LOGGER": {"+": {}, "-": {}, "?": {"syscall_monitor": [false, true]}}, "MALWARE_SCANNING": {"+": {}, "-": {}, "?": {"hyperscan": [false, true]}}, "PROACTIVE_DEFENCE": {"+": {}, "-": {}, "?": {"mode": ["LOG", "KILL"], "php_immunity": [false, true]}}}
INFO    [2022-12-06 10:49:41,898] defence360agent.files: static-whitelist files update finished
INFO    [2022-12-06 10:49:41,899] defence360agent.files: Updating realtime-av-conf files via file by file download
INFO    [2022-12-06 10:49:42,475] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:42 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2814FEEFA01A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', '51e7f9bb-ac2f-4167-a129-014925f9ae63'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/cpanel/watched.txt'
INFO    [2022-12-06 10:49:42,995] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:42 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28151DFB5724'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', '61807276-fe91-43dc-b963-9ce2c030f5a7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/plesk/watched.txt'
INFO    [2022-12-06 10:49:43,326] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:43 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '119'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"7ede7b980a2a10ed096ee57abef1939a"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281531A263D6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', 'ebd2146b-2ef3-43eb-abac-a1d79484b99a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/common/watched.txt'
INFO    [2022-12-06 10:49:43,586] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:43 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '443'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"c4c904dcf80b733c2c735eaecc2aecfb"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2815413018C6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', 'e4ae36af-54d3-4b2e-8faf-a3d28a1cabb6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/cpanel/ignored.txt'
INFO    [2022-12-06 10:49:43,840] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:43 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '124'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"5a3c918fc17ae607dacef2b97cb96a3e"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2815504EFD3C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', '6413d3d4-cce8-4cdd-aa21-c5a8780dfa91'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/directadmin/ignored.txt'
INFO    [2022-12-06 10:49:44,094] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:44 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28155F7E616E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', '6e8c286f-208d-4cdd-9e10-20da970f8930'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/directadmin/watched.txt'
INFO    [2022-12-06 10:49:44,179] defence360agent.simple_rpc: Executing ('update',), params: {'subj': 'modsec-rules', 'force': False}
INFO    [2022-12-06 10:49:44,409] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:44 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '238'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"a12bb3c27c3ec721db3a7e09e9d620b4"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:27 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28157232F331'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#615651714/gid:10192/mode:33204/mtime:1664438297#0/uid:1001'), ('x-amz-version-id', 'c3ca844b-c046-4bc2-b53c-e06f21443397'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/realtime-av-conf/v1/plesk/ignored.txt'
INFO    [2022-12-06 10:49:44,411] defence360agent.files: Validating [realtime-av-conf]: /var/imunify360/files/realtime-av-conf/v1_2022-12-06T084942.157347Z
WARNING [2022-12-06 10:49:44,413] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/realtime-av-conf [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:44,414] defence360agent.files: Updated realtime-av-conf using file by file download
INFO    [2022-12-06 10:49:44,415] im360.malwarelib.subsys.aibolit: ai-bolit service will be restarted
INFO    [2022-12-06 10:49:44,447] defence360agent.files: realtime-av-conf files update finished
INFO    [2022-12-06 10:49:44,448] defence360agent.files: Updating modsec-rules files via all.zip
INFO    [2022-12-06 10:49:44,629] defence360agent.files: Updating modsec-rules files via all.zip
INFO    [2022-12-06 10:49:45,192] defence360agent.files: Validating [modsec-rules]: /var/imunify360/files/modsec/v2_2022-12-06T084944.448655Z
WARNING [2022-12-06 10:49:45,205] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/modsec [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:45,208] defence360agent.files: Updated modsec-rules using all.zip
ERROR   [2022-12-06 10:49:45,231] defence360agent.files: hook <function update_vendors at 0x7f80fa94ae50> error: Integration config is missing server_type field
Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 376, in _get_web_server_type
    web_server = IntegrationConfig.to_dict()["web_server"]["server_type"]
  File "/opt/alt/python38/lib/python3.8/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'web_server'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/files/__init__.py", line 946, in _run_hooks
    await hook(self, is_updated)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/update_hooks.py", line 32, in update_vendors
    await hp.apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 311, in apply_modsec_files_update
    await cls._apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 196, in _apply_modsec_files_update
    await GenericFilesVendorList.install_or_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 556, in install_or_update
    compatible_name = cls._get_compatible_name(installed_vendors)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 363, in _get_compatible_name
    web_server = _get_web_server_type()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 378, in _get_web_server_type
    raise GenericPanelModSecException(
im360.subsys.panels.generic.mod_security.GenericPanelModSecException: Integration config is missing server_type field
INFO    [2022-12-06 10:49:45,269] defence360agent.files: modsec-rules files update finished
INFO    [2022-12-06 10:49:45,270] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 10:49:45,333] defence360agent.files: Validating [modsec-rules]: /var/imunify360/files/modsec/v2_2022-12-06T084944.629983Z
INFO    [2022-12-06 10:49:45,358] defence360agent.files: Removing old path on all.zip update: /var/imunify360/files/modsec/v2_2022-12-06T084944.448655Z
INFO    [2022-12-06 10:49:45,363] defence360agent.files: Updated modsec-rules using all.zip
ERROR   [2022-12-06 10:49:45,386] defence360agent.files: hook <function update_vendors at 0x7fb49ab0f0d0> error: Integration config is missing server_type field
Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 376, in _get_web_server_type
    web_server = IntegrationConfig.to_dict()["web_server"]["server_type"]
  File "/opt/alt/python38/lib/python3.8/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'web_server'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/files/__init__.py", line 946, in _run_hooks
    await hook(self, is_updated)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/update_hooks.py", line 32, in update_vendors
    await hp.apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 311, in apply_modsec_files_update
    await cls._apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 196, in _apply_modsec_files_update
    await GenericFilesVendorList.install_or_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 556, in install_or_update
    compatible_name = cls._get_compatible_name(installed_vendors)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 363, in _get_compatible_name
    web_server = _get_web_server_type()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 378, in _get_web_server_type
    raise GenericPanelModSecException(
im360.subsys.panels.generic.mod_security.GenericPanelModSecException: Integration config is missing server_type field
INFO    [2022-12-06 10:49:45,413] defence360agent.files: modsec-rules files update finished
INFO    [2022-12-06 10:49:45,530] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:45 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2815B4FFEAC2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 10:49:45,531] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 10:49:45,531] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 10:49:45,531] defence360agent.files: Updating sigs files via all.zip
INFO    [2022-12-06 10:49:47,755] defence360agent.files: Validating [sigs]: /var/imunify360/files/sigs/v1_2022-12-06T084945.532268Z
WARNING [2022-12-06 10:49:47,944] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/sigs [0o777] expected [0o775] (not symlink)
INFO    [2022-12-06 10:49:47,951] defence360agent.files: Updated sigs using all.zip
INFO    [2022-12-06 10:49:47,952] im360.malwarelib.subsys.aibolit: ai-bolit service will be restarted
INFO    [2022-12-06 10:49:48,007] defence360agent.files: sigs files update finished
INFO    [2022-12-06 10:49:48,008] defence360agent.files: Updating ip-record files via all.zip
INFO    [2022-12-06 10:49:48,363] defence360agent.files: Validating [ip-record]: /var/imunify360/files/ip-record/v1_2022-12-06T084948.031876Z
WARNING [2022-12-06 10:49:48,365] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/ip-record [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:48,366] defence360agent.files: Updated ip-record using all.zip
WARNING [2022-12-06 10:49:48,367] im360.subsys.panels.update_hooks: Can't update ip-record.db, reason: No vendors installed
INFO    [2022-12-06 10:49:48,367] defence360agent.files: ip-record files update finished
INFO    [2022-12-06 10:49:48,368] defence360agent.files: Updating eula files via file by file download
INFO    [2022-12-06 10:49:49,319] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:49 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '44'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"b67a1a512e70da6bd4e1ba5b41ac86ec"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:52:12 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281696D7E97C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418913#152723130/gid:1000/mode:33261/mtime:1624969185#0/uid:1001'), ('x-amz-version-id', 'f215965b-707e-420f-8aa3-7427b387a56d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/eula/v1/message.txt'
INFO    [2022-12-06 10:49:49,886] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:49 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '43'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"c9da36176dae139594e1e66a5683822c"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:52:12 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2816B8B4A0BD'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418913#152723130/gid:1000/mode:33261/mtime:1624969185#0/uid:1001'), ('x-amz-version-id', '29e6914f-e53f-4481-b1e4-dcfb91b1d8be'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/eula/v1/message-av.txt'
INFO    [2022-12-06 10:49:50,200] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:50 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '11'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"7c3dc601067ce4875317e6f17046b5f8"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:52:12 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2816CB707D70'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418913#152723130/gid:1000/mode:33261/mtime:1624969185#0/uid:1001'), ('x-amz-version-id', '73c02f55-dc24-4e36-aeb1-3831dd43f03d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/eula/v1/updated.txt'
INFO    [2022-12-06 10:49:50,454] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:50 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '11'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"7c3dc601067ce4875317e6f17046b5f8"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:52:12 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2816DA9BCB6B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418913#152723130/gid:1000/mode:33261/mtime:1624969185#0/uid:1001'), ('x-amz-version-id', '8cc09e54-1a62-48cd-92f0-68e17dc51aaa'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/eula/v1/updated-av.txt'
INFO    [2022-12-06 10:49:50,456] defence360agent.files: Validating [eula]: /var/imunify360/files/eula/v1_2022-12-06T084948.692593Z
WARNING [2022-12-06 10:49:50,458] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/eula [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:49:50,459] defence360agent.files: Updated eula using file by file download
INFO    [2022-12-06 10:49:50,464] defence360agent.files: eula files update finished
INFO    [2022-12-06 10:49:50,465] defence360agent.files: Updating proactive files via file by file download
INFO    [2022-12-06 10:49:50,974] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:49:51,312] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28170DB28EAA'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9013ad72-29e5-4e06-95ad-aad1f4ae5677'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/suspicious_files_list'
INFO    [2022-12-06 10:49:51,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:49:51,574] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:00 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28171D4DD487'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0cdf4a4d-7e43-4616-a497-14e1aea4bd1a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/params_pattern_list'
INFO    [2022-12-06 10:49:51,829] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28172C84A757'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '894003cc-7835-4a58-ae61-bdc596661f3e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/params_pattern_list'
INFO    [2022-12-06 10:49:52,396] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:52 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28174E491539'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9034b22c-f3cb-4eb0-9d13-87f43a1b1139'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/config.ini'
INFO    [2022-12-06 10:49:52,712] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:52 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28176119B187'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'dff0de1d-f374-4f87-b7b6-c560f82a926b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/suspicious_files_list.0'
INFO    [2022-12-06 10:49:53,024] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:52 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:03 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281773AD972F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'cf2cf262-718f-49d0-b133-915ff88b7383'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/suspicious_files_list.0'
INFO    [2022-12-06 10:49:53,335] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:53 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281786424808'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '70348077-b8ac-4d35-b246-c2f9ae5d0a5e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/suspicious_files_list.1'
INFO    [2022-12-06 10:49:54,145] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2817B613A93A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5a63df4d-2fb9-401a-bf59-e4c56d28cabd'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/suspicious_files_list.0'
INFO    [2022-12-06 10:49:54,257] defence360agent.simple_rpc: Executing ('register',), params: {'regkey': 'IPL'}
INFO    [2022-12-06 10:49:54,415] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2817C67723E4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0f7a1d44-33d4-4b05-ad5e-d6343a5d99de'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/test_patch.patch'
INFO    [2022-12-06 10:49:54,937] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:00 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2817E5CA63AB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ead4d63a-a07b-472b-8893-c8db4222cf39'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/rce_patterns_list'
INFO    [2022-12-06 10:49:55,192] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2817F4F5905C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0651f807-955f-42ea-ad8c-6f74b229d9a0'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/params_pattern_list.ini'
WARNING [2022-12-06 10:49:55,217] defence360agent.internals.cln: CLN.post(url='https://cln.cloudlinux.com/api/im/register', data=b'key=IPL', headers=None): 400 Bad Request
WARNING [2022-12-06 10:49:55,219] defence360agent.simple_rpc.endpoints: Can't register 'IPL' as imunify360 key. Trying to register it as a web panel key instead
WARNING [2022-12-06 10:49:55,220] defence360agent.simple_rpc.endpoints: Registration with web panel's key doesn't supported
INFO    [2022-12-06 10:49:55,460] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:07 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281804F496CD'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '1e90ca25-b191-4f53-85e9-94d7deb21edf'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/module.ini'
INFO    [2022-12-06 10:49:55,713] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2818140FAA0D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '81a31d80-2f0b-47e8-b1d1-219c832cb8ec'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/test_patch.patch'
INFO    [2022-12-06 10:49:55,980] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:03 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281823DCFB18'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b66e8c05-3d70-467c-bbee-d88efaa1db78'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/module.ini'
INFO    [2022-12-06 10:49:56,232] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:56 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281832FF01E1'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e581047b-d1a4-4d20-9c90-84e115a02657'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/suspicious_files_list.0'
INFO    [2022-12-06 10:49:56,553] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:56 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281845C2B06C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '44ac87e6-87d3-4001-9cc5-76a5179eec89'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/params_pattern_list.ini'
INFO    [2022-12-06 10:49:56,807] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:56 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281855480D2E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b67cc0d5-c692-47d9-9230-57bf715f7811'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/nightly_wp_list.txt'
INFO    [2022-12-06 10:49:57,126] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28186832339B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '3dbd9354-93fd-43a8-8227-97aae663a54e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/rce_patterns_list'
INFO    [2022-12-06 10:49:57,384] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2818778E27A5'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'c565a210-68d7-4532-903d-fa5253913d46'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/rce_patterns_list'
INFO    [2022-12-06 10:49:57,874] defence360agent.simple_rpc: Executing ('3rdparty', 'list'), params: {}
INFO    [2022-12-06 10:49:58,015] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28189D307588'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e7b641c9-c87c-4d4d-822c-841c99465276'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/params_pattern_list.ini'
INFO    [2022-12-06 10:49:58,589] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:58 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2818BF413334'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '34c328db-9462-448a-96ea-d4f4840dbe80'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/suspicious_files_list'
INFO    [2022-12-06 10:49:58,842] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:58 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2818CE80768A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '48c62506-eade-4306-8f6f-13a802b1bd59'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/params_pattern_list.ini'
INFO    [2022-12-06 10:49:59,163] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2818E19F9B36'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5fca7c8d-671c-4257-ad1b-a76bfee38307'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/suspicious_files_list'
INFO    [2022-12-06 10:49:59,419] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2818F0E80515'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd8b53dd6-686e-4863-b40c-49f05885bc0c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/test_patch.patch'
INFO    [2022-12-06 10:49:59,673] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2819000ADF3B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '08b4a85c-2433-4115-8ad2-45045c1167df'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/module.ini'
INFO    [2022-12-06 10:49:59,933] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:49:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28190F82C9B9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b87578df-6f12-4b1f-a1ab-11beed6648ac'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/config.ini'
INFO    [2022-12-06 10:50:00,249] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:00 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2819225DC247'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '76270a0d-f386-4df3-829e-4d2beb69a8e0'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/rce_patterns_list'
INFO    [2022-12-06 10:50:00,868] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:00 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28194743BE8D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5dc21219-2846-4197-a186-d9b6b874e298'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:02,079] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:02 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28198F2C55E3'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '8720a50b-02bb-465c-93f3-e971dcbc86eb'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/suspicious_files_list.0'
INFO    [2022-12-06 10:50:02,378] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:02 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2819A0878270'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2e28a685-2295-405c-8147-dddbfe10cb59'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/test_patch.patch'
INFO    [2022-12-06 10:50:02,750] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:02 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"38811edf18bd08449f2ffd10e05e3d91"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2819B74C1278'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b8cd0185-08ad-4097-a4e6-ebc3b181628e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/VERSION'
INFO    [2022-12-06 10:50:03,016] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:02 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2819C746EB5A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b757e984-f5e2-4a7f-909a-214050013acc'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/module.ini'
INFO    [2022-12-06 10:50:03,282] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:03 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '685'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"3f9322695cadacb62d28393a6e91f5f5"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2819D6C481A6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '37e9ec1a-4c04-4477-9399-780182fb7218'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/params_pattern_list'
INFO    [2022-12-06 10:50:03,543] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:03 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2819E6A87E2A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b071da82-a15c-401a-a838-b03e800505dd'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/params_pattern_list'
INFO    [2022-12-06 10:50:03,861] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:03 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2819F99F873B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '556c8610-c0c1-4eef-a95c-a625c2ff2b07'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/config.ini'
INFO    [2022-12-06 10:50:04,741] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:04 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281A2E216B11'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '872bd447-69ca-4d85-82ac-baf57d2d1560'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/config.ini'
INFO    [2022-12-06 10:50:04,991] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:04 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281A3D0D4D16'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '753bb9ea-8575-49e8-89aa-441de2399dfa'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/test_patch.patch'
INFO    [2022-12-06 10:50:05,306] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:05 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281A4F8B3B96'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '8c0ab9ea-931a-4a5a-9a34-a591ead5ab75'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/config.ini'
INFO    [2022-12-06 10:50:05,831] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:05 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"734f1d67184010e35ae64d86427207d6"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281A6F141199'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '4edcc5c4-5fe3-4b2f-9e35-aa2bef716845'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/VERSION'
INFO    [2022-12-06 10:50:06,088] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:06 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281A7E625134'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '22bf60fd-b177-4488-9494-21d2402463e2'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/test_patch.patch'
INFO    [2022-12-06 10:50:06,341] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:06 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281A8D864BE6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9fcbb0c7-ca02-4803-b835-394f593f7e48'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:06,655] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:06 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281AA02B2812'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'eb678cbe-64d3-4697-a0d7-8abea8e29dcc'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/suspicious_files_list.0'
INFO    [2022-12-06 10:50:07,479] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:07 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281AD15953A5'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '56b727d3-37d3-4abe-900c-79e1d3ae7e5a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/test_patch.patch'
INFO    [2022-12-06 10:50:07,741] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:07 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281AE0D68FFB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '300611a9-c492-4fe2-afb3-cc16996c9712'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/rce_patterns_list'
INFO    [2022-12-06 10:50:07,999] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:07 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281AF040DE18'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'db56d5da-0259-438e-b7b6-776a1d37fca0'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/suspicious_files_list.1'
INFO    [2022-12-06 10:50:08,313] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:08 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281B02FED7EC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f9a245ae-0c9b-4c96-bd7e-60312140b2fe'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/module.ini'
INFO    [2022-12-06 10:50:08,996] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:08 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281B2BBB1146'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd5868550-5389-4d8a-a6fa-7f6f053339dd'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/params_pattern_list.ini'
INFO    [2022-12-06 10:50:09,573] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:09 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:03 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281B4DA04E9F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9f11b5dc-fb76-40b1-97d0-02970c3d5f51'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/suspicious_files_list'
INFO    [2022-12-06 10:50:09,831] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:09 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281B5D7BDED0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f96113d9-104a-4b2a-861d-6d042dcee25a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/module.ini'
INFO    [2022-12-06 10:50:10,086] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:10 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281B6CB72299'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b06a2e02-d16b-4305-b34a-c834f8d77c18'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/suspicious_files_list.1'
INFO    [2022-12-06 10:50:11,091] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:11 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281BA88E0D83'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '68100daa-f99f-4756-b005-2dfed2fbc8a4'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/test_patch.patch'
INFO    [2022-12-06 10:50:11,913] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:11 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:58 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281BD992D9E1'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'bd4b5a5e-802b-4559-92f1-250a0d88188f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/params_pattern_list'
INFO    [2022-12-06 10:50:12,170] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:12 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '57'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"00f5b9c86fe2a4a4edda010a1833cd5b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281BE8EBDFA1'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5e7592e0-4a30-416a-9bb0-7e3373e38c26'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/VERSION'
INFO    [2022-12-06 10:50:12,427] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:12 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:58 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281BF830934D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f84350ff-beb8-4153-9c59-cbf28730cce2'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/rce_patterns_list'
INFO    [2022-12-06 10:50:12,744] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:12 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:07 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281C0B232C09'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '6358e398-9af4-45c8-926b-674e002097a5'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/suspicious_files_list'
INFO    [2022-12-06 10:50:13,331] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:13 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '685'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"3f9322695cadacb62d28393a6e91f5f5"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281C2E088F53'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a20e271e-79d2-47c7-a257-d16b848e743b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/params_pattern_list'
INFO    [2022-12-06 10:50:13,970] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:13 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281C5425A3CF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'db2db7ec-7ac7-4b25-b86c-5aa5bff702b6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/module.ini'
INFO    [2022-12-06 10:50:14,543] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:14 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281C7656732B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '51f159cd-b8f1-40d0-b865-4875a51b285a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/suspicious_files_list'
INFO    [2022-12-06 10:50:15,063] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:15 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:58 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281C95522668'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '7f81f911-5f0a-45f1-bc8a-2f58e72db809'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/suspicious_files_list.0'
INFO    [2022-12-06 10:50:15,578] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:15 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281CB4030DAF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '7ebdc513-eaf1-42ec-a177-c971d75e377b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/rce_patterns_list'
INFO    [2022-12-06 10:50:15,841] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:15 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:58 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281CC3B3BCB9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9036f470-0c1b-4a5d-a48a-a533be590cb7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/module.ini'
INFO    [2022-12-06 10:50:16,466] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:16 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:05 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281CE8FBAF52'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '3a918aba-4da2-4e7b-9f64-0f13c223d722'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/params_pattern_list'
INFO    [2022-12-06 10:50:17,348] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:17 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281D1D88E818'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '3ca9dd43-b835-45cb-bf67-9e73ac4be643'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/params_pattern_list.ini'
INFO    [2022-12-06 10:50:17,977] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:17 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281D4307C5AC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5a652652-1bd0-4b81-9dfe-7d564a49dd5f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/suspicious_files_list.0'
INFO    [2022-12-06 10:50:18,094] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:50:18,883] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:18 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281D7912994F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f993c6e0-b786-45cc-ba9f-01d8e5467094'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/params_pattern_list.ini'
INFO    [2022-12-06 10:50:18,955] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:50:19,208] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:19 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281D8C74E2D6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '05178153-d591-4990-968d-cb33d995ff3a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/module.ini'
INFO    [2022-12-06 10:50:19,468] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:19 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '34'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"cc5424cacb2a41a0afecbf895a9f864e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281D9BE697A2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b823c694-f55c-4e9b-853a-0613c645303b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/black_urls_list'
INFO    [2022-12-06 10:50:20,096] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:20 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281DC165DA65'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '248a1320-9d18-4156-bf2b-8eb7eb9c81c7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:20,724] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:20 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281DE660A64C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0187cd82-618f-412b-9b55-456ad564329c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/params_pattern_list'
INFO    [2022-12-06 10:50:21,033] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:21 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281DF933CA1F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2e77b5b9-c580-41d4-aed6-cd588a8416ac'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/params_pattern_list'
INFO    [2022-12-06 10:50:21,293] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:21 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E08AE9A6A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a670e38d-26fc-4643-953f-f029691b858d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:21,551] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:21 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E1809C126'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '8730f863-488c-45ea-ac5d-1e30d293f0fe'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/suspicious_files_list.1'
INFO    [2022-12-06 10:50:21,862] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:21 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '621'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58cde253918ae6d375a5bed8a288d427"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281E2AA12755'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ccf6a7ac-e3d8-4775-848d-5c840a8b378e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/params_pattern_list.ini'
INFO    [2022-12-06 10:50:22,118] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:22 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:37 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E39DB1547'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'dfd9b59b-5c32-4afd-8667-eeb209bf101d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/config.ini'
INFO    [2022-12-06 10:50:22,247] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:50:22,378] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:22 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E495957AE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b766987a-d6ee-449d-ab86-9266f34bc4eb'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/suspicious_files_list.1'
INFO    [2022-12-06 10:50:22,694] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:22 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281E5C1E29BE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '6e4c259d-3ef6-400a-918c-c138b41589f3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/params_pattern_list.ini'
INFO    [2022-12-06 10:50:22,720] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:50:23,270] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:23 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E7E7F0D34'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '1a43200a-8269-41b5-9d66-ef1c16771d10'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/suspicious_files_list'
INFO    [2022-12-06 10:50:23,532] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:23 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8dd877cbb3b6a77a849a54b5e3f53aa6"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E8DB04B4C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '8f261fc3-8d2d-40b2-98cb-7933527484f4'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/VERSION'
INFO    [2022-12-06 10:50:23,788] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:23 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281E9D65BE78'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e0998e56-b2e0-4239-ae65-475172b70dd6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/config.ini'
INFO    [2022-12-06 10:50:24,047] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:24 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281EACD5594F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0255e584-58ba-484e-b483-2bd508b3a9e9'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/suspicious_files_list'
INFO    [2022-12-06 10:50:24,624] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:24 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '621'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58cde253918ae6d375a5bed8a288d427"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281ECF3514CE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '42e781c7-b91b-49d8-8038-72902d250399'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/params_pattern_list'
INFO    [2022-12-06 10:50:24,938] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:24 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:05 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281EE1E407FE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '86ce095b-d2b9-4790-abfa-11d6609e09a4'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/suspicious_files_list'
INFO    [2022-12-06 10:50:25,254] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:25 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281EF4C863C8'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ae5fee1d-7a11-430c-ad90-adf204ea63e6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/config.ini'
INFO    [2022-12-06 10:50:25,821] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:25 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281F168EF3E0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd0204396-2334-4f36-80f7-65977506deaf'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/suspicious_files_list.1'
INFO    [2022-12-06 10:50:26,451] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:26 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281F3C3255A0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2a0066d5-9a8f-46bb-bc1c-7babe20d0cab'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/test_patch.patch'
INFO    [2022-12-06 10:50:26,707] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:26 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281F4B66E89F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2066fae2-bc38-4b40-8211-fc97cf58a12e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/params_pattern_list'
INFO    [2022-12-06 10:50:27,021] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:26 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281F5E110713'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '7455e5bf-501c-4323-b2a1-06e2593b01ae'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/params_pattern_list.ini'
INFO    [2022-12-06 10:50:27,270] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:27 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281F6CFADD97'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'bd855b0f-e906-42ef-839e-9fa99abc6789'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/suspicious_files_list.0'
INFO    [2022-12-06 10:50:27,528] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:27 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281F7C593896'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ce952445-fda4-44d7-894b-b000895b3a58'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/test_patch.patch'
INFO    [2022-12-06 10:50:28,104] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:28 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281F9EA8383B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '45758d3b-7237-4f90-a817-22f2fb3053d3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/test_patch.patch'
INFO    [2022-12-06 10:50:28,419] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:28 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281FB15DD0FF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '47cdb7db-2f79-40d9-82c0-0e23a0e179ed'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/module.ini'
INFO    [2022-12-06 10:50:28,675] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:28 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:00 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281FC0AF66B5'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '218bc9b5-db0e-4ae6-8896-a360bf60b634'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/module.ini'
INFO    [2022-12-06 10:50:28,993] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:28 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:00 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E281FD3340525'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '79ca7939-41d0-4c14-9f0d-5e01a5a405ac'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/suspicious_files_list'
INFO    [2022-12-06 10:50:29,249] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:29 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:03 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281FE2E6FDB4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '98c09f01-5a6a-41a8-8b14-5c541885e33e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/rce_patterns_list'
INFO    [2022-12-06 10:50:29,504] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:29 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:05 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E281FF215B32E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0228174b-19a9-4fd9-92f4-4d0f1f83c295'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/suspicious_files_list.0'
INFO    [2022-12-06 10:50:30,016] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:29 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2820109CEC4A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd3922ba7-f999-4333-b764-2cee09d2937f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/params_pattern_list.ini'
INFO    [2022-12-06 10:50:30,524] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:30 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28202EE482FF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b85bcbce-ddd5-4011-8bd5-4f6226f54061'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/test_patch.patch'
INFO    [2022-12-06 10:50:31,099] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:31 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"b929c585508cab51d778d20e408d49bf"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282050B46A40'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '04a8557e-d3b7-4ea8-8d0d-c2cd1ad12d06'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/VERSION'
INFO    [2022-12-06 10:50:31,417] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:31 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282063A7A907'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '45186143-de8e-4b71-a8a4-8f1e80af91c5'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/params_pattern_list.ini'
INFO    [2022-12-06 10:50:31,978] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:31 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2820859E9E57'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5cd690cf-ba65-49e7-9c75-0e6bc1468b57'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/suspicious_files_list'
INFO    [2022-12-06 10:50:32,238] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:32 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"89e3554e085c8e9fa1f1433e7e6e4507"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28209502813F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f34ea475-3fe1-4719-a260-c8c12612585b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/VERSION'
INFO    [2022-12-06 10:50:32,548] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:32 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2820A786CC64'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'c7ffb0c6-b75a-4457-ab86-60f6cb60f861'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/suspicious_files_list'
INFO    [2022-12-06 10:50:32,801] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:32 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2820B699A1FF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9083b56e-fbe7-456b-a69f-051438cce924'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/suspicious_files_list.0'
INFO    [2022-12-06 10:50:33,425] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:33 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2820DBD6E42D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ba389ce0-5368-4b87-9669-635ce68452aa'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:33,745] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:33 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2820EE5E0DC3'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '383ecfbb-00c5-473b-9d44-f2f100914204'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/suspicious_files_list.1'
INFO    [2022-12-06 10:50:34,685] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:34 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2821267CB18A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '7d1f6265-4c0a-4df3-9170-4702171b8bbc'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/rce_patterns_list'
INFO    [2022-12-06 10:50:34,937] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:34 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282135EC4CC0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a7d3e61c-219b-4364-988d-6f9ce12832a2'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/rce_patterns_list'
INFO    [2022-12-06 10:50:35,199] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:35 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"bb21c11e7b548837faf2ee9c90f0286d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:01:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282145651EC2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'afc3c48d-97d1-499e-9046-3e94b4e0a7e1'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/VERSION'
INFO    [2022-12-06 10:50:36,274] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:36 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:58 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282185AAC397'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '87852c78-adaf-4f0f-9cd4-2c90b02642c3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/suspicious_files_list'
INFO    [2022-12-06 10:50:36,531] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:36 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282194EFB40A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '156cd544-c288-47ee-bd84-28e52ebf7af9'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/test_patch.patch'
INFO    [2022-12-06 10:50:36,842] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:36 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"06d0293a224884f2cc467d67f3b39573"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2821A772BF86'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '77805c92-990b-40fe-be11-48ed8d35eef4'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/VERSION'
INFO    [2022-12-06 10:50:37,155] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:37 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2821BA111901'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2152d0c3-fe2d-4294-a56e-fae03c45ac91'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/config.ini'
INFO    [2022-12-06 10:50:37,464] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:37 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2821CC8AC675'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ff405d75-75ab-49a9-93d7-e5cca7a5a330'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/params_pattern_list.ini'
INFO    [2022-12-06 10:50:38,293] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:38 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '54'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"77e6ab5afa798f9ed1e7841718f31d1c"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2821FDF1FA44'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '639d9a9f-4500-4046-8f28-b641dae88d29'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/VERSION'
INFO    [2022-12-06 10:50:38,604] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:38 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282210740D60'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0c83ee60-bc0d-4927-ba95-9111ee776ab2'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/suspicious_files_list.1'
INFO    [2022-12-06 10:50:38,917] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:38 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2822231D596E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd38bc95d-607c-4a11-9a34-75a2f2a79487'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/config.ini'
INFO    [2022-12-06 10:50:39,235] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:39 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:58:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282235A7C996'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a257ec77-7985-45ce-b141-b7a32bff16ea'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/suspicious_files_list.1'
INFO    [2022-12-06 10:50:39,552] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:39 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:05 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282248FE7D92'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'dd9bb9ac-41d2-4edb-a576-f6cf16623eec'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/rce_patterns_list'
INFO    [2022-12-06 10:50:39,810] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:39 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28225859D046'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '87bb1956-128d-4aad-9d07-0059c23bbd6f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/suspicious_files_list.0'
INFO    [2022-12-06 10:50:40,062] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:40 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2822676DADBF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e631df59-7333-49f4-9a61-916991c2f7a6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/test_patch.patch'
INFO    [2022-12-06 10:50:40,319] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:40 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:00 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282276AB3A70'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '07b112c3-72ba-46f9-af9f-6a68a22217ba'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.2/suspicious_files_list.0'
INFO    [2022-12-06 10:50:40,833] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:40 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '685'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"3f9322695cadacb62d28393a6e91f5f5"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2822955CFBAE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'bbe7a011-dd3b-43fc-b542-b88fdf631bd1'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/params_pattern_list'
INFO    [2022-12-06 10:50:42,487] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:42 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2822F7FBAC04'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '81bcd6b0-5a6a-48b2-84ba-b1b10fe0cdcd'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.0/config.ini'
INFO    [2022-12-06 10:50:42,806] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:42 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28230A890A9E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '4d5b5500-f495-42dc-ba60-2f36c64d0b74'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/config.ini'
INFO    [2022-12-06 10:50:43,121] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:43 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e48425f4892a90bc1fb649395d960887"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:28 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28231D6044A1'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '96664820-1aec-44ef-95d6-43401ffe1f7b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/VERSION'
INFO    [2022-12-06 10:50:43,432] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:43 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282330456C15'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'af02a065-1d37-407d-a3cb-0724abbdc74e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:44,253] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:44 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28236136FE82'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'daea1bd0-d962-40c3-855f-8b674973f39c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/suspicious_files_list'
INFO    [2022-12-06 10:50:44,510] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:44 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28237063AF83'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '09558784-a3df-412f-8cb6-ae91637189e8'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/suspicious_files_list.1'
INFO    [2022-12-06 10:50:44,818] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:44 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282382E32FCA'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '66549f71-eff2-45b3-b120-0a019b822eba'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:45,387] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:45 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2823A4C79B90'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '4f88cf24-5027-4f84-936c-80c50ff5f75f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/rce_patterns_list'
INFO    [2022-12-06 10:50:45,700] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:45 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2823B7756F33'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '5889c113-a004-45b3-bae2-9c081301f484'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/params_pattern_list.ini'
INFO    [2022-12-06 10:50:45,949] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:45 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2823C6563D8D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '34346eb1-5dd3-479e-99e1-412035c7b0d1'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:46,207] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:46 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2823D5ABBBA6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ed22db4a-d444-4076-b4c3-32aca89f88ee'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/rce_patterns_list'
INFO    [2022-12-06 10:50:46,828] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:46 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2823FAB43C52'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ae3cf7a8-f61d-4ffd-94d6-1473372554a2'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/suspicious_files_list.0'
INFO    [2022-12-06 10:50:47,457] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:47 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '57'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"00f5b9c86fe2a4a4edda010a1833cd5b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282420369DB9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '4cf906f2-dc8c-4365-964e-e0eed751495d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/VERSION'
INFO    [2022-12-06 10:50:48,028] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:47 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2824423598AF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '947c7464-9036-4722-aa24-1602514726ea'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/params_pattern_list'
INFO    [2022-12-06 10:50:48,354] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:48 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '34'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"cc5424cacb2a41a0afecbf895a9f864e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2824552FADC4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '05cb7602-7828-416d-8417-15f7edc710ec'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/black_urls_list'
INFO    [2022-12-06 10:50:48,606] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:48 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282464B03414'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e8bfe44f-74b3-4f2f-b555-4bfe25ee755e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/test_patch.patch'
INFO    [2022-12-06 10:50:48,863] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:48 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282473FB3A13'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '12401c2c-2fed-40ca-a2b2-69ab21cb070d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/params_pattern_list'
INFO    [2022-12-06 10:50:49,811] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:49 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '87'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ea882a4a506df5253f35d0283c3d312b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:11:07 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2824AC01DA79'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'aa7ad8fd-6a78-49a0-8cab-e3656bf110ff'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/rce_patterns_list'
INFO    [2022-12-06 10:50:50,135] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:50 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2824BF59CBC0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'd2edb25c-60b8-4974-8a2d-5ada9afa03b7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/suspicious_files_list.1'
INFO    [2022-12-06 10:50:50,387] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:50 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2824CEC8C4EC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b06aac96-e438-42b9-9295-08bad610935f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/config.ini'
INFO    [2022-12-06 10:50:50,905] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:50 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '34'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"cc5424cacb2a41a0afecbf895a9f864e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:01 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2824EDBBFD6D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'cc2637bc-a6e9-4e96-86ba-562fd6639eee'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.3/black_urls_list'
INFO    [2022-12-06 10:50:51,159] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2824FCDEBD49'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2ac0f6b2-bcdc-40bc-881f-2961e5d5541b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/suspicious_files_list.1'
INFO    [2022-12-06 10:50:51,417] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28250C39581A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0dcb300d-d802-4560-8f82-dc639f70f134'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/rce_patterns_list'
INFO    [2022-12-06 10:50:51,669] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 13:59:29 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28251B3B5FA7'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '51f02054-103c-4c79-bc19-1e645ffd06ac'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.0/suspicious_files_list.1'
INFO    [2022-12-06 10:50:51,933] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:51 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28252AFDE493'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '1b9f3e21-646e-43f4-8406-2febd0f96202'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/suspicious_files_list.1'
INFO    [2022-12-06 10:50:52,189] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:52 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '621'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58cde253918ae6d375a5bed8a288d427"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28253A2D5186'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a96e1545-90c4-4ca4-a4ec-f21b7ea45356'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/params_pattern_list.ini'
INFO    [2022-12-06 10:50:53,014] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:52 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '706'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"0712e7fcaa180b2833a4663cee9efe1b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:03 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28256B7479A9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '0c1e22fd-abc8-466e-8e91-5d5f2418aa8c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/params_pattern_list'
INFO    [2022-12-06 10:50:53,272] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:53 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28257AC4D73E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ecfc7219-b9c3-442b-8ebe-4f2ec27a08ef'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/module.ini'
INFO    [2022-12-06 10:50:53,527] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:53 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282589FEFFE8'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2e12b7cc-bb5e-4987-8b7b-cd801766658c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/suspicious_files_list.0'
INFO    [2022-12-06 10:50:53,776] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:53 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:03:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282598DEC84C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '80e8416c-0229-49bc-afe0-26ce19cabeea'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/nightly_wp_list.txt'
INFO    [2022-12-06 10:50:54,036] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '525'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"404ae0b22687b865bb9dcffed240edf9"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:31 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2825A84D7270'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '41c0e992-f091-4dea-b5c2-2b23b9fd5fd3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/rce_patterns_list'
INFO    [2022-12-06 10:50:54,287] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:05 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2825B7432EB6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b9f7fb20-7566-4380-99f4-8a97104b4533'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.4/module.ini'
INFO    [2022-12-06 10:50:54,806] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:54 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:06 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2825D5EB7125'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b3b9c2df-da83-467a-ac4b-2ae17e4042db'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.6/module.ini'
INFO    [2022-12-06 10:50:55,057] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2825E5241F11'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '32a33483-63b5-462d-bc49-f48d2c821b02'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/config.ini'
INFO    [2022-12-06 10:50:55,882] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282616460C6D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a7082456-563f-4d33-9d16-1c735fad9cf6'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/suspicious_files_list.1'
INFO    [2022-12-06 10:50:56,445] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:56 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '6'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"734f1d67184010e35ae64d86427207d6"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:10:36 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282637F1E003'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'bf7ad792-08c2-4652-ada0-0ca261cb19e5'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.2/VERSION'
INFO    [2022-12-06 10:50:57,014] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:56 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '57'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"00f5b9c86fe2a4a4edda010a1833cd5b"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E282659D534E9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '9db4457f-a686-4bee-9da7-8a22c4592791'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/VERSION'
INFO    [2022-12-06 10:50:57,331] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28266CAB2DFC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '802ea1a2-03b6-482b-af50-3b3b1d8c5e39'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.7/module.ini'
INFO    [2022-12-06 10:50:57,590] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '621'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58cde253918ae6d375a5bed8a288d427"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28267C1D87F4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'fa4e5e89-73a0-4184-9948-25c9b5af7e9b'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/params_pattern_list'
INFO    [2022-12-06 10:50:57,908] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:57 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '293'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"4fe27b6c40f18c0e634a2be61bb62d4e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:09:35 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28268EA6C691'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e1b366aa-d05f-476c-acda-9874a67930a0'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.4/module.ini'
INFO    [2022-12-06 10:50:58,425] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:58 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '40'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"9e469a2c19d4aea380eca22e69c7a411"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2826ADCDB398'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '700e0249-5acd-44f0-9c2b-5b536b1b1a2a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/suspicious_files_list.1'
INFO    [2022-12-06 10:50:58,683] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:58 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '655'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"8f237af8543e286bc3d7e1f7187a8da2"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:02:30 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2826BD4C0DD3'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '72062f4b-58c3-4e09-849f-95d26ff02ad3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.5/params_pattern_list.ini'
INFO    [2022-12-06 10:50:58,938] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:58 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '10'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"66f60f9cef1da05afb119e3f372a6281"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:04:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2826CC7C7CEE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e330f83d-bfc3-414d-987e-201d1681ea9f'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.2/suspicious_files_list.0'
INFO    [2022-12-06 10:50:59,189] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:07:34 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2826DB83DABE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '1b10dffd-6933-478f-aec4-4854a2910eb5'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.1/config.ini'
INFO    [2022-12-06 10:50:59,953] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:50:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '265'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"58d610bb9036f57dc0cb78ffb461ff9d"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:06:33 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2827090AD8BE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'affd6741-4059-49a9-a123-85a8f7fe38b3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/6.3/config.ini'
INFO    [2022-12-06 10:51:00,463] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:51:00 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:00:59 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2827276C93BB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'cc09f601-3ded-4278-9c3c-8c9891e7cf3c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/7.1/suspicious_files_list'
INFO    [2022-12-06 10:51:00,775] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:51:00 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '0'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"d41d8cd98f00b204e9800998ecf8427e"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:08:04 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E282739A583A4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ddcf4c66-5499-48b7-bfbe-56d20a64b7c1'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.8/suspicious_files_list'
INFO    [2022-12-06 10:51:01,084] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:51:01 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '722'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fd9e9b700d1cc5cb9a3309e969241485"'), ('Last-Modified', 'Tue, 29 Nov 2022 14:05:02 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E28274C634DEB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '44996e12-5b31-4a25-bb45-2e6febe3ec7d'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/proactive/rules/5.1/test_patch.patch'
INFO    [2022-12-06 10:51:01,089] defence360agent.files: Validating [proactive]: /var/imunify360/files/proactive/rules_2022-12-06T084950.781258Z
WARNING [2022-12-06 10:51:01,189] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/proactive [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:51:01,200] defence360agent.files: Updated proactive using file by file download
INFO    [2022-12-06 10:51:13,719] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:51:14,137] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:51:17,863] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:51:18,255] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:51:20,745] defence360agent.simple_rpc: Executing ('rstatus',), params: {}
INFO    [2022-12-06 10:51:21,095] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:51:38,609] defence360agent.files: proactive files update finished
INFO    [2022-12-06 10:51:38,611] defence360agent.files: Updating geo files via all.zip
INFO    [2022-12-06 10:51:39,812] defence360agent.files: Validating [geo]: /var/imunify360/files/geo/v1_2022-12-06T085138.612760Z
WARNING [2022-12-06 10:51:39,912] defence360agent.files: Fixing wrong permission to file/dir /var/imunify360/files/geo [0o777] expected [0o770] (not symlink)
INFO    [2022-12-06 10:51:39,919] defence360agent.files: Updated geo using all.zip
INFO    [2022-12-06 10:51:39,995] defence360agent.files: geo files update finished
INFO    [2022-12-06 10:51:40,015] defence360agent.malwarelib.plugins.schedule_watcher: Update background scan schedule
INFO    [2022-12-06 10:51:40,017] defence360agent.server: Creating sink im360.plugins.aggregate.Aggregate
INFO    [2022-12-06 10:51:40,023] defence360agent.server: Creating sink im360.plugins.cache_clear.CacheClear
INFO    [2022-12-06 10:51:40,024] defence360agent.server: Creating sink im360.plugins.cagefs.CageFS
INFO    [2022-12-06 10:51:40,025] defence360agent.server: Creating sink im360.plugins.captcha_dos_detect.CaptchaDosDetect
INFO    [2022-12-06 10:51:40,026] defence360agent.server: Creating sink im360.malwarelib.plugins.cleanup.CleanupDb
INFO    [2022-12-06 10:51:40,030] defence360agent.server: Creating sink im360.malwarelib.plugins.cleanup.RestoreOriginalDb
INFO    [2022-12-06 10:51:40,033] defence360agent.server: Creating sink im360.malwarelib.plugins.cleanup.ResultProcessor
INFO    [2022-12-06 10:51:40,034] defence360agent.server: Creating sink im360.plugins.client360.Client360
INFO    [2022-12-06 10:51:40,035] im360.plugins.client360: imunify360 connection server: <imunify360.cloudlinux.com:443>, ssl=True
INFO    [2022-12-06 10:51:40,036] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:51:40,037] defence360agent.server: Creating sink im360.plugins.config_set.ConfigSet
INFO    [2022-12-06 10:51:40,040] defence360agent.server: Creating sink im360.plugins.conflicts.Conflicts
INFO    [2022-12-06 10:51:40,041] defence360agent.server: Creating sink im360.plugins.cpanel_uploader.CpanelUploadHookManager
INFO    [2022-12-06 10:51:40,042] defence360agent.server: Creating sink im360.plugins.db_auto_cleanup.DbCleanup
INFO    [2022-12-06 10:51:40,046] im360.plugins.db_auto_cleanup: Deleted 0 records from table 'incident' during auto cleanup
INFO    [2022-12-06 10:51:40,049] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 10:51:40,052] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 10:51:40,053] defence360agent.server: Creating sink im360.malwarelib.plugins.detached_scan.DetachedScanPlugin
INFO    [2022-12-06 10:51:40,055] defence360agent.server: Creating sink im360.plugins.sensor.dos_detector.DOSSensor
INFO    [2022-12-06 10:51:40,056] defence360agent.server: Creating sink im360.plugins.fix_ip_address.FixIPAddress
INFO    [2022-12-06 10:51:40,058] defence360agent.server: Creating sink im360.plugins.group_ip_sync.GroupIPSyncPlugin
INFO    [2022-12-06 10:51:40,060] defence360agent.server: Creating sink im360.plugins.graylist.ManageGrayList
INFO    [2022-12-06 10:51:40,062] defence360agent.server: Creating sink im360.plugins.sensor.ignore_alert_with_whitelisted_ip.IgnoreWhitelisted
INFO    [2022-12-06 10:51:40,063] defence360agent.server: Creating sink im360.plugins.sensor.ignore_alert_with_whitelisted_ip.IgnoreWhitelistedCSF
INFO    [2022-12-06 10:51:40,064] defence360agent.server: Creating sink im360.plugins.ignored_rules.FilterIgnoredRules
INFO    [2022-12-06 10:51:40,065] defence360agent.server: Creating sink im360.plugins.protector.import_wblist.ExportWBList
INFO    [2022-12-06 10:51:40,169] defence360agent.server: Creating sink im360.plugins.protector.lazy_init.RealProtector
INFO    [2022-12-06 10:51:40,184] defence360agent.server: Creating sink im360.plugins.protector.lfd.LFD
INFO    [2022-12-06 10:51:40,187] defence360agent.server: Creating sink im360.plugins.mod_sec_blocker.ModSecBlockBySeverity
INFO    [2022-12-06 10:51:40,198] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:51:40,199] defence360agent.server: Creating sink im360.plugins.modsec_ruleset_checker.ModsecRulesetChecker
INFO    [2022-12-06 10:51:40,200] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:51:40,200] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:51:40,203] im360.plugins.modsec_ruleset_checker: Installed i360 vendor None does not match expected type of ruleset: FULL
 Trying to reinstall modsec ruleset
INFO    [2022-12-06 10:51:40,224] defence360agent.server: Creating sink im360.plugins.ossec_alert.OssecAlert
INFO    [2022-12-06 10:51:40,226] defence360agent.server: Creating sink im360.plugins.pam.PAM
ERROR   [2022-12-06 10:51:40,228] im360.plugins.modsec_ruleset_checker: Something went wrong during reinstalling modsec ruleset: Integration config is missing server_type field
INFO    [2022-12-06 10:51:40,376] defence360agent.server: Creating sink im360.plugins.webshield_captcha_keys.WebshieldCaptchaKeys
INFO    [2022-12-06 10:51:40,402] defence360agent.server: Creating sink im360.plugins.persistent_storage.PersistentStorage
INFO    [2022-12-06 10:51:40,406] defence360agent.server: Creating sink im360.plugins.post_action.PostAction
INFO    [2022-12-06 10:51:40,407] defence360agent.server: Creating sink im360.plugins.remoteip_install.RemoteIpInstall
ERROR   [2022-12-06 10:51:40,412] im360.plugins.remoteip_install: Automatic mod_remoteip installation is not supported on this server
INFO    [2022-12-06 10:51:40,487] defence360agent.server: Creating sink im360.plugins.restore_from_backup.RestoreFromBackupPlugin
INFO    [2022-12-06 10:51:40,498] defence360agent.server: Creating sink im360.plugins.restrict_graylisted.SuppressGraylistedProcessing
INFO    [2022-12-06 10:51:40,500] defence360agent.server: Creating sink im360.plugins.sensor.search_bots.WhitelistSearchBots
INFO    [2022-12-06 10:51:40,500] defence360agent.server: Creating sink im360.plugins.send_server_config.SendServerConfig
INFO    [2022-12-06 10:51:40,501] defence360agent.server: Creating sink im360.plugins.server_pull.ServerPullFileSender
INFO    [2022-12-06 10:51:40,501] defence360agent.server: Creating sink im360.plugins.serverpush_to_synclist.ServerPushToSynclist
INFO    [2022-12-06 10:51:40,502] defence360agent.server: Creating sink im360.plugins.smtp_blocking.SMTPBlocker
INFO    [2022-12-06 10:51:40,542] im360.plugins.protector.lazy_init: Rules status for ipv6 [rules: bad], [ipset: bad]
INFO    [2022-12-06 10:51:40,543] im360.plugins.protector.lazy_init: Destroying rules for ipv6
INFO    [2022-12-06 10:51:40,867] im360.plugins.protector.lazy_init: Recreating ip sets for ipv6
INFO    [2022-12-06 10:51:41,093] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 10:51:42,367] im360.internals.core: IP sets content restored from database
INFO    [2022-12-06 10:51:42,368] im360.internals.core: Fill ipsets took 1.39 second(s)
INFO    [2022-12-06 10:51:42,368] im360.plugins.protector.lazy_init: Recreating firewall rules for ipv6
INFO    [2022-12-06 10:51:42,552] im360.plugins.protector.lazy_init: Rules status for ipv4 [rules: bad], [ipset: bad]
INFO    [2022-12-06 10:51:42,553] im360.plugins.protector.lazy_init: Destroying rules for ipv4
INFO    [2022-12-06 10:51:42,841] im360.plugins.protector.lazy_init: Recreating ip sets for ipv4
INFO    [2022-12-06 10:51:43,114] defence360agent.api.server: Performed request for url=https://api.imunify360.com/api/ip method=None body=None status=200
INFO    [2022-12-06 10:51:43,115] defence360agent.api.server: Response=b'{"ip":"31.131.20.181","status":"ok"}' ...
INFO    [2022-12-06 10:51:44,652] im360.internals.core: IP sets content restored from database
INFO    [2022-12-06 10:51:44,652] im360.internals.core: Fill ipsets took 1.75 second(s)
INFO    [2022-12-06 10:51:44,653] im360.plugins.protector.lazy_init: Recreating firewall rules for ipv4
INFO    [2022-12-06 10:51:44,742] im360.plugins.protector.lazy_init: Rules and sets successfully recreated for enabled ip versions
INFO    [2022-12-06 10:51:44,899] defence360agent.server: Creating sink im360.plugins.startup_actions.StartupActions
INFO    [2022-12-06 10:51:44,955] defence360agent.server: Creating sink im360.malwarelib.plugins.store.StoreMalwareHits
WARNING [2022-12-06 10:51:45,178] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:51:45,180] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 10:51:45,180] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:51:45,180] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 10:51:45,181] im360.malwarelib.subsys.malware: No vendors installed
INFO    [2022-12-06 10:51:45,181] defence360agent.utils.common: Satisfy the call request soon: graceful_restart(). No calls in more than 300 seconds since the start
WARNING [2022-12-06 10:51:45,182] im360.malwarelib.subsys.malware: No vendors installed
INFO    [2022-12-06 10:51:45,183] defence360agent.utils.common: Schedule call graceful_restart()
INFO    [2022-12-06 10:51:45,183] defence360agent.server: Creating sink im360.plugins.protector.synclist.SynclistPlugin
INFO    [2022-12-06 10:51:45,184] im360.subsys.web_server: Performing web server graceful restart, from _run
WARNING [2022-12-06 10:51:45,206] im360.subsys.web_server: Integration config is missing graceful_restart_script field
INFO    [2022-12-06 10:51:45,345] im360.subsys.web_server: Can't determine apache bin path: [Errno 2] No such file or directory: '/usr/sbin/httpd'
WARNING [2022-12-06 10:51:45,346] im360.subsys.web_server: Could not restart a Web server: Could not detect a web server
INFO    [2022-12-06 10:51:45,347] defence360agent.server: Creating sink im360.plugins.ttl_graylist.GraylistTimeout
INFO    [2022-12-06 10:51:45,409] defence360agent.server: Creating sink im360.plugins.update_files.UpdateFilesOnServerRequest
INFO    [2022-12-06 10:51:45,413] defence360agent.server: Creating sink im360.plugins.waf_rules_configurator.WAFRuleSetConfigurator
INFO    [2022-12-06 10:51:45,417] im360.plugins.waf_rules_configurator: Updating AppVersionDetector version cron
INFO    [2022-12-06 10:51:45,419] defence360agent.server: Creating sink im360.plugins.webshield_manager.WebShieldManager
INFO    [2022-12-06 10:51:47,045] defence360agent.api.server: Performed request for url=https://api.imunify360.com/api/ip method=None body=None status=200
INFO    [2022-12-06 10:51:47,046] defence360agent.api.server: Response=b'{"ip":"31.131.20.181","status":"ok"}' ...
INFO    [2022-12-06 10:51:53,054] defence360agent.server: Creating sink im360.plugins.whitelist_current_user.WhitelistCurrentUser
INFO    [2022-12-06 10:51:53,060] defence360agent.server: Creating sink im360.plugins.whitelist_panels_login.WhitelistPanelsLogin
INFO    [2022-12-06 10:51:53,060] defence360agent.server: Creating sink im360.plugins.php_immunity.PhpImmunityPlugin
INFO    [2022-12-06 10:51:53,061] defence360agent.server: Creating sink im360.plugins.malware_ignore_paths.MalwareIgnorePath
INFO    [2022-12-06 10:51:53,093] defence360agent.server: Creating sink defence360agent.plugins.accumulate.Accumulate
INFO    [2022-12-06 10:51:53,095] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.cleanup.Cleanup
INFO    [2022-12-06 10:51:53,096] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.cleanup.StorageController
INFO    [2022-12-06 10:51:53,099] defence360agent.server: Creating sink defence360agent.plugins.config_merger.ConfigMerger
INFO    [2022-12-06 10:51:53,100] defence360agent.server: Creating sink defence360agent.plugins.config_watcher.ConfigWatcher
INFO    [2022-12-06 10:51:53,100] defence360agent.server: Creating sink defence360agent.plugins.event_hook_executor.EventHookExecutor
INFO    [2022-12-06 10:51:53,101] defence360agent.server: Creating sink defence360agent.plugins.event_hooks.EventHooks
INFO    [2022-12-06 10:51:53,101] defence360agent.server: Creating sink defence360agent.plugins.idle_time_out.IdleTimeOutCheck
INFO    [2022-12-06 10:51:53,102] defence360agent.server: Creating sink defence360agent.plugins.lve_utils_install.LveUtilsAutoInstaller
INFO    [2022-12-06 10:51:53,103] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.malware_response.MalwareResponsePlugin
INFO    [2022-12-06 10:51:53,103] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.mrs_suspicious_uploader.SuspiciousToMRSUploader
INFO    [2022-12-06 10:51:53,104] defence360agent.server: Creating sink defence360agent.plugins.ping.SendPing
INFO    [2022-12-06 10:51:53,104] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.scan_queue.QueueSupervisor
INFO    [2022-12-06 10:51:53,105] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.scanner.Scanner
INFO    [2022-12-06 10:51:53,105] defence360agent.server: Creating sink defence360agent.malwarelib.plugins.schedule_watcher.ScheduleWatcher
INFO    [2022-12-06 10:51:53,107] defence360agent.server: Creating source im360.plugins.sensor.webshield.WebshieldSensor
INFO    [2022-12-06 10:51:53,108] defence360agent.server: Creating source im360.plugins.aggregate.Aggregate
INFO    [2022-12-06 10:51:53,109] defence360agent.server: Creating source im360.plugins.aibolit_result_scan.AibolitResultsScan
INFO    [2022-12-06 10:51:53,110] defence360agent.malwarelib.subsys.ainotify: Watching b'/var/imunify360/aibolit/resident/out'
INFO    [2022-12-06 10:51:53,110] defence360agent.server: Creating source im360.plugins.backup_info_sender.BackupInfoSender
INFO    [2022-12-06 10:51:53,111] defence360agent.server: Creating source im360.plugins.captcha_dos_detect.CaptchaDosDetect
INFO    [2022-12-06 10:51:53,111] defence360agent.server: Creating source im360.malwarelib.plugins.cleanup.ResultProcessor
INFO    [2022-12-06 10:51:53,111] defence360agent.server: Creating source im360.plugins.client360.Client360
INFO    [2022-12-06 10:51:53,112] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:51:53,112] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:51:53,112] defence360agent.server: Creating source im360.plugins.config_set.ConfigSet
INFO    [2022-12-06 10:51:53,113] defence360agent.server: Creating source im360.plugins.conflicts.Conflicts
INFO    [2022-12-06 10:51:53,114] defence360agent.server: Creating source im360.plugins.sensor.cphulk.cpHulkSensor
INFO    [2022-12-06 10:51:53,115] im360.plugins.sensor.cphulk: '/usr/local/cpanel/logs/cphulkd.log' won't be monitored: '/usr/local/cpanel/logs' doesn't exist
INFO    [2022-12-06 10:51:53,115] defence360agent.server: Creating source im360.malwarelib.plugins.detached_scan.DetachedScanPlugin
INFO    [2022-12-06 10:51:53,130] defence360agent.server: Creating source im360.plugins.sensor.dos_detector.DOSSensor
INFO    [2022-12-06 10:51:53,131] defence360agent.server: Creating source im360.plugins.sensor.generic.GenericSensor
INFO    [2022-12-06 10:51:53,134] defence360agent.server: Creating source im360.plugins.graylist.ManageGrayList
INFO    [2022-12-06 10:51:53,135] defence360agent.server: Creating source im360.plugins.sensor.ignore_alert_with_whitelisted_ip.IgnoreWhitelistedCSF
INFO    [2022-12-06 10:51:53,135] defence360agent.server: Creating source im360.plugins.inotify.InotifyScan
INFO    [2022-12-06 10:51:53,203] defence360agent.server: Creating source im360.plugins.protector.lfd.LFD
INFO    [2022-12-06 10:51:53,203] defence360agent.server: Creating source im360.plugins.mod_sec_blocker.ModSecBlockBySeverity
INFO    [2022-12-06 10:51:53,204] defence360agent.server: Creating source im360.plugins.sensor.modsec.ModsecSensor
WARNING [2022-12-06 10:51:53,206] im360.plugins.sensor.modsec: <bound method GenericPanelModSecurity.get_audit_log_path of <class 'im360.subsys.panels.generic.panel.GenericPanel'>> failed: Integration config is missing modsec_audit_log field
WARNING [2022-12-06 10:51:53,207] im360.plugins.sensor.modsec: <bound method GenericPanelModSecurity.get_audit_logdir_path of <class 'im360.subsys.panels.generic.panel.GenericPanel'>> failed: Integration config is missing modsec_audit_logdir field
INFO    [2022-12-06 10:51:53,207] defence360agent.server: Creating source im360.plugins.sensor.ossec.JsonAlertReader
INFO    [2022-12-06 10:51:53,218] defence360agent.server: Creating source im360.plugins.ossec_alert.OssecAlert
INFO    [2022-12-06 10:51:53,219] defence360agent.server: Creating source im360.plugins.persistent_storage.PersistentStorage
INFO    [2022-12-06 10:51:53,220] defence360agent.server: Creating source im360.plugins.post_action.PostAction
INFO    [2022-12-06 10:51:53,221] defence360agent.server: Creating source im360.plugins.remote_iplist.RemoteIPListPlugin
WARNING [2022-12-06 10:51:53,223] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 10:51:53,224] defence360agent.server: Creating source im360.plugins.restore_from_backup.RestoreFromBackupPlugin
INFO    [2022-12-06 10:51:53,224] defence360agent.server: Creating source im360.plugins.send_server_config.SendServerConfig
WARNING [2022-12-06 10:51:53,228] defence360agent.subsys.panels.generic.panel: panel_info not found neither in /etc/sysconfig/imunify360/integration.conf nor in /opt/cpvendor/etc/integration.ini.
INFO    [2022-12-06 10:51:53,237] defence360agent.server: Creating source im360.plugins.serverpush_to_synclist.ServerPushToSynclist
INFO    [2022-12-06 10:51:53,238] defence360agent.server: Creating source im360.malwarelib.plugins.store.StoreMalwareHits
INFO    [2022-12-06 10:51:53,239] defence360agent.server: Creating source im360.plugins.strategy_checker.IDSSensor
INFO    [2022-12-06 10:51:53,242] im360.plugins.strategy_checker: Strategy changed: UNKNOWN -> PRIMARY_IDS
INFO    [2022-12-06 10:51:53,243] defence360agent.server: Creating source im360.plugins.protector.synclist.SynclistPlugin
INFO    [2022-12-06 10:51:53,244] defence360agent.server: Creating source defence360agent.plugins.accumulate.Accumulate
INFO    [2022-12-06 10:51:53,244] defence360agent.server: Creating source defence360agent.plugins.check_license.CheckLicense
WARNING [2022-12-06 10:51:53,245] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:51:53,245] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 10:51:53,258] defence360agent.plugins.check_license: Checkin IAID token
INFO    [2022-12-06 10:51:53,259] defence360agent.plugins.check_license: Checking token
INFO    [2022-12-06 10:51:53,269] defence360agent.server: Creating source defence360agent.malwarelib.plugins.cleanup.Cleanup
INFO    [2022-12-06 10:51:53,274] defence360agent.server: Creating source defence360agent.plugins.config_watcher.ConfigWatcher
INFO    [2022-12-06 10:51:53,278] defence360agent.server: Creating source defence360agent.plugins.event_hook_executor.EventHookExecutor
INFO    [2022-12-06 10:51:53,280] defence360agent.server: Creating source defence360agent.feature_management.plugins.watcher.PasswdWatcher
INFO    [2022-12-06 10:51:53,283] defence360agent.malwarelib.subsys.ainotify: Watching b'/etc'
WARNING [2022-12-06 10:51:53,294] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:51:53,295] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 10:51:53,311] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:51:53,311] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 10:51:53,313] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:51:53,313] defence360agent.plugins.check_license: Server is not registered, skipping checkin
WARNING [2022-12-06 10:51:53,317] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:51:53,318] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 10:51:53,320] defence360agent.server: Creating source defence360agent.plugins.files_recurring_update.FilesRecurringUpdateTask
WARNING [2022-12-06 10:51:53,322] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:51:53,323] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
ERROR   [2022-12-06 10:51:53,325] defence360agent.utils: Error executing <bound method SendServerConfig._send_server_config of im360.plugins.send_server_config.SendServerConfig>
Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/utils/__init__.py", line 292, in wrapped
    await fun(*args, **kwargs)
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/plugins/send_server_config.py", line 211, in _send_server_config
    await self._create_server_config_msg())
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/plugins/send_server_config.py", line 56, in _create_server_config_msg
    vendor_name in await hp.enabled_modsec_vendor_list())
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 183, in enabled_modsec_vendor_list
    with open(MODSEC_CONF, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/sysconfig/imunify360/generic/modsec.conf'
INFO    [2022-12-06 10:51:53,344] defence360agent.files: Updating all files
INFO    [2022-12-06 10:51:53,356] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:53,357] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 10:51:53,382] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:53,383] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 10:51:53,386] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:53,387] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 10:51:53,398] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:53,398] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 10:51:53,398] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 10:51:53,399] defence360agent.server: Creating source defence360agent.malwarelib.plugins.malware_response.MalwareResponsePlugin
ERROR   [2022-12-06 10:51:53,399] defence360agent.internals.iaid: something went wrong on activate APIError('request failed, reason: HTTP Error 400: Bad Request', 400) attempt 1
INFO    [2022-12-06 10:51:53,432] defence360agent.server: Creating source defence360agent.plugins.mr_proper.MrProper
INFO    [2022-12-06 10:51:53,435] defence360agent.malwarelib.scan.cleaners.outdated_scans: Cleaned 0 outdated scans
INFO    [2022-12-06 10:51:53,435] defence360agent.server: Creating source defence360agent.malwarelib.plugins.mrs_suspicious_uploader.SuspiciousToMRSUploader
INFO    [2022-12-06 10:51:53,436] defence360agent.server: Creating source defence360agent.feature_management.plugins.native.NativeEventMonitor
INFO    [2022-12-06 10:51:53,437] defence360agent.server: Creating source defence360agent.plugins.ping.SendPing
INFO    [2022-12-06 10:51:53,437] defence360agent.server: Creating source defence360agent.malwarelib.plugins.scan_queue.QueueSupervisor
INFO    [2022-12-06 10:51:53,437] defence360agent.server: Creating source defence360agent.malwarelib.plugins.scanner.Scanner
INFO    [2022-12-06 10:51:53,438] defence360agent.server: Creating source defence360agent.malwarelib.plugins.schedule_watcher.ScheduleWatcher
INFO    [2022-12-06 10:51:53,438] defence360agent.server: Starting RpcServers...
INFO    [2022-12-06 10:51:53,440] defence360agent.server: Message Bus started
INFO    [2022-12-06 10:51:53,594] im360.contracts.plugins: Plugin im360.plugins.sensor.ignore_alert_with_whitelisted_ip.IgnoreWhitelisted is activated
INFO    [2022-12-06 10:51:53,638] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:51:53,645] im360.contracts.plugins: Plugin im360.plugins.sensor.dos_detector.DOSSensor is activated
INFO    [2022-12-06 10:51:53,683] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 08:51:53 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E28338B699FF9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 10:51:53,769] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 10:51:53,770] defence360agent.files: php-immunity files update finished (not updated)
WARNING [2022-12-06 10:51:53,782] defence360agent.internals.cln: CLN.post(url='https://cln.cloudlinux.com/api/im/register', data=b'key=IPL', headers=None): 400 Bad Request
INFO    [2022-12-06 10:51:54,051] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:54,052] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 10:51:54,053] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:54,054] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 10:51:54,056] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:54,057] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 10:51:54,133] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:54,133] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 10:51:54,236] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 10:51:54,237] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 10:51:54,238] defence360agent.plugins.check_license: Failed to register by ip: {"message":"IP license not found for 31.131.20.181","type":"no_ip","success":false,"data":null}
WARNING [2022-12-06 10:51:54,308] im360.subsys.panels.update_hooks: No vendors installed
INFO    [2022-12-06 10:51:54,311] im360.plugins.modsec_ruleset_checker: Installed i360 vendor None does not match expected type of ruleset: FULL
 Trying to reinstall modsec ruleset
ERROR   [2022-12-06 10:51:54,335] im360.plugins.modsec_ruleset_checker: Something went wrong during reinstalling modsec ruleset: Integration config is missing server_type field
INFO    [2022-12-06 10:51:54,402] im360.plugins.webshield_captcha_keys: Reloading Webshield service.
INFO    [2022-12-06 10:51:54,534] im360.plugins.protector.lazy_init: Firewall rules recreated due to StrategyChange PRIMARY_IDS
INFO    [2022-12-06 10:51:54,632] defence360agent.internals.the_sink: ServerConnected({}) processed in 1.1902 seconds
INFO    [2022-12-06 10:51:54,639] defence360agent.internals.the_sink: HookEvent.AgentStarted({'version': '6.7.3-1'}) processed in 1.1960 seconds
WARNING [2022-12-06 10:51:54,651] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:51:54,653] defence360agent.internals.the_sink: StrategyChange({'method': 'STRATEGY_CHANGE', 'strategy': 'PRIMARY_IDS'}) processed in 1.2127 seconds
WARNING [2022-12-06 10:51:54,656] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:51:54,673] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0785 seconds
INFO    [2022-12-06 10:51:54,696] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0}) processed in 0.0573 seconds
INFO    [2022-12-06 10:51:54,714] defence360agent.internals.the_sink: ConfigUpdate({'method': 'CONFIG_UPDATE', 'conf': <defence360agent.contracts.config.SystemConfig object at 0x7f80fa792430>, 'timestamp': 1670316713.2776635}) processed in 1.2720 seconds
WARNING [2022-12-06 10:51:54,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:51:54,737] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0244 seconds
INFO    [2022-12-06 10:51:55,096] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 10:52:06,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.53.169.98', 'timestamp': 1670316726.7089677, 'message': 'Dec  6 10:52:06 hqnl0246134 sshd[101635]: Invalid user aa from 202.53.169.98 port 49846', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 10:52:06,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.53.169.98', 'timestamp': 1670316726.7095106, 'message': 'Dec  6 10:52:06 hqnl0246134 sshd[101635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.53.169.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 10:52:06,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.53.169.98', 'timestamp': 1670316726.711112, 'message': 'Dec  6 10:52:06 hqnl0246134 sshd[101635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.53.169.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 10:52:07,837] defence360agent.simple_rpc: Response: method - ['version'], data - {'result': 'success', 'messages': [], 'data': {'items': '6.7.3-1', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 10:52:07,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:07,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['version'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'version']}) processed in 0.0196 seconds
INFO    [2022-12-06 10:52:10,354] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:52:10,355] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:52:10,355] im360.plugins.client360: Waiting 6 seconds before retry...
INFO    [2022-12-06 10:52:10,986] defence360agent.contracts.config_provider: CachedConfigReader <'/etc/sysconfig/imunify360/imunify360.config.d/90-local.config', modified at 1670316574.731776, 3 bytes> modified: removed={}, added={"WEBSHIELD": {"enable": false}}, changed={}
INFO    [2022-12-06 10:52:11,103] defence360agent.contracts.config_provider: CachedConfigReader <'/etc/sysconfig/imunify360/imunify360-merged.config', modified at 1670316578.2238612, 3745 bytes> modified: removed={}, added={}, changed={"WEBSHIELD": {"+": {}, "-": {}, "?": {"enable": [true, false]}}}
INFO    [2022-12-06 10:52:11,118] defence360agent.simple_rpc: Response: method - ['config', 'update'], data - {'result': 'success', 'messages': [], 'data': {'items': {'ADMIN_CONTACTS': {'emails': [], 'enable_icontact_notifications': True}, 'AUTO_WHITELIST': {'after_unblock_timeout': 1440, 'timeout': 1440}, 'BACKUP_RESTORE': {'cl_backup_allowed': True, 'cl_on_premise_backup_allowed': False, 'max_days_in_backup': 90}, 'BLOCKED_PORTS': {'default_mode': 'allowed'}, 'CAPTCHA': {'cert_refresh_timeout': 3600}, 'CAPTCHA_DOS': {'enabled': True, 'max_count': 100, 'time_frame': 21600, 'timeout': 864000}, 'CSF_INTEGRATION': {'catch_lfd_events': False}, 'DOS': {'default_limit': 250, 'enabled': True, 'interval': 30, 'port_limits': {}}, 'ERROR_REPORTING': {'enable': True}, 'FIREWALL': {'TCP_IN_IPv4': ['20', '21', '22', '25', '53', '80', '110', '443', '465', '587', '993', '995'], 'TCP_OUT_IPv4': ['20', '21', '22', '25', '53', '80', '110', '113', '443', '587', '993', '995'], 'UDP_IN_IPv4': ['20', '21', '53', '443'], 'UDP_OUT_IPv4': ['20', '21', '53', '113', '123'], 'internal_use_remote_iplist': False, 'port_blocking_mode': 'ALLOW'}, 'INCIDENT_LOGGING': {'limit': 100000, 'min_log_level': 4, 'num_days': 100, 'ui_autorefresh_timeout': 10}, 'KERNELCARE': {'edf': False}, 'LOGGER': {'backup_count': 5, 'max_log_file_size': 62914560, 'syscall_monitor': True}, 'MALWARE_CLEANUP': {'keep_original_files_days': 14, 'trim_file_instead_of_removal': True}, 'MALWARE_DATABASE_SCAN': {'enable': False}, 'MALWARE_SCANNING': {'cloud_assisted_scan': True, 'default_action': 'cleanup', 'detect_elf': True, 'enable_scan_cpanel': True, 'enable_scan_inotify': True, 'enable_scan_modsec': True, 'enable_scan_pure_ftpd': True, 'hyperscan': True, 'max_cloudscan_size_to_scan': 10485760, 'max_mrs_upload_file': 10485760, 'max_signature_size_to_scan': 1048576, 'notify_on_detect': False, 'optimize_realtime_scan': True, 'rapid_scan': True, 'rapid_scan_rescan_unchanging_files_frequency': None, 'scan_modified_files': None, 'sends_file_for_analysis': True, 'try_restore_from_backup_first': False}, 'MALWARE_SCAN_INTENSITY': {'cpu': 2, 'io': 2, 'ram': 2048, 'user_scan_cpu': 2, 'user_scan_io': 2, 'user_scan_ram': 1024}, 'MALWARE_SCAN_SCHEDULE': {'day_of_month': 1, 'day_of_week': 0, 'hour': 3, 'interval': 'week'}, 'MOD_SEC': {'app_specific_ruleset': True, 'cms_account_compromise_prevention': False, 'prev_settings': '', 'ruleset': 'FULL'}, 'MOD_SEC_BLOCK_BY_CUSTOM_RULE': {33332: {'check_period': 120, 'max_incidents': 10}, 33339: {'check_period': 120, 'max_incidents': 10}}, 'MOD_SEC_BLOCK_BY_SEVERITY': {'check_period': 120, 'denied_num_limit': 2, 'enable': True, 'max_incidents': 2, 'severity_limit': 2}, 'NETWORK_INTERFACE': {'eth6_device': None, 'eth_device': None, 'eth_device_skip': []}, 'OSSEC': {'active_response': False}, 'PAM': {'enable': True, 'exim_dovecot_native': False, 'exim_dovecot_protection': True, 'ftp_protection': False}, 'PERMISSIONS': {'advisor': True, 'allow_malware_scan': False, 'support_form': True, 'upgrade_button': True, 'user_ignore_list': False, 'user_override_malware_actions': False, 'user_override_proactive_defense': False}, 'PROACTIVE_DEFENCE': {'blamer': True, 'mode': 'KILL', 'php_immunity': True}, 'RESOURCE_MANAGEMENT': {'cpu_limit': 2, 'io_limit': 2, 'ram_limit': 500}, 'SEND_ADDITIONAL_DATA': {'enable': True}, 'SMTP_BLOCKING': {'allow_groups': ['mail'], 'allow_local': False, 'allow_users': [], 'enable': False, 'ports': [25, 587, 465], 'redirect': False}, 'STOP_MANAGING': {'modsec_directives': False}, 'WEBSHIELD': {'captcha_secret_key': '', 'captcha_site_key': '', 'enable': False, 'invisible_captcha': False, 'known_proxies_support': True, 'splash_screen': True}, 'WEB_SERVICES': {'http_ports': [], 'https_ports': []}}, 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 10:52:11,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:11,155] im360.plugins.protector.lazy_init: Webshield status (Webshield.ENABLE, Webshield.SPLASH_SCREEN) changed from (True, True) to (False, True)
WARNING [2022-12-06 10:52:11,205] im360.plugins.protector.lazy_init: Detected redundant ipsets while ensuring ipsets/rules; redundant ipsets: {'i360.ipv6.graysplashlist', 'i360.ipv6.remote_proxy', 'i360.ipv6.graylist', 'i360.ipv6.remote_proxy_static'}
INFO    [2022-12-06 10:52:11,243] im360.plugins.protector.lazy_init: Rules status for ipv6 [rules: ok], [ipset: bad]
INFO    [2022-12-06 10:52:11,243] im360.plugins.protector.lazy_init: Destroying rules for ipv6
INFO    [2022-12-06 10:52:11,266] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['config', 'update'], 'params': {'data': '{"WEBSHIELD": {"enable": false}}'}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'config', 'update', '{"WEBSHIELD": {"enable": false}}']}) processed in 0.3413 seconds
INFO    [2022-12-06 10:52:11,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.53.169.98', 'timestamp': 1670316730.925685, 'message': 'Dec  6 10:52:08 hqnl0246134 sshd[101635]: Failed password for invalid user aa from 202.53.169.98 port 49846 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.3404 seconds
INFO    [2022-12-06 10:52:11,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.53.169.98', 'timestamp': 1670316730.925861, 'message': 'Dec  6 10:52:09 hqnl0246134 sshd[101635]: Disconnected from invalid user aa 202.53.169.98 port 49846 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0796 seconds
INFO    [2022-12-06 10:52:11,588] im360.plugins.protector.lazy_init: Recreating ip sets for ipv6
INFO    [2022-12-06 10:52:12,674] im360.internals.core: IP sets content restored from database
INFO    [2022-12-06 10:52:12,675] im360.internals.core: Fill ipsets took 0.73 second(s)
INFO    [2022-12-06 10:52:12,676] im360.plugins.protector.lazy_init: Recreating firewall rules for ipv6
WARNING [2022-12-06 10:52:12,730] im360.plugins.protector.lazy_init: Detected redundant ipsets while ensuring ipsets/rules; redundant ipsets: {'i360.ipv4.remote_proxy_static', 'i360.ipv4.graysplashlist', 'i360.ipv4.remote_proxy', 'i360.ipv4.graylist'}
INFO    [2022-12-06 10:52:12,757] im360.plugins.protector.lazy_init: Rules status for ipv4 [rules: ok], [ipset: bad]
INFO    [2022-12-06 10:52:12,757] im360.plugins.protector.lazy_init: Destroying rules for ipv4
INFO    [2022-12-06 10:52:12,949] im360.plugins.protector.lazy_init: Recreating ip sets for ipv4
INFO    [2022-12-06 10:52:13,198] defence360agent.api.server: Performed request for url=https://api.imunify360.com/api/ip method=None body=None status=200
INFO    [2022-12-06 10:52:13,199] defence360agent.api.server: Response=b'{"ip":"31.131.20.181","status":"ok"}' ...
INFO    [2022-12-06 10:52:13,918] defence360agent.simple_rpc: Response: method - ['install-vendors'], data - {'result': 'warnings', 'messages': ['Integration config is missing server_type field']}
WARNING [2022-12-06 10:52:13,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:13,940] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['install-vendors'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', '--console-log-level=WARNING', 'install-vendors']}) processed in 0.0199 seconds
INFO    [2022-12-06 10:52:14,396] im360.internals.core: IP sets content restored from database
INFO    [2022-12-06 10:52:14,396] im360.internals.core: Fill ipsets took 1.31 second(s)
INFO    [2022-12-06 10:52:14,397] im360.plugins.protector.lazy_init: Recreating firewall rules for ipv4
INFO    [2022-12-06 10:52:14,422] im360.plugins.protector.lazy_init: Rules and sets successfully recreated for enabled ip versions
INFO    [2022-12-06 10:52:14,423] im360.plugins.protector.lazy_init: Firewall rules recreated due to ConfigUpdate
WARNING [2022-12-06 10:52:14,426] im360.subsys.panels.update_hooks: No vendors installed
INFO    [2022-12-06 10:52:14,426] im360.plugins.modsec_ruleset_checker: Installed i360 vendor None does not match expected type of ruleset: FULL
 Trying to reinstall modsec ruleset
ERROR   [2022-12-06 10:52:14,440] im360.plugins.modsec_ruleset_checker: Something went wrong during reinstalling modsec ruleset: Integration config is missing server_type field
WARNING [2022-12-06 10:52:14,495] defence360agent.subsys.panels.generic.panel: panel_info not found neither in /etc/sysconfig/imunify360/integration.conf nor in /opt/cpvendor/etc/integration.ini.
WARNING [2022-12-06 10:52:14,506] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:52:14,506] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 10:52:14,518] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:52:14,519] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 10:52:14,536] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 10:52:14,537] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
ERROR   [2022-12-06 10:52:14,540] defence360agent.utils: Ignoring exception from SendServerConfig.on_config_update_message: [Errno 2] No such file or directory: '/etc/sysconfig/imunify360/generic/modsec.conf'
Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/utils/__init__.py", line 1234, in wrapper_async
    return await coro(*args, **kwargs)
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/plugins/send_server_config.py", line 179, in on_config_update_message
    await self._send_server_config()
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/plugins/send_server_config.py", line 211, in _send_server_config
    await self._create_server_config_msg())
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/plugins/send_server_config.py", line 56, in _create_server_config_msg
    vendor_name in await hp.enabled_modsec_vendor_list())
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 183, in enabled_modsec_vendor_list
    with open(MODSEC_CONF, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/sysconfig/imunify360/generic/modsec.conf'
INFO    [2022-12-06 10:52:14,603] im360.plugins.webshield_manager: WebShield is not enabled in the config but it is running. Disabling it...
INFO    [2022-12-06 10:52:15,116] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 10:52:16,457] im360.plugins.webshield_manager: Disabled WebShield
INFO    [2022-12-06 10:52:16,470] defence360agent.internals.the_sink: ConfigUpdate({'method': 'CONFIG_UPDATE', 'conf': <defence360agent.contracts.config.SystemConfig object at 0x7f80fa792430>, 'timestamp': 1670316730.9241521, 'event': <asyncio.locks.Event object at 0x7f80f8098ac0 [set]>}) processed in 5.5443 seconds
INFO    [2022-12-06 10:52:17,046] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:52:17,110] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:52:17,111] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:52:17,111] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:52:17,111] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:52:17,112] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:52:17,123] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:52:17,139] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0264 seconds
WARNING [2022-12-06 10:52:17,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:52:17,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:17,168] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0347 seconds
INFO    [2022-12-06 10:52:17,170] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0331 seconds
INFO    [2022-12-06 10:52:18,023] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:52:18,024] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:52:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 10:52:20,535] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:52:20,536] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:52:20,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:20,553] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
WARNING [2022-12-06 10:52:45,186] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:52:45,186] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:52:48,485] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:52:48,485] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:52:48,486] im360.plugins.client360: Waiting 12 seconds before retry...
WARNING [2022-12-06 10:52:53,661] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:52:53,679] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.5666 seconds
INFO    [2022-12-06 10:53:01,172] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:53:01,240] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:53:01,241] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:53:01,241] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:53:01,241] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:53:01,242] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:53:01,260] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:53:01,285] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0420 seconds
WARNING [2022-12-06 10:53:01,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:53:01,300] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:01,329] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0519 seconds
INFO    [2022-12-06 10:53:01,331] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0495 seconds
INFO    [2022-12-06 10:53:10,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.184', 'timestamp': 1670316790.7996402, 'message': 'Dec  6 10:53:10 hqnl0246134 sshd[101975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 10:53:10,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.184', 'timestamp': 1670316790.8000696, 'message': 'Dec  6 10:53:10 hqnl0246134 sshd[101975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.184  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 10:53:12,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.35.184', 'timestamp': 1670316792.8005958, 'message': 'Dec  6 10:53:11 hqnl0246134 sshd[101975]: Failed password for root from 43.153.35.184 port 60026 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 10:53:14,901] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:53:14,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:53:14,920] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:14,941] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0334 seconds
INFO    [2022-12-06 10:53:18,653] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:53:18,654] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:53:18,664] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:18,680] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-06 10:53:21,928] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:53:21,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:53:21,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:21,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-06 10:53:31,368] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:53:31,369] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:53:31,370] im360.plugins.client360: Waiting 24 seconds before retry...
INFO    [2022-12-06 10:53:34,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316814.8267276, 'message': 'Dec  6 10:53:33 hqnl0246134 sshd[102012]: Invalid user giovanni from 125.237.230.154 port 39710', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 10:53:34,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316814.8269696, 'message': 'Dec  6 10:53:33 hqnl0246134 sshd[102012]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.237.230.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 10:53:34,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316814.8270955, 'message': 'Dec  6 10:53:33 hqnl0246134 sshd[102012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.237.230.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 10:53:34,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316814.8275595, 'message': 'Dec  6 10:53:34 hqnl0246134 sshd[102012]: Failed password for invalid user giovanni from 125.237.230.154 port 39710 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 10:53:36,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316816.8281984, 'message': 'Dec  6 10:53:35 hqnl0246134 sshd[102012]: Disconnected from invalid user giovanni 125.237.230.154 port 39710 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 10:53:45,190] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:53:45,190] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:53:46,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316826.837667, 'message': 'Dec  6 10:53:45 hqnl0246134 sshd[102018]: Invalid user ted from 159.65.163.176 port 53824', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 10:53:46,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316826.8448188, 'message': 'Dec  6 10:53:45 hqnl0246134 sshd[102018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.163.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 10:53:46,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316826.8449879, 'message': 'Dec  6 10:53:45 hqnl0246134 sshd[102018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.163.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 10:53:48,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316828.8400934, 'message': 'Dec  6 10:53:47 hqnl0246134 sshd[102018]: Failed password for invalid user ted from 159.65.163.176 port 53824 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 10:53:48,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316828.8404765, 'message': 'Dec  6 10:53:48 hqnl0246134 sshd[102018]: Disconnected from invalid user ted 159.65.163.176 port 53824 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-06 10:53:53,131] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:53,165] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0459 seconds
INFO    [2022-12-06 10:53:55,798] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:53:55,872] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:53:55,872] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:53:55,873] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:53:55,873] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:53:55,873] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:53:55,884] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:53:55,911] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0375 seconds
WARNING [2022-12-06 10:53:55,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:53:55,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:53:55,960] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0578 seconds
INFO    [2022-12-06 10:53:55,962] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0541 seconds
INFO    [2022-12-06 10:54:18,126] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:54:18,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:54:18,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:54:18,148] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 10:54:21,501] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:54:21,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:54:21,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:54:21,550] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0393 seconds
INFO    [2022-12-06 10:54:26,119] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:54:26,120] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:54:26,121] im360.plugins.client360: Waiting 43 seconds before retry...
WARNING [2022-12-06 10:54:45,195] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:54:45,196] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:55:09,387] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:55:09,458] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:55:09,458] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:55:09,459] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:55:09,459] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:55:09,460] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:55:09,482] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:55:09,505] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0437 seconds
WARNING [2022-12-06 10:55:09,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:55:09,514] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:55:09,531] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0316 seconds
INFO    [2022-12-06 10:55:09,532] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0290 seconds
INFO    [2022-12-06 10:55:17,857] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:55:17,857] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:55:17,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:55:17,879] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 10:55:20,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:55:20,362] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:55:20,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:55:20,385] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 10:55:33,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.7.196.67', 'timestamp': 1670316933.0057535, 'message': 'Dec  6 10:55:31 hqnl0246134 sshd[102152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.7.196.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 10:55:33,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.7.196.67', 'timestamp': 1670316933.0060627, 'message': 'Dec  6 10:55:31 hqnl0246134 sshd[102152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.7.196.67  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 10:55:35,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.7.196.67', 'timestamp': 1670316935.0096548, 'message': 'Dec  6 10:55:33 hqnl0246134 sshd[102152]: Failed password for root from 45.7.196.67 port 54506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 10:55:38,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:55:38,023] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:55:38,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:55:38,050] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-06 10:55:40,427] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:55:40,428] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:55:40,429] im360.plugins.client360: Waiting a minute before retry...
WARNING [2022-12-06 10:55:45,198] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:55:45,198] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:55:49,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316949.0261946, 'message': 'Dec  6 10:55:48 hqnl0246134 sshd[102163]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.237.230.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 10:55:49,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316949.0265408, 'message': 'Dec  6 10:55:48 hqnl0246134 sshd[102163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.237.230.154  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 10:55:51,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.237.230.154', 'timestamp': 1670316951.0279248, 'message': 'Dec  6 10:55:50 hqnl0246134 sshd[102163]: Failed password for root from 125.237.230.154 port 38198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 10:55:53,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:55:53,160] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-06 10:56:18,829] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:56:18,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:56:18,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:56:18,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1054 seconds
INFO    [2022-12-06 10:56:21,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316981.0694091, 'message': 'Dec  6 10:56:20 hqnl0246134 sshd[102203]: Invalid user test01 from 159.65.163.176 port 43070', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 10:56:21,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316981.0700207, 'message': 'Dec  6 10:56:20 hqnl0246134 sshd[102203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.163.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 10:56:21,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316981.0702174, 'message': 'Dec  6 10:56:20 hqnl0246134 sshd[102203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.163.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 10:56:21,518] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:56:21,519] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:56:21,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:56:21,538] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 10:56:23,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316983.0698361, 'message': 'Dec  6 10:56:22 hqnl0246134 sshd[102203]: Failed password for invalid user test01 from 159.65.163.176 port 43070 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 10:56:25,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.163.176', 'timestamp': 1670316985.0727527, 'message': 'Dec  6 10:56:23 hqnl0246134 sshd[102203]: Disconnected from invalid user test01 159.65.163.176 port 43070 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 10:56:43,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.53.169.98', 'timestamp': 1670317003.0906954, 'message': 'Dec  6 10:56:41 hqnl0246134 sshd[102212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.53.169.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 10:56:43,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.53.169.98', 'timestamp': 1670317003.0910547, 'message': 'Dec  6 10:56:41 hqnl0246134 sshd[102212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.53.169.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 10:56:45,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.53.169.98', 'timestamp': 1670317005.0930927, 'message': 'Dec  6 10:56:43 hqnl0246134 sshd[102212]: Failed password for root from 202.53.169.98 port 38680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 10:56:45,201] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:56:45,202] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 10:56:53,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:56:53,193] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0585 seconds
INFO    [2022-12-06 10:57:14,372] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:57:14,449] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:57:14,450] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:57:14,450] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:57:14,451] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:57:14,451] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:57:14,476] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:57:14,505] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0523 seconds
WARNING [2022-12-06 10:57:14,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:57:14,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:57:14,550] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0544 seconds
INFO    [2022-12-06 10:57:14,553] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0514 seconds
INFO    [2022-12-06 10:57:18,619] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:57:18,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:57:18,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:57:18,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 10:57:21,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317041.1306248, 'message': 'Dec  6 10:57:20 hqnl0246134 sshd[102286]: Invalid user nvidia from 43.153.35.184 port 59246', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 10:57:21,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317041.1312947, 'message': 'Dec  6 10:57:20 hqnl0246134 sshd[102286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 10:57:21,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317041.1315827, 'message': 'Dec  6 10:57:20 hqnl0246134 sshd[102286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.184 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 10:57:21,407] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:57:21,408] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:57:21,419] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:57:21,436] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-06 10:57:23,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317043.1297662, 'message': 'Dec  6 10:57:22 hqnl0246134 sshd[102286]: Failed password for invalid user nvidia from 43.153.35.184 port 59246 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 10:57:25,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317045.1307476, 'message': 'Dec  6 10:57:23 hqnl0246134 sshd[102286]: Disconnected from invalid user nvidia 43.153.35.184 port 59246 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 10:57:26,028] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:57:26,028] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:57:26,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:57:26,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 10:57:27,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.215.197.15', 'timestamp': 1670317047.1326606, 'message': 'Dec  6 10:57:26 hqnl0246134 sshd[102295]: Invalid user test from 186.215.197.15 port 48219', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 10:57:27,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.215.197.15', 'timestamp': 1670317047.1328468, 'message': 'Dec  6 10:57:26 hqnl0246134 sshd[102295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.215.197.15 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 10:57:27,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.215.197.15', 'timestamp': 1670317047.1330087, 'message': 'Dec  6 10:57:26 hqnl0246134 sshd[102295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.215.197.15 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 10:57:29,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.215.197.15', 'timestamp': 1670317049.1349742, 'message': 'Dec  6 10:57:28 hqnl0246134 sshd[102295]: Failed password for invalid user test from 186.215.197.15 port 48219 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 10:57:35,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.102.114.10', 'timestamp': 1670317055.142947, 'message': 'Dec  6 10:57:34 hqnl0246134 sshd[102308]: Invalid user test from 14.102.114.10 port 41249', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 10:57:35,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.102.114.10', 'timestamp': 1670317055.1432362, 'message': 'Dec  6 10:57:34 hqnl0246134 sshd[102308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.102.114.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 10:57:35,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.102.114.10', 'timestamp': 1670317055.143415, 'message': 'Dec  6 10:57:34 hqnl0246134 sshd[102308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.102.114.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 10:57:37,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.102.114.10', 'timestamp': 1670317057.145233, 'message': 'Dec  6 10:57:36 hqnl0246134 sshd[102308]: Failed password for invalid user test from 14.102.114.10 port 41249 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 10:57:44,992] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 10:57:44,993] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 10:57:44,994] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 10:57:45,203] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:57:45,204] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 10:57:53,153] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:57:53,180] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0413 seconds
INFO    [2022-12-06 10:58:17,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670317097.1941605, 'message': 'Dec  6 10:58:16 hqnl0246134 sshd[102345]: Invalid user ftpuser from 152.89.196.220 port 37430', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 10:58:17,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670317097.1947773, 'message': 'Dec  6 10:58:16 hqnl0246134 sshd[102345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 10:58:17,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670317097.194955, 'message': 'Dec  6 10:58:16 hqnl0246134 sshd[102345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 10:58:18,391] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:58:18,391] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:58:18,402] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:58:18,415] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 10:58:19,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670317099.1946409, 'message': 'Dec  6 10:58:18 hqnl0246134 sshd[102345]: Failed password for invalid user ftpuser from 152.89.196.220 port 37430 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 10:58:19,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670317099.194835, 'message': 'Dec  6 10:58:18 hqnl0246134 sshd[102345]: Disconnected from invalid user ftpuser 152.89.196.220 port 37430 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0747 seconds
INFO    [2022-12-06 10:58:21,155] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:58:21,156] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:58:21,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:58:21,179] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-06 10:58:43,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317123.2212012, 'message': 'Dec  6 10:58:42 hqnl0246134 sshd[102382]: Invalid user leonardo from 45.7.196.67 port 41792', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 10:58:43,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317123.221747, 'message': 'Dec  6 10:58:42 hqnl0246134 sshd[102382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.7.196.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 10:58:43,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317123.221938, 'message': 'Dec  6 10:58:42 hqnl0246134 sshd[102382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.7.196.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 10:58:45,207] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:58:45,207] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:58:47,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317127.2251537, 'message': 'Dec  6 10:58:45 hqnl0246134 sshd[102382]: Failed password for invalid user leonardo from 45.7.196.67 port 41792 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0666 seconds
INFO    [2022-12-06 10:58:47,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317127.2254834, 'message': 'Dec  6 10:58:47 hqnl0246134 sshd[102382]: Disconnected from invalid user leonardo 45.7.196.67 port 41792 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0886 seconds
INFO    [2022-12-06 10:58:50,222] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:58:50,222] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:58:50,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:58:50,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
WARNING [2022-12-06 10:58:53,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:58:53,183] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0412 seconds
INFO    [2022-12-06 10:59:01,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.163.176', 'timestamp': 1670317141.2468948, 'message': 'Dec  6 10:58:59 hqnl0246134 sshd[102411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.163.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 10:59:01,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.163.176', 'timestamp': 1670317141.2473128, 'message': 'Dec  6 10:58:59 hqnl0246134 sshd[102411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.163.176  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 10:59:01,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.163.176', 'timestamp': 1670317141.247568, 'message': 'Dec  6 10:59:01 hqnl0246134 sshd[102411]: Failed password for root from 159.65.163.176 port 60546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 10:59:18,029] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:59:18,030] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:59:18,039] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:59:18,051] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 10:59:21,003] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 10:59:21,004] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 10:59:21,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:59:21,029] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
WARNING [2022-12-06 10:59:45,211] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 10:59:45,212] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 10:59:47,693] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 10:59:47,769] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 10:59:47,770] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 10:59:47,770] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 10:59:47,770] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 10:59:47,771] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 10:59:47,790] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 10:59:47,806] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0346 seconds
WARNING [2022-12-06 10:59:47,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 10:59:47,826] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:59:47,842] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0418 seconds
INFO    [2022-12-06 10:59:47,844] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0401 seconds
WARNING [2022-12-06 10:59:53,153] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 10:59:53,174] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 11:00:13,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317213.34543, 'message': 'Dec  6 11:00:12 hqnl0246134 sshd[102513]: Invalid user guest from 43.153.35.184 port 49818', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 11:00:13,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317213.3460956, 'message': 'Dec  6 11:00:12 hqnl0246134 sshd[102513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 11:00:13,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317213.3463192, 'message': 'Dec  6 11:00:12 hqnl0246134 sshd[102513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.184 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 11:00:15,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317215.3454504, 'message': 'Dec  6 11:00:14 hqnl0246134 sshd[102513]: Failed password for invalid user guest from 43.153.35.184 port 49818 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 11:00:17,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317217.3457022, 'message': 'Dec  6 11:00:15 hqnl0246134 sshd[102513]: Disconnected from invalid user guest 43.153.35.184 port 49818 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 11:00:17,898] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:00:17,899] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:00:17,901] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 11:00:18,356] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:00:18,357] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:00:18,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:00:18,387] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 11:00:18,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:00:18,710] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:00:18,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:00:18,744] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
INFO    [2022-12-06 11:00:21,324] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:00:21,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:00:21,334] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:00:21,347] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-06 11:00:45,216] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:00:45,217] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:00:53,159] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:00:53,184] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-06 11:01:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:01:17,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:01:17,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:01:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 11:01:20,525] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:01:20,525] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:01:20,533] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:01:20,545] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-06 11:01:45,219] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:01:45,220] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:01:53,225] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 11:01:57,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317317.5010345, 'message': 'Dec  6 11:01:56 hqnl0246134 sshd[102626]: Invalid user common from 45.7.196.67 port 57310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 11:01:57,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317317.5016084, 'message': 'Dec  6 11:01:56 hqnl0246134 sshd[102626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.7.196.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 11:01:57,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317317.501769, 'message': 'Dec  6 11:01:56 hqnl0246134 sshd[102626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.7.196.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 11:01:59,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317319.5035243, 'message': 'Dec  6 11:01:58 hqnl0246134 sshd[102626]: Failed password for invalid user common from 45.7.196.67 port 57310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 11:01:59,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.7.196.67', 'timestamp': 1670317319.5037036, 'message': 'Dec  6 11:01:59 hqnl0246134 sshd[102626]: Disconnected from invalid user common 45.7.196.67 port 57310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 11:02:18,085] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:02:18,086] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:02:18,094] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:02:18,106] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 11:02:20,764] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:02:20,766] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:02:20,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:02:20,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
WARNING [2022-12-06 11:02:45,225] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:02:45,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:02:53,177] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:02:53,221] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0627 seconds
INFO    [2022-12-06 11:02:59,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317379.5757546, 'message': 'Dec  6 11:02:57 hqnl0246134 sshd[102680]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 11:02:59,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317379.5763042, 'message': 'Dec  6 11:02:57 hqnl0246134 sshd[102680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.184  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 11:02:59,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.35.184', 'timestamp': 1670317379.5765297, 'message': 'Dec  6 11:02:59 hqnl0246134 sshd[102680]: Failed password for root from 43.153.35.184 port 40372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 11:03:02,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:03:02,742] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:03:02,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:03:02,762] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 11:03:18,237] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:03:18,238] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:03:18,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:03:18,267] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
INFO    [2022-12-06 11:03:20,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:03:20,826] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:03:20,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:03:20,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
WARNING [2022-12-06 11:03:45,230] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:03:45,233] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:03:53,171] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:03:53,197] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-06 11:04:17,966] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:04:17,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:04:17,976] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:04:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 11:04:20,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:04:20,679] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:04:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:04:20,759] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0772 seconds
WARNING [2022-12-06 11:04:45,235] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:04:45,236] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:05:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:05:17,966] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:05:17,986] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:05:17,999] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-06 11:05:20,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:05:20,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:05:20,775] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:05:20,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 11:05:45,239] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:05:45,240] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:06:18,522] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:06:18,524] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:06:18,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:06:18,583] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0503 seconds
INFO    [2022-12-06 11:06:21,575] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:06:21,576] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:06:21,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:06:21,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
WARNING [2022-12-06 11:06:45,243] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:06:45,245] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:07:18,130] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:07:18,132] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:07:18,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:07:18,168] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0353 seconds
INFO    [2022-12-06 11:07:20,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:07:20,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:07:20,870] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:07:20,889] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
INFO    [2022-12-06 11:07:21,236] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:07:21,303] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:07:21,304] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:07:21,304] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:07:21,304] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:07:21,305] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:07:21,324] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:07:21,341] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0353 seconds
WARNING [2022-12-06 11:07:21,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:07:21,351] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:07:21,368] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0329 seconds
INFO    [2022-12-06 11:07:21,369] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0310 seconds
WARNING [2022-12-06 11:07:45,247] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:07:45,248] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:07:51,885] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:51,887] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 11:07:51,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5901, 'attackers_ip': None, 'timestamp': 1670317671.9260128, 'message': 'Dec  6 11:07:51 hqnl0246134 groupadd[103328]: new group: name=postfix, GID=117', 'severity': 3, 'name': 'New group added to the system', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 11:07:51,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5902, 'attackers_ip': None, 'timestamp': 1670317671.9265058, 'message': 'Dec  6 11:07:51 hqnl0246134 useradd[103338]: new user: name=postfix, UID=112, GID=117, home=/var/spool/postfix, shell=/usr/sbin/nologin, from=none', 'severity': 3, 'name': 'New user added to the system', 'tag': []}) processed in 0.0339 seconds
WARNING [2022-12-06 11:07:52,909] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:52,909] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 11:07:53,923] defence360agent.internals.the_sink: UnreportableLocalIncidentList(<2 item(s)>) processed in 0.0886 seconds
INFO    [2022-12-06 11:07:54,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5901, 'attackers_ip': None, 'timestamp': 1670317673.9384983, 'message': 'Dec  6 11:07:52 hqnl0246134 groupadd[103401]: new group: name=postdrop, GID=118', 'severity': 3, 'name': 'New group added to the system', 'tag': []}) processed in 0.0745 seconds
WARNING [2022-12-06 11:07:54,853] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:54,854] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 11:07:56,344] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:56,345] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 11:07:57,364] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:57,365] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 11:07:57,368] defence360agent.feature_management.plugins.watcher: Feature management permissions updated
WARNING [2022-12-06 11:07:57,549] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:57,550] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 11:07:59,639] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:07:59,640] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:07:59,641] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 11:07:59,948] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:07:59,949] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 11:08:01,337] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:08:01,340] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 11:08:02,373] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:08:02,373] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
WARNING [2022-12-06 11:08:04,749] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-06 11:08:04,750] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-06 11:08:05,322] defence360agent.feature_management.plugins.watcher: Feature management permissions updated
INFO    [2022-12-06 11:08:17,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:08:17,883] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:08:17,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:08:17,905] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 11:08:20,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:08:20,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:08:20,470] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:08:20,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-06 11:08:45,255] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:08:45,257] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:08:53,864] defence360agent.internals.the_sink: UnreportableLocalIncidentList(<1 item(s)>) processed in 0.0270 seconds
INFO    [2022-12-06 11:09:18,465] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:09:18,466] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:09:18,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:09:18,497] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0302 seconds
INFO    [2022-12-06 11:09:21,189] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:09:21,190] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:09:21,197] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:09:21,208] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 11:09:45,260] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:09:45,261] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:10:18,353] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:10:18,354] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:10:18,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:10:18,387] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 11:10:21,412] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:10:21,412] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:10:21,420] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:10:21,434] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-06 11:10:45,264] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:10:45,265] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:11:18,171] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:11:18,172] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:11:18,189] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:11:18,208] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
INFO    [2022-12-06 11:11:20,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:11:20,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:11:20,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:11:20,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-06 11:11:45,270] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:11:45,272] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:11:53,228] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 11:12:18,021] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:12:18,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:12:18,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:12:18,047] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
INFO    [2022-12-06 11:12:20,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:12:20,979] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:12:21,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:12:21,033] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0523 seconds
WARNING [2022-12-06 11:12:45,275] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:12:45,276] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:13:03,022] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 11:13:03,038] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:13:03,053] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0294 seconds
INFO    [2022-12-06 11:13:18,622] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:13:18,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:13:18,630] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:13:18,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 11:13:21,837] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:13:21,837] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:13:21,844] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:13:21,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-06 11:13:45,279] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:13:45,280] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:14:18,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:14:18,212] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:14:18,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:14:18,238] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 11:14:21,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:14:21,212] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:14:21,220] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:14:21,232] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 11:14:45,283] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:14:45,284] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:14:57,733] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:14:57,805] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:14:57,805] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:14:57,805] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:14:57,806] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:14:57,806] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:14:57,819] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:14:57,836] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-06 11:14:57,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:14:57,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:14:57,861] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0313 seconds
INFO    [2022-12-06 11:14:57,862] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0288 seconds
INFO    [2022-12-06 11:15:17,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:15:17,871] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:15:17,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:15:17,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 11:15:20,416] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:15:20,416] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:15:20,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:15:20,438] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 11:15:27,937] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:15:27,938] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:15:27,939] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 11:15:45,287] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:15:45,289] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:16:04,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318164.5395913, 'message': 'Dec  6 11:16:03 hqnl0246134 sshd[120013]: Invalid user RPM from 45.93.201.82 port 59100', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 11:16:04,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318164.5403059, 'message': 'Dec  6 11:16:03 hqnl0246134 sshd[120013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 11:16:04,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318164.5405178, 'message': 'Dec  6 11:16:03 hqnl0246134 sshd[120013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 11:16:06,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318166.5421278, 'message': 'Dec  6 11:16:05 hqnl0246134 sshd[120013]: Failed password for invalid user RPM from 45.93.201.82 port 59100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 11:16:12,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318172.5519571, 'message': 'Dec  6 11:16:10 hqnl0246134 sshd[120013]: Disconnecting invalid user RPM 45.93.201.82 port 59100: Change of username or service not allowed: (RPM,ssh-connection) -> (ubuntu,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 11:16:14,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318174.5548272, 'message': 'Dec  6 11:16:13 hqnl0246134 sshd[120018]: Invalid user ubuntu from 45.93.201.82 port 40402', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 11:16:14,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318174.5550563, 'message': 'Dec  6 11:16:13 hqnl0246134 sshd[120018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 11:16:14,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318174.555169, 'message': 'Dec  6 11:16:13 hqnl0246134 sshd[120018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 11:16:16,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318176.5617974, 'message': 'Dec  6 11:16:15 hqnl0246134 sshd[120018]: Failed password for invalid user ubuntu from 45.93.201.82 port 40402 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 11:16:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:16:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:16:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:16:17,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-06 11:16:20,574] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:16:20,575] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:16:20,594] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:16:20,625] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0490 seconds
INFO    [2022-12-06 11:16:20,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318180.5775692, 'message': 'Dec  6 11:16:19 hqnl0246134 sshd[120018]: Disconnecting invalid user ubuntu 45.93.201.82 port 40402: Change of username or service not allowed: (ubuntu,ssh-connection) -> (tomcat,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 11:16:24,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318184.5817683, 'message': 'Dec  6 11:16:22 hqnl0246134 sshd[120028]: Invalid user tomcat from 45.93.201.82 port 40418', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 11:16:24,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318184.5823512, 'message': 'Dec  6 11:16:22 hqnl0246134 sshd[120028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 11:16:24,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318184.582621, 'message': 'Dec  6 11:16:22 hqnl0246134 sshd[120028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 11:16:26,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670318186.5824094, 'message': 'Dec  6 11:16:25 hqnl0246134 sshd[120028]: Failed password for invalid user tomcat from 45.93.201.82 port 40418 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-06 11:16:45,293] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:16:45,295] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:16:53,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:16:53,888] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0351 seconds
INFO    [2022-12-06 11:17:17,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:17:17,849] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:17:17,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:17:17,872] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 11:17:20,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:17:20,494] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:17:20,503] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:17:20,517] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
WARNING [2022-12-06 11:17:45,300] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:17:45,302] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:18:20,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:18:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:18:20,592] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:18:20,606] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 11:18:23,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:18:23,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:18:23,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:18:23,905] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0397 seconds
WARNING [2022-12-06 11:18:45,305] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:18:45,307] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:18:50,961] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:18:51,031] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:18:51,032] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:18:51,032] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:18:51,032] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:18:51,033] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:18:51,051] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:18:51,070] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0352 seconds
WARNING [2022-12-06 11:18:51,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:18:51,081] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:18:51,097] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0330 seconds
INFO    [2022-12-06 11:18:51,098] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0307 seconds
INFO    [2022-12-06 11:19:17,841] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:19:17,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:19:17,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:19:17,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 11:19:20,399] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:19:20,400] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:19:20,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:19:20,418] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 11:19:21,163] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:19:21,164] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:19:21,165] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-06 11:19:45,311] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:19:45,314] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:20:18,478] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:20:18,478] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:20:18,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:20:18,500] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 11:20:22,312] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:20:22,313] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:20:22,324] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:20:22,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
WARNING [2022-12-06 11:20:45,317] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:20:45,319] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:21:18,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:21:18,102] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:21:18,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:21:18,129] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-06 11:21:21,253] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:21:21,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:21:21,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:21:21,284] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
WARNING [2022-12-06 11:21:45,321] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:21:45,322] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:21:53,231] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 11:21:54,239] defence360agent.files: Updating all files
INFO    [2022-12-06 11:21:54,583] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:54,584] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 11:21:54,882] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:54,883] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 11:21:55,203] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:55,203] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 11:21:55,550] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:55,551] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 11:21:55,551] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 11:21:55,816] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 09:21:55 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E29D72305F6EB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 11:21:55,818] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 11:21:55,819] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 11:21:56,525] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:56,526] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 11:21:56,790] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:56,790] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 11:21:57,114] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:57,114] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 11:21:57,511] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:57,511] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 11:21:57,992] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 11:21:57,994] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 11:22:19,430] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:22:19,431] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:22:19,442] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:22:19,459] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
INFO    [2022-12-06 11:22:22,868] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:22:22,868] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:22:22,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:22:22,914] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0413 seconds
INFO    [2022-12-06 11:22:43,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318563.0367982, 'message': 'Dec  6 11:22:41 hqnl0246134 sshd[207626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.245.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 11:22:43,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318563.0373147, 'message': 'Dec  6 11:22:41 hqnl0246134 sshd[207626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.245.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 11:22:45,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318565.0351985, 'message': 'Dec  6 11:22:43 hqnl0246134 sshd[207626]: Failed password for root from 178.128.245.192 port 44396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-06 11:22:45,324] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:22:45,325] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:22:49,049] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:22:49,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:22:49,062] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:22:49,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0497 seconds
WARNING [2022-12-06 11:22:53,869] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:22:53,921] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0605 seconds
INFO    [2022-12-06 11:23:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:23:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:23:17,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:23:17,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0416 seconds
INFO    [2022-12-06 11:23:20,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:23:20,539] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:23:20,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:23:20,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-06 11:23:45,328] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:23:45,330] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:24:17,880] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:24:17,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:24:17,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:24:17,907] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-06 11:24:20,474] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:24:20,475] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:24:20,485] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:24:20,502] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
WARNING [2022-12-06 11:24:45,333] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:24:45,334] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:24:49,389] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:24:49,463] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:24:49,464] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:24:49,464] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:24:49,464] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:24:49,465] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:24:49,477] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:24:49,497] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0320 seconds
WARNING [2022-12-06 11:24:49,505] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:24:49,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:24:49,524] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0327 seconds
INFO    [2022-12-06 11:24:49,526] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0306 seconds
INFO    [2022-12-06 11:25:18,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:25:18,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:25:18,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:25:18,946] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0399 seconds
INFO    [2022-12-06 11:25:21,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:25:21,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:25:21,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:25:21,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 11:25:28,968] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:25:28,969] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:25:28,970] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 11:25:45,338] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:25:45,339] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:26:13,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318773.2350464, 'message': 'Dec  6 11:26:11 hqnl0246134 sshd[207831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.245.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 11:26:13,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318773.2365093, 'message': 'Dec  6 11:26:11 hqnl0246134 sshd[207831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.245.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 11:26:15,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.245.192', 'timestamp': 1670318775.2340977, 'message': 'Dec  6 11:26:14 hqnl0246134 sshd[207831]: Failed password for root from 178.128.245.192 port 34468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 11:26:18,072] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:26:18,073] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:26:18,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:26:18,115] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0335 seconds
INFO    [2022-12-06 11:26:20,736] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:26:20,736] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:26:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:26:20,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 11:26:45,342] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:26:45,344] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:26:53,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:26:53,928] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0585 seconds
INFO    [2022-12-06 11:27:17,958] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:27:17,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:27:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:27:17,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 11:27:20,842] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:27:20,843] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:27:20,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:27:20,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
WARNING [2022-12-06 11:27:45,349] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:27:45,352] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:28:17,959] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:28:17,960] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:28:17,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:28:17,997] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0362 seconds
INFO    [2022-12-06 11:28:20,803] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:28:20,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:28:20,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:28:20,821] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 11:28:45,355] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:28:45,357] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:28:55,420] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:28:55,493] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:28:55,494] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:28:55,494] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:28:55,494] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:28:55,495] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:28:55,520] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:28:55,540] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0431 seconds
WARNING [2022-12-06 11:28:55,548] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:28:55,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:28:55,568] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0339 seconds
INFO    [2022-12-06 11:28:55,569] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0314 seconds
INFO    [2022-12-06 11:29:18,656] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:29:18,657] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:29:18,668] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:29:18,682] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
INFO    [2022-12-06 11:29:21,198] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:29:21,199] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:29:21,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:29:21,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 11:29:25,620] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:29:25,621] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:29:25,622] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 11:29:45,360] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:29:45,361] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:30:17,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:30:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:30:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:30:17,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 11:30:20,732] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:30:20,741] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:30:20,751] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:30:20,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
WARNING [2022-12-06 11:30:45,366] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:30:45,367] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:31:18,130] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:31:18,131] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:31:18,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:31:18,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 11:31:20,748] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:31:20,749] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:31:20,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:31:20,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 11:31:45,371] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:31:45,373] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:31:53,234] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 11:32:14,025] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:32:14,095] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:32:14,096] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:32:14,096] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:32:14,096] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:32:14,097] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:32:14,118] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:32:14,139] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0404 seconds
WARNING [2022-12-06 11:32:14,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:32:14,148] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:32:14,166] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0339 seconds
INFO    [2022-12-06 11:32:14,167] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0315 seconds
INFO    [2022-12-06 11:32:18,073] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:32:18,074] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:32:18,086] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:32:18,107] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 11:32:20,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:32:20,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:32:20,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:32:21,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
WARNING [2022-12-06 11:32:45,377] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:32:45,379] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:32:47,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670319167.729652, 'message': 'Dec  6 11:32:47 hqnl0246134 sshd[208191]: Invalid user admin from 152.89.196.123 port 18336', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 11:32:49,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670319169.7312925, 'message': 'Dec  6 11:32:47 hqnl0246134 sshd[208191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 11:32:49,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670319169.7315576, 'message': 'Dec  6 11:32:47 hqnl0246134 sshd[208191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 11:32:51,161] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:32:51,162] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:32:51,163] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 11:32:51,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670319171.7332466, 'message': 'Dec  6 11:32:49 hqnl0246134 sshd[208191]: Failed password for invalid user admin from 152.89.196.123 port 18336 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 11:32:51,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670319171.7335055, 'message': 'Dec  6 11:32:51 hqnl0246134 sshd[208191]: Disconnected from invalid user admin 152.89.196.123 port 18336 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 11:32:53,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:32:53,912] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0304 seconds
INFO    [2022-12-06 11:32:54,227] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:32:54,227] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:32:54,235] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:32:54,250] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 11:33:18,435] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:33:18,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:33:18,451] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:33:18,472] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-06 11:33:21,071] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:33:21,072] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:33:21,079] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:33:21,092] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 11:33:45,382] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:33:45,384] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:34:17,786] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:34:17,787] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:34:17,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:34:17,811] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 11:34:20,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:34:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:34:20,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:34:20,499] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 11:34:25,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 10100, 'attackers_ip': '212.58.119.251', 'timestamp': 1670319265.8906777, 'message': 'Dec  6 11:34:25 hqnl0246134 sshd[208291]: Accepted password for supportwwwuser from 212.58.119.251 port 8172 ssh2', 'severity': 4, 'name': 'First time user logged in.', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-06 11:34:45,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:34:45,390] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:34:53,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:34:53,917] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0305 seconds
INFO    [2022-12-06 11:35:17,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:35:17,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:35:17,961] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:35:17,973] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 11:35:20,542] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:35:20,542] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:35:20,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:35:20,561] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-06 11:35:45,394] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:35:45,396] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:36:17,920] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:36:17,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:36:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:36:17,945] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 11:36:20,635] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:36:20,635] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:36:20,642] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:36:20,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 11:36:45,410] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:36:45,411] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:37:17,935] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:37:17,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:37:17,946] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:37:17,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 11:37:20,703] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:37:20,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:37:20,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:37:20,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 11:37:45,414] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:37:45,415] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:38:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:38:17,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:38:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:38:17,877] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-06 11:38:20,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:38:20,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:38:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:38:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
WARNING [2022-12-06 11:38:45,418] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:38:45,419] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:39:17,876] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:39:17,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:39:17,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:39:17,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 11:39:20,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:39:20,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:39:20,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:39:20,664] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 11:39:33,331] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:39:33,397] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:39:33,398] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:39:33,398] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:39:33,398] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:39:33,399] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:39:33,410] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:39:33,432] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0323 seconds
WARNING [2022-12-06 11:39:33,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:39:33,444] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:39:33,468] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0428 seconds
INFO    [2022-12-06 11:39:33,470] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0406 seconds
WARNING [2022-12-06 11:39:45,421] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:39:45,422] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:40:03,528] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:40:03,530] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:40:03,533] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 11:40:18,088] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:40:18,089] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:40:18,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:40:18,115] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-06 11:40:20,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:40:20,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:40:20,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:40:20,837] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-06 11:40:45,426] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:40:45,428] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:40:50,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.119.111.155', 'timestamp': 1670319650.5083477, 'message': 'Dec  6 11:40:48 hqnl0246134 sshd[208836]: Invalid user richard from 42.119.111.155 port 34834', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 11:40:50,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.119.111.155', 'timestamp': 1670319650.509171, 'message': 'Dec  6 11:40:48 hqnl0246134 sshd[208836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.119.111.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 11:40:50,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.119.111.155', 'timestamp': 1670319650.5094516, 'message': 'Dec  6 11:40:48 hqnl0246134 sshd[208836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.119.111.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 11:40:52,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.119.111.155', 'timestamp': 1670319652.509792, 'message': 'Dec  6 11:40:50 hqnl0246134 sshd[208836]: Failed password for invalid user richard from 42.119.111.155 port 34834 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-06 11:40:53,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:40:53,943] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-06 11:40:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.119.111.155', 'timestamp': 1670319654.5102882, 'message': 'Dec  6 11:40:52 hqnl0246134 sshd[208836]: Disconnected from invalid user richard 42.119.111.155 port 34834 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 11:41:17,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:41:17,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:41:17,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:41:17,951] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 11:41:20,582] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:41:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:41:20,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:41:20,600] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-06 11:41:45,433] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:41:45,435] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:41:53,237] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 11:41:53,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:41:53,959] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0509 seconds
INFO    [2022-12-06 11:42:18,118] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:42:18,119] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:42:18,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:42:18,160] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0386 seconds
INFO    [2022-12-06 11:42:21,121] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:42:21,122] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:42:21,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:42:21,163] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0401 seconds
INFO    [2022-12-06 11:42:40,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.10.13', 'timestamp': 1670319760.667328, 'message': 'Dec  6 11:42:39 hqnl0246134 sshd[208940]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.10.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 11:42:40,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.10.13', 'timestamp': 1670319760.6676667, 'message': 'Dec  6 11:42:39 hqnl0246134 sshd[208940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.10.13  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 11:42:42,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.10.13', 'timestamp': 1670319762.6693912, 'message': 'Dec  6 11:42:41 hqnl0246134 sshd[208940]: Failed password for root from 51.250.10.13 port 33462 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 11:42:45,438] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:42:45,439] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:42:45,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:42:45,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:42:45,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:42:45,634] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
WARNING [2022-12-06 11:42:53,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:42:53,951] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-06 11:43:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:43:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:43:18,003] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:43:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-06 11:43:20,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:43:20,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:43:20,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:43:20,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-06 11:43:45,442] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:43:45,443] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:44:17,829] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:44:17,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:44:17,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:44:17,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-06 11:44:20,654] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:44:20,655] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:44:20,662] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:44:20,674] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 11:44:28,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670319868.771837, 'message': 'Dec  6 11:44:27 hqnl0246134 sshd[209033]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 11:44:28,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670319868.772153, 'message': 'Dec  6 11:44:27 hqnl0246134 sshd[209033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 11:44:28,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.236.228.138', 'timestamp': 1670319868.7723932, 'message': 'Dec  6 11:44:28 hqnl0246134 sshd[209033]: Failed password for root from 185.236.228.138 port 55962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 11:44:38,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.252.180.65', 'timestamp': 1670319878.7810524, 'message': 'Dec  6 11:44:37 hqnl0246134 sshd[209046]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.252.180.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 11:44:38,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.252.180.65', 'timestamp': 1670319878.7813613, 'message': 'Dec  6 11:44:37 hqnl0246134 sshd[209046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.252.180.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 11:44:40,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.252.180.65', 'timestamp': 1670319880.7822087, 'message': 'Dec  6 11:44:39 hqnl0246134 sshd[209046]: Failed password for root from 192.252.180.65 port 45098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-06 11:44:45,446] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:44:45,447] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:44:53,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:44:53,942] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0281 seconds
INFO    [2022-12-06 11:45:17,862] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:45:17,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:45:17,873] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:45:17,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 11:45:20,572] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:45:20,572] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:45:20,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:45:20,591] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-06 11:45:45,449] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:45:45,450] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:46:02,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670319962.8701978, 'message': 'Dec  6 11:46:02 hqnl0246134 sshd[209133]: Accepted password for supportwwwuser from 212.58.119.251 port 10902 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 11:46:17,992] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:46:17,993] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:46:18,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:46:18,016] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 11:46:20,713] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:46:20,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:46:20,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:46:20,742] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0274 seconds
WARNING [2022-12-06 11:46:45,458] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:46:45,460] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:46:53,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:46:53,951] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0320 seconds
INFO    [2022-12-06 11:46:56,190] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:46:56,255] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:46:56,256] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:46:56,256] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:46:56,256] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:46:56,257] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:46:56,267] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:46:56,283] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0259 seconds
WARNING [2022-12-06 11:46:56,290] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:46:56,293] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:46:56,313] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0357 seconds
INFO    [2022-12-06 11:46:56,315] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0337 seconds
INFO    [2022-12-06 11:47:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:47:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:47:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:47:17,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 11:47:20,510] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:47:20,510] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:47:20,518] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:47:20,530] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 11:47:26,385] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:47:26,386] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:47:26,387] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 11:47:45,463] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:47:45,464] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:47:51,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320071.039641, 'message': 'Dec  6 11:47:49 hqnl0246134 sshd[209294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.27.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 11:47:51,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320071.0402002, 'message': 'Dec  6 11:47:49 hqnl0246134 sshd[209294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 11:47:53,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320073.0409093, 'message': 'Dec  6 11:47:51 hqnl0246134 sshd[209294]: Failed password for root from 14.161.27.163 port 39966 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 11:47:53,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:47:53,948] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0270 seconds
INFO    [2022-12-06 11:47:55,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:47:55,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:47:55,910] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:47:55,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 11:48:17,895] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:48:17,896] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:48:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:48:17,958] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0518 seconds
INFO    [2022-12-06 11:48:20,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:48:20,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:48:20,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:48:20,747] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0348 seconds
WARNING [2022-12-06 11:48:45,467] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:48:45,468] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:49:18,318] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:49:18,319] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:49:18,328] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:49:18,341] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 11:49:21,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:49:21,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:49:21,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:49:21,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-06 11:49:45,473] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:49:45,475] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:50:18,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:50:18,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:50:18,017] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:50:18,032] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-06 11:50:20,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:50:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:50:20,621] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:50:20,632] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 11:50:45,478] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:50:45,479] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:51:05,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320265.2611418, 'message': 'Dec  6 11:51:04 hqnl0246134 sshd[209523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-06 11:51:05,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320265.2623556, 'message': 'Dec  6 11:51:04 hqnl0246134 sshd[209524]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.119.111.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0630 seconds
INFO    [2022-12-06 11:51:05,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320265.2620726, 'message': 'Dec  6 11:51:04 hqnl0246134 sshd[209523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 11:51:05,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320265.262589, 'message': 'Dec  6 11:51:04 hqnl0246134 sshd[209524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.119.111.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 11:51:07,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320267.261341, 'message': 'Dec  6 11:51:06 hqnl0246134 sshd[209523]: Failed password for root from 190.128.169.130 port 36278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-06 11:51:07,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320267.271609, 'message': 'Dec  6 11:51:06 hqnl0246134 sshd[209524]: Failed password for root from 42.119.111.155 port 36688 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 11:51:18,000] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:51:18,001] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:51:18,010] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:51:18,023] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 11:51:20,600] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:51:20,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:51:20,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:51:20,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 11:51:40,052] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 11:51:40,054] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 11:51:40,968] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-06 11:51:45,482] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:51:45,483] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:51:50,671] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:51:50,745] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:51:50,745] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:51:50,746] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:51:50,746] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:51:50,746] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:51:50,759] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:51:50,787] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0397 seconds
WARNING [2022-12-06 11:51:50,794] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:51:50,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:51:50,824] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0484 seconds
INFO    [2022-12-06 11:51:50,826] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0439 seconds
WARNING [2022-12-06 11:51:53,240] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 11:51:53,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:51:53,957] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0283 seconds
INFO    [2022-12-06 11:51:58,003] defence360agent.files: Updating all files
INFO    [2022-12-06 11:51:58,290] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 11:51:58,291] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 11:51:58,573] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 11:51:58,574] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 11:51:58,906] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 11:51:58,907] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 11:51:59,233] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 11:51:59,234] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 11:51:59,234] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 11:51:59,494] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 09:51:59 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2B7B16A46FCB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 11:51:59,497] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 11:51:59,497] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 11:52:00,109] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 11:52:00,109] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 11:52:00,423] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 11:52:00,424] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 11:52:00,683] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 11:52:00,683] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 11:52:01,020] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 11:52:01,021] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 11:52:01,411] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 11:52:01,412] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 11:52:18,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:52:18,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:52:18,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:52:18,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-06 11:52:20,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:52:20,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:52:20,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:52:20,809] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 11:52:20,882] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:52:20,883] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:52:20,884] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-06 11:52:45,486] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:52:45,488] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:53:18,118] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:53:18,121] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:53:18,141] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:53:18,169] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0454 seconds
INFO    [2022-12-06 11:53:20,683] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:53:20,684] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:53:20,692] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:53:20,705] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 11:53:43,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320423.4348521, 'message': 'Dec  6 11:53:42 hqnl0246134 sshd[209710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.119.111.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 11:53:43,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320423.4353197, 'message': 'Dec  6 11:53:42 hqnl0246134 sshd[209710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.119.111.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 11:53:45,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320425.4390297, 'message': 'Dec  6 11:53:44 hqnl0246134 sshd[209710]: Failed password for root from 42.119.111.155 port 47218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 11:53:45,491] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:53:45,492] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:53:48,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:53:48,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:53:48,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:53:48,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 11:53:54,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:53:54,487] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.5558 seconds
INFO    [2022-12-06 11:54:17,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:54:17,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:54:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:54:17,898] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 11:54:20,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:54:20,501] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:54:20,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:54:20,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 11:54:45,494] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:54:45,495] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:54:49,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.246.130.69', 'timestamp': 1670320489.5230722, 'message': 'Dec  6 11:54:49 hqnl0246134 sshd[209775]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.246.130.69 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 11:54:49,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.246.130.69', 'timestamp': 1670320489.5235293, 'message': 'Dec  6 11:54:49 hqnl0246134 sshd[209775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.69  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 11:54:51,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.246.130.69', 'timestamp': 1670320491.5215309, 'message': 'Dec  6 11:54:51 hqnl0246134 sshd[209775]: Failed password for root from 185.246.130.69 port 56954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0764 seconds
WARNING [2022-12-06 11:54:53,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:54:53,980] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0466 seconds
INFO    [2022-12-06 11:55:13,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320513.55575, 'message': 'Dec  6 11:55:12 hqnl0246134 sshd[209814]: Invalid user joao from 14.161.27.163 port 65008', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 11:55:13,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320513.5569465, 'message': 'Dec  6 11:55:12 hqnl0246134 sshd[209814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.27.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 11:55:13,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320513.5571592, 'message': 'Dec  6 11:55:12 hqnl0246134 sshd[209814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 11:55:15,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320515.5559475, 'message': 'Dec  6 11:55:14 hqnl0246134 sshd[209812]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.252.180.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 11:55:15,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320515.5563412, 'message': 'Dec  6 11:55:14 hqnl0246134 sshd[209814]: Failed password for invalid user joao from 14.161.27.163 port 65008 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 11:55:15,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320515.5561705, 'message': 'Dec  6 11:55:14 hqnl0246134 sshd[209812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.252.180.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 11:55:17,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320517.5575418, 'message': 'Dec  6 11:55:16 hqnl0246134 sshd[209814]: Disconnected from invalid user joao 14.161.27.163 port 65008 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 11:55:17,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320517.5577419, 'message': 'Dec  6 11:55:16 hqnl0246134 sshd[209812]: Failed password for root from 192.252.180.65 port 43306 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 11:55:17,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:55:17,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:55:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:55:17,962] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-06 11:55:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:55:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:55:20,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:55:20,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 11:55:45,498] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:55:45,499] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:55:45,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320545.6104662, 'message': 'Dec  6 11:55:44 hqnl0246134 sshd[209852]: Invalid user hive from 51.250.10.13 port 41920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 11:55:45,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320545.6108327, 'message': 'Dec  6 11:55:45 hqnl0246134 sshd[209852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.10.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 11:55:45,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320545.6110268, 'message': 'Dec  6 11:55:45 hqnl0246134 sshd[209852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.10.13 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 11:55:47,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320547.611775, 'message': 'Dec  6 11:55:46 hqnl0246134 sshd[209852]: Failed password for invalid user hive from 51.250.10.13 port 41920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1259 seconds
INFO    [2022-12-06 11:55:47,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320547.6121428, 'message': 'Dec  6 11:55:47 hqnl0246134 sshd[209852]: Disconnected from invalid user hive 51.250.10.13 port 41920 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1274 seconds
WARNING [2022-12-06 11:55:53,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:55:53,986] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0488 seconds
INFO    [2022-12-06 11:56:18,887] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:56:18,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:56:18,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:56:18,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-06 11:56:21,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:56:21,660] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:56:21,667] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:56:21,682] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 11:56:25,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320585.6585376, 'message': 'Dec  6 11:56:25 hqnl0246134 sshd[209900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.119.111.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 11:56:25,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320585.6587765, 'message': 'Dec  6 11:56:25 hqnl0246134 sshd[209900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.119.111.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0160 seconds
INFO    [2022-12-06 11:56:27,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '42.119.111.155', 'timestamp': 1670320587.659648, 'message': 'Dec  6 11:56:27 hqnl0246134 sshd[209900]: Failed password for root from 42.119.111.155 port 57754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-06 11:56:32,098] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:56:32,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:56:32,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:56:32,118] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 11:56:39,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670320599.6745899, 'message': 'Dec  6 11:56:39 hqnl0246134 sshd[209920]: Invalid user ca from 159.65.128.16 port 54026', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 11:56:39,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.128.16', 'timestamp': 1670320599.6749766, 'message': 'Dec  6 11:56:39 hqnl0246134 sshd[209920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.128.16 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 11:56:39,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.128.16', 'timestamp': 1670320599.6751652, 'message': 'Dec  6 11:56:39 hqnl0246134 sshd[209920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.16 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1102 seconds
INFO    [2022-12-06 11:56:41,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320601.6798506, 'message': 'Dec  6 11:56:40 hqnl0246134 sshd[209923]: Invalid user umcapasocanoas from 125.99.46.50 port 33632', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 11:56:41,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320601.6802664, 'message': 'Dec  6 11:56:41 hqnl0246134 sshd[209923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.99.46.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 11:56:41,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320601.6804311, 'message': 'Dec  6 11:56:41 hqnl0246134 sshd[209923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.99.46.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 11:56:43,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670320603.6798995, 'message': 'Dec  6 11:56:41 hqnl0246134 sshd[209920]: Failed password for invalid user ca from 159.65.128.16 port 54026 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 11:56:43,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320603.6804364, 'message': 'Dec  6 11:56:43 hqnl0246134 sshd[209923]: Failed password for invalid user umcapasocanoas from 125.99.46.50 port 33632 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 11:56:43,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670320603.6802287, 'message': 'Dec  6 11:56:42 hqnl0246134 sshd[209920]: Disconnected from invalid user ca 159.65.128.16 port 54026 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 11:56:45,501] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:56:45,503] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:56:47,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320607.689453, 'message': 'Dec  6 11:56:45 hqnl0246134 sshd[209923]: Disconnected from invalid user umcapasocanoas 125.99.46.50 port 33632 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 11:56:49,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670320609.6900508, 'message': 'Dec  6 11:56:48 hqnl0246134 sshd[209925]: Invalid user ruben from 34.64.76.187 port 55876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 11:56:49,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.64.76.187', 'timestamp': 1670320609.6933546, 'message': 'Dec  6 11:56:48 hqnl0246134 sshd[209925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.64.76.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 11:56:49,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.64.76.187', 'timestamp': 1670320609.6935778, 'message': 'Dec  6 11:56:48 hqnl0246134 sshd[209925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.64.76.187 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 11:56:51,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670320611.6930513, 'message': 'Dec  6 11:56:51 hqnl0246134 sshd[209925]: Failed password for invalid user ruben from 34.64.76.187 port 55876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 11:56:53,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670320613.6945422, 'message': 'Dec  6 11:56:53 hqnl0246134 sshd[209925]: Disconnected from invalid user ruben 34.64.76.187 port 55876 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 11:56:53,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:56:53,987] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0471 seconds
INFO    [2022-12-06 11:57:05,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320625.7147894, 'message': 'Dec  6 11:57:04 hqnl0246134 sshd[209946]: Invalid user xerox from 190.128.169.130 port 51366', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 11:57:05,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320625.715231, 'message': 'Dec  6 11:57:04 hqnl0246134 sshd[209946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 11:57:05,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320625.7154956, 'message': 'Dec  6 11:57:04 hqnl0246134 sshd[209946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 11:57:07,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320627.7199461, 'message': 'Dec  6 11:57:06 hqnl0246134 sshd[209946]: Failed password for invalid user xerox from 190.128.169.130 port 51366 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 11:57:07,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320627.7201772, 'message': 'Dec  6 11:57:07 hqnl0246134 sshd[209946]: Disconnected from invalid user xerox 190.128.169.130 port 51366 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 11:57:17,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:57:17,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:57:17,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:57:17,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 11:57:20,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:57:20,581] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:57:20,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:57:20,601] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 11:57:24,959] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 11:57:25,025] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 11:57:25,026] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 11:57:25,026] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 11:57:25,026] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 11:57:25,026] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 11:57:25,040] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 11:57:25,063] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0358 seconds
WARNING [2022-12-06 11:57:25,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 11:57:25,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:57:25,103] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0469 seconds
INFO    [2022-12-06 11:57:25,105] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0451 seconds
INFO    [2022-12-06 11:57:41,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670320661.7585993, 'message': 'Dec  6 11:57:39 hqnl0246134 sshd[209995]: Invalid user lzh from 20.40.81.0 port 44986', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 11:57:41,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670320661.759281, 'message': 'Dec  6 11:57:40 hqnl0246134 sshd[209995]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 11:57:41,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670320661.7595258, 'message': 'Dec  6 11:57:40 hqnl0246134 sshd[209995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 11:57:43,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670320663.7579305, 'message': 'Dec  6 11:57:41 hqnl0246134 sshd[209995]: Failed password for invalid user lzh from 20.40.81.0 port 44986 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 11:57:43,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670320663.7582722, 'message': 'Dec  6 11:57:42 hqnl0246134 sshd[209995]: Disconnected from invalid user lzh 20.40.81.0 port 44986 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 11:57:45,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:57:45,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:57:45,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:57:45,131] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 11:57:45,509] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:57:45,509] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 11:57:47,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320667.7674077, 'message': 'Dec  6 11:57:46 hqnl0246134 sshd[210005]: Invalid user servidor from 185.236.228.138 port 57848', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 11:57:47,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320667.7677717, 'message': 'Dec  6 11:57:46 hqnl0246134 sshd[210005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 11:57:47,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320667.7679763, 'message': 'Dec  6 11:57:46 hqnl0246134 sshd[210005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 11:57:49,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320669.7724848, 'message': 'Dec  6 11:57:49 hqnl0246134 sshd[210005]: Failed password for invalid user servidor from 185.236.228.138 port 57848 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 11:57:51,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320671.7740169, 'message': 'Dec  6 11:57:50 hqnl0246134 sshd[210005]: Disconnected from invalid user servidor 185.236.228.138 port 57848 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 11:57:53,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:57:53,989] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0454 seconds
INFO    [2022-12-06 11:58:03,328] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 11:58:03,329] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 11:58:03,330] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 11:58:17,936] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:58:17,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:58:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:58:17,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
INFO    [2022-12-06 11:58:20,595] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:58:20,596] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:58:20,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:58:20,615] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 11:58:39,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320719.837293, 'message': 'Dec  6 11:58:38 hqnl0246134 sshd[210057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.10.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-06 11:58:39,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320719.838621, 'message': 'Dec  6 11:58:38 hqnl0246134 sshd[210055]: Invalid user linux from 14.161.27.163 port 33550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-06 11:58:39,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320719.838298, 'message': 'Dec  6 11:58:38 hqnl0246134 sshd[210057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.10.13  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 11:58:39,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320719.838808, 'message': 'Dec  6 11:58:38 hqnl0246134 sshd[210055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.27.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 11:58:39,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320719.8391845, 'message': 'Dec  6 11:58:39 hqnl0246134 sshd[210057]: Failed password for root from 51.250.10.13 port 60216 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 11:58:39,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320719.838977, 'message': 'Dec  6 11:58:38 hqnl0246134 sshd[210055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 11:58:41,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320721.8363645, 'message': 'Dec  6 11:58:40 hqnl0246134 sshd[210055]: Failed password for invalid user linux from 14.161.27.163 port 33550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 11:58:41,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320721.8365827, 'message': 'Dec  6 11:58:41 hqnl0246134 sshd[210055]: Disconnected from invalid user linux 14.161.27.163 port 33550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 11:58:45,511] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:58:45,512] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:58:53,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:58:53,981] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0349 seconds
INFO    [2022-12-06 11:59:17,980] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:59:17,981] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:59:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:59:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 11:59:20,716] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:59:20,716] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:59:20,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:59:20,743] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 11:59:31,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670320771.9042537, 'message': 'Dec  6 11:59:30 hqnl0246134 sshd[210097]: Invalid user paula from 27.118.22.221 port 46014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 11:59:31,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320771.9049656, 'message': 'Dec  6 11:59:30 hqnl0246134 sshd[210099]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.99.46.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 11:59:31,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.118.22.221', 'timestamp': 1670320771.9045446, 'message': 'Dec  6 11:59:30 hqnl0246134 sshd[210097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.118.22.221 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 11:59:31,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320771.90508, 'message': 'Dec  6 11:59:30 hqnl0246134 sshd[210099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.99.46.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 11:59:32,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.118.22.221', 'timestamp': 1670320771.9048033, 'message': 'Dec  6 11:59:30 hqnl0246134 sshd[210097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.118.22.221 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 11:59:33,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670320773.9061773, 'message': 'Dec  6 11:59:33 hqnl0246134 sshd[210097]: Failed password for invalid user paula from 27.118.22.221 port 46014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 11:59:33,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320773.9063795, 'message': 'Dec  6 11:59:33 hqnl0246134 sshd[210099]: Failed password for root from 125.99.46.50 port 40040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 11:59:35,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670320775.9092414, 'message': 'Dec  6 11:59:34 hqnl0246134 sshd[210097]: Disconnected from invalid user paula 27.118.22.221 port 46014 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 11:59:36,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 11:59:36,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 11:59:36,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:59:36,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 11:59:39,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670320779.9134386, 'message': 'Dec  6 11:59:38 hqnl0246134 sshd[210116]: Invalid user sarah from 107.172.219.107 port 54972', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 11:59:39,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.219.107', 'timestamp': 1670320779.913744, 'message': 'Dec  6 11:59:39 hqnl0246134 sshd[210116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.219.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 11:59:39,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.219.107', 'timestamp': 1670320779.9139826, 'message': 'Dec  6 11:59:39 hqnl0246134 sshd[210116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.219.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 11:59:41,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670320781.918588, 'message': 'Dec  6 11:59:40 hqnl0246134 sshd[210116]: Failed password for invalid user sarah from 107.172.219.107 port 54972 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 11:59:43,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670320783.9215786, 'message': 'Dec  6 11:59:42 hqnl0246134 sshd[210116]: Disconnected from invalid user sarah 107.172.219.107 port 54972 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 11:59:45,514] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 11:59:45,514] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 11:59:53,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 11:59:53,981] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 12:00:03,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320803.9479747, 'message': 'Dec  6 12:00:03 hqnl0246134 sshd[210160]: Invalid user usuario2 from 125.99.46.50 port 45408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 12:00:04,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320803.9484162, 'message': 'Dec  6 12:00:03 hqnl0246134 sshd[210160]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.99.46.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 12:00:04,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320803.9485643, 'message': 'Dec  6 12:00:03 hqnl0246134 sshd[210160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.99.46.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 12:00:07,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320807.9508808, 'message': 'Dec  6 12:00:05 hqnl0246134 sshd[210160]: Failed password for invalid user usuario2 from 125.99.46.50 port 45408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 12:00:08,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320807.951325, 'message': 'Dec  6 12:00:07 hqnl0246134 sshd[210160]: Disconnected from invalid user usuario2 125.99.46.50 port 45408 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 12:00:19,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:00:19,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:00:19,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:00:20,026] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0412 seconds
INFO    [2022-12-06 12:00:22,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:00:22,730] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:00:22,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:00:22,749] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 12:00:28,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320827.990551, 'message': 'Dec  6 12:00:26 hqnl0246134 sshd[210196]: Invalid user admin from 190.128.169.130 port 40954', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 12:00:28,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320827.9908273, 'message': 'Dec  6 12:00:26 hqnl0246134 sshd[210196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 12:00:28,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320827.9910178, 'message': 'Dec  6 12:00:26 hqnl0246134 sshd[210196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 12:00:30,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320829.995105, 'message': 'Dec  6 12:00:28 hqnl0246134 sshd[210196]: Failed password for invalid user admin from 190.128.169.130 port 40954 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:00:30,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670320829.9953296, 'message': 'Dec  6 12:00:28 hqnl0246134 sshd[210196]: Disconnected from invalid user admin 190.128.169.130 port 40954 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 12:00:36,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320836.0043721, 'message': 'Dec  6 12:00:35 hqnl0246134 sshd[210202]: Invalid user archive from 125.99.46.50 port 50776', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 12:00:36,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320836.0046856, 'message': 'Dec  6 12:00:35 hqnl0246134 sshd[210202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.99.46.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:00:36,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320836.0048225, 'message': 'Dec  6 12:00:35 hqnl0246134 sshd[210202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.99.46.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:00:40,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320840.0188813, 'message': 'Dec  6 12:00:38 hqnl0246134 sshd[210202]: Failed password for invalid user archive from 125.99.46.50 port 50776 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 12:00:40,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.99.46.50', 'timestamp': 1670320840.0191507, 'message': 'Dec  6 12:00:39 hqnl0246134 sshd[210202]: Disconnected from invalid user archive 125.99.46.50 port 50776 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 12:00:42,478] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:00:42,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:00:42,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:00:42,504] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
WARNING [2022-12-06 12:00:45,519] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:00:45,520] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:00:48,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320848.02442, 'message': 'Dec  6 12:00:47 hqnl0246134 sshd[210219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.252.180.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-06 12:00:48,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320848.024672, 'message': 'Dec  6 12:00:47 hqnl0246134 sshd[210219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.252.180.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 12:00:50,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.252.180.65', 'timestamp': 1670320850.0255182, 'message': 'Dec  6 12:00:49 hqnl0246134 sshd[210219]: Failed password for root from 192.252.180.65 port 33536 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 12:00:53,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:00:53,998] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0452 seconds
INFO    [2022-12-06 12:01:17,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:01:17,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:01:17,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:01:17,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 12:01:20,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:01:20,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:01:20,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:01:20,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 12:01:26,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320886.0740454, 'message': 'Dec  6 12:01:25 hqnl0246134 sshd[210260]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.10.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 12:01:26,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320886.0742745, 'message': 'Dec  6 12:01:25 hqnl0246134 sshd[210260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.10.13  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:01:28,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.10.13', 'timestamp': 1670320888.0760355, 'message': 'Dec  6 12:01:27 hqnl0246134 sshd[210260]: Failed password for root from 51.250.10.13 port 50256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 12:01:45,527] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:01:45,528] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:01:50,702] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:01:50,767] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:01:50,767] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:01:50,767] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:01:50,768] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:01:50,768] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:01:50,780] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:01:50,798] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0286 seconds
WARNING [2022-12-06 12:01:50,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:01:50,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:01:50,838] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0468 seconds
INFO    [2022-12-06 12:01:50,840] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0449 seconds
WARNING [2022-12-06 12:01:53,244] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 12:01:53,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:01:53,982] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0263 seconds
INFO    [2022-12-06 12:02:02,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670320922.1206634, 'message': 'Dec  6 12:02:02 hqnl0246134 sshd[210284]: Invalid user pdx from 67.198.205.72 port 53336', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:02:04,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.198.205.72', 'timestamp': 1670320924.121429, 'message': 'Dec  6 12:02:02 hqnl0246134 sshd[210284]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.198.205.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 12:02:04,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.198.205.72', 'timestamp': 1670320924.1216183, 'message': 'Dec  6 12:02:02 hqnl0246134 sshd[210284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.198.205.72 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 12:02:04,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670320924.121792, 'message': 'Dec  6 12:02:03 hqnl0246134 sshd[210284]: Failed password for invalid user pdx from 67.198.205.72 port 53336 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 12:02:06,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670320926.1238096, 'message': 'Dec  6 12:02:04 hqnl0246134 sshd[210284]: Disconnected from invalid user pdx 67.198.205.72 port 53336 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0689 seconds
INFO    [2022-12-06 12:02:07,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:02:07,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:02:07,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:02:07,854] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 12:02:16,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320936.13431, 'message': 'Dec  6 12:02:14 hqnl0246134 sshd[210315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 12:02:16,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320936.134912, 'message': 'Dec  6 12:02:15 hqnl0246134 sshd[210313]: Invalid user mexico from 14.161.27.163 port 37832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 12:02:16,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320936.1347024, 'message': 'Dec  6 12:02:14 hqnl0246134 sshd[210315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 12:02:16,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320936.13502, 'message': 'Dec  6 12:02:15 hqnl0246134 sshd[210313]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.27.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 12:02:16,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320936.1351464, 'message': 'Dec  6 12:02:15 hqnl0246134 sshd[210313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:02:17,916] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:02:17,917] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:02:17,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:02:17,937] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 12:02:18,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.236.228.138', 'timestamp': 1670320938.1349602, 'message': 'Dec  6 12:02:16 hqnl0246134 sshd[210315]: Failed password for root from 185.236.228.138 port 48358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 12:02:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320938.135137, 'message': 'Dec  6 12:02:17 hqnl0246134 sshd[210313]: Failed password for invalid user mexico from 14.161.27.163 port 37832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 12:02:20,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.27.163', 'timestamp': 1670320940.1369247, 'message': 'Dec  6 12:02:18 hqnl0246134 sshd[210313]: Disconnected from invalid user mexico 14.161.27.163 port 37832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 12:02:20,900] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:02:20,900] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:02:20,901] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 12:02:21,052] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:02:21,052] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:02:21,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:02:21,071] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 12:02:45,534] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:02:45,535] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:02:53,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:02:53,989] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-06 12:03:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:03:17,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:03:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:03:17,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 12:03:20,590] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:03:20,590] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:03:20,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:03:20,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 12:03:40,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321020.2276323, 'message': 'Dec  6 12:03:38 hqnl0246134 sshd[210394]: Invalid user ubuntu from 52.183.128.237 port 56696', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 12:03:40,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321020.2281735, 'message': 'Dec  6 12:03:38 hqnl0246134 sshd[210394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.183.128.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 12:03:40,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321020.2284017, 'message': 'Dec  6 12:03:38 hqnl0246134 sshd[210394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:03:42,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321022.2282135, 'message': 'Dec  6 12:03:41 hqnl0246134 sshd[210394]: Failed password for invalid user ubuntu from 52.183.128.237 port 56696 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0567 seconds
INFO    [2022-12-06 12:03:44,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321024.2308593, 'message': 'Dec  6 12:03:43 hqnl0246134 sshd[210394]: Disconnected from invalid user ubuntu 52.183.128.237 port 56696 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 12:03:44,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321024.231118, 'message': 'Dec  6 12:03:43 hqnl0246134 sshd[210398]: Invalid user bbs from 194.204.194.11 port 56876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 12:03:44,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321024.231301, 'message': 'Dec  6 12:03:44 hqnl0246134 sshd[210398]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 12:03:44,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321024.2314816, 'message': 'Dec  6 12:03:44 hqnl0246134 sshd[210398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 12:03:45,539] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:03:45,539] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:03:45,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:03:45,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:03:45,963] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:03:45,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 12:03:46,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321026.234272, 'message': 'Dec  6 12:03:45 hqnl0246134 sshd[210401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.246.130.69 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 12:03:46,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321026.2345843, 'message': 'Dec  6 12:03:45 hqnl0246134 sshd[210398]: Failed password for invalid user bbs from 194.204.194.11 port 56876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 12:03:46,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321026.2344687, 'message': 'Dec  6 12:03:45 hqnl0246134 sshd[210401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.69  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 12:03:46,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321026.2347803, 'message': 'Dec  6 12:03:45 hqnl0246134 sshd[210398]: Disconnected from invalid user bbs 194.204.194.11 port 56876 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 12:03:48,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321028.2370884, 'message': 'Dec  6 12:03:47 hqnl0246134 sshd[210401]: Failed password for root from 185.246.130.69 port 34886 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 12:03:50,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670321030.2422051, 'message': 'Dec  6 12:03:49 hqnl0246134 sshd[210407]: Invalid user fiscal from 190.128.169.130 port 58768', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 12:03:50,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670321030.2423823, 'message': 'Dec  6 12:03:50 hqnl0246134 sshd[210407]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 12:03:50,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670321030.242495, 'message': 'Dec  6 12:03:50 hqnl0246134 sshd[210407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 12:03:52,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670321032.24599, 'message': 'Dec  6 12:03:51 hqnl0246134 sshd[210407]: Failed password for invalid user fiscal from 190.128.169.130 port 58768 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 12:03:53,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:03:54,006] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0448 seconds
INFO    [2022-12-06 12:03:54,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321034.2498534, 'message': 'Dec  6 12:03:52 hqnl0246134 sshd[210410]: Invalid user xh from 77.82.90.210 port 58800', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-06 12:03:54,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670321034.2506607, 'message': 'Dec  6 12:03:52 hqnl0246134 sshd[210407]: Disconnected from invalid user fiscal 190.128.169.130 port 58768 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 12:03:54,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321034.250217, 'message': 'Dec  6 12:03:52 hqnl0246134 sshd[210410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 77.82.90.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:03:54,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321034.2504807, 'message': 'Dec  6 12:03:52 hqnl0246134 sshd[210410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.82.90.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 12:03:56,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321036.255459, 'message': 'Dec  6 12:03:55 hqnl0246134 sshd[210410]: Failed password for invalid user xh from 77.82.90.210 port 58800 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 12:03:56,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321036.2557318, 'message': 'Dec  6 12:03:56 hqnl0246134 sshd[210410]: Disconnected from invalid user xh 77.82.90.210 port 58800 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 12:04:18,013] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:04:18,014] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:04:18,045] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:04:18,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0487 seconds
INFO    [2022-12-06 12:04:21,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:04:21,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:04:21,541] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:04:21,552] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 12:04:36,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321076.3336346, 'message': 'Dec  6 12:04:35 hqnl0246134 sshd[210447]: Invalid user usuario2 from 51.75.17.210 port 50994', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 12:04:36,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321076.3340855, 'message': 'Dec  6 12:04:35 hqnl0246134 sshd[210447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.75.17.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 12:04:36,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321076.3342545, 'message': 'Dec  6 12:04:35 hqnl0246134 sshd[210447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.17.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 12:04:38,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321078.343957, 'message': 'Dec  6 12:04:37 hqnl0246134 sshd[210447]: Failed password for invalid user usuario2 from 51.75.17.210 port 50994 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 12:04:40,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321080.3454666, 'message': 'Dec  6 12:04:39 hqnl0246134 sshd[210447]: Disconnected from invalid user usuario2 51.75.17.210 port 50994 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 12:04:45,541] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:04:45,541] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:04:53,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:04:53,993] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0291 seconds
INFO    [2022-12-06 12:04:56,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321096.3627346, 'message': 'Dec  6 12:04:54 hqnl0246134 sshd[210462]: Invalid user pdx from 107.172.219.107 port 33350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 12:04:56,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321096.362959, 'message': 'Dec  6 12:04:54 hqnl0246134 sshd[210462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.219.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 12:04:56,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321096.3631098, 'message': 'Dec  6 12:04:54 hqnl0246134 sshd[210462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.219.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 12:04:56,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321096.3634815, 'message': 'Dec  6 12:04:56 hqnl0246134 sshd[210462]: Failed password for invalid user pdx from 107.172.219.107 port 33350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 12:04:58,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321098.3651054, 'message': 'Dec  6 12:04:56 hqnl0246134 sshd[210462]: Disconnected from invalid user pdx 107.172.219.107 port 33350 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 12:04:59,196] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:04:59,196] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:04:59,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:04:59,217] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 12:05:06,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321106.373145, 'message': 'Dec  6 12:05:04 hqnl0246134 sshd[210490]: Invalid user pdx from 159.65.128.16 port 40186', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 12:05:06,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321106.3735356, 'message': 'Dec  6 12:05:04 hqnl0246134 sshd[210490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.128.16 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:05:06,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321106.3737144, 'message': 'Dec  6 12:05:04 hqnl0246134 sshd[210490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.16 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:05:08,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321108.373524, 'message': 'Dec  6 12:05:06 hqnl0246134 sshd[210490]: Failed password for invalid user pdx from 159.65.128.16 port 40186 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:05:08,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321108.3737168, 'message': 'Dec  6 12:05:07 hqnl0246134 sshd[210490]: Disconnected from invalid user pdx 159.65.128.16 port 40186 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 12:05:17,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:05:17,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:05:17,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:05:17,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 12:05:20,466] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:05:20,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:05:20,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:05:20,489] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 12:05:22,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321122.3905957, 'message': 'Dec  6 12:05:21 hqnl0246134 sshd[210525]: Invalid user sarah from 67.198.205.72 port 49734', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:05:22,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321122.3908195, 'message': 'Dec  6 12:05:21 hqnl0246134 sshd[210525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.198.205.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:05:22,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321122.3910215, 'message': 'Dec  6 12:05:21 hqnl0246134 sshd[210525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.198.205.72 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:05:24,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321124.3923073, 'message': 'Dec  6 12:05:22 hqnl0246134 sshd[210525]: Failed password for invalid user sarah from 67.198.205.72 port 49734 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 12:05:24,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321124.392514, 'message': 'Dec  6 12:05:22 hqnl0246134 sshd[210525]: Disconnected from invalid user sarah 67.198.205.72 port 49734 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:05:33,206] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:05:37,542] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:05:37,543] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:05:37,543] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:05:37,544] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:05:37,545] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:05:37,565] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:05:37,596] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0506 seconds
WARNING [2022-12-06 12:05:37,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:05:37,610] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:05:37,627] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0414 seconds
INFO    [2022-12-06 12:05:37,629] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0370 seconds
WARNING [2022-12-06 12:05:45,544] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:05:45,545] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:05:53,976] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:05:54,003] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0363 seconds
INFO    [2022-12-06 12:06:12,533] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:06:12,533] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:06:12,534] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 12:06:17,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:06:17,835] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:06:17,844] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:06:17,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 12:06:18,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.252.180.65', 'timestamp': 1670321178.452046, 'message': 'Dec  6 12:06:17 hqnl0246134 sshd[210578]: Invalid user jessie from 192.252.180.65 port 51996', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 12:06:18,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.252.180.65', 'timestamp': 1670321178.452422, 'message': 'Dec  6 12:06:17 hqnl0246134 sshd[210578]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.252.180.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 12:06:18,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.252.180.65', 'timestamp': 1670321178.4526567, 'message': 'Dec  6 12:06:17 hqnl0246134 sshd[210578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.252.180.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 12:06:20,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:06:20,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:06:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:06:20,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0377 seconds
INFO    [2022-12-06 12:06:20,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.252.180.65', 'timestamp': 1670321180.5042965, 'message': 'Dec  6 12:06:19 hqnl0246134 sshd[210578]: Failed password for invalid user jessie from 192.252.180.65 port 51996 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 12:06:22,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.252.180.65', 'timestamp': 1670321182.454006, 'message': 'Dec  6 12:06:20 hqnl0246134 sshd[210578]: Disconnected from invalid user jessie 192.252.180.65 port 51996 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 12:06:23,387] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:06:23,388] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:06:23,396] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:06:23,408] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 12:06:26,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321186.4580023, 'message': 'Dec  6 12:06:25 hqnl0246134 sshd[210598]: Invalid user dbuser from 185.246.130.69 port 56168', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 12:06:26,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321186.458286, 'message': 'Dec  6 12:06:25 hqnl0246134 sshd[210598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.246.130.69 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 12:06:26,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321186.4584668, 'message': 'Dec  6 12:06:25 hqnl0246134 sshd[210598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.69 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 12:06:28,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321188.4586265, 'message': 'Dec  6 12:06:27 hqnl0246134 sshd[210598]: Failed password for invalid user dbuser from 185.246.130.69 port 56168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 12:06:30,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321190.4622362, 'message': 'Dec  6 12:06:29 hqnl0246134 sshd[210598]: Disconnected from invalid user dbuser 185.246.130.69 port 56168 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 12:06:40,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670321200.4727373, 'message': 'Dec  6 12:06:38 hqnl0246134 sshd[210614]: Invalid user teamspeak3 from 185.236.228.138 port 38868', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0798 seconds
INFO    [2022-12-06 12:06:40,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670321200.4730818, 'message': 'Dec  6 12:06:38 hqnl0246134 sshd[210614]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0586 seconds
INFO    [2022-12-06 12:06:40,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670321200.4732294, 'message': 'Dec  6 12:06:38 hqnl0246134 sshd[210614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 12:06:40,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670321200.473374, 'message': 'Dec  6 12:06:39 hqnl0246134 sshd[210614]: Failed password for invalid user teamspeak3 from 185.236.228.138 port 38868 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0618 seconds
INFO    [2022-12-06 12:06:40,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670321200.4735115, 'message': 'Dec  6 12:06:40 hqnl0246134 sshd[210614]: Disconnected from invalid user teamspeak3 185.236.228.138 port 38868 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0502 seconds
WARNING [2022-12-06 12:06:45,547] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:06:45,548] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:06:46,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321206.4779336, 'message': 'Dec  6 12:06:44 hqnl0246134 sshd[210620]: Invalid user f from 52.183.128.237 port 49104', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 12:06:46,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321206.4781618, 'message': 'Dec  6 12:06:44 hqnl0246134 sshd[210620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.183.128.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 12:06:46,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321206.4783049, 'message': 'Dec  6 12:06:44 hqnl0246134 sshd[210620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:06:48,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321208.4804611, 'message': 'Dec  6 12:06:46 hqnl0246134 sshd[210620]: Failed password for invalid user f from 52.183.128.237 port 49104 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 12:06:48,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321208.480826, 'message': 'Dec  6 12:06:47 hqnl0246134 sshd[210620]: Disconnected from invalid user f 52.183.128.237 port 49104 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-06 12:06:53,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:06:54,014] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-06 12:06:54,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321214.4962926, 'message': 'Dec  6 12:06:52 hqnl0246134 sshd[210631]: Invalid user svnroot from 34.64.76.187 port 48030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 12:06:54,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321214.4966145, 'message': 'Dec  6 12:06:53 hqnl0246134 sshd[210631]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.64.76.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 12:06:54,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321214.4968638, 'message': 'Dec  6 12:06:53 hqnl0246134 sshd[210631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.64.76.187 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:06:56,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321216.4993124, 'message': 'Dec  6 12:06:55 hqnl0246134 sshd[210631]: Failed password for invalid user svnroot from 34.64.76.187 port 48030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 12:06:56,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321216.4995918, 'message': 'Dec  6 12:06:55 hqnl0246134 sshd[210631]: Disconnected from invalid user svnroot 34.64.76.187 port 48030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 12:07:17,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:07:17,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:07:17,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:07:17,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 12:07:20,288] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:07:20,288] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:07:20,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:07:20,310] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 12:07:40,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321260.555865, 'message': 'Dec  6 12:07:39 hqnl0246134 sshd[210673]: Accepted password for supportwwwuser from 212.58.119.251 port 10735 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-06 12:07:45,551] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:07:45,552] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:07:53,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:07:54,005] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-06 12:08:08,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321288.58701, 'message': 'Dec  6 12:08:06 hqnl0246134 sshd[210724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.198.205.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 12:08:08,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321288.5874038, 'message': 'Dec  6 12:08:06 hqnl0246134 sshd[210724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.198.205.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:08:10,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321290.5894442, 'message': 'Dec  6 12:08:09 hqnl0246134 sshd[210724]: Failed password for root from 67.198.205.72 port 40810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 12:08:12,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321292.5902772, 'message': 'Dec  6 12:08:11 hqnl0246134 sshd[210735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.219.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 12:08:12,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321292.5905488, 'message': 'Dec  6 12:08:11 hqnl0246134 sshd[210735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.219.107  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 12:08:13,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:08:13,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:08:13,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:08:13,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 12:08:14,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321294.5964468, 'message': 'Dec  6 12:08:13 hqnl0246134 sshd[210735]: Failed password for root from 107.172.219.107 port 49338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:08:17,648] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:08:17,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:08:17,656] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:08:17,668] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 12:08:18,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321298.6068237, 'message': 'Dec  6 12:08:17 hqnl0246134 sshd[210745]: Invalid user sarah from 159.65.128.16 port 57656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 12:08:18,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321298.6070375, 'message': 'Dec  6 12:08:17 hqnl0246134 sshd[210745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.128.16 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 12:08:18,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321298.607151, 'message': 'Dec  6 12:08:17 hqnl0246134 sshd[210745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.16 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 12:08:20,254] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:08:20,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:08:20,263] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:08:20,277] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 12:08:20,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321300.6097734, 'message': 'Dec  6 12:08:19 hqnl0246134 sshd[210745]: Failed password for invalid user sarah from 159.65.128.16 port 57656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 12:08:22,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321302.6123672, 'message': 'Dec  6 12:08:21 hqnl0246134 sshd[210745]: Disconnected from invalid user sarah 159.65.128.16 port 57656 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 12:08:38,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321318.6306424, 'message': 'Dec  6 12:08:37 hqnl0246134 sshd[210765]: pam_imunify(sshd:auth): [IM360_RBL] The IP 77.82.90.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 12:08:38,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321318.6311324, 'message': 'Dec  6 12:08:37 hqnl0246134 sshd[210765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.82.90.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 12:08:40,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321320.632355, 'message': 'Dec  6 12:08:40 hqnl0246134 sshd[210765]: Failed password for root from 77.82.90.210 port 55386 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-06 12:08:45,555] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:08:45,556] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:08:50,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670321330.6425633, 'message': 'Dec  6 12:08:50 hqnl0246134 sshd[210771]: Invalid user support from 152.89.196.123 port 34586', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 12:08:52,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670321332.6481698, 'message': 'Dec  6 12:08:50 hqnl0246134 sshd[210771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 12:08:52,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670321332.6485555, 'message': 'Dec  6 12:08:50 hqnl0246134 sshd[210771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 12:08:52,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670321332.6487646, 'message': 'Dec  6 12:08:52 hqnl0246134 sshd[210771]: Failed password for invalid user support from 152.89.196.123 port 34586 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 12:08:52,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670321332.6502833, 'message': 'Dec  6 12:08:52 hqnl0246134 sshd[210771]: Disconnected from invalid user support 152.89.196.123 port 34586 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 12:08:53,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:08:54,027] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0483 seconds
INFO    [2022-12-06 12:08:54,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321334.6506965, 'message': 'Dec  6 12:08:52 hqnl0246134 sshd[210774]: Invalid user paula from 20.40.81.0 port 35510', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 12:08:54,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321334.6510074, 'message': 'Dec  6 12:08:53 hqnl0246134 sshd[210774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 12:08:54,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321334.651166, 'message': 'Dec  6 12:08:53 hqnl0246134 sshd[210774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 12:08:56,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321336.652712, 'message': 'Dec  6 12:08:55 hqnl0246134 sshd[210774]: Failed password for invalid user paula from 20.40.81.0 port 35510 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:08:56,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321336.652955, 'message': 'Dec  6 12:08:56 hqnl0246134 sshd[210774]: Disconnected from invalid user paula 20.40.81.0 port 35510 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 12:09:12,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321352.6720083, 'message': 'Dec  6 12:09:11 hqnl0246134 sshd[210923]: Invalid user archive from 51.75.17.210 port 58776', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 12:09:12,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321352.6728399, 'message': 'Dec  6 12:09:12 hqnl0246134 sshd[210923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.75.17.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:09:12,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321352.675133, 'message': 'Dec  6 12:09:12 hqnl0246134 sshd[210923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.17.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:09:14,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321354.674193, 'message': 'Dec  6 12:09:14 hqnl0246134 sshd[210923]: Failed password for invalid user archive from 51.75.17.210 port 58776 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:09:16,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321356.6770496, 'message': 'Dec  6 12:09:15 hqnl0246134 sshd[210923]: Disconnected from invalid user archive 51.75.17.210 port 58776 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 12:09:16,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321356.6773684, 'message': 'Dec  6 12:09:15 hqnl0246134 sshd[210930]: Invalid user temp1 from 185.246.130.69 port 49428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 12:09:16,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321356.6776278, 'message': 'Dec  6 12:09:15 hqnl0246134 sshd[210930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.246.130.69 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 12:09:16,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321356.6778343, 'message': 'Dec  6 12:09:15 hqnl0246134 sshd[210930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.69 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:09:18,404] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:09:18,405] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:09:18,412] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:09:18,423] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 12:09:18,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:09:18,581] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:09:18,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:09:18,617] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0343 seconds
INFO    [2022-12-06 12:09:18,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321358.6789317, 'message': 'Dec  6 12:09:17 hqnl0246134 sshd[210930]: Failed password for invalid user temp1 from 185.246.130.69 port 49428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 12:09:18,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321358.6792789, 'message': 'Dec  6 12:09:18 hqnl0246134 sshd[210912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.58.119.251  user=supportwwwuser', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 12:09:18,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.246.130.69', 'timestamp': 1670321358.6791224, 'message': 'Dec  6 12:09:17 hqnl0246134 sshd[210930]: Disconnected from invalid user temp1 185.246.130.69 port 49428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 12:09:22,497] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:09:22,497] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:09:22,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:09:22,580] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0770 seconds
INFO    [2022-12-06 12:09:22,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321362.6815412, 'message': 'Dec  6 12:09:20 hqnl0246134 sshd[210912]: Failed password for supportwwwuser from 212.58.119.251 port 10524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 12:09:24,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321364.6846447, 'message': 'Dec  6 12:09:24 hqnl0246134 sshd[210952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.64.76.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:09:24,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321364.6850154, 'message': 'Dec  6 12:09:24 hqnl0246134 sshd[210952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.64.76.187  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 12:09:26,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321366.6857073, 'message': 'Dec  6 12:09:26 hqnl0246134 sshd[210952]: Failed password for root from 34.64.76.187 port 55630 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 12:09:32,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321372.7008624, 'message': 'Dec  6 12:09:31 hqnl0246134 sshd[210960]: Accepted password for supportwwwuser from 212.58.119.251 port 10553 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 12:09:45,560] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:09:45,561] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:09:53,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:09:54,033] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0473 seconds
INFO    [2022-12-06 12:09:56,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321396.7459605, 'message': 'Dec  6 12:09:54 hqnl0246134 sshd[211007]: Invalid user user1 from 52.183.128.237 port 39160', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 12:09:56,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321396.7463083, 'message': 'Dec  6 12:09:54 hqnl0246134 sshd[211007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.183.128.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:09:56,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321396.746492, 'message': 'Dec  6 12:09:54 hqnl0246134 sshd[211007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:09:58,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321398.7487583, 'message': 'Dec  6 12:09:57 hqnl0246134 sshd[211007]: Failed password for invalid user user1 from 52.183.128.237 port 39160 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 12:10:00,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321400.75644, 'message': 'Dec  6 12:09:59 hqnl0246134 sshd[211007]: Disconnected from invalid user user1 52.183.128.237 port 39160 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 12:10:11,116] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:10:11,190] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:10:11,191] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:10:11,191] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:10:11,191] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:10:11,192] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:10:11,239] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:10:11,282] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0882 seconds
WARNING [2022-12-06 12:10:11,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:10:11,295] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:10:11,319] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0471 seconds
INFO    [2022-12-06 12:10:11,321] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0434 seconds
INFO    [2022-12-06 12:10:17,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:10:17,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:10:17,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:10:17,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 12:10:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:10:20,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:10:20,565] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:10:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 12:10:40,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321440.8161533, 'message': 'Dec  6 12:10:38 hqnl0246134 sshd[211092]: Invalid user mosquitto from 194.204.194.11 port 55796', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 12:10:40,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321440.8167448, 'message': 'Dec  6 12:10:38 hqnl0246134 sshd[211092]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:10:40,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321440.8170142, 'message': 'Dec  6 12:10:38 hqnl0246134 sshd[211092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:10:41,420] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:10:41,420] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:10:41,421] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 12:10:42,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321442.817419, 'message': 'Dec  6 12:10:41 hqnl0246134 sshd[211092]: Failed password for invalid user mosquitto from 194.204.194.11 port 55796 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 12:10:44,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321444.8201623, 'message': 'Dec  6 12:10:43 hqnl0246134 sshd[211092]: Disconnected from invalid user mosquitto 194.204.194.11 port 55796 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
WARNING [2022-12-06 12:10:45,565] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:10:45,566] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:10:45,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:10:45,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:10:45,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:10:45,836] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
WARNING [2022-12-06 12:10:53,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:10:54,021] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-06 12:11:02,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321462.847272, 'message': 'Dec  6 12:11:02 hqnl0246134 sshd[211103]: Invalid user ca from 67.198.205.72 port 60120', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 12:11:02,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321462.8476882, 'message': 'Dec  6 12:11:02 hqnl0246134 sshd[211103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.198.205.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 12:11:02,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321462.8478262, 'message': 'Dec  6 12:11:02 hqnl0246134 sshd[211103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.198.205.72 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:11:04,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321464.8487377, 'message': 'Dec  6 12:11:04 hqnl0246134 sshd[211103]: Failed password for invalid user ca from 67.198.205.72 port 60120 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 12:11:06,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.198.205.72', 'timestamp': 1670321466.849841, 'message': 'Dec  6 12:11:05 hqnl0246134 sshd[211103]: Disconnected from invalid user ca 67.198.205.72 port 60120 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:11:17,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:11:18,000] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:11:18,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:11:18,022] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 12:11:20,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:11:20,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:11:20,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:11:20,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 12:11:22,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321482.8805249, 'message': 'Dec  6 12:11:21 hqnl0246134 sshd[211131]: Invalid user ca from 107.172.219.107 port 37050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 12:11:22,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321482.8807595, 'message': 'Dec  6 12:11:21 hqnl0246134 sshd[211131]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.219.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:11:22,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321482.8809264, 'message': 'Dec  6 12:11:21 hqnl0246134 sshd[211131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.219.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:11:24,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321484.8811662, 'message': 'Dec  6 12:11:23 hqnl0246134 sshd[211131]: Failed password for invalid user ca from 107.172.219.107 port 37050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 12:11:24,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.219.107', 'timestamp': 1670321484.8814385, 'message': 'Dec  6 12:11:24 hqnl0246134 sshd[211131]: Disconnected from invalid user ca 107.172.219.107 port 37050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 12:11:26,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321486.8817034, 'message': 'Dec  6 12:11:26 hqnl0246134 sshd[211136]: Invalid user ts3server from 27.118.22.221 port 49472', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 12:11:26,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321486.8819256, 'message': 'Dec  6 12:11:26 hqnl0246134 sshd[211136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.118.22.221 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:11:26,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321486.8821044, 'message': 'Dec  6 12:11:26 hqnl0246134 sshd[211136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.118.22.221 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:11:28,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321488.8842633, 'message': 'Dec  6 12:11:28 hqnl0246134 sshd[211136]: Failed password for invalid user ts3server from 27.118.22.221 port 49472 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 12:11:30,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321490.8887799, 'message': 'Dec  6 12:11:30 hqnl0246134 sshd[211136]: Disconnected from invalid user ts3server 27.118.22.221 port 49472 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 12:11:32,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321492.8909726, 'message': 'Dec  6 12:11:32 hqnl0246134 sshd[211140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.128.16 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 12:11:32,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321492.8914044, 'message': 'Dec  6 12:11:32 hqnl0246134 sshd[211140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.16  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 12:11:34,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.128.16', 'timestamp': 1670321494.8937957, 'message': 'Dec  6 12:11:34 hqnl0246134 sshd[211140]: Failed password for root from 159.65.128.16 port 46892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
WARNING [2022-12-06 12:11:45,569] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:11:45,570] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:11:50,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321510.913027, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211151]: Invalid user administrator from 34.64.76.187 port 35024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0695 seconds
INFO    [2022-12-06 12:11:50,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321510.9141502, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211154]: Invalid user oratest from 77.82.90.210 port 45408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-06 12:11:51,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321510.913684, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.64.76.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 12:11:51,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321510.9143946, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 77.82.90.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 12:11:51,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321510.913903, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.64.76.187 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 12:11:51,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321510.9146588, 'message': 'Dec  6 12:11:49 hqnl0246134 sshd[211154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.82.90.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 12:11:52,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321512.9152923, 'message': 'Dec  6 12:11:51 hqnl0246134 sshd[211151]: Failed password for invalid user administrator from 34.64.76.187 port 35024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 12:11:52,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321512.915809, 'message': 'Dec  6 12:11:51 hqnl0246134 sshd[211154]: Failed password for invalid user oratest from 77.82.90.210 port 45408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0514 seconds
WARNING [2022-12-06 12:11:53,246] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 12:11:54,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:11:54,035] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-06 12:11:54,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321514.9190106, 'message': 'Dec  6 12:11:53 hqnl0246134 sshd[211154]: Disconnected from invalid user oratest 77.82.90.210 port 45408 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 12:11:54,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.64.76.187', 'timestamp': 1670321514.9193957, 'message': 'Dec  6 12:11:53 hqnl0246134 sshd[211151]: Disconnected from invalid user administrator 34.64.76.187 port 35024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 12:12:04,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321524.9272995, 'message': 'Dec  6 12:12:03 hqnl0246134 sshd[211177]: Invalid user eoffice from 20.40.81.0 port 38226', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:12:04,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321524.9275858, 'message': 'Dec  6 12:12:03 hqnl0246134 sshd[211177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:12:04,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321524.9277508, 'message': 'Dec  6 12:12:03 hqnl0246134 sshd[211177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:12:06,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321526.9313016, 'message': 'Dec  6 12:12:05 hqnl0246134 sshd[211177]: Failed password for invalid user eoffice from 20.40.81.0 port 38226 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 12:12:06,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321526.931721, 'message': 'Dec  6 12:12:06 hqnl0246134 sshd[211179]: Invalid user umcapasocanoas from 51.75.17.210 port 49348', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 12:12:07,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321526.932368, 'message': 'Dec  6 12:12:06 hqnl0246134 sshd[211177]: Disconnected from invalid user eoffice 20.40.81.0 port 38226 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 12:12:07,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321526.9319174, 'message': 'Dec  6 12:12:06 hqnl0246134 sshd[211179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.75.17.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 12:12:07,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321526.9321926, 'message': 'Dec  6 12:12:06 hqnl0246134 sshd[211179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.17.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 12:12:08,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321528.9310188, 'message': 'Dec  6 12:12:08 hqnl0246134 sshd[211179]: Failed password for invalid user umcapasocanoas from 51.75.17.210 port 49348 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-06 12:12:09,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321528.9317782, 'message': 'Dec  6 12:12:08 hqnl0246134 sshd[211179]: Disconnected from invalid user umcapasocanoas 51.75.17.210 port 49348 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 12:12:09,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:12:09,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:12:09,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:12:09,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 12:12:18,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:12:18,438] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:12:18,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:12:18,458] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 12:12:21,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:12:21,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:12:21,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:12:21,459] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-06 12:12:45,574] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:12:45,578] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:12:54,013] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:12:54,057] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0587 seconds
INFO    [2022-12-06 12:13:03,033] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 12:13:03,045] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:13:03,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0225 seconds
INFO    [2022-12-06 12:13:13,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321593.0346074, 'message': 'Dec  6 12:13:12 hqnl0246134 sshd[211248]: Invalid user ami from 52.183.128.237 port 57644', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 12:13:15,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321595.0298288, 'message': 'Dec  6 12:13:13 hqnl0246134 sshd[211248]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.183.128.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 12:13:15,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321595.0303705, 'message': 'Dec  6 12:13:13 hqnl0246134 sshd[211248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 12:13:17,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321597.0311146, 'message': 'Dec  6 12:13:15 hqnl0246134 sshd[211248]: Failed password for invalid user ami from 52.183.128.237 port 57644 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 12:13:17,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.183.128.237', 'timestamp': 1670321597.0315251, 'message': 'Dec  6 12:13:16 hqnl0246134 sshd[211248]: Disconnected from invalid user ami 52.183.128.237 port 57644 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 12:13:19,061] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:13:19,067] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:13:19,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:13:19,087] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 12:13:20,238] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:13:20,238] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:13:20,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:13:20,269] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-06 12:13:22,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:13:22,463] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:13:22,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:13:22,514] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0487 seconds
INFO    [2022-12-06 12:13:25,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321605.047327, 'message': 'Dec  6 12:13:23 hqnl0246134 sshd[211266]: Invalid user l4d2server from 194.204.194.11 port 45338', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 12:13:25,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321605.0479312, 'message': 'Dec  6 12:13:23 hqnl0246134 sshd[211266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 12:13:25,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321605.0504942, 'message': 'Dec  6 12:13:23 hqnl0246134 sshd[211266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 12:13:27,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321607.043899, 'message': 'Dec  6 12:13:25 hqnl0246134 sshd[211266]: Failed password for invalid user l4d2server from 194.204.194.11 port 45338 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-06 12:13:29,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321609.043174, 'message': 'Dec  6 12:13:27 hqnl0246134 sshd[211266]: Disconnected from invalid user l4d2server 194.204.194.11 port 45338 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0505 seconds
WARNING [2022-12-06 12:13:45,582] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:13:45,584] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:13:54,015] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:13:54,046] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0429 seconds
INFO    [2022-12-06 12:14:18,603] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:14:18,605] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:14:18,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:14:18,628] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 12:14:21,608] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:14:21,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:14:21,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:14:21,687] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0725 seconds
INFO    [2022-12-06 12:14:39,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321679.094766, 'message': 'Dec  6 12:14:37 hqnl0246134 sshd[211316]: Accepted password for supportwwwuser from 212.58.119.251 port 10581 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 12:14:43,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670321683.1009562, 'message': 'Dec  6 12:14:41 hqnl0246134 sshd[211362]: Accepted password for supportwwwuser from 212.58.119.251 port 10583 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 12:14:45,589] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:14:45,589] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:14:54,023] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:14:54,068] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0622 seconds
INFO    [2022-12-06 12:14:55,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321695.1164746, 'message': 'Dec  6 12:14:53 hqnl0246134 sshd[211401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.75.17.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0701 seconds
INFO    [2022-12-06 12:14:55,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321695.1218977, 'message': 'Dec  6 12:14:53 hqnl0246134 sshd[211401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.17.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0739 seconds
INFO    [2022-12-06 12:14:57,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.75.17.210', 'timestamp': 1670321697.1182213, 'message': 'Dec  6 12:14:55 hqnl0246134 sshd[211401]: Failed password for root from 51.75.17.210 port 39940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 12:14:57,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321697.1185467, 'message': 'Dec  6 12:14:56 hqnl0246134 sshd[211405]: Invalid user eoffice from 27.118.22.221 port 39472', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 12:14:57,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321697.1190476, 'message': 'Dec  6 12:14:56 hqnl0246134 sshd[211405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.118.22.221 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 12:14:57,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321697.1192026, 'message': 'Dec  6 12:14:56 hqnl0246134 sshd[211405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.118.22.221 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:14:59,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321699.1209319, 'message': 'Dec  6 12:14:58 hqnl0246134 sshd[211405]: Failed password for invalid user eoffice from 27.118.22.221 port 39472 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 12:14:59,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321699.1213555, 'message': 'Dec  6 12:14:59 hqnl0246134 sshd[211405]: Disconnected from invalid user eoffice 27.118.22.221 port 39472 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 12:15:00,137] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:15:00,138] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:15:00,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:15:00,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 12:15:07,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321707.1281865, 'message': 'Dec  6 12:15:05 hqnl0246134 sshd[211432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 77.82.90.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 12:15:07,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321707.128479, 'message': 'Dec  6 12:15:05 hqnl0246134 sshd[211432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.82.90.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 12:15:09,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '77.82.90.210', 'timestamp': 1670321709.1300855, 'message': 'Dec  6 12:15:07 hqnl0246134 sshd[211432]: Failed password for root from 77.82.90.210 port 35450 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 12:15:13,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321713.1366878, 'message': 'Dec  6 12:15:12 hqnl0246134 sshd[211447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 12:15:13,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321713.137037, 'message': 'Dec  6 12:15:12 hqnl0246134 sshd[211447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 12:15:17,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321717.143299, 'message': 'Dec  6 12:15:15 hqnl0246134 sshd[211447]: Failed password for root from 61.177.173.49 port 48862 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0811 seconds
INFO    [2022-12-06 12:15:17,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321717.1436052, 'message': 'Dec  6 12:15:17 hqnl0246134 sshd[211447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-06 12:15:19,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:15:19,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:15:19,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:15:19,098] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 12:15:19,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321719.1457682, 'message': 'Dec  6 12:15:18 hqnl0246134 sshd[211447]: Failed password for root from 61.177.173.49 port 48862 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:15:21,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321721.1495416, 'message': 'Dec  6 12:15:19 hqnl0246134 sshd[211447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 12:15:21,704] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:15:21,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:15:21,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:15:21,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 12:15:23,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321723.1536086, 'message': 'Dec  6 12:15:21 hqnl0246134 sshd[211447]: Failed password for root from 61.177.173.49 port 48862 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 12:15:27,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321727.1611862, 'message': 'Dec  6 12:15:25 hqnl0246134 sshd[211469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 12:15:27,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321727.1614292, 'message': 'Dec  6 12:15:25 hqnl0246134 sshd[211469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:15:29,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321729.1661785, 'message': 'Dec  6 12:15:27 hqnl0246134 sshd[211469]: Failed password for root from 61.177.173.49 port 48352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 12:15:29,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321729.1664412, 'message': 'Dec  6 12:15:27 hqnl0246134 sshd[211471]: Invalid user ts3server from 20.40.81.0 port 40796', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 12:15:29,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321729.166602, 'message': 'Dec  6 12:15:27 hqnl0246134 sshd[211471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 12:15:29,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321729.1667216, 'message': 'Dec  6 12:15:27 hqnl0246134 sshd[211471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 12:15:31,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321731.1685023, 'message': 'Dec  6 12:15:29 hqnl0246134 sshd[211469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 12:15:31,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321731.1688871, 'message': 'Dec  6 12:15:29 hqnl0246134 sshd[211471]: Failed password for invalid user ts3server from 20.40.81.0 port 40796 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 12:15:33,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670321733.1699648, 'message': 'Dec  6 12:15:31 hqnl0246134 sshd[211471]: Disconnected from invalid user ts3server 20.40.81.0 port 40796 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1236 seconds
INFO    [2022-12-06 12:15:33,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321733.1702638, 'message': 'Dec  6 12:15:31 hqnl0246134 sshd[211469]: Failed password for root from 61.177.173.49 port 48352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1234 seconds
INFO    [2022-12-06 12:15:33,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321733.1704168, 'message': 'Dec  6 12:15:32 hqnl0246134 sshd[211469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:15:35,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670321735.1733384, 'message': 'Dec  6 12:15:33 hqnl0246134 sshd[211469]: Failed password for root from 61.177.173.49 port 48352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 12:15:45,593] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:15:45,594] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:15:54,022] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:15:54,290] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.2790 seconds
INFO    [2022-12-06 12:15:57,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321757.2047322, 'message': 'Dec  6 12:15:55 hqnl0246134 sshd[211486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 12:15:57,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321757.2050664, 'message': 'Dec  6 12:15:55 hqnl0246134 sshd[211486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:15:59,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321759.2056353, 'message': 'Dec  6 12:15:57 hqnl0246134 sshd[211486]: Failed password for root from 61.177.173.36 port 42962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:16:01,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321761.2083166, 'message': 'Dec  6 12:15:59 hqnl0246134 sshd[211486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 12:16:03,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321763.211498, 'message': 'Dec  6 12:16:01 hqnl0246134 sshd[211486]: Failed password for root from 61.177.173.36 port 42962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 12:16:05,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321765.2145221, 'message': 'Dec  6 12:16:03 hqnl0246134 sshd[211486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 12:16:05,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321765.2147415, 'message': 'Dec  6 12:16:05 hqnl0246134 sshd[211486]: Failed password for root from 61.177.173.36 port 42962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 12:16:08,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:16:08,790] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:16:08,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:16:08,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 12:16:09,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321769.2180915, 'message': 'Dec  6 12:16:07 hqnl0246134 sshd[211500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0561 seconds
INFO    [2022-12-06 12:16:09,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321769.2184448, 'message': 'Dec  6 12:16:08 hqnl0246134 sshd[211502]: Invalid user kafka from 187.234.72.37 port 57190', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-06 12:16:09,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321769.218312, 'message': 'Dec  6 12:16:07 hqnl0246134 sshd[211500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 12:16:09,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321769.218569, 'message': 'Dec  6 12:16:08 hqnl0246134 sshd[211502]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.234.72.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 12:16:09,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321769.2189307, 'message': 'Dec  6 12:16:08 hqnl0246134 sshd[211502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.234.72.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 12:16:11,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321771.2202744, 'message': 'Dec  6 12:16:10 hqnl0246134 sshd[211502]: Failed password for invalid user kafka from 187.234.72.37 port 57190 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 12:16:11,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321771.2205195, 'message': 'Dec  6 12:16:10 hqnl0246134 sshd[211500]: Failed password for root from 61.177.173.36 port 37468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 12:16:11,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321771.2206337, 'message': 'Dec  6 12:16:10 hqnl0246134 sshd[211502]: Disconnected from invalid user kafka 187.234.72.37 port 57190 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:16:13,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321773.2216456, 'message': 'Dec  6 12:16:12 hqnl0246134 sshd[211500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 12:16:13,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321773.2218227, 'message': 'Dec  6 12:16:12 hqnl0246134 sshd[211516]: Invalid user allen from 194.204.194.11 port 34896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 12:16:13,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321773.2222416, 'message': 'Dec  6 12:16:12 hqnl0246134 sshd[211516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 12:16:13,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321773.2223513, 'message': 'Dec  6 12:16:12 hqnl0246134 sshd[211516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:16:15,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321775.224124, 'message': 'Dec  6 12:16:14 hqnl0246134 sshd[211500]: Failed password for root from 61.177.173.36 port 37468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 12:16:15,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321775.2243502, 'message': 'Dec  6 12:16:15 hqnl0246134 sshd[211516]: Failed password for invalid user allen from 194.204.194.11 port 34896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 12:16:17,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670321777.2262485, 'message': 'Dec  6 12:16:15 hqnl0246134 sshd[211516]: Disconnected from invalid user allen 194.204.194.11 port 34896 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 12:16:17,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321777.226463, 'message': 'Dec  6 12:16:16 hqnl0246134 sshd[211500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 12:16:17,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:16:17,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:16:17,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:16:17,970] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 12:16:19,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321779.2287986, 'message': 'Dec  6 12:16:18 hqnl0246134 sshd[211500]: Failed password for root from 61.177.173.36 port 37468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:16:20,567] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:16:20,568] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:16:20,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:16:20,589] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 12:16:21,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321781.2319663, 'message': 'Dec  6 12:16:20 hqnl0246134 sshd[211526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 12:16:21,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321781.232193, 'message': 'Dec  6 12:16:20 hqnl0246134 sshd[211526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 12:16:23,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321783.2342417, 'message': 'Dec  6 12:16:22 hqnl0246134 sshd[211526]: Failed password for root from 61.177.173.36 port 24902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:16:23,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321783.2344215, 'message': 'Dec  6 12:16:22 hqnl0246134 sshd[211526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 12:16:25,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321785.2368667, 'message': 'Dec  6 12:16:24 hqnl0246134 sshd[211526]: Failed password for root from 61.177.173.36 port 24902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 12:16:25,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321785.2371874, 'message': 'Dec  6 12:16:25 hqnl0246134 sshd[211526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:16:27,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670321787.23763, 'message': 'Dec  6 12:16:27 hqnl0246134 sshd[211526]: Failed password for root from 61.177.173.36 port 24902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 12:16:35,022] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:16:35,093] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:16:35,093] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:16:35,094] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:16:35,094] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:16:35,094] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:16:35,106] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:16:35,123] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0286 seconds
WARNING [2022-12-06 12:16:35,129] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:16:35,131] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:16:35,149] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-06 12:16:35,150] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0291 seconds
INFO    [2022-12-06 12:16:43,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321803.2553277, 'message': 'Dec  6 12:16:41 hqnl0246134 sshd[211541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 12:16:43,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321803.2562451, 'message': 'Dec  6 12:16:41 hqnl0246134 sshd[211541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 12:16:45,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321805.255697, 'message': 'Dec  6 12:16:43 hqnl0246134 sshd[211541]: Failed password for root from 61.177.172.98 port 29586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 12:16:45,598] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:16:45,599] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:16:47,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321807.2584453, 'message': 'Dec  6 12:16:45 hqnl0246134 sshd[211541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:16:49,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321809.2622502, 'message': 'Dec  6 12:16:47 hqnl0246134 sshd[211541]: Failed password for root from 61.177.172.98 port 29586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 12:16:49,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321809.262591, 'message': 'Dec  6 12:16:48 hqnl0246134 sshd[211541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:16:51,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321811.2641387, 'message': 'Dec  6 12:16:50 hqnl0246134 sshd[211541]: Failed password for root from 61.177.172.98 port 29586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 12:16:54,028] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:16:54,071] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0543 seconds
INFO    [2022-12-06 12:16:59,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321819.269826, 'message': 'Dec  6 12:16:57 hqnl0246134 sshd[211556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 12:16:59,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321819.2703547, 'message': 'Dec  6 12:16:57 hqnl0246134 sshd[211556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:16:59,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321819.2704835, 'message': 'Dec  6 12:16:59 hqnl0246134 sshd[211556]: Failed password for root from 61.177.172.98 port 29240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 12:17:01,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321821.2706552, 'message': 'Dec  6 12:16:59 hqnl0246134 sshd[211556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 12:17:03,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321823.2727742, 'message': 'Dec  6 12:17:01 hqnl0246134 sshd[211556]: Failed password for root from 61.177.172.98 port 29240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:17:03,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321823.273137, 'message': 'Dec  6 12:17:02 hqnl0246134 sshd[211556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 12:17:05,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321825.2768023, 'message': 'Dec  6 12:17:03 hqnl0246134 sshd[211556]: Failed password for root from 61.177.172.98 port 29240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 12:17:07,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321827.2790134, 'message': 'Dec  6 12:17:06 hqnl0246134 sshd[211569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:17:07,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321827.2792187, 'message': 'Dec  6 12:17:06 hqnl0246134 sshd[211569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 12:17:09,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321829.2818408, 'message': 'Dec  6 12:17:08 hqnl0246134 sshd[211569]: Failed password for root from 61.177.172.98 port 33575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 12:17:10,851] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:17:10,852] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:17:10,853] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 12:17:11,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321831.2839968, 'message': 'Dec  6 12:17:10 hqnl0246134 sshd[211569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-06 12:17:13,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321833.2859259, 'message': 'Dec  6 12:17:12 hqnl0246134 sshd[211569]: Failed password for root from 61.177.172.98 port 33575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 12:17:13,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321833.2861235, 'message': 'Dec  6 12:17:12 hqnl0246134 sshd[211569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:17:15,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321835.3226476, 'message': 'Dec  6 12:17:14 hqnl0246134 sshd[211569]: Failed password for root from 61.177.172.98 port 33575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 12:17:18,561] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:17:18,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:17:18,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:17:18,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:17:18,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:17:18,672] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:17:18,689] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1263 seconds
INFO    [2022-12-06 12:17:18,708] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0548 seconds
INFO    [2022-12-06 12:17:21,510] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:17:21,510] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:17:21,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:17:21,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0278 seconds
INFO    [2022-12-06 12:17:23,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321843.2941556, 'message': 'Dec  6 12:17:22 hqnl0246134 sshd[211600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 12:17:23,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321843.2944274, 'message': 'Dec  6 12:17:22 hqnl0246134 sshd[211600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:17:25,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321845.2944643, 'message': 'Dec  6 12:17:24 hqnl0246134 sshd[211600]: Failed password for root from 61.177.172.98 port 21955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 12:17:25,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321845.2947512, 'message': 'Dec  6 12:17:24 hqnl0246134 sshd[211600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 12:17:27,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321847.2948668, 'message': 'Dec  6 12:17:26 hqnl0246134 sshd[211600]: Failed password for root from 61.177.172.98 port 21955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 12:17:27,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321847.2951224, 'message': 'Dec  6 12:17:26 hqnl0246134 sshd[211600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-06 12:17:29,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670321849.297283, 'message': 'Dec  6 12:17:28 hqnl0246134 sshd[211600]: Failed password for root from 61.177.172.98 port 21955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 12:17:45,602] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:17:45,603] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:17:54,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:17:54,057] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-06 12:18:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:18:17,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:18:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:18:17,935] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 12:18:20,716] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:18:20,717] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:18:20,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:18:20,737] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 12:18:35,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321915.3790545, 'message': 'Dec  6 12:18:33 hqnl0246134 sshd[211659]: Invalid user lzh from 27.118.22.221 port 57692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 12:18:35,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321915.379289, 'message': 'Dec  6 12:18:33 hqnl0246134 sshd[211659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.118.22.221 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 12:18:35,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321915.3794403, 'message': 'Dec  6 12:18:33 hqnl0246134 sshd[211659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.118.22.221 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:18:35,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321915.3795464, 'message': 'Dec  6 12:18:35 hqnl0246134 sshd[211659]: Failed password for invalid user lzh from 27.118.22.221 port 57692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:18:37,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.118.22.221', 'timestamp': 1670321917.3804164, 'message': 'Dec  6 12:18:36 hqnl0246134 sshd[211659]: Disconnected from invalid user lzh 27.118.22.221 port 57692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 12:18:38,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:18:38,495] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:18:38,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:18:38,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
WARNING [2022-12-06 12:18:45,657] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:18:45,658] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:18:49,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321929.4012432, 'message': 'Dec  6 12:18:48 hqnl0246134 sshd[211681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.234.72.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 12:18:49,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321929.4018645, 'message': 'Dec  6 12:18:48 hqnl0246134 sshd[211681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.234.72.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 12:18:51,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.234.72.37', 'timestamp': 1670321931.4043136, 'message': 'Dec  6 12:18:50 hqnl0246134 sshd[211681]: Failed password for root from 187.234.72.37 port 64095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 12:18:54,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:18:54,058] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-06 12:19:17,932] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:19:17,932] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:19:17,942] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:19:17,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 12:19:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:19:20,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:19:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:19:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 12:19:45,662] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:19:45,663] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:20:17,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:20:17,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:20:17,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:20:17,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 12:20:20,496] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:20:20,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:20:20,511] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:20:20,529] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 12:20:43,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322043.6196797, 'message': 'Dec  6 12:20:43 hqnl0246134 sshd[211818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 12:20:43,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322043.6201584, 'message': 'Dec  6 12:20:43 hqnl0246134 sshd[211818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 12:20:45,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322045.6219409, 'message': 'Dec  6 12:20:45 hqnl0246134 sshd[211818]: Failed password for root from 61.177.172.104 port 63529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 12:20:45,665] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:20:45,666] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:20:47,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322047.6239898, 'message': 'Dec  6 12:20:47 hqnl0246134 sshd[211818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 12:20:49,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322049.6325831, 'message': 'Dec  6 12:20:49 hqnl0246134 sshd[211818]: Failed password for root from 61.177.172.104 port 63529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 12:20:49,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322049.632826, 'message': 'Dec  6 12:20:49 hqnl0246134 sshd[211818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 12:20:53,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322053.6384668, 'message': 'Dec  6 12:20:52 hqnl0246134 sshd[211818]: Failed password for root from 61.177.172.104 port 63529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 12:20:54,036] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:20:54,064] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-06 12:20:55,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322055.6433687, 'message': 'Dec  6 12:20:54 hqnl0246134 sshd[211823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.234.72.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:20:55,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322055.643575, 'message': 'Dec  6 12:20:54 hqnl0246134 sshd[211823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.234.72.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:20:56,305] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:20:56,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:20:56,322] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:20:56,341] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0355 seconds
INFO    [2022-12-06 12:20:57,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322057.6472702, 'message': 'Dec  6 12:20:56 hqnl0246134 sshd[211823]: Failed password for root from 187.234.72.37 port 37866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0861 seconds
INFO    [2022-12-06 12:21:07,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322067.6571436, 'message': 'Dec  6 12:21:05 hqnl0246134 sshd[211845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 12:21:07,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322067.657587, 'message': 'Dec  6 12:21:05 hqnl0246134 sshd[211845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 12:21:09,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322069.6767483, 'message': 'Dec  6 12:21:08 hqnl0246134 sshd[211845]: Failed password for root from 61.177.172.104 port 11725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1037 seconds
INFO    [2022-12-06 12:21:11,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322071.6603687, 'message': 'Dec  6 12:21:10 hqnl0246134 sshd[211845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 12:21:13,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322073.6620913, 'message': 'Dec  6 12:21:12 hqnl0246134 sshd[211845]: Failed password for root from 61.177.172.104 port 11725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 12:21:15,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322075.6644723, 'message': 'Dec  6 12:21:14 hqnl0246134 sshd[211845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 12:21:17,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322077.6665928, 'message': 'Dec  6 12:21:17 hqnl0246134 sshd[211845]: Failed password for root from 61.177.172.104 port 11725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:21:17,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:21:17,832] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:21:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:21:17,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 12:21:21,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:21:21,135] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:21:21,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:21:21,155] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 12:21:21,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322081.6678805, 'message': 'Dec  6 12:21:20 hqnl0246134 sshd[211868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:21:21,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322081.6680963, 'message': 'Dec  6 12:21:20 hqnl0246134 sshd[211868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:21:23,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322083.669854, 'message': 'Dec  6 12:21:23 hqnl0246134 sshd[211868]: Failed password for root from 61.177.172.104 port 62882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 12:21:25,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322085.6723194, 'message': 'Dec  6 12:21:25 hqnl0246134 sshd[211868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:21:27,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322087.6738107, 'message': 'Dec  6 12:21:27 hqnl0246134 sshd[211868]: Failed password for root from 61.177.172.104 port 62882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 12:21:29,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322089.6761658, 'message': 'Dec  6 12:21:29 hqnl0246134 sshd[211868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 12:21:31,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322091.6780431, 'message': 'Dec  6 12:21:31 hqnl0246134 sshd[211868]: Failed password for root from 61.177.172.104 port 62882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 12:21:33,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322093.6797345, 'message': 'Dec  6 12:21:33 hqnl0246134 sshd[211875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 12:21:33,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322093.680042, 'message': 'Dec  6 12:21:33 hqnl0246134 sshd[211875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:21:35,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322095.680981, 'message': 'Dec  6 12:21:35 hqnl0246134 sshd[211875]: Failed password for root from 61.177.172.104 port 51312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 12:21:35,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322095.6812816, 'message': 'Dec  6 12:21:35 hqnl0246134 sshd[211875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 12:21:39,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322099.6862447, 'message': 'Dec  6 12:21:37 hqnl0246134 sshd[211875]: Failed password for root from 61.177.172.104 port 51312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 12:21:41,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322101.6885293, 'message': 'Dec  6 12:21:39 hqnl0246134 sshd[211875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 12:21:43,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322103.690004, 'message': 'Dec  6 12:21:41 hqnl0246134 sshd[211875]: Failed password for root from 61.177.172.104 port 51312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
WARNING [2022-12-06 12:21:45,672] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:21:45,673] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:21:47,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322107.6938572, 'message': 'Dec  6 12:21:45 hqnl0246134 sshd[211893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:21:47,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322107.6941264, 'message': 'Dec  6 12:21:45 hqnl0246134 sshd[211893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 12:21:49,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322109.7017076, 'message': 'Dec  6 12:21:47 hqnl0246134 sshd[211893]: Failed password for root from 61.177.172.104 port 31554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 12:21:49,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322109.7022893, 'message': 'Dec  6 12:21:48 hqnl0246134 sshd[211893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 12:21:51,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322111.703378, 'message': 'Dec  6 12:21:50 hqnl0246134 sshd[211893]: Failed password for root from 61.177.172.104 port 31554 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-06 12:21:53,248] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 12:21:53,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322113.7062848, 'message': 'Dec  6 12:21:52 hqnl0246134 sshd[211893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
WARNING [2022-12-06 12:21:54,040] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:21:54,063] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-06 12:21:55,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670322115.7089107, 'message': 'Dec  6 12:21:54 hqnl0246134 sshd[211873]: Accepted password for supportwwwuser from 212.58.119.251 port 10536 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0728 seconds
INFO    [2022-12-06 12:21:55,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670322115.7091718, 'message': 'Dec  6 12:21:54 hqnl0246134 sshd[211893]: Failed password for root from 61.177.172.104 port 31554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0737 seconds
INFO    [2022-12-06 12:21:57,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:21:57,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:21:57,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:21:57,608] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 12:22:01,415] defence360agent.files: Updating all files
INFO    [2022-12-06 12:22:01,723] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:01,723] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 12:22:02,105] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:02,106] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 12:22:02,438] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:02,439] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 12:22:02,808] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:02,809] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 12:22:02,809] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 12:22:03,070] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 10:22:03 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E2D1F0425714A'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 12:22:03,073] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 12:22:03,074] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 12:22:03,544] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:03,545] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 12:22:03,865] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:03,865] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 12:22:04,200] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:04,200] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 12:22:04,623] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:04,623] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 12:22:05,150] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 12:22:05,153] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 12:22:18,649] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:22:18,652] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:22:18,667] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:22:18,688] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0333 seconds
INFO    [2022-12-06 12:22:22,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:22:22,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:22:22,017] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:22:22,030] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
WARNING [2022-12-06 12:22:45,677] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:22:45,679] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:22:54,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:22:54,086] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0448 seconds
INFO    [2022-12-06 12:23:05,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322185.773021, 'message': 'Dec  6 12:23:05 hqnl0246134 sshd[212043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.234.72.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 12:23:05,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322185.773918, 'message': 'Dec  6 12:23:05 hqnl0246134 sshd[212043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.234.72.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:23:07,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.234.72.37', 'timestamp': 1670322187.7726483, 'message': 'Dec  6 12:23:06 hqnl0246134 sshd[212043]: Failed password for root from 187.234.72.37 port 47929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 12:23:12,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:23:12,920] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:23:12,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:23:13,008] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0868 seconds
INFO    [2022-12-06 12:23:18,516] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:23:18,517] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:23:18,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:23:18,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 12:23:21,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:23:21,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:23:21,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:23:21,966] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0265 seconds
INFO    [2022-12-06 12:23:36,265] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:23:36,337] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:23:36,338] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:23:36,339] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:23:36,339] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:23:36,339] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:23:36,360] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:23:36,389] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0480 seconds
WARNING [2022-12-06 12:23:36,400] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:23:36,403] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:23:36,424] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0452 seconds
INFO    [2022-12-06 12:23:36,426] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0412 seconds
WARNING [2022-12-06 12:23:45,683] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:23:45,685] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:23:54,063] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:23:54,104] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0576 seconds
INFO    [2022-12-06 12:24:06,489] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:24:06,491] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:24:06,492] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 12:24:18,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:24:18,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:24:18,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:24:18,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0370 seconds
INFO    [2022-12-06 12:24:22,505] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:24:22,505] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:24:22,514] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:24:22,527] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 12:24:29,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 10100, 'attackers_ip': '188.32.176.34', 'timestamp': 1670322269.8801663, 'message': 'Dec  6 12:24:28 hqnl0246134 sshd[212129]: Accepted publickey for root from 188.32.176.34 port 45640 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 4, 'name': 'First time user logged in.', 'tag': []}) processed in 0.0323 seconds
WARNING [2022-12-06 12:24:45,688] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:24:45,690] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:24:54,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:24:54,103] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0530 seconds
INFO    [2022-12-06 12:25:18,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:25:18,362] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:25:18,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:25:18,412] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0489 seconds
INFO    [2022-12-06 12:25:21,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:25:21,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:25:21,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:25:21,058] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0161 seconds
INFO    [2022-12-06 12:25:23,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670322323.935924, 'message': 'Dec  6 12:25:22 hqnl0246134 sshd[212263]: Accepted password for supportwwwuser from 212.58.119.251 port 10679 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 12:25:25,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322325.9374597, 'message': 'Dec  6 12:25:24 hqnl0246134 sshd[212297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 12:25:25,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322325.937742, 'message': 'Dec  6 12:25:24 hqnl0246134 sshd[212297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:25:27,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322327.9379618, 'message': 'Dec  6 12:25:26 hqnl0246134 sshd[212297]: Failed password for root from 61.177.173.50 port 47420 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:25:29,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322329.9398928, 'message': 'Dec  6 12:25:28 hqnl0246134 sshd[212297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 12:25:31,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322331.9418972, 'message': 'Dec  6 12:25:30 hqnl0246134 sshd[212297]: Failed password for root from 61.177.173.50 port 47420 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 12:25:31,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322331.942154, 'message': 'Dec  6 12:25:30 hqnl0246134 sshd[212297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 12:25:33,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322333.9460413, 'message': 'Dec  6 12:25:32 hqnl0246134 sshd[212297]: Failed password for root from 61.177.173.50 port 47420 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 12:25:37,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322337.95177, 'message': 'Dec  6 12:25:37 hqnl0246134 sshd[212305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 12:25:37,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322337.952039, 'message': 'Dec  6 12:25:37 hqnl0246134 sshd[212305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:25:39,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322339.9543982, 'message': 'Dec  6 12:25:39 hqnl0246134 sshd[212305]: Failed password for root from 61.177.173.50 port 38732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 12:25:41,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322341.9538934, 'message': 'Dec  6 12:25:41 hqnl0246134 sshd[212305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 12:25:43,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322343.956794, 'message': 'Dec  6 12:25:43 hqnl0246134 sshd[212305]: Failed password for root from 61.177.173.50 port 38732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 12:25:45,695] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:25:45,695] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:25:45,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322345.9576905, 'message': 'Dec  6 12:25:44 hqnl0246134 sshd[212305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 12:25:48,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670322348.01104, 'message': 'Dec  6 12:25:46 hqnl0246134 sshd[212305]: Failed password for root from 61.177.173.50 port 38732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 12:25:54,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:25:54,081] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0284 seconds
INFO    [2022-12-06 12:26:18,036] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:26:18,037] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:26:18,181] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:26:18,196] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1572 seconds
INFO    [2022-12-06 12:26:20,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:26:20,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:26:20,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:26:20,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
WARNING [2022-12-06 12:26:45,699] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:26:45,701] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:27:18,204] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:27:18,205] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:27:18,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:27:18,225] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 12:27:20,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:27:20,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:27:20,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:27:20,814] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 12:27:45,703] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:27:45,705] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:28:16,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322496.1644242, 'message': 'Dec  6 12:28:15 hqnl0246134 sshd[212449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 12:28:16,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322496.1652286, 'message': 'Dec  6 12:28:15 hqnl0246134 sshd[212449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 12:28:17,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:28:17,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:28:17,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:28:17,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 12:28:18,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322498.1646214, 'message': 'Dec  6 12:28:17 hqnl0246134 sshd[212449]: Failed password for root from 61.177.173.36 port 32228 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 12:28:20,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322500.1661346, 'message': 'Dec  6 12:28:19 hqnl0246134 sshd[212449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:28:20,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:28:20,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:28:20,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:28:20,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 12:28:22,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322502.1690452, 'message': 'Dec  6 12:28:22 hqnl0246134 sshd[212449]: Failed password for root from 61.177.173.36 port 32228 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 12:28:24,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322504.1707647, 'message': 'Dec  6 12:28:24 hqnl0246134 sshd[212449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 12:28:28,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322508.1793833, 'message': 'Dec  6 12:28:26 hqnl0246134 sshd[212449]: Failed password for root from 61.177.173.36 port 32228 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 12:28:30,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322510.1822484, 'message': 'Dec  6 12:28:30 hqnl0246134 sshd[212465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 12:28:30,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322510.182722, 'message': 'Dec  6 12:28:30 hqnl0246134 sshd[212465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 12:28:31,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:28:31,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:28:31,015] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:28:31,029] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 12:28:32,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322512.1824021, 'message': 'Dec  6 12:28:32 hqnl0246134 sshd[212465]: Failed password for root from 61.177.173.36 port 39676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:28:34,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322514.184403, 'message': 'Dec  6 12:28:32 hqnl0246134 sshd[212465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:28:36,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322516.1864505, 'message': 'Dec  6 12:28:34 hqnl0246134 sshd[212465]: Failed password for root from 61.177.173.36 port 39676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:28:36,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322516.186704, 'message': 'Dec  6 12:28:34 hqnl0246134 sshd[212465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:28:38,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322518.198952, 'message': 'Dec  6 12:28:37 hqnl0246134 sshd[212465]: Failed password for root from 61.177.173.36 port 39676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:28:42,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322522.1922526, 'message': 'Dec  6 12:28:40 hqnl0246134 sshd[212473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 12:28:42,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322522.192582, 'message': 'Dec  6 12:28:40 hqnl0246134 sshd[212473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:28:44,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322524.1951826, 'message': 'Dec  6 12:28:42 hqnl0246134 sshd[212473]: Failed password for root from 61.177.173.36 port 62343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:28:44,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322524.1954074, 'message': 'Dec  6 12:28:43 hqnl0246134 sshd[212473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 12:28:45,714] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:28:45,714] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:28:46,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322526.1980367, 'message': 'Dec  6 12:28:45 hqnl0246134 sshd[212473]: Failed password for root from 61.177.173.36 port 62343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 12:28:46,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322526.1982334, 'message': 'Dec  6 12:28:45 hqnl0246134 sshd[212473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:28:48,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670322528.2032096, 'message': 'Dec  6 12:28:46 hqnl0246134 sshd[212473]: Failed password for root from 61.177.173.36 port 62343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
WARNING [2022-12-06 12:28:54,069] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:28:54,088] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0282 seconds
INFO    [2022-12-06 12:29:17,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:29:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:29:17,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:29:17,927] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 12:29:20,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:29:20,676] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:29:20,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:29:20,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
WARNING [2022-12-06 12:29:45,721] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:29:45,722] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:30:18,238] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:30:18,239] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:30:18,248] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:30:18,260] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 12:30:21,076] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:30:21,076] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:30:21,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:30:21,096] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
WARNING [2022-12-06 12:30:45,726] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:30:45,727] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:31:17,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:31:17,968] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:31:17,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:31:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-06 12:31:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:31:20,659] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:31:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:31:20,678] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 12:31:23,467] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:31:23,532] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:31:23,533] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:31:23,533] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:31:23,533] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:31:23,534] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:31:23,554] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:31:23,570] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0354 seconds
WARNING [2022-12-06 12:31:23,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:31:23,578] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:31:23,594] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0294 seconds
INFO    [2022-12-06 12:31:23,595] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0278 seconds
WARNING [2022-12-06 12:31:45,730] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:31:45,732] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:31:53,251] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 12:31:53,667] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:31:53,668] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:31:53,669] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 12:32:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:32:17,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:32:17,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:32:17,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0422 seconds
INFO    [2022-12-06 12:32:22,780] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:32:22,780] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:32:22,787] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:32:22,798] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-06 12:32:45,740] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:32:45,742] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:33:17,862] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:33:17,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:33:17,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:33:17,889] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-06 12:33:20,457] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:33:20,457] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:33:20,464] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:33:20,476] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 12:33:45,745] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:33:45,746] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:34:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:34:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:34:17,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:34:17,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 12:34:20,482] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:34:20,483] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:34:20,489] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:34:20,500] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
WARNING [2022-12-06 12:34:45,750] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:34:45,752] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:35:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:35:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:35:17,825] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:35:17,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 12:35:20,453] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:35:20,453] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:35:20,462] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:35:20,482] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0281 seconds
WARNING [2022-12-06 12:35:45,758] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:35:45,760] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:36:08,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322968.75386, 'message': 'Dec  6 12:36:07 hqnl0246134 sshd[212877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 12:36:08,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322968.754557, 'message': 'Dec  6 12:36:07 hqnl0246134 sshd[212877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 12:36:10,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322970.754117, 'message': 'Dec  6 12:36:09 hqnl0246134 sshd[212877]: Failed password for root from 61.177.173.49 port 55717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 12:36:10,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322970.7543604, 'message': 'Dec  6 12:36:09 hqnl0246134 sshd[212877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 12:36:12,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322972.7569957, 'message': 'Dec  6 12:36:11 hqnl0246134 sshd[212877]: Failed password for root from 61.177.173.49 port 55717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 12:36:12,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322972.7572668, 'message': 'Dec  6 12:36:12 hqnl0246134 sshd[212877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:36:14,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322974.7590106, 'message': 'Dec  6 12:36:14 hqnl0246134 sshd[212877]: Failed password for root from 61.177.173.49 port 55717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 12:36:18,032] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:36:18,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:36:18,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:36:18,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 12:36:18,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322978.7614605, 'message': 'Dec  6 12:36:18 hqnl0246134 sshd[212892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:36:18,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322978.7688613, 'message': 'Dec  6 12:36:18 hqnl0246134 sshd[212892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 12:36:19,234] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:36:19,234] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:36:19,242] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:36:19,254] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 12:36:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:36:20,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:36:20,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:36:20,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-06 12:36:20,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322980.8773577, 'message': 'Dec  6 12:36:19 hqnl0246134 sshd[212892]: Failed password for root from 61.177.173.49 port 33415 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 12:36:20,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322980.8776836, 'message': 'Dec  6 12:36:20 hqnl0246134 sshd[212892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:36:22,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322982.7683847, 'message': 'Dec  6 12:36:22 hqnl0246134 sshd[212892]: Failed password for root from 61.177.173.49 port 33415 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 12:36:24,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322984.7710109, 'message': 'Dec  6 12:36:23 hqnl0246134 sshd[212892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 12:36:26,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670322986.7740953, 'message': 'Dec  6 12:36:25 hqnl0246134 sshd[212892]: Failed password for root from 61.177.173.49 port 33415 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
WARNING [2022-12-06 12:36:45,766] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:36:45,767] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:36:54,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:36:54,111] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-06 12:37:18,124] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:37:18,126] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:37:18,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:37:18,152] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-06 12:37:21,262] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:37:21,263] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:37:21,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:37:21,313] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0362 seconds
WARNING [2022-12-06 12:37:45,770] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:37:45,771] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:38:18,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:38:18,005] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:38:18,028] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:38:18,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0375 seconds
INFO    [2022-12-06 12:38:20,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:38:20,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:38:20,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:38:20,730] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 12:38:25,426] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:38:25,494] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:38:25,494] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:38:25,494] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:38:25,495] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:38:25,495] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:38:25,509] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:38:25,524] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0288 seconds
WARNING [2022-12-06 12:38:25,530] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:38:25,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:38:25,548] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0299 seconds
INFO    [2022-12-06 12:38:25,550] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0278 seconds
WARNING [2022-12-06 12:38:45,773] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:38:45,775] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:38:55,620] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:38:55,621] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:38:55,623] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 12:39:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:39:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:39:17,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:39:17,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-06 12:39:21,327] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:39:21,327] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:39:21,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:39:21,350] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 12:39:35,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323175.1717782, 'message': 'Dec  6 12:39:33 hqnl0246134 sshd[213210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 12:39:35,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323175.1721876, 'message': 'Dec  6 12:39:33 hqnl0246134 sshd[213210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:39:37,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323177.1712458, 'message': 'Dec  6 12:39:35 hqnl0246134 sshd[213210]: Failed password for root from 61.177.173.52 port 21421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 12:39:39,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323179.174085, 'message': 'Dec  6 12:39:37 hqnl0246134 sshd[213210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:39:41,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323181.1796436, 'message': 'Dec  6 12:39:39 hqnl0246134 sshd[213210]: Failed password for root from 61.177.173.52 port 21421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 12:39:41,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323181.1798832, 'message': 'Dec  6 12:39:39 hqnl0246134 sshd[213210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:39:43,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323183.181586, 'message': 'Dec  6 12:39:41 hqnl0246134 sshd[213210]: Failed password for root from 61.177.173.52 port 21421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:39:45,097] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:39:45,098] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:39:45,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:39:45,117] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 12:39:45,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323185.1844685, 'message': 'Dec  6 12:39:44 hqnl0246134 sshd[213218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 12:39:45,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323185.1847823, 'message': 'Dec  6 12:39:44 hqnl0246134 sshd[213218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
WARNING [2022-12-06 12:39:45,778] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:39:45,779] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:39:47,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323187.188497, 'message': 'Dec  6 12:39:46 hqnl0246134 sshd[213218]: Failed password for root from 61.177.173.52 port 48578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 12:39:49,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323189.1898885, 'message': 'Dec  6 12:39:47 hqnl0246134 sshd[213218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 12:39:51,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670323191.1912415, 'message': 'Dec  6 12:39:49 hqnl0246134 sshd[213218]: Failed password for root from 61.177.173.52 port 48578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
WARNING [2022-12-06 12:39:54,094] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:39:54,115] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0289 seconds
INFO    [2022-12-06 12:40:17,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:40:17,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:40:17,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:40:17,735] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 12:40:20,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:40:20,343] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:40:20,353] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:40:20,364] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 12:40:23,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323223.2346172, 'message': 'Dec  6 12:40:22 hqnl0246134 sshd[213293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 12:40:23,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323223.2349985, 'message': 'Dec  6 12:40:22 hqnl0246134 sshd[213293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:40:25,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323225.2361765, 'message': 'Dec  6 12:40:25 hqnl0246134 sshd[213293]: Failed password for root from 61.177.173.39 port 57076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:40:27,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323227.2377846, 'message': 'Dec  6 12:40:26 hqnl0246134 sshd[213293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 12:40:29,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323229.2401328, 'message': 'Dec  6 12:40:28 hqnl0246134 sshd[213293]: Failed password for root from 61.177.173.39 port 57076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 12:40:29,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323229.2403862, 'message': 'Dec  6 12:40:29 hqnl0246134 sshd[213293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 12:40:33,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323233.2456646, 'message': 'Dec  6 12:40:31 hqnl0246134 sshd[213293]: Failed password for root from 61.177.173.39 port 57076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 12:40:35,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323235.248119, 'message': 'Dec  6 12:40:35 hqnl0246134 sshd[213296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 12:40:35,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323235.2483282, 'message': 'Dec  6 12:40:35 hqnl0246134 sshd[213296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:40:37,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323237.247544, 'message': 'Dec  6 12:40:37 hqnl0246134 sshd[213296]: Failed password for root from 61.177.173.39 port 33212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:40:39,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323239.2533884, 'message': 'Dec  6 12:40:37 hqnl0246134 sshd[213296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:40:41,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323241.2563949, 'message': 'Dec  6 12:40:39 hqnl0246134 sshd[213296]: Failed password for root from 61.177.173.39 port 33212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 12:40:41,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323241.2566106, 'message': 'Dec  6 12:40:39 hqnl0246134 sshd[213296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:40:43,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323243.2584562, 'message': 'Dec  6 12:40:42 hqnl0246134 sshd[213296]: Failed password for root from 61.177.173.39 port 33212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 12:40:45,782] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:40:45,784] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:40:46,589] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:40:46,589] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:40:46,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:40:46,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
INFO    [2022-12-06 12:40:47,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323247.26616, 'message': 'Dec  6 12:40:45 hqnl0246134 sshd[213303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 12:40:47,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323247.2669022, 'message': 'Dec  6 12:40:45 hqnl0246134 sshd[213303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:40:49,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323249.2720652, 'message': 'Dec  6 12:40:47 hqnl0246134 sshd[213303]: Failed password for root from 61.177.173.39 port 46773 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:40:51,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323251.2768164, 'message': 'Dec  6 12:40:49 hqnl0246134 sshd[213303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:40:51,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323251.2770963, 'message': 'Dec  6 12:40:51 hqnl0246134 sshd[213303]: Failed password for root from 61.177.173.39 port 46773 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:40:53,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323253.2827668, 'message': 'Dec  6 12:40:51 hqnl0246134 sshd[213303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 12:40:54,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:40:54,117] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0271 seconds
INFO    [2022-12-06 12:40:55,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670323255.288969, 'message': 'Dec  6 12:40:54 hqnl0246134 sshd[213303]: Failed password for root from 61.177.173.39 port 46773 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:41:17,932] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:41:17,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:41:17,944] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:41:17,958] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 12:41:20,535] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:41:20,535] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:41:20,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:41:20,554] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-06 12:41:45,795] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:41:45,796] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:41:53,255] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 12:41:54,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:41:54,144] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0511 seconds
INFO    [2022-12-06 12:42:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:42:17,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:42:17,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:42:18,001] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
INFO    [2022-12-06 12:42:20,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:42:20,856] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:42:20,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:42:20,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
WARNING [2022-12-06 12:42:45,799] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:42:45,800] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:43:22,540] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:43:22,542] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:43:22,577] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:43:22,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.3422 seconds
INFO    [2022-12-06 12:43:23,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323403.514641, 'message': 'Dec  6 12:43:22 hqnl0246134 sshd[213456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 12:43:23,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323403.5149648, 'message': 'Dec  6 12:43:22 hqnl0246134 sshd[213456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 12:43:25,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323405.5164123, 'message': 'Dec  6 12:43:24 hqnl0246134 sshd[213456]: Failed password for root from 61.177.172.19 port 56312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:43:25,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:43:25,606] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:43:25,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:43:25,624] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 12:43:27,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323407.5203936, 'message': 'Dec  6 12:43:26 hqnl0246134 sshd[213456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:43:29,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323409.521914, 'message': 'Dec  6 12:43:28 hqnl0246134 sshd[213456]: Failed password for root from 61.177.172.19 port 56312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 12:43:29,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323409.522207, 'message': 'Dec  6 12:43:29 hqnl0246134 sshd[213456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:43:31,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323411.5236757, 'message': 'Dec  6 12:43:31 hqnl0246134 sshd[213456]: Failed password for root from 61.177.172.19 port 56312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:43:35,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323415.5282314, 'message': 'Dec  6 12:43:35 hqnl0246134 sshd[213465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:43:35,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323415.528808, 'message': 'Dec  6 12:43:35 hqnl0246134 sshd[213465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 12:43:36,221] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:43:36,222] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:43:36,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:43:36,244] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 12:43:37,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323417.5298636, 'message': 'Dec  6 12:43:37 hqnl0246134 sshd[213465]: Failed password for root from 61.177.172.19 port 46638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:43:39,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323419.5321257, 'message': 'Dec  6 12:43:39 hqnl0246134 sshd[213465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 12:43:41,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323421.5357268, 'message': 'Dec  6 12:43:41 hqnl0246134 sshd[213465]: Failed password for root from 61.177.172.19 port 46638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:43:43,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323423.5396647, 'message': 'Dec  6 12:43:41 hqnl0246134 sshd[213465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 12:43:45,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323425.5531402, 'message': 'Dec  6 12:43:43 hqnl0246134 sshd[213465]: Failed password for root from 61.177.172.19 port 46638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0580 seconds
WARNING [2022-12-06 12:43:45,807] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:43:45,808] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:43:49,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323429.5457802, 'message': 'Dec  6 12:43:47 hqnl0246134 sshd[213480]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 12:43:49,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323429.5461688, 'message': 'Dec  6 12:43:47 hqnl0246134 sshd[213480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 12:43:51,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323431.5464482, 'message': 'Dec  6 12:43:49 hqnl0246134 sshd[213480]: Failed password for root from 61.177.172.19 port 31252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 12:43:51,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323431.5467389, 'message': 'Dec  6 12:43:49 hqnl0246134 sshd[213480]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 12:43:53,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323433.5467858, 'message': 'Dec  6 12:43:51 hqnl0246134 sshd[213480]: Failed password for root from 61.177.172.19 port 31252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 12:43:53,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323433.5470262, 'message': 'Dec  6 12:43:52 hqnl0246134 sshd[213480]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
WARNING [2022-12-06 12:43:54,109] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:43:54,150] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0517 seconds
INFO    [2022-12-06 12:43:55,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323435.548322, 'message': 'Dec  6 12:43:54 hqnl0246134 sshd[213480]: Failed password for root from 61.177.172.19 port 31252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 12:43:59,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323439.5527155, 'message': 'Dec  6 12:43:57 hqnl0246134 sshd[213484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:43:59,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323439.5530007, 'message': 'Dec  6 12:43:57 hqnl0246134 sshd[213484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:44:01,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323441.55427, 'message': 'Dec  6 12:44:00 hqnl0246134 sshd[213484]: Failed password for root from 61.177.172.19 port 59709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 12:44:03,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323443.5539618, 'message': 'Dec  6 12:44:02 hqnl0246134 sshd[213484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 12:44:05,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323445.5552833, 'message': 'Dec  6 12:44:03 hqnl0246134 sshd[213484]: Failed password for root from 61.177.172.19 port 59709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:44:05,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323445.5554788, 'message': 'Dec  6 12:44:04 hqnl0246134 sshd[213484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 12:44:07,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670323447.5620034, 'message': 'Dec  6 12:44:06 hqnl0246134 sshd[213484]: Failed password for root from 61.177.172.19 port 59709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 12:44:18,231] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:44:18,232] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:44:18,266] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:44:18,320] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0867 seconds
INFO    [2022-12-06 12:44:21,177] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:44:21,178] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:44:21,186] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:44:21,199] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-06 12:44:45,810] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:44:45,811] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:44:54,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:44:54,139] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-06 12:45:18,215] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:45:18,217] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:45:18,236] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:45:18,261] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0425 seconds
INFO    [2022-12-06 12:45:21,210] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:45:21,211] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:45:21,223] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:45:21,236] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
WARNING [2022-12-06 12:45:45,812] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:45:45,813] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:46:03,895] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:46:03,962] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:46:03,963] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:46:03,963] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:46:03,963] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:46:03,964] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:46:03,976] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:46:03,993] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-06 12:46:04,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:46:04,003] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:46:04,020] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0328 seconds
INFO    [2022-12-06 12:46:04,022] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
INFO    [2022-12-06 12:46:18,038] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:46:18,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:46:18,048] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:46:18,061] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 12:46:20,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:46:20,865] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:46:20,873] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:46:20,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 12:46:33,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323593.7632697, 'message': 'Dec  6 12:46:32 hqnl0246134 sshd[213659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 12:46:33,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323593.7637372, 'message': 'Dec  6 12:46:32 hqnl0246134 sshd[213659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 12:46:34,114] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:46:34,115] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:46:34,115] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 12:46:35,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323595.7639887, 'message': 'Dec  6 12:46:34 hqnl0246134 sshd[213659]: Failed password for root from 61.177.173.51 port 47375 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 12:46:37,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323597.7656486, 'message': 'Dec  6 12:46:36 hqnl0246134 sshd[213659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 12:46:39,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323599.7692664, 'message': 'Dec  6 12:46:38 hqnl0246134 sshd[213659]: Failed password for root from 61.177.173.51 port 47375 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 12:46:41,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323601.7697275, 'message': 'Dec  6 12:46:40 hqnl0246134 sshd[213659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:46:43,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323603.772099, 'message': 'Dec  6 12:46:42 hqnl0246134 sshd[213659]: Failed password for root from 61.177.173.51 port 47375 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 12:46:45,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:46:45,553] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:46:45,561] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:46:45,572] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 12:46:45,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323605.775247, 'message': 'Dec  6 12:46:44 hqnl0246134 sshd[213664]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:46:45,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323605.7754815, 'message': 'Dec  6 12:46:44 hqnl0246134 sshd[213664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 12:46:45,815] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:46:45,816] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:46:47,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323607.777126, 'message': 'Dec  6 12:46:46 hqnl0246134 sshd[213664]: Failed password for root from 61.177.173.51 port 39115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 12:46:47,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323607.7774413, 'message': 'Dec  6 12:46:47 hqnl0246134 sshd[213664]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 12:46:49,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323609.7804499, 'message': 'Dec  6 12:46:49 hqnl0246134 sshd[213664]: Failed password for root from 61.177.173.51 port 39115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 12:46:51,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323611.7841623, 'message': 'Dec  6 12:46:51 hqnl0246134 sshd[213664]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 12:46:53,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670323613.813246, 'message': 'Dec  6 12:46:53 hqnl0246134 sshd[213664]: Failed password for root from 61.177.173.51 port 39115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 12:46:54,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:46:54,140] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 12:47:17,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:47:17,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:47:17,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:47:17,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 12:47:20,371] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:47:20,372] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:47:20,379] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:47:20,390] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 12:47:45,819] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:47:45,821] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:48:18,356] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:48:18,357] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:48:18,367] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:48:18,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 12:48:21,026] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:48:21,027] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:48:21,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:48:21,046] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 12:48:45,824] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:48:45,826] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:49:18,087] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:49:18,088] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:49:18,097] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:49:18,110] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 12:49:21,515] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:49:21,516] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:49:21,528] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:49:21,545] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
WARNING [2022-12-06 12:49:45,830] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:49:45,832] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:50:12,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.252.34', 'timestamp': 1670323812.0668387, 'message': 'Dec  6 12:50:10 hqnl0246134 sshd[213850]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.252.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 12:50:12,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.252.34', 'timestamp': 1670323812.0680304, 'message': 'Dec  6 12:50:10 hqnl0246134 sshd[213850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.252.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:50:14,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.252.34', 'timestamp': 1670323814.0669634, 'message': 'Dec  6 12:50:12 hqnl0246134 sshd[213850]: Failed password for root from 157.245.252.34 port 53582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 12:50:15,210] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:50:15,211] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:50:15,224] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:50:15,245] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-06 12:50:17,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:50:17,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:50:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:50:17,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 12:50:20,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:50:20,996] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:50:21,011] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:50:21,023] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 12:50:36,192] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:50:36,645] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:50:36,646] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:50:36,646] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:50:36,646] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:50:36,647] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:50:36,658] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:50:36,677] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0303 seconds
WARNING [2022-12-06 12:50:36,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:50:36,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:50:36,720] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0506 seconds
INFO    [2022-12-06 12:50:36,721] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0480 seconds
WARNING [2022-12-06 12:50:45,834] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:50:45,835] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:50:54,130] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:50:54,160] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0408 seconds
INFO    [2022-12-06 12:51:07,364] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:51:07,365] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:51:07,366] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 12:51:19,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:51:19,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:51:19,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:51:19,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 12:51:22,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:51:22,384] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:51:22,392] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:51:22,403] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 12:51:36,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670323896.2026074, 'message': 'Dec  6 12:51:35 hqnl0246134 sshd[213930]: Invalid user kai from 20.121.113.183 port 1152', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 12:51:36,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.121.113.183', 'timestamp': 1670323896.202867, 'message': 'Dec  6 12:51:35 hqnl0246134 sshd[213930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.121.113.183 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 12:51:36,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.121.113.183', 'timestamp': 1670323896.203034, 'message': 'Dec  6 12:51:35 hqnl0246134 sshd[213930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.121.113.183 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 12:51:38,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670323898.2024968, 'message': 'Dec  6 12:51:37 hqnl0246134 sshd[213930]: Failed password for invalid user kai from 20.121.113.183 port 1152 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 12:51:38,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670323898.2026699, 'message': 'Dec  6 12:51:37 hqnl0246134 sshd[213930]: Disconnected from invalid user kai 20.121.113.183 port 1152 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:51:40,059] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 12:51:40,061] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 12:51:40,968] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 12:51:44,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670323904.2085245, 'message': 'Dec  6 12:51:42 hqnl0246134 sshd[213947]: Invalid user ryan from 206.81.14.65 port 50552', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 12:51:44,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.81.14.65', 'timestamp': 1670323904.2089326, 'message': 'Dec  6 12:51:42 hqnl0246134 sshd[213947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.81.14.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 12:51:44,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.81.14.65', 'timestamp': 1670323904.209208, 'message': 'Dec  6 12:51:42 hqnl0246134 sshd[213947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.14.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 12:51:45,840] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:51:45,841] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:51:46,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670323906.2098682, 'message': 'Dec  6 12:51:45 hqnl0246134 sshd[213947]: Failed password for invalid user ryan from 206.81.14.65 port 50552 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 12:51:48,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670323908.213131, 'message': 'Dec  6 12:51:47 hqnl0246134 sshd[213947]: Disconnected from invalid user ryan 206.81.14.65 port 50552 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
WARNING [2022-12-06 12:51:53,259] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 12:51:54,132] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:51:54,162] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0387 seconds
INFO    [2022-12-06 12:52:05,155] defence360agent.files: Updating all files
INFO    [2022-12-06 12:52:10,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323930.2413416, 'message': 'Dec  6 12:52:08 hqnl0246134 sshd[213978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 12:52:10,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323930.2419455, 'message': 'Dec  6 12:52:08 hqnl0246134 sshd[213978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 12:52:12,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323932.2421541, 'message': 'Dec  6 12:52:10 hqnl0246134 sshd[213978]: Failed password for root from 61.177.173.35 port 31719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 12:52:12,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323932.242509, 'message': 'Dec  6 12:52:10 hqnl0246134 sshd[213978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0719 seconds
INFO    [2022-12-06 12:52:14,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323934.2450056, 'message': 'Dec  6 12:52:12 hqnl0246134 sshd[213978]: Failed password for root from 61.177.173.35 port 31719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 12:52:14,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323934.245287, 'message': 'Dec  6 12:52:13 hqnl0246134 sshd[213978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 12:52:16,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323936.245207, 'message': 'Dec  6 12:52:15 hqnl0246134 sshd[213978]: Failed password for root from 61.177.173.35 port 31719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 12:52:17,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:52:17,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:52:17,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:52:17,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
INFO    [2022-12-06 12:52:20,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323940.2490122, 'message': 'Dec  6 12:52:18 hqnl0246134 sshd[213999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 12:52:20,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323940.2494278, 'message': 'Dec  6 12:52:18 hqnl0246134 sshd[213999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 12:52:20,646] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:52:20,647] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:52:20,654] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:52:20,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 12:52:22,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323942.2500226, 'message': 'Dec  6 12:52:21 hqnl0246134 sshd[213999]: Failed password for root from 61.177.173.35 port 13765 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 12:52:24,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323944.2525194, 'message': 'Dec  6 12:52:23 hqnl0246134 sshd[213999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 12:52:26,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323946.254087, 'message': 'Dec  6 12:52:25 hqnl0246134 sshd[213999]: Failed password for root from 61.177.173.35 port 13765 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:52:28,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323948.25628, 'message': 'Dec  6 12:52:27 hqnl0246134 sshd[213999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:52:30,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323950.257879, 'message': 'Dec  6 12:52:29 hqnl0246134 sshd[213999]: Failed password for root from 61.177.173.35 port 13765 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 12:52:32,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323952.266747, 'message': 'Dec  6 12:52:31 hqnl0246134 sshd[214007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 12:52:32,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323952.2671537, 'message': 'Dec  6 12:52:31 hqnl0246134 sshd[214007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:52:34,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323954.268856, 'message': 'Dec  6 12:52:33 hqnl0246134 sshd[214007]: Failed password for root from 61.177.173.35 port 57124 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 12:52:34,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323954.269141, 'message': 'Dec  6 12:52:33 hqnl0246134 sshd[214007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 12:52:36,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323956.2712266, 'message': 'Dec  6 12:52:35 hqnl0246134 sshd[214007]: Failed password for root from 61.177.173.35 port 57124 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 12:52:36,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323956.2714496, 'message': 'Dec  6 12:52:35 hqnl0246134 sshd[214007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 12:52:40,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670323960.280801, 'message': 'Dec  6 12:52:38 hqnl0246134 sshd[214007]: Failed password for root from 61.177.173.35 port 57124 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:52:43,418] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:52:43,419] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:52:43,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:52:43,442] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
WARNING [2022-12-06 12:52:45,843] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:52:45,844] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:52:54,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:52:54,162] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 12:53:17,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:53:17,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:53:17,804] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:53:17,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1044 seconds
INFO    [2022-12-06 12:53:22,256] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:53:22,257] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:53:22,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:53:22,279] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 12:53:44,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324024.373489, 'message': 'Dec  6 12:53:44 hqnl0246134 sshd[214065]: Invalid user composer from 197.165.163.95 port 54550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 12:53:44,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324024.373808, 'message': 'Dec  6 12:53:44 hqnl0246134 sshd[214065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.165.163.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 12:53:44,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324024.3739893, 'message': 'Dec  6 12:53:44 hqnl0246134 sshd[214065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.165.163.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
WARNING [2022-12-06 12:53:45,847] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:53:45,848] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:53:46,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324026.3737829, 'message': 'Dec  6 12:53:45 hqnl0246134 sshd[214065]: Failed password for invalid user composer from 197.165.163.95 port 54550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 12:53:48,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324028.3753648, 'message': 'Dec  6 12:53:47 hqnl0246134 sshd[214065]: Disconnected from invalid user composer 197.165.163.95 port 54550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-06 12:53:50,270] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:53:50,270] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:53:50,278] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:53:50,290] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-06 12:53:54,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:53:54,163] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-06 12:54:17,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:54:17,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:54:17,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:54:17,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-06 12:54:20,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324060.4103003, 'message': 'Dec  6 12:54:20 hqnl0246134 sshd[214118]: Invalid user kai from 206.189.236.198 port 49356', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 12:54:20,524] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:54:20,525] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:54:20,536] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:54:20,549] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-06 12:54:22,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324062.4124815, 'message': 'Dec  6 12:54:20 hqnl0246134 sshd[214118]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.236.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0600 seconds
INFO    [2022-12-06 12:54:22,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324062.4127555, 'message': 'Dec  6 12:54:20 hqnl0246134 sshd[214118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.236.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-06 12:54:24,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324064.4134967, 'message': 'Dec  6 12:54:22 hqnl0246134 sshd[214118]: Failed password for invalid user kai from 206.189.236.198 port 49356 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 12:54:24,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324064.413667, 'message': 'Dec  6 12:54:22 hqnl0246134 sshd[214118]: Disconnected from invalid user kai 206.189.236.198 port 49356 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 12:54:36,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324076.4299934, 'message': 'Dec  6 12:54:35 hqnl0246134 sshd[214133]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.252.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 12:54:36,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324076.4304235, 'message': 'Dec  6 12:54:35 hqnl0246134 sshd[214135]: Invalid user deploy from 46.101.225.227 port 46490', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 12:54:36,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324076.430259, 'message': 'Dec  6 12:54:35 hqnl0246134 sshd[214133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.252.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 12:54:36,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324076.4305801, 'message': 'Dec  6 12:54:36 hqnl0246134 sshd[214135]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.225.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 12:54:36,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324076.4306853, 'message': 'Dec  6 12:54:36 hqnl0246134 sshd[214135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.225.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 12:54:38,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324078.4376, 'message': 'Dec  6 12:54:37 hqnl0246134 sshd[214133]: Failed password for root from 157.245.252.34 port 57898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 12:54:38,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324078.4377584, 'message': 'Dec  6 12:54:38 hqnl0246134 sshd[214135]: Failed password for invalid user deploy from 46.101.225.227 port 46490 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 12:54:40,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324080.4338734, 'message': 'Dec  6 12:54:40 hqnl0246134 sshd[214135]: Disconnected from invalid user deploy 46.101.225.227 port 46490 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:54:44,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670324084.437978, 'message': 'Dec  6 12:54:44 hqnl0246134 sshd[214137]: Accepted password for supportwwwuser from 212.58.119.251 port 10579 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0281 seconds
WARNING [2022-12-06 12:54:45,850] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:54:45,851] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:54:54,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:54:54,876] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.7332 seconds
INFO    [2022-12-06 12:55:02,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324102.4670906, 'message': 'Dec  6 12:55:01 hqnl0246134 sshd[214201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.75.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0676 seconds
INFO    [2022-12-06 12:55:02,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324102.4705508, 'message': 'Dec  6 12:55:01 hqnl0246134 sshd[214201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.75.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-06 12:55:04,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324104.4598086, 'message': 'Dec  6 12:55:03 hqnl0246134 sshd[214201]: Failed password for root from 143.198.75.234 port 54396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 12:55:18,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:55:18,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:55:18,051] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:55:18,066] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 12:55:21,093] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:55:21,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:55:21,104] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:55:21,124] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
WARNING [2022-12-06 12:55:45,854] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:55:45,857] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:55:54,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:55:55,502] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 1.3108 seconds
INFO    [2022-12-06 12:56:19,073] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:56:19,074] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:56:19,169] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:56:19,240] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1653 seconds
INFO    [2022-12-06 12:56:22,220] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:56:22,220] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:56:22,231] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:56:22,244] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
WARNING [2022-12-06 12:56:27,168] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/ossec/v1/description.json, err: <urlopen error [Errno 101] Network is unreachable>, try: 1
INFO    [2022-12-06 12:56:28,972] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 12:56:28,972] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 12:56:29,837] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 12:56:29,837] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 12:56:34,215] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 12:56:34,216] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 12:56:36,797] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 12:56:36,798] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 12:56:36,798] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 12:56:41,515] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 10:56:41 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2F02EEBBE53D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 12:56:41,518] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 12:56:41,520] defence360agent.files: php-immunity files update finished (not updated)
WARNING [2022-12-06 12:56:45,865] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:56:45,866] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:56:45,887] defence360agent.files: Updating sigs files via file by file download
INFO    [2022-12-06 12:56:55,281] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 10:56:55 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '13'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"a781b5e949492396aaa50c0a5cb252ce"'), ('Last-Modified', 'Tue, 06 Dec 2022 10:24:32 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E2F0624F265F2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e87fea3d-2e93-4da7-ae8f-bc9db48c5c71'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/sigs/v1/aibolit/hyperscan/version.txt'
WARNING [2022-12-06 12:56:59,714] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/sigs/v1/aibolit/ai-bolit-hoster.db, err: <urlopen error [Errno 104] Connection reset by peer>, try: 1
INFO    [2022-12-06 12:57:00,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324220.625036, 'message': 'Dec  6 12:56:59 hqnl0246134 sshd[214339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0677 seconds
INFO    [2022-12-06 12:57:00,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324220.625713, 'message': 'Dec  6 12:56:59 hqnl0246134 sshd[214339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-06 12:57:02,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324222.6308382, 'message': 'Dec  6 12:57:01 hqnl0246134 sshd[214339]: Failed password for root from 61.177.173.50 port 14840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 12:57:02,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324222.6311939, 'message': 'Dec  6 12:57:01 hqnl0246134 sshd[214339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 12:57:04,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324224.6286905, 'message': 'Dec  6 12:57:04 hqnl0246134 sshd[214339]: Failed password for root from 61.177.173.50 port 14840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1128 seconds
INFO    [2022-12-06 12:57:06,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324226.630736, 'message': 'Dec  6 12:57:06 hqnl0246134 sshd[214339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1558 seconds
INFO    [2022-12-06 12:57:08,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324228.6379738, 'message': 'Dec  6 12:57:08 hqnl0246134 sshd[214339]: Failed password for root from 61.177.173.50 port 14840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 12:57:16,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:57:16,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:57:16,756] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:57:16,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-06 12:57:18,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:57:18,469] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:57:18,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:57:18,491] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 12:57:18,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324238.6554155, 'message': 'Dec  6 12:57:16 hqnl0246134 sshd[214359]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 12:57:18,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324238.6558, 'message': 'Dec  6 12:57:16 hqnl0246134 sshd[214359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 12:57:20,219] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/sigs/v1/aibolit/mds-ai-bolit-hoster.db, err: <urlopen error [Errno 101] Network is unreachable>, try: 1
INFO    [2022-12-06 12:57:20,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324240.654711, 'message': 'Dec  6 12:57:19 hqnl0246134 sshd[214359]: Failed password for root from 61.177.172.98 port 16465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 12:57:21,690] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:57:21,691] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:57:21,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:57:21,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 12:57:22,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324242.6567922, 'message': 'Dec  6 12:57:21 hqnl0246134 sshd[214359]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 12:57:22,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324242.6569798, 'message': 'Dec  6 12:57:22 hqnl0246134 sshd[214381]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-06 12:57:22,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324242.6572855, 'message': 'Dec  6 12:57:22 hqnl0246134 sshd[214359]: Failed password for root from 61.177.172.98 port 16465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0646 seconds
INFO    [2022-12-06 12:57:22,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324242.6571581, 'message': 'Dec  6 12:57:22 hqnl0246134 sshd[214381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0647 seconds
WARNING [2022-12-06 12:57:24,622] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/sigs/v1/aibolit/procu2.db, err: <urlopen error [Errno 104] Connection reset by peer>, try: 1
INFO    [2022-12-06 12:57:24,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324244.6592848, 'message': 'Dec  6 12:57:23 hqnl0246134 sshd[214359]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 12:57:24,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324244.6594803, 'message': 'Dec  6 12:57:23 hqnl0246134 sshd[214386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.252.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 12:57:24,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324244.6597307, 'message': 'Dec  6 12:57:24 hqnl0246134 sshd[214381]: Failed password for root from 61.177.173.50 port 37243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-06 12:57:24,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324244.6596053, 'message': 'Dec  6 12:57:23 hqnl0246134 sshd[214386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.252.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 12:57:26,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324246.7598305, 'message': 'Dec  6 12:57:24 hqnl0246134 sshd[214381]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-06 12:57:26,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324246.7600703, 'message': 'Dec  6 12:57:25 hqnl0246134 sshd[214359]: Failed password for root from 61.177.172.98 port 16465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0571 seconds
INFO    [2022-12-06 12:57:26,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324246.7602057, 'message': 'Dec  6 12:57:25 hqnl0246134 sshd[214386]: Failed password for root from 157.245.252.34 port 47842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-06 12:57:26,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670324246.7603111, 'message': 'Dec  6 12:57:25 hqnl0246134 sshd[214388]: Invalid user admin from 85.114.119.22 port 59384', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-06 12:57:26,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.114.119.22', 'timestamp': 1670324246.7604754, 'message': 'Dec  6 12:57:26 hqnl0246134 sshd[214388]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.114.119.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:57:26,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.114.119.22', 'timestamp': 1670324246.7606232, 'message': 'Dec  6 12:57:26 hqnl0246134 sshd[214388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.114.119.22 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 12:57:28,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324248.6632543, 'message': 'Dec  6 12:57:26 hqnl0246134 sshd[214381]: Failed password for root from 61.177.173.50 port 37243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0713 seconds
INFO    [2022-12-06 12:57:28,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324248.6636908, 'message': 'Dec  6 12:57:27 hqnl0246134 sshd[214390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0727 seconds
INFO    [2022-12-06 12:57:28,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670324248.6640766, 'message': 'Dec  6 12:57:28 hqnl0246134 sshd[214388]: Failed password for invalid user admin from 85.114.119.22 port 59384 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0728 seconds
INFO    [2022-12-06 12:57:28,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324248.6639092, 'message': 'Dec  6 12:57:27 hqnl0246134 sshd[214390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 12:57:30,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324250.667985, 'message': 'Dec  6 12:57:29 hqnl0246134 sshd[214381]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0698 seconds
INFO    [2022-12-06 12:57:30,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324250.6685827, 'message': 'Dec  6 12:57:29 hqnl0246134 sshd[214390]: Failed password for root from 61.177.172.98 port 27506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0707 seconds
INFO    [2022-12-06 12:57:30,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670324250.6687632, 'message': 'Dec  6 12:57:29 hqnl0246134 sshd[214388]: Disconnected from invalid user admin 85.114.119.22 port 59384 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-06 12:57:30,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324250.6690483, 'message': 'Dec  6 12:57:30 hqnl0246134 sshd[214392]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.153.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0699 seconds
INFO    [2022-12-06 12:57:30,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324250.6689196, 'message': 'Dec  6 12:57:29 hqnl0246134 sshd[214390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0820 seconds
INFO    [2022-12-06 12:57:30,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324250.6692507, 'message': 'Dec  6 12:57:30 hqnl0246134 sshd[214392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.186  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0865 seconds
INFO    [2022-12-06 12:57:32,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670324252.6688886, 'message': 'Dec  6 12:57:30 hqnl0246134 sshd[214381]: Failed password for root from 61.177.173.50 port 37243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1166 seconds
INFO    [2022-12-06 12:57:32,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324252.6692493, 'message': 'Dec  6 12:57:31 hqnl0246134 sshd[214390]: Failed password for root from 61.177.172.98 port 27506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1241 seconds
INFO    [2022-12-06 12:57:32,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324252.6694148, 'message': 'Dec  6 12:57:32 hqnl0246134 sshd[214392]: Failed password for root from 43.135.153.186 port 39612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1246 seconds
INFO    [2022-12-06 12:57:32,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324252.669524, 'message': 'Dec  6 12:57:32 hqnl0246134 sshd[214390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 12:57:34,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324254.6699903, 'message': 'Dec  6 12:57:33 hqnl0246134 sshd[214396]: Invalid user sftpuser from 212.60.80.58 port 46242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1273 seconds
INFO    [2022-12-06 12:57:34,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324254.6705244, 'message': 'Dec  6 12:57:33 hqnl0246134 sshd[214390]: Failed password for root from 61.177.172.98 port 27506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1411 seconds
INFO    [2022-12-06 12:57:34,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324254.6702816, 'message': 'Dec  6 12:57:33 hqnl0246134 sshd[214396]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 12:57:34,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324254.6704125, 'message': 'Dec  6 12:57:33 hqnl0246134 sshd[214396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 12:57:35,226] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/sigs/v1/aibolit/mds-procu2.db, err: <urlopen error [Errno 101] Network is unreachable>, try: 1
INFO    [2022-12-06 12:57:36,458] defence360agent.files: Validating [sigs]: /var/imunify360/files/sigs/v1_2022-12-06T105650.188503Z
INFO    [2022-12-06 12:57:36,899] defence360agent.files: Removing old path on file by file update: /var/imunify360/files/sigs/v1_2022-12-06T084945.532268Z
INFO    [2022-12-06 12:57:36,926] defence360agent.files: Updated sigs using file by file download
INFO    [2022-12-06 12:57:36,926] im360.malwarelib.subsys.aibolit: ai-bolit service will be restarted
INFO    [2022-12-06 12:57:37,074] defence360agent.files: sigs files update finished
INFO    [2022-12-06 12:57:37,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324256.9723895, 'message': 'Dec  6 12:57:35 hqnl0246134 sshd[214396]: Failed password for invalid user sftpuser from 212.60.80.58 port 46242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2470 seconds
INFO    [2022-12-06 12:57:37,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324256.9727848, 'message': 'Dec  6 12:57:36 hqnl0246134 sshd[214399]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.2475 seconds
INFO    [2022-12-06 12:57:37,304] defence360agent.internals.the_sink: FilesUpdated({'files_type':'sigs', 'files_index':<Index(type_=sigs) is_blank=False, json={<21 item(s)>}>}) processed in 0.2068 seconds
INFO    [2022-12-06 12:57:37,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324256.9731276, 'message': 'Dec  6 12:57:36 hqnl0246134 sshd[214396]: Disconnected from invalid user sftpuser 212.60.80.58 port 46242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1322 seconds
INFO    [2022-12-06 12:57:37,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324256.9729428, 'message': 'Dec  6 12:57:36 hqnl0246134 sshd[214399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1321 seconds
INFO    [2022-12-06 12:57:38,090] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 12:57:38,091] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 12:57:38,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324258.6855261, 'message': 'Dec  6 12:57:38 hqnl0246134 sshd[214399]: Failed password for root from 61.177.172.98 port 19769 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
WARNING [2022-12-06 12:57:38,956] defence360agent.files: Files update failed with error: urllib/http error while updating files, url: https://files.imunify360.com/static/eula/v1/description.json, err: <urlopen error [Errno 104] Connection reset by peer>, try: 1
INFO    [2022-12-06 12:57:40,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324260.6850097, 'message': 'Dec  6 12:57:40 hqnl0246134 sshd[214399]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 12:57:41,168] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 12:57:41,252] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 12:57:41,253] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 12:57:41,253] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 12:57:41,254] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 12:57:41,256] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 12:57:41,307] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 12:57:41,349] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0918 seconds
WARNING [2022-12-06 12:57:41,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 12:57:41,368] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:57:41,423] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0868 seconds
INFO    [2022-12-06 12:57:41,428] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0826 seconds
INFO    [2022-12-06 12:57:42,646] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 12:57:42,647] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 12:57:43,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324263.07857, 'message': 'Dec  6 12:57:42 hqnl0246134 sshd[214399]: Failed password for root from 61.177.172.98 port 19769 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0940 seconds
INFO    [2022-12-06 12:57:44,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324264.6874864, 'message': 'Dec  6 12:57:42 hqnl0246134 sshd[214399]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0838 seconds
INFO    [2022-12-06 12:57:44,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324264.6881418, 'message': 'Dec  6 12:57:44 hqnl0246134 sshd[214399]: Failed password for root from 61.177.172.98 port 19769 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0365 seconds
WARNING [2022-12-06 12:57:45,869] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:57:45,870] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:57:47,241] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 12:57:47,241] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 12:57:48,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324268.6941924, 'message': 'Dec  6 12:57:46 hqnl0246134 sshd[214428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0877 seconds
INFO    [2022-12-06 12:57:48,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324268.6947212, 'message': 'Dec  6 12:57:46 hqnl0246134 sshd[214428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0556 seconds
INFO    [2022-12-06 12:57:50,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324270.7031596, 'message': 'Dec  6 12:57:48 hqnl0246134 sshd[214428]: Failed password for root from 61.177.172.98 port 30910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1881 seconds
INFO    [2022-12-06 12:57:52,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324272.7062657, 'message': 'Dec  6 12:57:51 hqnl0246134 sshd[214428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0750 seconds
INFO    [2022-12-06 12:57:54,014] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 12:57:54,015] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 12:57:54,219] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:57:54,389] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.1935 seconds
INFO    [2022-12-06 12:57:54,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324274.7070243, 'message': 'Dec  6 12:57:53 hqnl0246134 sshd[214428]: Failed password for root from 61.177.172.98 port 30910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 12:57:54,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324274.7072175, 'message': 'Dec  6 12:57:53 hqnl0246134 sshd[214428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 12:57:56,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670324276.7096596, 'message': 'Dec  6 12:57:55 hqnl0246134 sshd[214428]: Failed password for root from 61.177.172.98 port 30910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 12:58:11,383] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 12:58:11,386] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 12:58:11,387] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 12:58:25,424] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:58:25,426] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:58:25,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:58:25,482] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0266 seconds
INFO    [2022-12-06 12:58:28,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:58:28,646] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:58:28,654] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:58:28,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 12:58:32,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324312.7508237, 'message': 'Dec  6 12:58:32 hqnl0246134 sshd[214510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 12:58:32,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324312.7514293, 'message': 'Dec  6 12:58:32 hqnl0246134 sshd[214510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 12:58:34,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324314.756193, 'message': 'Dec  6 12:58:34 hqnl0246134 sshd[214510]: Failed password for root from 61.177.172.104 port 11052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 12:58:36,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324316.7611036, 'message': 'Dec  6 12:58:36 hqnl0246134 sshd[214510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 12:58:38,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324318.7657518, 'message': 'Dec  6 12:58:38 hqnl0246134 sshd[214510]: Failed password for root from 61.177.172.104 port 11052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 12:58:38,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324318.7659662, 'message': 'Dec  6 12:58:38 hqnl0246134 sshd[214510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 12:58:42,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324322.7776043, 'message': 'Dec  6 12:58:41 hqnl0246134 sshd[214510]: Failed password for root from 61.177.172.104 port 11052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 12:58:45,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:58:45,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:58:45,775] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:58:45,796] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
WARNING [2022-12-06 12:58:45,871] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:58:45,872] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 12:58:46,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324326.7873092, 'message': 'Dec  6 12:58:44 hqnl0246134 sshd[214534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 12:58:46,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324326.7876425, 'message': 'Dec  6 12:58:44 hqnl0246134 sshd[214534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 12:58:48,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324328.7934976, 'message': 'Dec  6 12:58:47 hqnl0246134 sshd[214534]: Failed password for root from 61.177.172.104 port 52237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 12:58:50,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324330.7986455, 'message': 'Dec  6 12:58:49 hqnl0246134 sshd[214534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1263 seconds
INFO    [2022-12-06 12:58:52,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324332.8025935, 'message': 'Dec  6 12:58:51 hqnl0246134 sshd[214534]: Failed password for root from 61.177.172.104 port 52237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 12:58:54,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:58:54,246] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0481 seconds
INFO    [2022-12-06 12:58:54,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324334.810779, 'message': 'Dec  6 12:58:53 hqnl0246134 sshd[214534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 12:58:56,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324336.8185031, 'message': 'Dec  6 12:58:55 hqnl0246134 sshd[214534]: Failed password for root from 61.177.172.104 port 52237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 12:59:00,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324340.8264318, 'message': 'Dec  6 12:58:59 hqnl0246134 sshd[214555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 12:59:00,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324340.8267846, 'message': 'Dec  6 12:58:59 hqnl0246134 sshd[214555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 12:59:02,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324342.8296258, 'message': 'Dec  6 12:59:01 hqnl0246134 sshd[214555]: Failed password for root from 61.177.172.104 port 49973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:59:04,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324344.8509073, 'message': 'Dec  6 12:59:03 hqnl0246134 sshd[214555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 12:59:06,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324346.8522859, 'message': 'Dec  6 12:59:05 hqnl0246134 sshd[214555]: Failed password for root from 61.177.172.104 port 49973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0606 seconds
INFO    [2022-12-06 12:59:06,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670324346.8528073, 'message': 'Dec  6 12:59:06 hqnl0246134 sshd[214564]: Invalid user suporte from 43.153.100.118 port 48122', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0607 seconds
INFO    [2022-12-06 12:59:06,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324346.8526282, 'message': 'Dec  6 12:59:06 hqnl0246134 sshd[214555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 12:59:06,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.100.118', 'timestamp': 1670324346.8529966, 'message': 'Dec  6 12:59:06 hqnl0246134 sshd[214564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.100.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 12:59:06,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.100.118', 'timestamp': 1670324346.8532305, 'message': 'Dec  6 12:59:06 hqnl0246134 sshd[214564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.100.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 12:59:08,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324348.8598287, 'message': 'Dec  6 12:59:08 hqnl0246134 sshd[214555]: Failed password for root from 61.177.172.104 port 49973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 12:59:10,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670324350.8628244, 'message': 'Dec  6 12:59:09 hqnl0246134 sshd[214564]: Failed password for invalid user suporte from 43.153.100.118 port 48122 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 12:59:10,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670324350.8631744, 'message': 'Dec  6 12:59:10 hqnl0246134 sshd[214564]: Disconnected from invalid user suporte 43.153.100.118 port 48122 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 12:59:18,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:59:18,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:59:18,784] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:59:18,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0342 seconds
INFO    [2022-12-06 12:59:18,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324358.8719447, 'message': 'Dec  6 12:59:16 hqnl0246134 sshd[214576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 12:59:18,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324358.8722908, 'message': 'Dec  6 12:59:16 hqnl0246134 sshd[214576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 12:59:20,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324360.8787982, 'message': 'Dec  6 12:59:19 hqnl0246134 sshd[214576]: Failed password for root from 61.177.172.104 port 14164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 12:59:22,485] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 12:59:22,485] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 12:59:22,496] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:59:22,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 12:59:22,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324362.8807058, 'message': 'Dec  6 12:59:21 hqnl0246134 sshd[214576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 12:59:24,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324364.882907, 'message': 'Dec  6 12:59:22 hqnl0246134 sshd[214576]: Failed password for root from 61.177.172.104 port 14164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-06 12:59:24,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324364.8832335, 'message': 'Dec  6 12:59:23 hqnl0246134 sshd[214576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 12:59:26,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324366.8843238, 'message': 'Dec  6 12:59:26 hqnl0246134 sshd[214576]: Failed password for root from 61.177.172.104 port 14164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 12:59:30,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324370.8935387, 'message': 'Dec  6 12:59:29 hqnl0246134 sshd[214595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 12:59:30,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324370.8938599, 'message': 'Dec  6 12:59:29 hqnl0246134 sshd[214595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 12:59:32,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324372.8945508, 'message': 'Dec  6 12:59:31 hqnl0246134 sshd[214595]: Failed password for root from 61.177.172.104 port 51953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 12:59:32,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324372.8948874, 'message': 'Dec  6 12:59:32 hqnl0246134 sshd[214595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 12:59:34,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324374.8963864, 'message': 'Dec  6 12:59:34 hqnl0246134 sshd[214595]: Failed password for root from 61.177.172.104 port 51953 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 12:59:36,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324376.8975031, 'message': 'Dec  6 12:59:36 hqnl0246134 sshd[214595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-06 12:59:38,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670324378.9037695, 'message': 'Dec  6 12:59:38 hqnl0246134 sshd[214595]: Failed password for root from 61.177.172.104 port 51953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-06 12:59:45,875] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 12:59:45,877] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 12:59:54,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 12:59:54,260] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0563 seconds
INFO    [2022-12-06 13:00:18,751] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:00:18,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:00:18,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:00:18,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0367 seconds
INFO    [2022-12-06 13:00:20,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324420.9546287, 'message': 'Dec  6 13:00:20 hqnl0246134 sshd[214690]: Invalid user eas from 157.245.252.34 port 37800', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 13:00:22,481] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:00:22,482] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:00:22,490] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:00:22,503] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 13:00:22,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324422.9545612, 'message': 'Dec  6 13:00:21 hqnl0246134 sshd[214690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.252.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 13:00:23,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324422.9548874, 'message': 'Dec  6 13:00:21 hqnl0246134 sshd[214690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.252.34 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 13:00:23,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324422.9550648, 'message': 'Dec  6 13:00:22 hqnl0246134 sshd[214690]: Failed password for invalid user eas from 157.245.252.34 port 37800 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 13:00:24,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.252.34', 'timestamp': 1670324424.9571536, 'message': 'Dec  6 13:00:24 hqnl0246134 sshd[214690]: Disconnected from invalid user eas 157.245.252.34 port 37800 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 13:00:27,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:00:27,488] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:00:27,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:00:27,511] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 13:00:39,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324438.9755492, 'message': 'Dec  6 13:00:38 hqnl0246134 sshd[214708]: Invalid user user from 43.135.153.186 port 58942', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 13:00:39,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324438.9777675, 'message': 'Dec  6 13:00:38 hqnl0246134 sshd[214708]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.153.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 13:00:39,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324438.9779015, 'message': 'Dec  6 13:00:38 hqnl0246134 sshd[214708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.186 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 13:00:43,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324442.9769835, 'message': 'Dec  6 13:00:41 hqnl0246134 sshd[214708]: Failed password for invalid user user from 43.135.153.186 port 58942 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 13:00:45,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324444.9935937, 'message': 'Dec  6 13:00:43 hqnl0246134 sshd[214708]: Disconnected from invalid user user 43.135.153.186 port 58942 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0389 seconds
WARNING [2022-12-06 13:00:45,879] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:00:45,880] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:00:54,223] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:00:54,264] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0553 seconds
INFO    [2022-12-06 13:00:57,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670324457.027366, 'message': 'Dec  6 13:00:55 hqnl0246134 sshd[214712]: Accepted password for supportwwwuser from 212.58.119.251 port 10669 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.1040 seconds
INFO    [2022-12-06 13:01:19,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324479.066474, 'message': 'Dec  6 13:01:18 hqnl0246134 sshd[214780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.165.163.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:01:19,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324479.0680666, 'message': 'Dec  6 13:01:18 hqnl0246134 sshd[214780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.165.163.95  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 13:01:20,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:01:20,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:01:20,346] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:01:20,365] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-06 13:01:21,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324481.0619357, 'message': 'Dec  6 13:01:20 hqnl0246134 sshd[214780]: Failed password for root from 197.165.163.95 port 54088 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0821 seconds
INFO    [2022-12-06 13:01:26,197] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:01:26,198] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:01:26,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:01:26,265] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0580 seconds
WARNING [2022-12-06 13:01:45,889] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:01:45,896] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:01:47,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324507.1045709, 'message': 'Dec  6 13:01:46 hqnl0246134 sshd[214813]: Invalid user elk from 43.135.153.186 port 51390', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0792 seconds
INFO    [2022-12-06 13:01:47,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324507.106934, 'message': 'Dec  6 13:01:46 hqnl0246134 sshd[214813]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.153.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 13:01:47,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324507.1145012, 'message': 'Dec  6 13:01:46 hqnl0246134 sshd[214813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.186 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 13:01:49,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324509.1048307, 'message': 'Dec  6 13:01:48 hqnl0246134 sshd[214813]: Failed password for invalid user elk from 43.135.153.186 port 51390 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 13:01:51,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324511.1079264, 'message': 'Dec  6 13:01:49 hqnl0246134 sshd[214813]: Disconnected from invalid user elk 43.135.153.186 port 51390 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0662 seconds
WARNING [2022-12-06 13:01:53,262] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:01:54,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:01:54,404] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.1876 seconds
INFO    [2022-12-06 13:01:54,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:01:54,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:01:54,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:01:54,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 13:02:19,867] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:02:19,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:02:19,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:02:19,891] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 13:02:25,849] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:02:25,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:02:25,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:02:25,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
WARNING [2022-12-06 13:02:45,900] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:02:45,908] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:02:53,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324573.197841, 'message': 'Dec  6 13:02:52 hqnl0246134 sshd[214876]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.153.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 13:02:53,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324573.1985195, 'message': 'Dec  6 13:02:52 hqnl0246134 sshd[214876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.186  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 13:02:54,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:02:54,263] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0423 seconds
INFO    [2022-12-06 13:02:55,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.153.186', 'timestamp': 1670324575.1984904, 'message': 'Dec  6 13:02:54 hqnl0246134 sshd[214876]: Failed password for root from 43.135.153.186 port 37314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 13:03:05,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324585.2141159, 'message': 'Dec  6 13:03:03 hqnl0246134 sshd[214895]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.225.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0794 seconds
INFO    [2022-12-06 13:03:05,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324585.2157502, 'message': 'Dec  6 13:03:03 hqnl0246134 sshd[214895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.225.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 13:03:07,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324587.2115734, 'message': 'Dec  6 13:03:05 hqnl0246134 sshd[214895]: Failed password for root from 46.101.225.227 port 42586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2378 seconds
INFO    [2022-12-06 13:03:07,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324587.2119336, 'message': 'Dec  6 13:03:06 hqnl0246134 sshd[214906]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.2379 seconds
INFO    [2022-12-06 13:03:07,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324587.212292, 'message': 'Dec  6 13:03:06 hqnl0246134 sshd[214906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1012 seconds
INFO    [2022-12-06 13:03:09,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324589.218538, 'message': 'Dec  6 13:03:08 hqnl0246134 sshd[214906]: Failed password for root from 137.184.41.247 port 43534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1187 seconds
INFO    [2022-12-06 13:03:19,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324599.2544255, 'message': 'Dec  6 13:03:19 hqnl0246134 sshd[214918]: Invalid user jenkins from 143.198.75.234 port 36768', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0704 seconds
INFO    [2022-12-06 13:03:19,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324599.261219, 'message': 'Dec  6 13:03:19 hqnl0246134 sshd[214918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.75.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 13:03:19,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324599.261528, 'message': 'Dec  6 13:03:19 hqnl0246134 sshd[214918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.75.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 13:03:21,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324601.2505913, 'message': 'Dec  6 13:03:21 hqnl0246134 sshd[214918]: Failed password for invalid user jenkins from 143.198.75.234 port 36768 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 13:03:23,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324603.251659, 'message': 'Dec  6 13:03:22 hqnl0246134 sshd[214918]: Disconnected from invalid user jenkins 143.198.75.234 port 36768 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0759 seconds
INFO    [2022-12-06 13:03:23,506] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:03:23,507] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:03:23,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:03:23,531] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 13:03:27,540] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:03:27,541] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:03:27,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:03:27,567] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-06 13:03:31,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324611.266638, 'message': 'Dec  6 13:03:30 hqnl0246134 sshd[214939]: Invalid user steam from 206.81.14.65 port 58392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 13:03:31,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324611.2669814, 'message': 'Dec  6 13:03:31 hqnl0246134 sshd[214939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.81.14.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 13:03:31,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324611.2671936, 'message': 'Dec  6 13:03:31 hqnl0246134 sshd[214939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.14.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-06 13:03:35,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324615.2697523, 'message': 'Dec  6 13:03:33 hqnl0246134 sshd[214939]: Failed password for invalid user steam from 206.81.14.65 port 58392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2223 seconds
INFO    [2022-12-06 13:03:35,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324615.2703586, 'message': 'Dec  6 13:03:34 hqnl0246134 sshd[214939]: Disconnected from invalid user steam 206.81.14.65 port 58392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2185 seconds
WARNING [2022-12-06 13:03:45,912] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:03:45,913] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:03:49,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324629.2829578, 'message': 'Dec  6 13:03:47 hqnl0246134 sshd[214945]: Invalid user ttt from 206.189.236.198 port 53282', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0735 seconds
INFO    [2022-12-06 13:03:49,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324629.2835217, 'message': 'Dec  6 13:03:48 hqnl0246134 sshd[214947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 13:03:49,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324629.283232, 'message': 'Dec  6 13:03:47 hqnl0246134 sshd[214945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.236.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 13:03:49,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324629.283659, 'message': 'Dec  6 13:03:48 hqnl0246134 sshd[214947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 13:03:49,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324629.2833555, 'message': 'Dec  6 13:03:47 hqnl0246134 sshd[214945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.236.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 13:03:49,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324629.283781, 'message': 'Dec  6 13:03:49 hqnl0246134 sshd[214945]: Failed password for invalid user ttt from 206.189.236.198 port 53282 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 13:03:51,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324631.2859354, 'message': 'Dec  6 13:03:49 hqnl0246134 sshd[214945]: Disconnected from invalid user ttt 206.189.236.198 port 53282 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0682 seconds
INFO    [2022-12-06 13:03:51,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324631.2863004, 'message': 'Dec  6 13:03:50 hqnl0246134 sshd[214947]: Failed password for root from 61.177.173.47 port 41738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0683 seconds
INFO    [2022-12-06 13:03:53,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324633.2883897, 'message': 'Dec  6 13:03:52 hqnl0246134 sshd[214947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 13:03:54,231] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:03:54,278] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0545 seconds
INFO    [2022-12-06 13:03:55,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324635.2909946, 'message': 'Dec  6 13:03:54 hqnl0246134 sshd[214947]: Failed password for root from 61.177.173.47 port 41738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 13:03:57,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324637.2936616, 'message': 'Dec  6 13:03:57 hqnl0246134 sshd[214947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 13:03:59,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324639.2957075, 'message': 'Dec  6 13:03:58 hqnl0246134 sshd[214947]: Failed password for root from 61.177.173.47 port 41738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 13:04:01,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324641.3086736, 'message': 'Dec  6 13:04:00 hqnl0246134 sshd[214965]: Invalid user user from 197.165.163.95 port 48840', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0685 seconds
INFO    [2022-12-06 13:04:01,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324641.3095107, 'message': 'Dec  6 13:04:00 hqnl0246134 sshd[214960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-06 13:04:01,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324641.3090239, 'message': 'Dec  6 13:04:00 hqnl0246134 sshd[214965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.165.163.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0726 seconds
INFO    [2022-12-06 13:04:01,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324641.3096688, 'message': 'Dec  6 13:04:00 hqnl0246134 sshd[214960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0717 seconds
INFO    [2022-12-06 13:04:01,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324641.309387, 'message': 'Dec  6 13:04:00 hqnl0246134 sshd[214965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.165.163.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 13:04:03,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324643.3111162, 'message': 'Dec  6 13:04:02 hqnl0246134 sshd[214962]: Invalid user ttt from 20.121.113.183 port 1152', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1169 seconds
INFO    [2022-12-06 13:04:03,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324643.3120117, 'message': 'Dec  6 13:04:03 hqnl0246134 sshd[214965]: Failed password for invalid user user from 197.165.163.95 port 48840 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1240 seconds
INFO    [2022-12-06 13:04:03,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324643.3122258, 'message': 'Dec  6 13:04:03 hqnl0246134 sshd[214960]: Failed password for root from 61.177.173.47 port 40318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1242 seconds
INFO    [2022-12-06 13:04:03,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324643.3115551, 'message': 'Dec  6 13:04:03 hqnl0246134 sshd[214962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.121.113.183 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0556 seconds
INFO    [2022-12-06 13:04:03,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324643.3118691, 'message': 'Dec  6 13:04:03 hqnl0246134 sshd[214962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.121.113.183 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-06 13:04:04,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:04:04,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:04:04,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:04:04,592] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0562 seconds
INFO    [2022-12-06 13:04:05,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324645.3112452, 'message': 'Dec  6 13:04:04 hqnl0246134 sshd[214965]: Disconnected from invalid user user 197.165.163.95 port 48840 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0613 seconds
INFO    [2022-12-06 13:04:05,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324645.3114374, 'message': 'Dec  6 13:04:05 hqnl0246134 sshd[214960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0629 seconds
INFO    [2022-12-06 13:04:05,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324645.3115993, 'message': 'Dec  6 13:04:05 hqnl0246134 sshd[214962]: Failed password for invalid user ttt from 20.121.113.183 port 1152 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-06 13:04:07,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324647.3145165, 'message': 'Dec  6 13:04:06 hqnl0246134 sshd[214962]: Disconnected from invalid user ttt 20.121.113.183 port 1152 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-06 13:04:07,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324647.3150768, 'message': 'Dec  6 13:04:07 hqnl0246134 sshd[214960]: Failed password for root from 61.177.173.47 port 40318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-06 13:04:09,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324649.317143, 'message': 'Dec  6 13:04:07 hqnl0246134 sshd[214960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 13:04:11,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324651.319372, 'message': 'Dec  6 13:04:09 hqnl0246134 sshd[214960]: Failed password for root from 61.177.173.47 port 40318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 13:04:15,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324655.323236, 'message': 'Dec  6 13:04:13 hqnl0246134 sshd[214984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 13:04:15,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324655.3237588, 'message': 'Dec  6 13:04:13 hqnl0246134 sshd[214984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 13:04:17,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324657.3224235, 'message': 'Dec  6 13:04:15 hqnl0246134 sshd[214984]: Failed password for root from 61.177.173.47 port 19364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 13:04:17,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324657.3228154, 'message': 'Dec  6 13:04:15 hqnl0246134 sshd[214984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 13:04:18,231] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:04:18,231] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:04:18,240] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:04:18,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 13:04:19,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324659.3246932, 'message': 'Dec  6 13:04:17 hqnl0246134 sshd[214984]: Failed password for root from 61.177.173.47 port 19364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 13:04:19,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324659.3259983, 'message': 'Dec  6 13:04:18 hqnl0246134 sshd[214984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:04:21,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670324661.3260102, 'message': 'Dec  6 13:04:19 hqnl0246134 sshd[214984]: Failed password for root from 61.177.173.47 port 19364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 13:04:21,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:04:21,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:04:21,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:04:21,945] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
WARNING [2022-12-06 13:04:45,917] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:04:45,918] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:04:54,272] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:04:54,312] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0495 seconds
INFO    [2022-12-06 13:05:03,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670324703.3836026, 'message': 'Dec  6 13:05:01 hqnl0246134 sshd[215029]: Invalid user test02 from 35.200.141.182 port 48754', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 13:05:03,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670324703.3841002, 'message': 'Dec  6 13:05:01 hqnl0246134 sshd[215029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 13:05:03,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670324703.3846173, 'message': 'Dec  6 13:05:01 hqnl0246134 sshd[215029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 13:05:05,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670324705.3843608, 'message': 'Dec  6 13:05:04 hqnl0246134 sshd[215029]: Failed password for invalid user test02 from 35.200.141.182 port 48754 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 13:05:05,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670324705.3846931, 'message': 'Dec  6 13:05:05 hqnl0246134 sshd[215029]: Disconnected from invalid user test02 35.200.141.182 port 48754 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 13:05:10,384] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:05:10,385] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:05:10,408] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:05:10,448] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0549 seconds
INFO    [2022-12-06 13:05:18,160] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:05:18,160] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:05:18,169] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:05:18,185] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-06 13:05:22,266] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:05:22,267] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:05:22,275] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:05:22,288] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 13:05:23,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324723.4025185, 'message': 'Dec  6 13:05:21 hqnl0246134 sshd[215080]: Invalid user trace from 212.60.80.58 port 37663', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 13:05:23,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324723.402745, 'message': 'Dec  6 13:05:21 hqnl0246134 sshd[215080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:05:23,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324723.402872, 'message': 'Dec  6 13:05:21 hqnl0246134 sshd[215080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 13:05:25,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324725.4062855, 'message': 'Dec  6 13:05:24 hqnl0246134 sshd[215080]: Failed password for invalid user trace from 212.60.80.58 port 37663 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1765 seconds
INFO    [2022-12-06 13:05:25,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324725.4067984, 'message': 'Dec  6 13:05:24 hqnl0246134 sshd[215080]: Disconnected from invalid user trace 212.60.80.58 port 37663 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0945 seconds
INFO    [2022-12-06 13:05:28,385] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:05:28,465] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:05:28,468] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:05:28,471] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:05:28,471] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:05:28,472] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:05:28,603] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:05:28,699] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.2232 seconds
WARNING [2022-12-06 13:05:28,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:05:28,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:05:28,854] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.1861 seconds
INFO    [2022-12-06 13:05:28,886] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.1953 seconds
WARNING [2022-12-06 13:05:45,921] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:05:45,924] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:05:53,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.188.184', 'timestamp': 1670324753.4456553, 'message': 'Dec  6 13:05:51 hqnl0246134 sshd[215108]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.188.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 13:05:53,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.188.184', 'timestamp': 1670324753.4464533, 'message': 'Dec  6 13:05:51 hqnl0246134 sshd[215108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.188.184  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
WARNING [2022-12-06 13:05:54,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:05:54,315] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0443 seconds
INFO    [2022-12-06 13:05:55,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.188.184', 'timestamp': 1670324755.445575, 'message': 'Dec  6 13:05:54 hqnl0246134 sshd[215108]: Failed password for root from 128.199.188.184 port 56892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 13:05:58,606] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:05:58,607] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:05:58,608] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 13:06:05,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324765.4545405, 'message': 'Dec  6 13:06:04 hqnl0246134 sshd[215132]: Invalid user argo from 206.81.14.65 port 49290', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 13:06:05,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324765.4552305, 'message': 'Dec  6 13:06:04 hqnl0246134 sshd[215132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.81.14.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 13:06:05,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324765.4569783, 'message': 'Dec  6 13:06:04 hqnl0246134 sshd[215132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.14.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1309 seconds
INFO    [2022-12-06 13:06:07,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324767.4575465, 'message': 'Dec  6 13:06:06 hqnl0246134 sshd[215132]: Failed password for invalid user argo from 206.81.14.65 port 49290 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 13:06:07,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324767.457738, 'message': 'Dec  6 13:06:06 hqnl0246134 sshd[215132]: Disconnected from invalid user argo 206.81.14.65 port 49290 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-06 13:06:11,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324771.463671, 'message': 'Dec  6 13:06:10 hqnl0246134 sshd[215138]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.75.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 13:06:11,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324771.4640827, 'message': 'Dec  6 13:06:10 hqnl0246134 sshd[215138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.75.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 13:06:13,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324773.4655173, 'message': 'Dec  6 13:06:12 hqnl0246134 sshd[215138]: Failed password for root from 143.198.75.234 port 60332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 13:06:19,167] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:06:19,168] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:06:19,180] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:06:19,228] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0582 seconds
INFO    [2022-12-06 13:06:25,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324785.488326, 'message': 'Dec  6 13:06:24 hqnl0246134 sshd[215158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.225.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0915 seconds
INFO    [2022-12-06 13:06:25,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324785.4941266, 'message': 'Dec  6 13:06:24 hqnl0246134 sshd[215158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.225.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-06 13:06:25,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:06:25,818] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:06:25,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:06:25,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 13:06:27,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324787.4879856, 'message': 'Dec  6 13:06:27 hqnl0246134 sshd[215158]: Failed password for root from 46.101.225.227 port 60300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:06:33,425] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:06:33,425] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:06:33,434] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:06:33,516] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0897 seconds
INFO    [2022-12-06 13:06:45,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324805.5227745, 'message': 'Dec  6 13:06:43 hqnl0246134 sshd[215173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.165.163.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-06 13:06:45,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324805.5232525, 'message': 'Dec  6 13:06:43 hqnl0246134 sshd[215173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.165.163.95  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 13:06:45,930] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:06:45,931] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:06:47,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '197.165.163.95', 'timestamp': 1670324807.5213366, 'message': 'Dec  6 13:06:46 hqnl0246134 sshd[215173]: Failed password for root from 197.165.163.95 port 34874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 13:06:49,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324809.5249364, 'message': 'Dec  6 13:06:47 hqnl0246134 sshd[215175]: Invalid user marie from 206.189.236.198 port 54342', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:06:49,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324809.525213, 'message': 'Dec  6 13:06:48 hqnl0246134 sshd[215175]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.236.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 13:06:49,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324809.5253727, 'message': 'Dec  6 13:06:48 hqnl0246134 sshd[215175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.236.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 13:06:51,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324811.5292752, 'message': 'Dec  6 13:06:50 hqnl0246134 sshd[215175]: Failed password for invalid user marie from 206.189.236.198 port 54342 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 13:06:53,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324813.5314724, 'message': 'Dec  6 13:06:52 hqnl0246134 sshd[215175]: Disconnected from invalid user marie 206.189.236.198 port 54342 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 13:06:54,284] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:06:54,321] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0472 seconds
INFO    [2022-12-06 13:07:18,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:07:18,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:07:18,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:07:18,917] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0236 seconds
INFO    [2022-12-06 13:07:21,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:07:21,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:07:21,805] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:07:21,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 13:07:31,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324851.5889187, 'message': 'Dec  6 13:07:31 hqnl0246134 sshd[215227]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 13:07:31,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324851.5893438, 'message': 'Dec  6 13:07:31 hqnl0246134 sshd[215227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 13:07:33,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324853.5904334, 'message': 'Dec  6 13:07:33 hqnl0246134 sshd[215227]: Failed password for root from 61.177.173.46 port 20206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 13:07:33,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324853.5906973, 'message': 'Dec  6 13:07:33 hqnl0246134 sshd[215229]: Invalid user dm from 20.121.113.183 port 1153', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 13:07:33,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324853.5909483, 'message': 'Dec  6 13:07:33 hqnl0246134 sshd[215229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.121.113.183 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 13:07:33,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324853.5911267, 'message': 'Dec  6 13:07:33 hqnl0246134 sshd[215229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.121.113.183 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 13:07:35,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324855.5928223, 'message': 'Dec  6 13:07:34 hqnl0246134 sshd[215229]: Failed password for invalid user dm from 20.121.113.183 port 1153 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 13:07:35,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324855.5930083, 'message': 'Dec  6 13:07:35 hqnl0246134 sshd[215227]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 13:07:37,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670324857.5936291, 'message': 'Dec  6 13:07:35 hqnl0246134 sshd[215229]: Disconnected from invalid user dm 20.121.113.183 port 1153 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:07:39,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324859.5959158, 'message': 'Dec  6 13:07:37 hqnl0246134 sshd[215227]: Failed password for root from 61.177.173.46 port 20206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 13:07:41,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324861.5984924, 'message': 'Dec  6 13:07:39 hqnl0246134 sshd[215227]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 13:07:41,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324861.5987391, 'message': 'Dec  6 13:07:41 hqnl0246134 sshd[215227]: Failed password for root from 61.177.173.46 port 20206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
WARNING [2022-12-06 13:07:45,933] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:07:45,934] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:07:47,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324867.6053872, 'message': 'Dec  6 13:07:45 hqnl0246134 sshd[215232]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 13:07:47,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324867.6057813, 'message': 'Dec  6 13:07:45 hqnl0246134 sshd[215232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 13:07:47,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324867.605951, 'message': 'Dec  6 13:07:46 hqnl0246134 sshd[215232]: Failed password for root from 61.177.173.46 port 62887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 13:07:49,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324869.6077545, 'message': 'Dec  6 13:07:48 hqnl0246134 sshd[215232]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 13:07:51,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324871.609967, 'message': 'Dec  6 13:07:50 hqnl0246134 sshd[215232]: Failed password for root from 61.177.173.46 port 62887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 13:07:53,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324873.6126294, 'message': 'Dec  6 13:07:52 hqnl0246134 sshd[215232]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
WARNING [2022-12-06 13:07:54,346] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:07:55,176] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.8788 seconds
INFO    [2022-12-06 13:07:55,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670324875.6145241, 'message': 'Dec  6 13:07:54 hqnl0246134 sshd[215232]: Failed password for root from 61.177.173.46 port 62887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 13:07:57,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:07:57,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:07:57,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:07:58,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-06 13:08:18,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:08:18,092] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:08:18,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:08:18,145] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0440 seconds
INFO    [2022-12-06 13:08:22,321] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:08:22,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:08:22,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:08:22,370] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0408 seconds
INFO    [2022-12-06 13:08:27,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.158.139.57', 'timestamp': 1670324907.6531487, 'message': 'Dec  6 13:08:27 hqnl0246134 sshd[215289]: Invalid user ubuntu from 202.158.139.57 port 38510', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-06 13:08:29,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.158.139.57', 'timestamp': 1670324909.6539757, 'message': 'Dec  6 13:08:27 hqnl0246134 sshd[215289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.158.139.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 13:08:29,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.158.139.57', 'timestamp': 1670324909.6550443, 'message': 'Dec  6 13:08:27 hqnl0246134 sshd[215289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.158.139.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 13:08:29,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.158.139.57', 'timestamp': 1670324909.6552196, 'message': 'Dec  6 13:08:29 hqnl0246134 sshd[215289]: Failed password for invalid user ubuntu from 202.158.139.57 port 38510 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 13:08:31,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.158.139.57', 'timestamp': 1670324911.6564052, 'message': 'Dec  6 13:08:29 hqnl0246134 sshd[215289]: Disconnected from invalid user ubuntu 202.158.139.57 port 38510 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 13:08:33,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324913.6593308, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215292]: Invalid user celery from 212.60.80.58 port 33886', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 13:08:33,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324913.6607714, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215294]: Invalid user ips from 206.81.14.65 port 33900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 13:08:33,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324913.660445, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215292]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 13:08:33,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324913.6608872, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.81.14.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 13:08:33,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324913.6606205, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 13:08:33,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324913.6610482, 'message': 'Dec  6 13:08:33 hqnl0246134 sshd[215294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.14.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 13:08:35,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324915.6608684, 'message': 'Dec  6 13:08:35 hqnl0246134 sshd[215292]: Failed password for invalid user celery from 212.60.80.58 port 33886 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 13:08:35,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324915.6611912, 'message': 'Dec  6 13:08:35 hqnl0246134 sshd[215294]: Failed password for invalid user ips from 206.81.14.65 port 33900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 13:08:37,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.81.14.65', 'timestamp': 1670324917.6618204, 'message': 'Dec  6 13:08:35 hqnl0246134 sshd[215294]: Disconnected from invalid user ips 206.81.14.65 port 33900 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 13:08:37,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670324917.6620562, 'message': 'Dec  6 13:08:36 hqnl0246134 sshd[215292]: Disconnected from invalid user celery 212.60.80.58 port 33886 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
WARNING [2022-12-06 13:08:45,937] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:08:45,939] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:08:54,342] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:08:54,400] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0946 seconds
INFO    [2022-12-06 13:08:55,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324935.726969, 'message': 'Dec  6 13:08:54 hqnl0246134 sshd[215303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.75.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0785 seconds
INFO    [2022-12-06 13:08:55,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324935.727468, 'message': 'Dec  6 13:08:54 hqnl0246134 sshd[215303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.75.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 13:08:57,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.75.234', 'timestamp': 1670324937.720345, 'message': 'Dec  6 13:08:55 hqnl0246134 sshd[215303]: Failed password for root from 143.198.75.234 port 37734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 13:08:57,843] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:08:57,916] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:08:57,917] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:08:57,918] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:08:57,918] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:08:57,919] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:08:57,936] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:08:57,965] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0451 seconds
WARNING [2022-12-06 13:08:57,978] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:08:57,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:08:58,016] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0607 seconds
INFO    [2022-12-06 13:08:58,018] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0571 seconds
INFO    [2022-12-06 13:08:59,633] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:08:59,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:08:59,642] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:08:59,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 13:09:09,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.82.194', 'timestamp': 1670324949.7405474, 'message': 'Dec  6 13:09:07 hqnl0246134 sshd[215455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.82.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 13:09:09,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.82.194', 'timestamp': 1670324949.740765, 'message': 'Dec  6 13:09:07 hqnl0246134 sshd[215455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.82.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 13:09:11,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.82.194', 'timestamp': 1670324951.7651007, 'message': 'Dec  6 13:09:10 hqnl0246134 sshd[215455]: Failed password for root from 138.68.82.194 port 34548 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 13:09:11,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324951.7653866, 'message': 'Dec  6 13:09:10 hqnl0246134 sshd[215458]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.225.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-06 13:09:11,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324951.765555, 'message': 'Dec  6 13:09:10 hqnl0246134 sshd[215458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.225.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 13:09:13,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.225.227', 'timestamp': 1670324953.766009, 'message': 'Dec  6 13:09:11 hqnl0246134 sshd[215458]: Failed password for root from 46.101.225.227 port 49778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 13:09:18,309] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:09:18,309] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:09:18,318] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:09:18,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0476 seconds
INFO    [2022-12-06 13:09:21,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:09:21,646] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:09:21,659] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:09:21,681] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0335 seconds
INFO    [2022-12-06 13:09:28,054] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:09:28,056] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:09:28,067] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 13:09:33,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670324973.7857382, 'message': 'Dec  6 13:09:32 hqnl0246134 sshd[215484]: Invalid user claudio from 217.17.230.180 port 38842', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0878 seconds
INFO    [2022-12-06 13:09:33,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670324973.791136, 'message': 'Dec  6 13:09:33 hqnl0246134 sshd[215474]: Accepted password for supportwwwuser from 212.58.119.251 port 10538 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0858 seconds
INFO    [2022-12-06 13:09:33,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.17.230.180', 'timestamp': 1670324973.7904825, 'message': 'Dec  6 13:09:33 hqnl0246134 sshd[215484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.17.230.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 13:09:33,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.17.230.180', 'timestamp': 1670324973.7908387, 'message': 'Dec  6 13:09:33 hqnl0246134 sshd[215484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.17.230.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 13:09:35,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670324975.7845483, 'message': 'Dec  6 13:09:35 hqnl0246134 sshd[215484]: Failed password for invalid user claudio from 217.17.230.180 port 38842 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 13:09:37,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670324977.7856684, 'message': 'Dec  6 13:09:36 hqnl0246134 sshd[215484]: Disconnected from invalid user claudio 217.17.230.180 port 38842 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 13:09:41,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324981.7917159, 'message': 'Dec  6 13:09:41 hqnl0246134 sshd[215531]: Invalid user dm from 206.189.236.198 port 32968', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 13:09:41,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324981.792955, 'message': 'Dec  6 13:09:41 hqnl0246134 sshd[215531]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.236.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 13:09:41,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324981.7931542, 'message': 'Dec  6 13:09:41 hqnl0246134 sshd[215531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.236.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 13:09:43,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324983.7925227, 'message': 'Dec  6 13:09:43 hqnl0246134 sshd[215531]: Failed password for invalid user dm from 206.189.236.198 port 32968 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 13:09:43,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.236.198', 'timestamp': 1670324983.7927394, 'message': 'Dec  6 13:09:43 hqnl0246134 sshd[215531]: Disconnected from invalid user dm 206.189.236.198 port 32968 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 13:09:45,943] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:09:45,944] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:09:54,329] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:09:54,381] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0683 seconds
INFO    [2022-12-06 13:09:57,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324997.8070097, 'message': 'Dec  6 13:09:56 hqnl0246134 sshd[215535]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 13:09:57,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324997.8074882, 'message': 'Dec  6 13:09:56 hqnl0246134 sshd[215535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 13:09:59,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.41.247', 'timestamp': 1670324999.806272, 'message': 'Dec  6 13:09:58 hqnl0246134 sshd[215535]: Failed password for root from 137.184.41.247 port 44182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 13:10:05,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325005.8130846, 'message': 'Dec  6 13:10:04 hqnl0246134 sshd[215562]: Accepted password for supportwwwuser from 212.58.119.251 port 10541 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 13:10:09,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325009.8198433, 'message': 'Dec  6 13:10:08 hqnl0246134 sshd[215605]: Invalid user python from 157.230.113.181 port 39572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 13:10:09,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325009.8205483, 'message': 'Dec  6 13:10:08 hqnl0246134 sshd[215605]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.113.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 13:10:09,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325009.8207371, 'message': 'Dec  6 13:10:08 hqnl0246134 sshd[215605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.113.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 13:10:11,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325011.8206184, 'message': 'Dec  6 13:10:11 hqnl0246134 sshd[215605]: Failed password for invalid user python from 157.230.113.181 port 39572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 13:10:13,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325013.820468, 'message': 'Dec  6 13:10:12 hqnl0246134 sshd[215605]: Disconnected from invalid user python 157.230.113.181 port 39572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 13:10:16,276] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:10:16,277] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:10:16,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:10:16,301] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 13:10:19,348] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:10:19,349] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:10:19,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:10:19,390] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0405 seconds
INFO    [2022-12-06 13:10:24,291] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:10:24,292] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:10:24,304] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:10:24,318] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 13:10:43,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325043.8533425, 'message': 'Dec  6 13:10:43 hqnl0246134 sshd[215652]: Invalid user ftpsecure from 128.199.188.184 port 54436', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 13:10:43,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325043.8540714, 'message': 'Dec  6 13:10:43 hqnl0246134 sshd[215652]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.188.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 13:10:43,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325043.8543463, 'message': 'Dec  6 13:10:43 hqnl0246134 sshd[215652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.188.184 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 13:10:45,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325045.8542511, 'message': 'Dec  6 13:10:45 hqnl0246134 sshd[215652]: Failed password for invalid user ftpsecure from 128.199.188.184 port 54436 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
WARNING [2022-12-06 13:10:45,946] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:10:45,947] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:10:47,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325047.856882, 'message': 'Dec  6 13:10:47 hqnl0246134 sshd[215652]: Disconnected from invalid user ftpsecure 128.199.188.184 port 54436 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-06 13:10:54,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:10:54,430] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0935 seconds
INFO    [2022-12-06 13:11:03,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670325063.8946495, 'message': 'Dec  6 13:11:02 hqnl0246134 sshd[215666]: Invalid user marie from 20.121.113.183 port 1152', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0617 seconds
INFO    [2022-12-06 13:11:03,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325063.896445, 'message': 'Dec  6 13:11:02 hqnl0246134 sshd[215668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0595 seconds
INFO    [2022-12-06 13:11:04,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.121.113.183', 'timestamp': 1670325063.8957798, 'message': 'Dec  6 13:11:02 hqnl0246134 sshd[215666]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.121.113.183 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 13:11:04,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325063.8967214, 'message': 'Dec  6 13:11:02 hqnl0246134 sshd[215668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 13:11:04,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.121.113.183', 'timestamp': 1670325063.8961494, 'message': 'Dec  6 13:11:02 hqnl0246134 sshd[215666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.121.113.183 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 13:11:05,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670325065.8828747, 'message': 'Dec  6 13:11:05 hqnl0246134 sshd[215666]: Failed password for invalid user marie from 20.121.113.183 port 1152 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-06 13:11:05,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325065.883538, 'message': 'Dec  6 13:11:05 hqnl0246134 sshd[215668]: Failed password for root from 61.177.172.114 port 38325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-06 13:11:07,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.121.113.183', 'timestamp': 1670325067.8934023, 'message': 'Dec  6 13:11:06 hqnl0246134 sshd[215666]: Disconnected from invalid user marie 20.121.113.183 port 1152 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 13:11:07,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325067.8937864, 'message': 'Dec  6 13:11:07 hqnl0246134 sshd[215668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 13:11:09,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325069.8870049, 'message': 'Dec  6 13:11:08 hqnl0246134 sshd[215677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.58.119.251  user=supportwwwuser', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1098 seconds
INFO    [2022-12-06 13:11:09,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325069.8872852, 'message': 'Dec  6 13:11:09 hqnl0246134 sshd[215668]: Failed password for root from 61.177.172.114 port 38325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1096 seconds
INFO    [2022-12-06 13:11:11,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325071.889211, 'message': 'Dec  6 13:11:10 hqnl0246134 sshd[215677]: Failed password for supportwwwuser from 212.58.119.251 port 10546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 13:11:11,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325071.8894968, 'message': 'Dec  6 13:11:11 hqnl0246134 sshd[215668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 13:11:14,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325073.9108112, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215679]: Invalid user pavel from 43.153.100.118 port 60800', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1277 seconds
INFO    [2022-12-06 13:11:14,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325073.9111707, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215680]: Invalid user felix from 35.200.141.182 port 39416', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1306 seconds
INFO    [2022-12-06 13:11:14,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325073.9118302, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.100.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1919 seconds
INFO    [2022-12-06 13:11:14,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325073.9113276, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215680]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1907 seconds
INFO    [2022-12-06 13:11:14,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325073.9121342, 'message': 'Dec  6 13:11:13 hqnl0246134 sshd[215668]: Failed password for root from 61.177.172.114 port 38325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1901 seconds
INFO    [2022-12-06 13:11:14,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325073.911961, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.100.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 13:11:14,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325073.9114566, 'message': 'Dec  6 13:11:12 hqnl0246134 sshd[215680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 13:11:16,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325075.8943594, 'message': 'Dec  6 13:11:14 hqnl0246134 sshd[215680]: Failed password for invalid user felix from 35.200.141.182 port 39416 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1763 seconds
INFO    [2022-12-06 13:11:16,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325075.8962529, 'message': 'Dec  6 13:11:14 hqnl0246134 sshd[215679]: Failed password for invalid user pavel from 43.153.100.118 port 60800 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1887 seconds
INFO    [2022-12-06 13:11:16,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325075.896572, 'message': 'Dec  6 13:11:15 hqnl0246134 sshd[215680]: Disconnected from invalid user felix 35.200.141.182 port 39416 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0723 seconds
INFO    [2022-12-06 13:11:17,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325077.8968098, 'message': 'Dec  6 13:11:16 hqnl0246134 sshd[215679]: Disconnected from invalid user pavel 43.153.100.118 port 60800 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0620 seconds
INFO    [2022-12-06 13:11:17,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325077.8971312, 'message': 'Dec  6 13:11:17 hqnl0246134 sshd[215686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0628 seconds
INFO    [2022-12-06 13:11:17,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325077.897311, 'message': 'Dec  6 13:11:17 hqnl0246134 sshd[215686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 13:11:20,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325079.9004931, 'message': 'Dec  6 13:11:18 hqnl0246134 sshd[215686]: Failed password for root from 61.177.172.114 port 37199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1064 seconds
INFO    [2022-12-06 13:11:20,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325079.900957, 'message': 'Dec  6 13:11:19 hqnl0246134 sshd[215686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 13:11:21,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:11:21,323] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:11:21,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:11:21,378] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0416 seconds
INFO    [2022-12-06 13:11:21,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325081.9019017, 'message': 'Dec  6 13:11:20 hqnl0246134 sshd[215677]: Failed password for supportwwwuser from 212.58.119.251 port 10546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0560 seconds
INFO    [2022-12-06 13:11:21,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325081.902956, 'message': 'Dec  6 13:11:21 hqnl0246134 sshd[215686]: Failed password for root from 61.177.172.114 port 37199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 13:11:24,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325083.907002, 'message': 'Dec  6 13:11:23 hqnl0246134 sshd[215686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1065 seconds
INFO    [2022-12-06 13:11:25,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325085.9060206, 'message': 'Dec  6 13:11:25 hqnl0246134 sshd[215686]: Failed password for root from 61.177.172.114 port 37199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 13:11:27,453] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:11:27,453] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:11:27,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:11:27,533] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0644 seconds
INFO    [2022-12-06 13:11:29,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325089.9108734, 'message': 'Dec  6 13:11:29 hqnl0246134 sshd[215707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0632 seconds
INFO    [2022-12-06 13:11:30,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325089.9112446, 'message': 'Dec  6 13:11:29 hqnl0246134 sshd[215707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 13:11:31,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325091.9132855, 'message': 'Dec  6 13:11:31 hqnl0246134 sshd[215707]: Failed password for root from 61.177.172.114 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 13:11:31,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325091.9137182, 'message': 'Dec  6 13:11:31 hqnl0246134 sshd[215707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 13:11:35,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325095.9172, 'message': 'Dec  6 13:11:33 hqnl0246134 sshd[215707]: Failed password for root from 61.177.172.114 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-06 13:11:37,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325097.9194107, 'message': 'Dec  6 13:11:36 hqnl0246134 sshd[215707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 13:11:39,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325099.9188654, 'message': 'Dec  6 13:11:38 hqnl0246134 sshd[215707]: Failed password for root from 61.177.172.114 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-06 13:11:40,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325099.937324, 'message': 'Dec  6 13:11:39 hqnl0246134 sshd[215710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 13:11:40,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325099.937522, 'message': 'Dec  6 13:11:39 hqnl0246134 sshd[215710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 13:11:44,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325103.9242601, 'message': 'Dec  6 13:11:42 hqnl0246134 sshd[215710]: Failed password for root from 61.177.172.114 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1940 seconds
INFO    [2022-12-06 13:11:44,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670325103.924938, 'message': 'Dec  6 13:11:43 hqnl0246134 sshd[215716]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.2070 seconds
INFO    [2022-12-06 13:11:44,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670325103.9251008, 'message': 'Dec  6 13:11:43 hqnl0246134 sshd[215716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1353 seconds
WARNING [2022-12-06 13:11:45,950] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:11:45,952] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:11:46,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325105.9251568, 'message': 'Dec  6 13:11:44 hqnl0246134 sshd[215710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0823 seconds
INFO    [2022-12-06 13:11:46,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.60.80.58', 'timestamp': 1670325105.9264596, 'message': 'Dec  6 13:11:45 hqnl0246134 sshd[215716]: Failed password for root from 212.60.80.58 port 57038 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0823 seconds
INFO    [2022-12-06 13:11:47,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325107.9264607, 'message': 'Dec  6 13:11:46 hqnl0246134 sshd[215710]: Failed password for root from 61.177.172.114 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 13:11:50,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325109.9339173, 'message': 'Dec  6 13:11:48 hqnl0246134 sshd[215710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1089 seconds
INFO    [2022-12-06 13:11:51,287] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:11:51,288] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:11:51,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:11:51,321] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-06 13:11:51,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670325111.935932, 'message': 'Dec  6 13:11:50 hqnl0246134 sshd[215710]: Failed password for root from 61.177.172.114 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0508 seconds
WARNING [2022-12-06 13:11:53,266] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:11:54,366] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:11:54,446] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.1024 seconds
INFO    [2022-12-06 13:12:02,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325121.9508007, 'message': 'Dec  6 13:12:01 hqnl0246134 sshd[215741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.249.59.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0854 seconds
INFO    [2022-12-06 13:12:02,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325121.9519193, 'message': 'Dec  6 13:12:01 hqnl0246134 sshd[215741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.249.59.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 13:12:03,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325123.9507918, 'message': 'Dec  6 13:12:02 hqnl0246134 sshd[215741]: Failed password for root from 20.249.59.34 port 6016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 13:12:05,781] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:12:05,853] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:12:05,853] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:12:05,853] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:12:05,854] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:12:05,854] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:12:05,876] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:12:05,907] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0522 seconds
WARNING [2022-12-06 13:12:05,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:12:05,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:12:05,956] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0584 seconds
INFO    [2022-12-06 13:12:05,960] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0572 seconds
INFO    [2022-12-06 13:12:08,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325127.9564826, 'message': 'Dec  6 13:12:06 hqnl0246134 sshd[215677]: Accepted password for supportwwwuser from 212.58.119.251 port 10546 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 13:12:20,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325139.9739547, 'message': 'Dec  6 13:12:19 hqnl0246134 sshd[215791]: Invalid user wialon from 167.71.4.124 port 56948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0882 seconds
INFO    [2022-12-06 13:12:20,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325139.987454, 'message': 'Dec  6 13:12:19 hqnl0246134 sshd[215791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.4.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 13:12:20,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325139.9877565, 'message': 'Dec  6 13:12:19 hqnl0246134 sshd[215791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.4.124 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 13:12:21,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:12:21,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:12:21,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:12:21,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0359 seconds
INFO    [2022-12-06 13:12:21,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325141.9698992, 'message': 'Dec  6 13:12:21 hqnl0246134 sshd[215791]: Failed password for invalid user wialon from 167.71.4.124 port 56948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 13:12:24,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325143.9730227, 'message': 'Dec  6 13:12:23 hqnl0246134 sshd[215791]: Disconnected from invalid user wialon 167.71.4.124 port 56948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 13:12:26,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:12:26,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:12:26,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:12:26,459] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 13:12:36,434] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:12:36,458] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:12:36,470] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 13:12:45,956] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:12:45,963] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:12:48,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325168.0084844, 'message': 'Dec  6 13:12:46 hqnl0246134 sshd[215818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1334 seconds
INFO    [2022-12-06 13:12:48,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325168.0098567, 'message': 'Dec  6 13:12:46 hqnl0246134 sshd[215818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-06 13:12:50,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325170.0039954, 'message': 'Dec  6 13:12:48 hqnl0246134 sshd[215818]: Failed password for root from 137.184.41.247 port 33948 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
WARNING [2022-12-06 13:12:54,369] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:12:54,447] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0979 seconds
INFO    [2022-12-06 13:13:08,991] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 13:13:09,019] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:13:09,062] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0622 seconds
INFO    [2022-12-06 13:13:27,839] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:13:27,841] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:13:27,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:13:27,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
INFO    [2022-12-06 13:13:34,767] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:13:34,777] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:13:34,798] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:13:34,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0617 seconds
WARNING [2022-12-06 13:13:45,966] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:13:45,968] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:14:10,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325250.2078435, 'message': 'Dec  6 13:14:08 hqnl0246134 sshd[215902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.100.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 13:14:10,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325250.2172964, 'message': 'Dec  6 13:14:08 hqnl0246134 sshd[215902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.100.118  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-06 13:14:12,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325252.208313, 'message': 'Dec  6 13:14:10 hqnl0246134 sshd[215902]: Failed password for root from 43.153.100.118 port 48818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0551 seconds
INFO    [2022-12-06 13:14:16,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325256.2113886, 'message': 'Dec  6 13:14:14 hqnl0246134 sshd[215904]: Invalid user backups from 128.199.188.184 port 56214', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0845 seconds
INFO    [2022-12-06 13:14:16,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325256.2121325, 'message': 'Dec  6 13:14:14 hqnl0246134 sshd[215904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.188.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-06 13:14:16,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325256.2168305, 'message': 'Dec  6 13:14:14 hqnl0246134 sshd[215904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.188.184 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0791 seconds
INFO    [2022-12-06 13:14:18,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325258.2099566, 'message': 'Dec  6 13:14:16 hqnl0246134 sshd[215904]: Failed password for invalid user backups from 128.199.188.184 port 56214 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0756 seconds
INFO    [2022-12-06 13:14:18,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325258.2102077, 'message': 'Dec  6 13:14:17 hqnl0246134 sshd[215904]: Disconnected from invalid user backups 128.199.188.184 port 56214 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1267 seconds
INFO    [2022-12-06 13:14:20,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325260.2125793, 'message': 'Dec  6 13:14:18 hqnl0246134 sshd[215911]: Invalid user roland from 137.184.196.76 port 48186', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 13:14:20,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325260.2128425, 'message': 'Dec  6 13:14:18 hqnl0246134 sshd[215911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0997 seconds
INFO    [2022-12-06 13:14:20,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325260.2132473, 'message': 'Dec  6 13:14:18 hqnl0246134 sshd[215911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 13:14:20,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:14:20,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 13:14:20,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:14:20,910] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:14:20,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:14:20,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:14:21,003] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1999 seconds
INFO    [2022-12-06 13:14:21,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0931 seconds
INFO    [2022-12-06 13:14:22,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325262.2155435, 'message': 'Dec  6 13:14:20 hqnl0246134 sshd[215911]: Failed password for invalid user roland from 137.184.196.76 port 48186 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1105 seconds
INFO    [2022-12-06 13:14:22,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325262.2160072, 'message': 'Dec  6 13:14:20 hqnl0246134 sshd[215911]: Disconnected from invalid user roland 137.184.196.76 port 48186 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1021 seconds
INFO    [2022-12-06 13:14:26,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:14:26,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:14:26,585] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:14:26,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0600 seconds
INFO    [2022-12-06 13:14:28,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325268.2261117, 'message': 'Dec  6 13:14:26 hqnl0246134 sshd[215925]: Invalid user mikael from 35.200.141.182 port 56866', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-06 13:14:28,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325268.2268207, 'message': 'Dec  6 13:14:26 hqnl0246134 sshd[215925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 13:14:28,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325268.2270818, 'message': 'Dec  6 13:14:26 hqnl0246134 sshd[215925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 13:14:30,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325270.2264407, 'message': 'Dec  6 13:14:28 hqnl0246134 sshd[215925]: Failed password for invalid user mikael from 35.200.141.182 port 56866 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0998 seconds
INFO    [2022-12-06 13:14:30,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325270.226865, 'message': 'Dec  6 13:14:29 hqnl0246134 sshd[215925]: Disconnected from invalid user mikael 35.200.141.182 port 56866 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 13:14:32,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325272.228065, 'message': 'Dec  6 13:14:31 hqnl0246134 sshd[215938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.229.48.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-06 13:14:32,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325272.2285442, 'message': 'Dec  6 13:14:31 hqnl0246134 sshd[215938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.229.48.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-06 13:14:34,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325274.2371175, 'message': 'Dec  6 13:14:33 hqnl0246134 sshd[215938]: Failed password for root from 67.229.48.227 port 54014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 13:14:40,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325280.2423909, 'message': 'Dec  6 13:14:39 hqnl0246134 sshd[215942]: Accepted password for supportwwwuser from 212.58.119.251 port 10733 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0822 seconds
WARNING [2022-12-06 13:14:45,971] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:14:45,973] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:14:54,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:14:54,467] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.1050 seconds
INFO    [2022-12-06 13:15:02,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325302.2776775, 'message': 'Dec  6 13:15:01 hqnl0246134 sshd[215988]: Invalid user odoo from 87.98.174.163 port 58400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0604 seconds
INFO    [2022-12-06 13:15:02,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325302.2886121, 'message': 'Dec  6 13:15:01 hqnl0246134 sshd[215988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.174.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 13:15:02,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325302.2890944, 'message': 'Dec  6 13:15:01 hqnl0246134 sshd[215988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.174.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 13:15:04,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325304.2767909, 'message': 'Dec  6 13:15:03 hqnl0246134 sshd[215988]: Failed password for invalid user odoo from 87.98.174.163 port 58400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-06 13:15:06,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325306.2788196, 'message': 'Dec  6 13:15:05 hqnl0246134 sshd[215988]: Disconnected from invalid user odoo 87.98.174.163 port 58400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 13:15:20,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:15:20,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:15:20,740] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:15:20,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0929 seconds
INFO    [2022-12-06 13:15:28,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:15:28,062] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:15:28,094] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:15:28,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0689 seconds
INFO    [2022-12-06 13:15:28,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325328.3235247, 'message': 'Dec  6 13:15:27 hqnl0246134 sshd[216033]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1812 seconds
INFO    [2022-12-06 13:15:28,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325328.324899, 'message': 'Dec  6 13:15:27 hqnl0246134 sshd[216033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1074 seconds
INFO    [2022-12-06 13:15:30,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325330.315501, 'message': 'Dec  6 13:15:29 hqnl0246134 sshd[216033]: Failed password for root from 61.177.173.35 port 48800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 13:15:32,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325332.3152556, 'message': 'Dec  6 13:15:32 hqnl0246134 sshd[216033]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 13:15:34,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325334.3188257, 'message': 'Dec  6 13:15:34 hqnl0246134 sshd[216033]: Failed password for root from 61.177.173.35 port 48800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 13:15:36,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325336.3197677, 'message': 'Dec  6 13:15:34 hqnl0246134 sshd[216033]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0731 seconds
INFO    [2022-12-06 13:15:36,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325336.3205469, 'message': 'Dec  6 13:15:34 hqnl0246134 sshd[216049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0731 seconds
INFO    [2022-12-06 13:15:36,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325336.3212466, 'message': 'Dec  6 13:15:36 hqnl0246134 sshd[216033]: Failed password for root from 61.177.173.35 port 48800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:15:36,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325336.3209472, 'message': 'Dec  6 13:15:34 hqnl0246134 sshd[216049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 13:15:36,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.41.247', 'timestamp': 1670325336.3214633, 'message': 'Dec  6 13:15:36 hqnl0246134 sshd[216049]: Failed password for root from 137.184.41.247 port 51914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 13:15:40,040] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:15:40,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:15:40,050] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:15:40,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0470 seconds
INFO    [2022-12-06 13:15:40,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325340.3223865, 'message': 'Dec  6 13:15:38 hqnl0246134 sshd[216053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 13:15:40,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325340.3227074, 'message': 'Dec  6 13:15:38 hqnl0246134 sshd[216053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 13:15:40,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325340.322882, 'message': 'Dec  6 13:15:40 hqnl0246134 sshd[216053]: Failed password for root from 61.177.173.35 port 25220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 13:15:42,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325342.3264034, 'message': 'Dec  6 13:15:40 hqnl0246134 sshd[216053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 13:15:44,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325344.3278725, 'message': 'Dec  6 13:15:42 hqnl0246134 sshd[216053]: Failed password for root from 61.177.173.35 port 25220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 13:15:44,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325344.3280742, 'message': 'Dec  6 13:15:43 hqnl0246134 sshd[216053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
WARNING [2022-12-06 13:15:45,976] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:15:45,976] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:15:46,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325346.329501, 'message': 'Dec  6 13:15:45 hqnl0246134 sshd[216053]: Failed password for root from 61.177.173.35 port 25220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 13:15:50,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325350.3353302, 'message': 'Dec  6 13:15:48 hqnl0246134 sshd[216059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 13:15:50,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325350.335535, 'message': 'Dec  6 13:15:48 hqnl0246134 sshd[216059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 13:15:52,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325352.33836, 'message': 'Dec  6 13:15:50 hqnl0246134 sshd[216059]: Failed password for root from 61.177.173.35 port 51591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 13:15:52,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325352.3385823, 'message': 'Dec  6 13:15:51 hqnl0246134 sshd[216059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 13:15:54,379] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:15:54,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670325354.341092, 'message': 'Dec  6 13:15:52 hqnl0246134 sshd[216061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 13:15:54,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325354.341432, 'message': 'Dec  6 13:15:53 hqnl0246134 sshd[216059]: Failed password for root from 61.177.173.35 port 51591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 13:15:54,417] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0530 seconds
INFO    [2022-12-06 13:15:54,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670325354.341319, 'message': 'Dec  6 13:15:52 hqnl0246134 sshd[216061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 13:15:54,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.220', 'timestamp': 1670325354.341535, 'message': 'Dec  6 13:15:54 hqnl0246134 sshd[216061]: Failed password for root from 152.89.196.220 port 22672 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 13:15:56,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325356.3420677, 'message': 'Dec  6 13:15:55 hqnl0246134 sshd[216059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 13:15:58,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670325358.344311, 'message': 'Dec  6 13:15:57 hqnl0246134 sshd[216059]: Failed password for root from 61.177.173.35 port 51591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 13:16:08,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325368.3587885, 'message': 'Dec  6 13:16:06 hqnl0246134 sshd[216083]: Invalid user terraria from 85.114.119.22 port 39553', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-06 13:16:08,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325368.3595655, 'message': 'Dec  6 13:16:06 hqnl0246134 sshd[216083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.114.119.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 13:16:08,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325368.3599148, 'message': 'Dec  6 13:16:06 hqnl0246134 sshd[216083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.114.119.22 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 13:16:10,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325370.3651025, 'message': 'Dec  6 13:16:08 hqnl0246134 sshd[216083]: Failed password for invalid user terraria from 85.114.119.22 port 39553 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 13:16:10,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325370.3653598, 'message': 'Dec  6 13:16:09 hqnl0246134 sshd[216083]: Disconnected from invalid user terraria 85.114.119.22 port 39553 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 13:16:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:16:18,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:16:18,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:16:18,058] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 13:16:21,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:16:21,336] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:16:21,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:16:21,372] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
INFO    [2022-12-06 13:16:24,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325384.37343, 'message': 'Dec  6 13:16:23 hqnl0246134 sshd[216100]: Invalid user admin from 34.126.71.110 port 57070', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 13:16:24,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325384.3737671, 'message': 'Dec  6 13:16:24 hqnl0246134 sshd[216100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.126.71.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 13:16:24,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325384.3811374, 'message': 'Dec  6 13:16:24 hqnl0246134 sshd[216100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.71.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 13:16:26,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325386.3754067, 'message': 'Dec  6 13:16:25 hqnl0246134 sshd[216100]: Failed password for invalid user admin from 34.126.71.110 port 57070 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 13:16:26,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325386.375672, 'message': 'Dec  6 13:16:26 hqnl0246134 sshd[216100]: Disconnected from invalid user admin 34.126.71.110 port 57070 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 13:16:45,981] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:16:45,982] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:16:47,200] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:16:47,267] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:16:47,268] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:16:47,268] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:16:47,268] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:16:47,269] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:16:47,282] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:16:47,302] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0322 seconds
WARNING [2022-12-06 13:16:47,317] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:16:47,320] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:16:47,339] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0434 seconds
INFO    [2022-12-06 13:16:47,340] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0409 seconds
WARNING [2022-12-06 13:16:54,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:16:54,421] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0529 seconds
INFO    [2022-12-06 13:17:08,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325428.4593847, 'message': 'Dec  6 13:17:08 hqnl0246134 sshd[216150]: Invalid user lyy from 43.153.100.118 port 59938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 13:17:08,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325428.459843, 'message': 'Dec  6 13:17:08 hqnl0246134 sshd[216150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.100.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 13:17:08,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325428.4600055, 'message': 'Dec  6 13:17:08 hqnl0246134 sshd[216150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.100.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 13:17:12,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325432.439347, 'message': 'Dec  6 13:17:10 hqnl0246134 sshd[216150]: Failed password for invalid user lyy from 43.153.100.118 port 59938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 13:17:12,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.100.118', 'timestamp': 1670325432.4398887, 'message': 'Dec  6 13:17:12 hqnl0246134 sshd[216150]: Disconnected from invalid user lyy 43.153.100.118 port 59938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 13:17:16,934] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:17:16,935] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:17:16,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:17:16,967] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
INFO    [2022-12-06 13:17:19,337] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:17:19,338] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:17:19,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:17:19,357] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 13:17:19,764] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:17:19,764] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:17:19,765] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 13:17:23,187] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:17:23,188] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:17:23,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:17:23,222] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0333 seconds
INFO    [2022-12-06 13:17:26,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325446.4534159, 'message': 'Dec  6 13:17:24 hqnl0246134 sshd[216172]: Invalid user kk from 35.200.141.182 port 46066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 13:17:26,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325446.4537182, 'message': 'Dec  6 13:17:24 hqnl0246134 sshd[216172]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 13:17:26,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325446.45388, 'message': 'Dec  6 13:17:24 hqnl0246134 sshd[216172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 13:17:28,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325448.4553313, 'message': 'Dec  6 13:17:27 hqnl0246134 sshd[216172]: Failed password for invalid user kk from 35.200.141.182 port 46066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 13:17:30,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670325450.4588466, 'message': 'Dec  6 13:17:29 hqnl0246134 sshd[216172]: Disconnected from invalid user kk 35.200.141.182 port 46066 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
WARNING [2022-12-06 13:17:45,987] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:17:45,989] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:17:46,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325466.476664, 'message': 'Dec  6 13:17:44 hqnl0246134 sshd[216194]: Invalid user testing from 128.199.188.184 port 54052', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 13:17:46,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325466.4780369, 'message': 'Dec  6 13:17:44 hqnl0246134 sshd[216194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.188.184 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 13:17:46,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325466.4781451, 'message': 'Dec  6 13:17:44 hqnl0246134 sshd[216194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.188.184 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 13:17:48,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325468.4785633, 'message': 'Dec  6 13:17:46 hqnl0246134 sshd[216196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 13:17:48,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325468.4791706, 'message': 'Dec  6 13:17:46 hqnl0246134 sshd[216194]: Failed password for invalid user testing from 128.199.188.184 port 54052 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 13:17:48,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325468.47902, 'message': 'Dec  6 13:17:46 hqnl0246134 sshd[216196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 13:17:48,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325468.4793391, 'message': 'Dec  6 13:17:48 hqnl0246134 sshd[216196]: Failed password for root from 61.177.173.50 port 39967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 13:17:50,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325470.4813845, 'message': 'Dec  6 13:17:48 hqnl0246134 sshd[216196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0858 seconds
INFO    [2022-12-06 13:17:50,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.188.184', 'timestamp': 1670325470.483115, 'message': 'Dec  6 13:17:49 hqnl0246134 sshd[216194]: Disconnected from invalid user testing 128.199.188.184 port 54052 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0854 seconds
INFO    [2022-12-06 13:17:50,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325470.4833162, 'message': 'Dec  6 13:17:49 hqnl0246134 sshd[216198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.195.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0848 seconds
INFO    [2022-12-06 13:17:50,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325470.4835224, 'message': 'Dec  6 13:17:49 hqnl0246134 sshd[216198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.195.123  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 13:17:52,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325472.484132, 'message': 'Dec  6 13:17:50 hqnl0246134 sshd[216196]: Failed password for root from 61.177.173.50 port 39967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 13:17:52,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325472.4849858, 'message': 'Dec  6 13:17:51 hqnl0246134 sshd[216198]: Failed password for root from 138.197.195.123 port 58898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-06 13:17:52,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325472.4846628, 'message': 'Dec  6 13:17:51 hqnl0246134 sshd[216196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
WARNING [2022-12-06 13:17:54,383] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:17:54,416] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0431 seconds
INFO    [2022-12-06 13:17:54,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670325474.486494, 'message': 'Dec  6 13:17:53 hqnl0246134 sshd[216196]: Failed password for root from 61.177.173.50 port 39967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 13:18:18,329] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:18:18,330] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:18:18,338] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:18:18,357] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0265 seconds
INFO    [2022-12-06 13:18:21,550] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:18:21,551] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:18:21,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:18:21,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-06 13:18:28,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325508.5343502, 'message': 'Dec  6 13:18:27 hqnl0246134 sshd[216234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 13:18:28,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325508.5348134, 'message': 'Dec  6 13:18:27 hqnl0246134 sshd[216234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 13:18:30,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325510.5340874, 'message': 'Dec  6 13:18:29 hqnl0246134 sshd[216234]: Failed password for root from 61.177.173.37 port 46641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1737 seconds
INFO    [2022-12-06 13:18:32,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325512.5364523, 'message': 'Dec  6 13:18:31 hqnl0246134 sshd[216234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 13:18:34,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325514.5409868, 'message': 'Dec  6 13:18:34 hqnl0246134 sshd[216234]: Failed password for root from 61.177.173.37 port 46641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 13:18:38,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325518.5461104, 'message': 'Dec  6 13:18:36 hqnl0246134 sshd[216234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 13:18:40,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325520.5475438, 'message': 'Dec  6 13:18:38 hqnl0246134 sshd[216234]: Failed password for root from 61.177.173.37 port 46641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 13:18:43,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:18:43,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:18:43,804] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:18:43,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 13:18:44,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.22.44.198', 'timestamp': 1670325524.552606, 'message': 'Dec  6 13:18:42 hqnl0246134 sshd[216253]: Invalid user admin from 84.22.44.198 port 44392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 13:18:44,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.22.44.198', 'timestamp': 1670325524.5528898, 'message': 'Dec  6 13:18:43 hqnl0246134 sshd[216253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.22.44.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 13:18:44,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.22.44.198', 'timestamp': 1670325524.5530944, 'message': 'Dec  6 13:18:43 hqnl0246134 sshd[216253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.44.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0832 seconds
WARNING [2022-12-06 13:18:45,994] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:18:45,995] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:18:46,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.22.44.198', 'timestamp': 1670325526.5539484, 'message': 'Dec  6 13:18:45 hqnl0246134 sshd[216253]: Failed password for invalid user admin from 84.22.44.198 port 44392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-06 13:18:48,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325528.5582561, 'message': 'Dec  6 13:18:47 hqnl0246134 sshd[216259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1011 seconds
INFO    [2022-12-06 13:18:48,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325528.5585444, 'message': 'Dec  6 13:18:47 hqnl0246134 sshd[216259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0985 seconds
INFO    [2022-12-06 13:18:50,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325530.5581543, 'message': 'Dec  6 13:18:49 hqnl0246134 sshd[216259]: Failed password for root from 61.177.173.37 port 12126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 13:18:50,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325530.5585332, 'message': 'Dec  6 13:18:49 hqnl0246134 sshd[216259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 13:18:52,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325532.5617945, 'message': 'Dec  6 13:18:51 hqnl0246134 sshd[216259]: Failed password for root from 61.177.173.37 port 12126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 13:18:52,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325532.5621858, 'message': 'Dec  6 13:18:52 hqnl0246134 sshd[216259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
WARNING [2022-12-06 13:18:54,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:18:54,433] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0530 seconds
INFO    [2022-12-06 13:18:54,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325534.5663865, 'message': 'Dec  6 13:18:53 hqnl0246134 sshd[216259]: Failed password for root from 61.177.173.37 port 12126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 13:19:06,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325546.602636, 'message': 'Dec  6 13:19:06 hqnl0246134 sshd[216286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 13:19:06,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325546.6031744, 'message': 'Dec  6 13:19:06 hqnl0246134 sshd[216286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 13:19:08,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325548.6021369, 'message': 'Dec  6 13:19:08 hqnl0246134 sshd[216286]: Failed password for root from 61.177.173.37 port 25606 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:19:08,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325548.602423, 'message': 'Dec  6 13:19:08 hqnl0246134 sshd[216286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 13:19:12,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325552.6098754, 'message': 'Dec  6 13:19:10 hqnl0246134 sshd[216286]: Failed password for root from 61.177.173.37 port 25606 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-06 13:19:14,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325554.6093183, 'message': 'Dec  6 13:19:12 hqnl0246134 sshd[216286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 13:19:16,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325556.6101058, 'message': 'Dec  6 13:19:15 hqnl0246134 sshd[216286]: Failed password for root from 61.177.173.37 port 25606 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 13:19:18,201] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:19:18,202] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:19:18,215] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:19:18,232] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 13:19:20,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325560.6152987, 'message': 'Dec  6 13:19:18 hqnl0246134 sshd[216295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 13:19:20,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325560.6158302, 'message': 'Dec  6 13:19:18 hqnl0246134 sshd[216295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 13:19:21,622] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:19:21,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:19:21,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:19:21,655] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0303 seconds
INFO    [2022-12-06 13:19:22,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325562.6172001, 'message': 'Dec  6 13:19:20 hqnl0246134 sshd[216295]: Failed password for root from 61.177.173.37 port 52579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0685 seconds
INFO    [2022-12-06 13:19:22,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325562.6175628, 'message': 'Dec  6 13:19:21 hqnl0246134 sshd[216295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 13:19:24,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325564.618206, 'message': 'Dec  6 13:19:23 hqnl0246134 sshd[216295]: Failed password for root from 61.177.173.37 port 52579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 13:19:26,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325566.6200624, 'message': 'Dec  6 13:19:25 hqnl0246134 sshd[216295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 13:19:28,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325568.6217432, 'message': 'Dec  6 13:19:26 hqnl0246134 sshd[216295]: Failed password for root from 61.177.173.37 port 52579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 13:19:30,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325570.6248105, 'message': 'Dec  6 13:19:29 hqnl0246134 sshd[216306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 13:19:30,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325570.625001, 'message': 'Dec  6 13:19:29 hqnl0246134 sshd[216306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0723 seconds
INFO    [2022-12-06 13:19:32,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325572.6258795, 'message': 'Dec  6 13:19:30 hqnl0246134 sshd[216306]: Failed password for root from 61.177.173.37 port 62440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0778 seconds
INFO    [2022-12-06 13:19:32,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325572.6262088, 'message': 'Dec  6 13:19:31 hqnl0246134 sshd[216306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0704 seconds
INFO    [2022-12-06 13:19:34,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325574.6291237, 'message': 'Dec  6 13:19:33 hqnl0246134 sshd[216306]: Failed password for root from 61.177.173.37 port 62440 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0611 seconds
INFO    [2022-12-06 13:19:36,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325576.6320558, 'message': 'Dec  6 13:19:35 hqnl0246134 sshd[216306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:19:38,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670325578.6334627, 'message': 'Dec  6 13:19:37 hqnl0246134 sshd[216306]: Failed password for root from 61.177.173.37 port 62440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 13:19:40,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325580.6356752, 'message': 'Dec  6 13:19:40 hqnl0246134 sshd[216347]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.82.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:19:40,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325580.6360993, 'message': 'Dec  6 13:19:40 hqnl0246134 sshd[216347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.82.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 13:19:42,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325582.6384902, 'message': 'Dec  6 13:19:42 hqnl0246134 sshd[216347]: Failed password for root from 138.68.82.194 port 60286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
WARNING [2022-12-06 13:19:45,999] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:19:46,000] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:19:46,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:19:46,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:19:46,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:19:46,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0400 seconds
INFO    [2022-12-06 13:19:52,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325592.6731286, 'message': 'Dec  6 13:19:51 hqnl0246134 sshd[216357]: Invalid user stack from 157.230.113.181 port 48940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:19:52,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325592.67335, 'message': 'Dec  6 13:19:51 hqnl0246134 sshd[216357]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.113.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 13:19:52,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325592.6734867, 'message': 'Dec  6 13:19:51 hqnl0246134 sshd[216357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.113.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
WARNING [2022-12-06 13:19:54,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:19:54,418] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-06 13:19:54,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325594.674008, 'message': 'Dec  6 13:19:54 hqnl0246134 sshd[216357]: Failed password for invalid user stack from 157.230.113.181 port 48940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 13:19:56,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325596.6820686, 'message': 'Dec  6 13:19:55 hqnl0246134 sshd[216357]: Disconnected from invalid user stack 157.230.113.181 port 48940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 13:20:07,970] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:20:08,038] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:20:08,039] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:20:08,039] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:20:08,039] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:20:08,040] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:20:08,056] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:20:08,073] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0328 seconds
WARNING [2022-12-06 13:20:08,080] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:20:08,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:20:08,124] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0557 seconds
INFO    [2022-12-06 13:20:08,126] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0546 seconds
INFO    [2022-12-06 13:20:18,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:20:18,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:20:18,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:20:18,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 13:20:21,724] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:20:21,725] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:20:21,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:20:21,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 13:20:36,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.96.213', 'timestamp': 1670325636.7520628, 'message': 'Dec  6 13:20:35 hqnl0246134 sshd[216424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.96.213 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 13:20:36,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.96.213', 'timestamp': 1670325636.7525442, 'message': 'Dec  6 13:20:35 hqnl0246134 sshd[216424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.96.213  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 13:20:38,757] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:20:38,757] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:20:38,758] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 13:20:38,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.96.213', 'timestamp': 1670325638.75963, 'message': 'Dec  6 13:20:37 hqnl0246134 sshd[216424]: Failed password for root from 159.223.96.213 port 59224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 13:20:44,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325644.764927, 'message': 'Dec  6 13:20:44 hqnl0246134 sshd[216428]: Accepted password for supportwwwuser from 212.58.119.251 port 10663 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0354 seconds
WARNING [2022-12-06 13:20:46,003] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:20:46,005] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:20:52,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670325652.77072, 'message': 'Dec  6 13:20:51 hqnl0246134 sshd[216464]: Accepted password for supportwwwuser from 212.58.119.251 port 10662 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-06 13:20:54,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:20:54,445] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 13:20:56,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325656.788507, 'message': 'Dec  6 13:20:56 hqnl0246134 sshd[216496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.4.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 13:20:56,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325656.7888317, 'message': 'Dec  6 13:20:56 hqnl0246134 sshd[216496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.4.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 13:20:58,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325658.7902763, 'message': 'Dec  6 13:20:58 hqnl0246134 sshd[216496]: Failed password for root from 167.71.4.124 port 46990 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 13:21:01,161] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:21:01,162] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:21:01,184] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:21:01,291] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1146 seconds
INFO    [2022-12-06 13:21:08,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325668.8064382, 'message': 'Dec  6 13:21:08 hqnl0246134 sshd[216526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 13:21:08,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325668.807062, 'message': 'Dec  6 13:21:08 hqnl0246134 sshd[216526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 13:21:10,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325670.808252, 'message': 'Dec  6 13:21:09 hqnl0246134 sshd[216526]: Failed password for root from 137.184.196.76 port 48578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 13:21:14,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325674.812581, 'message': 'Dec  6 13:21:14 hqnl0246134 sshd[216530]: Invalid user support from 217.17.230.180 port 37072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 13:21:14,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325674.8220294, 'message': 'Dec  6 13:21:14 hqnl0246134 sshd[216530]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.17.230.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 13:21:14,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325674.8223944, 'message': 'Dec  6 13:21:14 hqnl0246134 sshd[216530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.17.230.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 13:21:16,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325676.8136384, 'message': 'Dec  6 13:21:16 hqnl0246134 sshd[216530]: Failed password for invalid user support from 217.17.230.180 port 37072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 13:21:18,433] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:21:18,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:21:18,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:21:18,462] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-06 13:21:18,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325678.8164167, 'message': 'Dec  6 13:21:17 hqnl0246134 sshd[216530]: Disconnected from invalid user support 217.17.230.180 port 37072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 13:21:21,359] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:21:21,360] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:21:21,368] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:21:21,382] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 13:21:44,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325704.8538706, 'message': 'Dec  6 13:21:43 hqnl0246134 sshd[216555]: Invalid user network from 67.229.48.227 port 58620', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-06 13:21:44,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325704.8543425, 'message': 'Dec  6 13:21:43 hqnl0246134 sshd[216555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.229.48.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 13:21:44,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325704.8545578, 'message': 'Dec  6 13:21:43 hqnl0246134 sshd[216555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.229.48.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 13:21:45,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325704.8547626, 'message': 'Dec  6 13:21:44 hqnl0246134 sshd[216555]: Failed password for invalid user network from 67.229.48.227 port 58620 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-06 13:21:46,007] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:21:46,009] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:21:46,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325706.8537846, 'message': 'Dec  6 13:21:45 hqnl0246134 sshd[216555]: Disconnected from invalid user network 67.229.48.227 port 58620 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 13:21:50,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325710.8609512, 'message': 'Dec  6 13:21:50 hqnl0246134 sshd[216559]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.126.71.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 13:21:50,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325710.861475, 'message': 'Dec  6 13:21:50 hqnl0246134 sshd[216559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.71.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 13:21:52,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.61.75.88', 'timestamp': 1670325712.8671112, 'message': 'Dec  6 13:21:51 hqnl0246134 sshd[216557]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.61.75.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 13:21:52,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325712.867541, 'message': 'Dec  6 13:21:51 hqnl0246134 sshd[216559]: Failed password for root from 34.126.71.110 port 41648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 13:21:52,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.61.75.88', 'timestamp': 1670325712.8673913, 'message': 'Dec  6 13:21:51 hqnl0246134 sshd[216557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.61.75.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 13:21:53,268] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:21:54,420] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:21:54,454] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0418 seconds
INFO    [2022-12-06 13:21:54,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.61.75.88', 'timestamp': 1670325714.869594, 'message': 'Dec  6 13:21:53 hqnl0246134 sshd[216557]: Failed password for root from 20.61.75.88 port 44410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 13:21:54,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325714.8698308, 'message': 'Dec  6 13:21:53 hqnl0246134 sshd[216569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.174.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 13:21:54,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325714.8699956, 'message': 'Dec  6 13:21:53 hqnl0246134 sshd[216569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.174.163  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 13:21:56,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325716.8700268, 'message': 'Dec  6 13:21:55 hqnl0246134 sshd[216569]: Failed password for root from 87.98.174.163 port 59246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 13:22:08,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.221.4.3', 'timestamp': 1670325728.8877618, 'message': 'Dec  6 13:22:08 hqnl0246134 sshd[216597]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.221.4.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 13:22:08,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.221.4.3', 'timestamp': 1670325728.8883235, 'message': 'Dec  6 13:22:08 hqnl0246134 sshd[216597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.221.4.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 13:22:10,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.221.4.3', 'timestamp': 1670325730.889684, 'message': 'Dec  6 13:22:10 hqnl0246134 sshd[216597]: Failed password for root from 112.221.4.3 port 52994 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 13:22:10,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325730.8898823, 'message': 'Dec  6 13:22:10 hqnl0246134 sshd[216599]: Invalid user hbase from 138.68.82.194 port 44438', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 13:22:10,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325730.8926044, 'message': 'Dec  6 13:22:10 hqnl0246134 sshd[216599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.82.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 13:22:10,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325730.8927438, 'message': 'Dec  6 13:22:10 hqnl0246134 sshd[216599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.82.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 13:22:12,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325732.8901322, 'message': 'Dec  6 13:22:12 hqnl0246134 sshd[216599]: Failed password for invalid user hbase from 138.68.82.194 port 44438 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 13:22:12,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325732.8903894, 'message': 'Dec  6 13:22:12 hqnl0246134 sshd[216599]: Disconnected from invalid user hbase 138.68.82.194 port 44438 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 13:22:13,154] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:22:13,155] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:22:13,165] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:22:13,177] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 13:22:17,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:22:17,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:22:17,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:22:17,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 13:22:20,316] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:22:20,316] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:22:20,325] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:22:20,338] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 13:22:38,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325758.9427576, 'message': 'Dec  6 13:22:37 hqnl0246134 sshd[216630]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.113.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 13:22:38,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325758.9435477, 'message': 'Dec  6 13:22:37 hqnl0246134 sshd[216630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.113.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 13:22:40,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325760.9435318, 'message': 'Dec  6 13:22:39 hqnl0246134 sshd[216630]: Failed password for root from 157.230.113.181 port 49582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 13:22:46,013] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:22:46,014] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:22:54,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:22:54,469] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0539 seconds
INFO    [2022-12-06 13:23:18,243] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:23:18,244] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:23:18,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:23:18,266] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 13:23:21,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:23:21,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:23:21,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:23:21,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 13:23:33,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325813.0465488, 'message': 'Dec  6 13:23:32 hqnl0246134 sshd[216676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.114.119.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 13:23:33,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325813.046932, 'message': 'Dec  6 13:23:32 hqnl0246134 sshd[216676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.114.119.22  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:23:35,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325815.0594368, 'message': 'Dec  6 13:23:33 hqnl0246134 sshd[216686]: Invalid user newuser from 167.71.4.124 port 36948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 13:23:35,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.114.119.22', 'timestamp': 1670325815.060025, 'message': 'Dec  6 13:23:34 hqnl0246134 sshd[216676]: Failed password for root from 85.114.119.22 port 35436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 13:23:35,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325815.05971, 'message': 'Dec  6 13:23:33 hqnl0246134 sshd[216686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.4.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 13:23:35,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325815.0598822, 'message': 'Dec  6 13:23:33 hqnl0246134 sshd[216686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.4.124 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 13:23:37,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325817.0578294, 'message': 'Dec  6 13:23:35 hqnl0246134 sshd[216686]: Failed password for invalid user newuser from 167.71.4.124 port 36948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 13:23:37,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325817.0584085, 'message': 'Dec  6 13:23:36 hqnl0246134 sshd[216686]: Disconnected from invalid user newuser 167.71.4.124 port 36948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 13:23:39,449] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:23:39,450] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:23:39,457] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:23:39,469] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 13:23:46,019] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:23:46,020] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:23:49,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325829.0748353, 'message': 'Dec  6 13:23:47 hqnl0246134 sshd[216694]: Invalid user victor from 138.197.195.123 port 41830', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 13:23:49,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325829.075236, 'message': 'Dec  6 13:23:47 hqnl0246134 sshd[216694]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.195.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:23:49,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325829.0753915, 'message': 'Dec  6 13:23:47 hqnl0246134 sshd[216694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.195.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 13:23:51,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325831.0763123, 'message': 'Dec  6 13:23:49 hqnl0246134 sshd[216694]: Failed password for invalid user victor from 138.197.195.123 port 41830 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 13:23:51,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.158.139.57', 'timestamp': 1670325831.0765839, 'message': 'Dec  6 13:23:50 hqnl0246134 sshd[216696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.158.139.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 13:23:51,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.158.139.57', 'timestamp': 1670325831.0767107, 'message': 'Dec  6 13:23:50 hqnl0246134 sshd[216696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.158.139.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 13:23:53,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670325833.0777621, 'message': 'Dec  6 13:23:51 hqnl0246134 sshd[216694]: Disconnected from invalid user victor 138.197.195.123 port 41830 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 13:23:53,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.158.139.57', 'timestamp': 1670325833.077974, 'message': 'Dec  6 13:23:52 hqnl0246134 sshd[216696]: Failed password for root from 202.158.139.57 port 51910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
WARNING [2022-12-06 13:23:54,427] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:23:54,457] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0392 seconds
INFO    [2022-12-06 13:24:01,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325841.0863378, 'message': 'Dec  6 13:23:59 hqnl0246134 sshd[216706]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 13:24:01,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325841.0867171, 'message': 'Dec  6 13:23:59 hqnl0246134 sshd[216706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 13:24:03,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.196.76', 'timestamp': 1670325843.088546, 'message': 'Dec  6 13:24:01 hqnl0246134 sshd[216706]: Failed password for root from 137.184.196.76 port 48796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 13:24:17,750] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:24:17,751] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:24:17,760] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:24:17,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 13:24:20,260] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:24:20,260] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:24:20,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:24:20,286] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-06 13:24:23,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670325863.128894, 'message': 'Dec  6 13:24:22 hqnl0246134 sshd[216744]: Accepted publickey for root from 188.32.176.34 port 55100 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 13:24:27,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325867.1346176, 'message': 'Dec  6 13:24:25 hqnl0246134 sshd[216799]: Invalid user vbox from 217.17.230.180 port 40966', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 13:24:27,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325867.135311, 'message': 'Dec  6 13:24:25 hqnl0246134 sshd[216788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.249.59.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 13:24:27,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325867.1349463, 'message': 'Dec  6 13:24:25 hqnl0246134 sshd[216799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.17.230.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 13:24:27,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325867.1354554, 'message': 'Dec  6 13:24:25 hqnl0246134 sshd[216788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.249.59.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 13:24:27,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325867.135206, 'message': 'Dec  6 13:24:25 hqnl0246134 sshd[216799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.17.230.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 13:24:29,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325869.139068, 'message': 'Dec  6 13:24:27 hqnl0246134 sshd[216804]: Invalid user gateway from 67.229.48.227 port 48974', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-06 13:24:29,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325869.1396856, 'message': 'Dec  6 13:24:28 hqnl0246134 sshd[216799]: Failed password for invalid user vbox from 217.17.230.180 port 40966 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0598 seconds
INFO    [2022-12-06 13:24:29,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.249.59.34', 'timestamp': 1670325869.1398253, 'message': 'Dec  6 13:24:28 hqnl0246134 sshd[216788]: Failed password for root from 20.249.59.34 port 6016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-06 13:24:29,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325869.139401, 'message': 'Dec  6 13:24:27 hqnl0246134 sshd[216804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.229.48.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 13:24:29,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325869.1395469, 'message': 'Dec  6 13:24:27 hqnl0246134 sshd[216804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.229.48.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 13:24:31,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670325871.1444843, 'message': 'Dec  6 13:24:29 hqnl0246134 sshd[216799]: Disconnected from invalid user vbox 217.17.230.180 port 40966 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 13:24:31,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325871.1447248, 'message': 'Dec  6 13:24:29 hqnl0246134 sshd[216804]: Failed password for invalid user gateway from 67.229.48.227 port 48974 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 13:24:31,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670325871.1448517, 'message': 'Dec  6 13:24:30 hqnl0246134 sshd[216804]: Disconnected from invalid user gateway 67.229.48.227 port 48974 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 13:24:41,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325881.155199, 'message': 'Dec  6 13:24:39 hqnl0246134 sshd[216824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.82.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 13:24:41,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325881.1559703, 'message': 'Dec  6 13:24:39 hqnl0246134 sshd[216824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.82.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 13:24:43,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.82.194', 'timestamp': 1670325883.1547449, 'message': 'Dec  6 13:24:41 hqnl0246134 sshd[216824]: Failed password for root from 138.68.82.194 port 56804 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:24:43,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:24:43,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:24:43,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:24:43,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-06 13:24:45,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325885.1554976, 'message': 'Dec  6 13:24:44 hqnl0246134 sshd[216835]: Invalid user roland from 34.126.71.110 port 57554', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 13:24:45,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325885.1558003, 'message': 'Dec  6 13:24:44 hqnl0246134 sshd[216835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.126.71.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 13:24:45,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325885.155913, 'message': 'Dec  6 13:24:44 hqnl0246134 sshd[216835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.71.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 13:24:46,024] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:24:46,025] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:24:47,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325887.1573029, 'message': 'Dec  6 13:24:46 hqnl0246134 sshd[216835]: Failed password for invalid user roland from 34.126.71.110 port 57554 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 13:24:49,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.126.71.110', 'timestamp': 1670325889.1574447, 'message': 'Dec  6 13:24:47 hqnl0246134 sshd[216835]: Disconnected from invalid user roland 34.126.71.110 port 57554 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
WARNING [2022-12-06 13:24:54,432] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:24:54,463] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0408 seconds
INFO    [2022-12-06 13:24:57,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325897.1869178, 'message': 'Dec  6 13:24:55 hqnl0246134 sshd[216861]: Invalid user yy from 87.98.174.163 port 59792', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 13:24:57,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325897.187092, 'message': 'Dec  6 13:24:55 hqnl0246134 sshd[216861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.174.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 13:24:57,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325897.1872077, 'message': 'Dec  6 13:24:55 hqnl0246134 sshd[216861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.174.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 13:24:59,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325899.191279, 'message': 'Dec  6 13:24:58 hqnl0246134 sshd[216864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 13:24:59,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325899.1916723, 'message': 'Dec  6 13:24:58 hqnl0246134 sshd[216861]: Failed password for invalid user yy from 87.98.174.163 port 59792 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 13:24:59,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325899.1915174, 'message': 'Dec  6 13:24:58 hqnl0246134 sshd[216864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 13:24:59,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670325899.19178, 'message': 'Dec  6 13:24:59 hqnl0246134 sshd[216861]: Disconnected from invalid user yy 87.98.174.163 port 59792 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 13:25:01,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325901.193156, 'message': 'Dec  6 13:25:00 hqnl0246134 sshd[216864]: Failed password for root from 61.177.172.108 port 42798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 13:25:03,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325903.1942022, 'message': 'Dec  6 13:25:02 hqnl0246134 sshd[216864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 13:25:05,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325905.20083, 'message': 'Dec  6 13:25:03 hqnl0246134 sshd[216864]: Failed password for root from 61.177.172.108 port 42798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-06 13:25:05,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325905.2024076, 'message': 'Dec  6 13:25:04 hqnl0246134 sshd[216864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 13:25:07,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325907.1979048, 'message': 'Dec  6 13:25:06 hqnl0246134 sshd[216864]: Failed password for root from 61.177.172.108 port 42798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 13:25:09,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325909.2005775, 'message': 'Dec  6 13:25:08 hqnl0246134 sshd[216896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 13:25:09,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.94.86.84', 'timestamp': 1670325909.2010176, 'message': 'Dec  6 13:25:08 hqnl0246134 sshd[216902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.94.86.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 13:25:09,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325909.2008474, 'message': 'Dec  6 13:25:08 hqnl0246134 sshd[216896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 13:25:09,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.94.86.84', 'timestamp': 1670325909.201123, 'message': 'Dec  6 13:25:08 hqnl0246134 sshd[216902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.94.86.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 13:25:11,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325911.2017386, 'message': 'Dec  6 13:25:10 hqnl0246134 sshd[216896]: Failed password for root from 61.177.172.108 port 13892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 13:25:11,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.94.86.84', 'timestamp': 1670325911.2019715, 'message': 'Dec  6 13:25:11 hqnl0246134 sshd[216902]: Failed password for root from 200.94.86.84 port 37356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 13:25:13,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325913.2033036, 'message': 'Dec  6 13:25:12 hqnl0246134 sshd[216896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0596 seconds
INFO    [2022-12-06 13:25:15,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325915.2042596, 'message': 'Dec  6 13:25:15 hqnl0246134 sshd[216896]: Failed password for root from 61.177.172.108 port 13892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 13:25:17,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670325917.20625, 'message': 'Dec  6 13:25:15 hqnl0246134 sshd[216909]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-06 13:25:17,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325917.2069845, 'message': 'Dec  6 13:25:16 hqnl0246134 sshd[216896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0571 seconds
INFO    [2022-12-06 13:25:17,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670325917.206809, 'message': 'Dec  6 13:25:15 hqnl0246134 sshd[216909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0755 seconds
INFO    [2022-12-06 13:25:18,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:25:18,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:25:18,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:25:18,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
INFO    [2022-12-06 13:25:19,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.255.8.153', 'timestamp': 1670325919.2081733, 'message': 'Dec  6 13:25:17 hqnl0246134 sshd[216909]: Failed password for root from 36.255.8.153 port 40906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 13:25:19,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325919.2083833, 'message': 'Dec  6 13:25:19 hqnl0246134 sshd[216896]: Failed password for root from 61.177.172.108 port 13892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 13:25:22,137] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:25:22,138] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:25:22,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:25:22,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 13:25:23,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325923.2128572, 'message': 'Dec  6 13:25:22 hqnl0246134 sshd[216925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:25:23,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325923.2130585, 'message': 'Dec  6 13:25:22 hqnl0246134 sshd[216925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 13:25:25,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325925.2134392, 'message': 'Dec  6 13:25:24 hqnl0246134 sshd[216925]: Failed password for root from 61.177.172.108 port 13148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 13:25:25,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325925.2145193, 'message': 'Dec  6 13:25:25 hqnl0246134 sshd[216925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 13:25:29,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325929.2193484, 'message': 'Dec  6 13:25:27 hqnl0246134 sshd[216925]: Failed password for root from 61.177.172.108 port 13148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 13:25:31,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325931.2208433, 'message': 'Dec  6 13:25:29 hqnl0246134 sshd[216925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 13:25:33,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325933.222091, 'message': 'Dec  6 13:25:31 hqnl0246134 sshd[216925]: Failed password for root from 61.177.172.108 port 13148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 13:25:35,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325935.2242012, 'message': 'Dec  6 13:25:33 hqnl0246134 sshd[216930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:25:35,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325935.2246058, 'message': 'Dec  6 13:25:33 hqnl0246134 sshd[216930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 13:25:37,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325937.2260964, 'message': 'Dec  6 13:25:35 hqnl0246134 sshd[216940]: Invalid user gateway from 157.230.113.181 port 56054', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 13:25:37,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325937.226686, 'message': 'Dec  6 13:25:35 hqnl0246134 sshd[216930]: Failed password for root from 61.177.172.108 port 37893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 13:25:37,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325937.226382, 'message': 'Dec  6 13:25:35 hqnl0246134 sshd[216940]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.113.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 13:25:37,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325937.226521, 'message': 'Dec  6 13:25:35 hqnl0246134 sshd[216940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.113.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 13:25:39,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325939.2329876, 'message': 'Dec  6 13:25:37 hqnl0246134 sshd[216940]: Failed password for invalid user gateway from 157.230.113.181 port 56054 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1463 seconds
INFO    [2022-12-06 13:25:39,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325939.2336383, 'message': 'Dec  6 13:25:37 hqnl0246134 sshd[216930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1404 seconds
INFO    [2022-12-06 13:25:39,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.113.181', 'timestamp': 1670325939.2339318, 'message': 'Dec  6 13:25:38 hqnl0246134 sshd[216940]: Disconnected from invalid user gateway 157.230.113.181 port 56054 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1054 seconds
INFO    [2022-12-06 13:25:41,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325941.2320304, 'message': 'Dec  6 13:25:40 hqnl0246134 sshd[216930]: Failed password for root from 61.177.172.108 port 37893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 13:25:43,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325943.2351308, 'message': 'Dec  6 13:25:42 hqnl0246134 sshd[216930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 13:25:45,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670325945.2378983, 'message': 'Dec  6 13:25:44 hqnl0246134 sshd[216930]: Failed password for root from 61.177.172.108 port 37893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 13:25:46,028] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:25:46,029] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:25:54,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:25:54,469] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0429 seconds
INFO    [2022-12-06 13:26:19,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:26:19,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:26:19,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:26:19,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0278 seconds
INFO    [2022-12-06 13:26:23,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325983.2756832, 'message': 'Dec  6 13:26:21 hqnl0246134 sshd[216981]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.4.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 13:26:23,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325983.2763064, 'message': 'Dec  6 13:26:21 hqnl0246134 sshd[216981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.4.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 13:26:23,603] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:26:23,604] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:26:23,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:26:23,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-06 13:26:25,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.4.124', 'timestamp': 1670325985.2790995, 'message': 'Dec  6 13:26:24 hqnl0246134 sshd[216981]: Failed password for root from 167.71.4.124 port 55148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 13:26:29,058] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:26:29,059] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:26:29,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:26:29,082] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
WARNING [2022-12-06 13:26:46,032] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:26:46,033] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:26:47,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326007.2995436, 'message': 'Dec  6 13:26:45 hqnl0246134 sshd[217008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.158.139.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 13:26:47,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326007.2998822, 'message': 'Dec  6 13:26:45 hqnl0246134 sshd[217008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.158.139.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 13:26:49,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326009.3011038, 'message': 'Dec  6 13:26:48 hqnl0246134 sshd[217008]: Failed password for root from 202.158.139.57 port 33928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 13:26:53,995] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:26:54,066] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:26:54,067] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:26:54,067] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:26:54,067] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:26:54,067] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:26:54,081] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:26:54,098] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0303 seconds
WARNING [2022-12-06 13:26:54,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:26:54,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:26:54,125] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0324 seconds
INFO    [2022-12-06 13:26:54,126] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0306 seconds
WARNING [2022-12-06 13:26:54,443] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:26:54,479] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0492 seconds
INFO    [2022-12-06 13:26:57,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326017.3104625, 'message': 'Dec  6 13:26:56 hqnl0246134 sshd[217006]: Accepted password for supportwwwuser from 212.58.119.251 port 10721 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 13:26:59,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326019.3126128, 'message': 'Dec  6 13:26:58 hqnl0246134 sshd[217004]: Accepted password for supportwwwuser from 212.58.119.251 port 10720 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 13:26:59,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670326019.31283, 'message': 'Dec  6 13:26:59 hqnl0246134 sshd[217058]: Invalid user admin from 137.184.196.76 port 49012', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 13:26:59,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670326019.3129835, 'message': 'Dec  6 13:26:59 hqnl0246134 sshd[217058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 13:26:59,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670326019.3131196, 'message': 'Dec  6 13:26:59 hqnl0246134 sshd[217058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 13:27:01,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670326021.3143353, 'message': 'Dec  6 13:27:00 hqnl0246134 sshd[217058]: Failed password for invalid user admin from 137.184.196.76 port 49012 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 13:27:01,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670326021.3147078, 'message': 'Dec  6 13:27:00 hqnl0246134 sshd[217058]: Disconnected from invalid user admin 137.184.196.76 port 49012 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 13:27:09,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326029.3278058, 'message': 'Dec  6 13:27:09 hqnl0246134 sshd[217105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-06 13:27:09,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326029.3298435, 'message': 'Dec  6 13:27:09 hqnl0246134 sshd[217105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 13:27:11,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326031.324327, 'message': 'Dec  6 13:27:10 hqnl0246134 sshd[217105]: Failed password for root from 61.177.173.39 port 64282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 13:27:11,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326031.3245206, 'message': 'Dec  6 13:27:11 hqnl0246134 sshd[217105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 13:27:15,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326035.33084, 'message': 'Dec  6 13:27:13 hqnl0246134 sshd[217105]: Failed password for root from 61.177.173.39 port 64282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 13:27:17,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326037.3347485, 'message': 'Dec  6 13:27:15 hqnl0246134 sshd[217105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 13:27:17,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326037.3439693, 'message': 'Dec  6 13:27:17 hqnl0246134 sshd[217105]: Failed password for root from 61.177.173.39 port 64282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:27:18,425] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:27:18,426] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:27:18,435] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:27:18,446] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 13:27:19,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326039.3375528, 'message': 'Dec  6 13:27:19 hqnl0246134 sshd[217115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 13:27:19,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326039.3379412, 'message': 'Dec  6 13:27:19 hqnl0246134 sshd[217115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 13:27:21,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:27:21,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:27:21,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:27:21,589] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 13:27:23,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326043.3398676, 'message': 'Dec  6 13:27:21 hqnl0246134 sshd[217115]: Failed password for root from 61.177.173.39 port 39164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-06 13:27:23,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670326043.3408172, 'message': 'Dec  6 13:27:21 hqnl0246134 sshd[217122]: Invalid user tt from 67.229.48.227 port 39320', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 13:27:23,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '67.229.48.227', 'timestamp': 1670326043.3410683, 'message': 'Dec  6 13:27:22 hqnl0246134 sshd[217122]: pam_imunify(sshd:auth): [IM360_RBL] The IP 67.229.48.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:27:23,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '67.229.48.227', 'timestamp': 1670326043.3412218, 'message': 'Dec  6 13:27:22 hqnl0246134 sshd[217122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.229.48.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 13:27:24,194] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:27:24,195] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:27:24,197] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 13:27:25,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326045.3405566, 'message': 'Dec  6 13:27:23 hqnl0246134 sshd[217115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 13:27:25,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670326045.340822, 'message': 'Dec  6 13:27:23 hqnl0246134 sshd[217122]: Failed password for invalid user tt from 67.229.48.227 port 39320 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:27:27,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '67.229.48.227', 'timestamp': 1670326047.342082, 'message': 'Dec  6 13:27:25 hqnl0246134 sshd[217122]: Disconnected from invalid user tt 67.229.48.227 port 39320 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 13:27:27,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326047.3423254, 'message': 'Dec  6 13:27:25 hqnl0246134 sshd[217115]: Failed password for root from 61.177.173.39 port 39164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 13:27:29,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326049.345207, 'message': 'Dec  6 13:27:27 hqnl0246134 sshd[217115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 13:27:29,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326049.3454194, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.249.59.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 13:27:29,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326049.345556, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.249.59.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 13:27:31,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326051.3467615, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217115]: Failed password for root from 61.177.173.39 port 39164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-06 13:27:31,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326051.3470445, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217126]: Invalid user rick from 138.197.195.123 port 59302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 13:27:31,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326051.3471668, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.195.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 13:27:31,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326051.3472736, 'message': 'Dec  6 13:27:29 hqnl0246134 sshd[217126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.195.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:27:33,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326053.3497245, 'message': 'Dec  6 13:27:31 hqnl0246134 sshd[217124]: Failed password for root from 20.249.59.34 port 6016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 13:27:33,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326053.3501246, 'message': 'Dec  6 13:27:31 hqnl0246134 sshd[217129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 13:27:33,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326053.3504274, 'message': 'Dec  6 13:27:32 hqnl0246134 sshd[217126]: Failed password for invalid user rick from 138.197.195.123 port 59302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 13:27:33,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326053.350283, 'message': 'Dec  6 13:27:31 hqnl0246134 sshd[217129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 13:27:35,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326055.3510447, 'message': 'Dec  6 13:27:34 hqnl0246134 sshd[217129]: Failed password for root from 61.177.173.39 port 22268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 13:27:35,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326055.351359, 'message': 'Dec  6 13:27:35 hqnl0246134 sshd[217126]: Disconnected from invalid user rick 138.197.195.123 port 59302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 13:27:37,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326057.3532634, 'message': 'Dec  6 13:27:36 hqnl0246134 sshd[217129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 13:27:37,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326057.353615, 'message': 'Dec  6 13:27:36 hqnl0246134 sshd[217141]: Invalid user administrator from 167.172.187.120 port 56418', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 13:27:37,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326057.353806, 'message': 'Dec  6 13:27:36 hqnl0246134 sshd[217141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 13:27:37,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326057.353983, 'message': 'Dec  6 13:27:36 hqnl0246134 sshd[217141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 13:27:39,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326059.355169, 'message': 'Dec  6 13:27:38 hqnl0246134 sshd[217129]: Failed password for root from 61.177.173.39 port 22268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0623 seconds
INFO    [2022-12-06 13:27:39,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.126.71.110', 'timestamp': 1670326059.3557222, 'message': 'Dec  6 13:27:38 hqnl0246134 sshd[217143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.126.71.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0631 seconds
INFO    [2022-12-06 13:27:39,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326059.3560214, 'message': 'Dec  6 13:27:38 hqnl0246134 sshd[217141]: Failed password for invalid user administrator from 167.172.187.120 port 56418 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-06 13:27:39,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326059.3555648, 'message': 'Dec  6 13:27:38 hqnl0246134 sshd[217129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 13:27:39,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670326059.3561523, 'message': 'Dec  6 13:27:39 hqnl0246134 sshd[217145]: Invalid user vps from 217.17.230.180 port 41606', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-06 13:27:39,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.126.71.110', 'timestamp': 1670326059.3558767, 'message': 'Dec  6 13:27:38 hqnl0246134 sshd[217143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.71.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 13:27:39,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.17.230.180', 'timestamp': 1670326059.3563077, 'message': 'Dec  6 13:27:39 hqnl0246134 sshd[217145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.17.230.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:27:39,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.17.230.180', 'timestamp': 1670326059.3564787, 'message': 'Dec  6 13:27:39 hqnl0246134 sshd[217145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.17.230.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 13:27:41,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326061.3576503, 'message': 'Dec  6 13:27:40 hqnl0246134 sshd[217129]: Failed password for root from 61.177.173.39 port 22268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0691 seconds
INFO    [2022-12-06 13:27:41,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.126.71.110', 'timestamp': 1670326061.35805, 'message': 'Dec  6 13:27:40 hqnl0246134 sshd[217143]: Failed password for root from 34.126.71.110 port 45260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0698 seconds
INFO    [2022-12-06 13:27:41,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326061.3582063, 'message': 'Dec  6 13:27:40 hqnl0246134 sshd[217141]: Disconnected from invalid user administrator 167.172.187.120 port 56418 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0697 seconds
INFO    [2022-12-06 13:27:43,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670326063.3582304, 'message': 'Dec  6 13:27:41 hqnl0246134 sshd[217145]: Failed password for invalid user vps from 217.17.230.180 port 41606 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 13:27:45,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.17.230.180', 'timestamp': 1670326065.3612056, 'message': 'Dec  6 13:27:43 hqnl0246134 sshd[217145]: Disconnected from invalid user vps 217.17.230.180 port 41606 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
WARNING [2022-12-06 13:27:46,036] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:27:46,037] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:27:54,035] defence360agent.files: Updating all files
INFO    [2022-12-06 13:27:54,354] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:54,355] defence360agent.files: ossec files update finished (not updated)
WARNING [2022-12-06 13:27:54,462] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:27:54,502] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0576 seconds
INFO    [2022-12-06 13:27:54,708] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:54,708] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 13:27:54,981] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:54,982] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 13:27:55,288] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:55,289] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 13:27:55,289] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 13:27:55,559] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 11:27:55 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E30B746D633B0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 13:27:55,564] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 13:27:55,565] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 13:27:56,415] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:56,415] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 13:27:56,678] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:56,679] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 13:27:56,939] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:56,940] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 13:27:57,574] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:57,574] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 13:27:58,183] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 13:27:58,185] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 13:28:15,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326095.3937068, 'message': 'Dec  6 13:28:13 hqnl0246134 sshd[217172]: Accepted password for supportwwwuser from 212.58.119.251 port 10498 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 13:28:17,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670326097.3958151, 'message': 'Dec  6 13:28:16 hqnl0246134 sshd[217212]: Invalid user cactiuser from 87.98.174.163 port 60358', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-06 13:28:17,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.174.163', 'timestamp': 1670326097.3959923, 'message': 'Dec  6 13:28:16 hqnl0246134 sshd[217212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.174.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 13:28:17,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.174.163', 'timestamp': 1670326097.3987732, 'message': 'Dec  6 13:28:16 hqnl0246134 sshd[217212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.174.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-06 13:28:19,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670326099.400897, 'message': 'Dec  6 13:28:18 hqnl0246134 sshd[217212]: Failed password for invalid user cactiuser from 87.98.174.163 port 60358 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-06 13:28:19,690] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:28:19,691] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:28:19,707] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:28:19,721] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0285 seconds
INFO    [2022-12-06 13:28:21,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.174.163', 'timestamp': 1670326101.4095044, 'message': 'Dec  6 13:28:20 hqnl0246134 sshd[217212]: Disconnected from invalid user cactiuser 87.98.174.163 port 60358 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2366 seconds
INFO    [2022-12-06 13:28:25,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:28:25,776] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:28:25,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:28:25,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0642 seconds
INFO    [2022-12-06 13:28:26,373] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:28:26,374] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:28:26,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:28:26,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0389 seconds
WARNING [2022-12-06 13:28:46,041] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:28:46,043] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:28:54,467] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:28:54,504] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0530 seconds
INFO    [2022-12-06 13:29:19,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:29:19,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:29:19,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:29:19,940] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0568 seconds
INFO    [2022-12-06 13:29:22,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:29:22,813] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:29:22,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:29:22,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 13:29:29,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326169.4768376, 'message': 'Dec  6 13:29:28 hqnl0246134 sshd[217284]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.158.139.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 13:29:29,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326169.4776475, 'message': 'Dec  6 13:29:28 hqnl0246134 sshd[217284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.158.139.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 13:29:31,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.158.139.57', 'timestamp': 1670326171.475034, 'message': 'Dec  6 13:29:30 hqnl0246134 sshd[217284]: Failed password for root from 202.158.139.57 port 44178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0403 seconds
WARNING [2022-12-06 13:29:46,047] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:29:46,050] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:29:54,482] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:29:54,531] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0670 seconds
INFO    [2022-12-06 13:30:21,380] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:30:21,382] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:30:21,433] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:30:21,493] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0987 seconds
INFO    [2022-12-06 13:30:27,585] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:30:27,586] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:30:27,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:30:27,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0692 seconds
INFO    [2022-12-06 13:30:28,614] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:30:28,686] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:30:28,687] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:30:28,687] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:30:28,688] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:30:28,688] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:30:28,731] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:30:28,771] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0821 seconds
WARNING [2022-12-06 13:30:28,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:30:28,782] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:30:28,799] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0392 seconds
INFO    [2022-12-06 13:30:28,801] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0322 seconds
INFO    [2022-12-06 13:30:29,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326229.5536652, 'message': 'Dec  6 13:30:28 hqnl0246134 sshd[217358]: Invalid user marcela from 20.249.59.34 port 3520', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 13:30:29,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326229.5541255, 'message': 'Dec  6 13:30:28 hqnl0246134 sshd[217358]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.249.59.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 13:30:29,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326229.5543084, 'message': 'Dec  6 13:30:28 hqnl0246134 sshd[217358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.249.59.34 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:30:31,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326231.55382, 'message': 'Dec  6 13:30:31 hqnl0246134 sshd[217358]: Failed password for invalid user marcela from 20.249.59.34 port 3520 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 13:30:33,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.249.59.34', 'timestamp': 1670326233.5556762, 'message': 'Dec  6 13:30:32 hqnl0246134 sshd[217358]: Disconnected from invalid user marcela 20.249.59.34 port 3520 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 13:30:39,284] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:30:39,286] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:30:39,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:30:39,314] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 13:30:45,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326245.5764718, 'message': 'Dec  6 13:30:45 hqnl0246134 sshd[217384]: Invalid user go from 138.197.195.123 port 48534', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:30:45,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326245.5814304, 'message': 'Dec  6 13:30:45 hqnl0246134 sshd[217384]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.195.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 13:30:45,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326245.581895, 'message': 'Dec  6 13:30:45 hqnl0246134 sshd[217384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.195.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 13:30:46,052] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:30:46,053] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:30:47,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326247.5772462, 'message': 'Dec  6 13:30:47 hqnl0246134 sshd[217384]: Failed password for invalid user go from 138.197.195.123 port 48534 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0569 seconds
INFO    [2022-12-06 13:30:49,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.195.123', 'timestamp': 1670326249.5792673, 'message': 'Dec  6 13:30:48 hqnl0246134 sshd[217384]: Disconnected from invalid user go 138.197.195.123 port 48534 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1293 seconds
WARNING [2022-12-06 13:30:54,482] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:30:54,536] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0676 seconds
INFO    [2022-12-06 13:30:55,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670326255.5861683, 'message': 'Dec  6 13:30:53 hqnl0246134 sshd[217396]: Invalid user server from 85.114.119.22 port 59551', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1035 seconds
INFO    [2022-12-06 13:30:55,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.114.119.22', 'timestamp': 1670326255.5865176, 'message': 'Dec  6 13:30:54 hqnl0246134 sshd[217396]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.114.119.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0953 seconds
INFO    [2022-12-06 13:30:55,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.114.119.22', 'timestamp': 1670326255.5867887, 'message': 'Dec  6 13:30:54 hqnl0246134 sshd[217396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.114.119.22 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0906 seconds
INFO    [2022-12-06 13:30:57,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670326257.5868518, 'message': 'Dec  6 13:30:56 hqnl0246134 sshd[217396]: Failed password for invalid user server from 85.114.119.22 port 59551 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 13:30:59,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.114.119.22', 'timestamp': 1670326259.591194, 'message': 'Dec  6 13:30:57 hqnl0246134 sshd[217396]: Disconnected from invalid user server 85.114.119.22 port 59551 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 13:31:03,783] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:31:03,787] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:31:03,804] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 13:31:20,290] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:31:20,292] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:31:20,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:31:20,326] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0322 seconds
INFO    [2022-12-06 13:31:27,324] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:31:27,332] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:31:27,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:31:27,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
WARNING [2022-12-06 13:31:46,058] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:31:46,063] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:31:53,272] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:31:54,546] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:31:54,706] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.2320 seconds
INFO    [2022-12-06 13:32:19,614] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:32:19,615] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:32:19,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:32:19,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 13:32:22,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:32:22,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:32:23,015] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:32:23,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0409 seconds
INFO    [2022-12-06 13:32:31,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326351.7112594, 'message': 'Dec  6 13:32:30 hqnl0246134 sshd[217501]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 13:32:31,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326351.712231, 'message': 'Dec  6 13:32:30 hqnl0246134 sshd[217501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 13:32:33,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326353.7098598, 'message': 'Dec  6 13:32:32 hqnl0246134 sshd[217501]: Failed password for root from 167.172.187.120 port 41378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 13:32:38,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:32:38,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:32:38,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:32:38,116] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0389 seconds
WARNING [2022-12-06 13:32:46,066] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:32:46,068] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:32:54,494] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:32:54,547] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0670 seconds
INFO    [2022-12-06 13:32:57,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5555, 'attackers_ip': None, 'timestamp': 1670326377.7337368, 'message': 'Dec  6 13:32:56 hqnl0246134 passwd[217516]: pam_unix(passwd:chauthtok): password changed for root', 'severity': 4, 'name': 'User changed password.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 13:33:03,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326383.740016, 'message': 'Dec  6 13:33:02 hqnl0246134 sshd[217528]: Invalid user ruser from 159.223.96.213 port 59392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 13:33:03,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326383.7408059, 'message': 'Dec  6 13:33:02 hqnl0246134 sshd[217528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.96.213 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 13:33:03,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326383.7411582, 'message': 'Dec  6 13:33:02 hqnl0246134 sshd[217528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.96.213 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 13:33:05,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326385.7386622, 'message': 'Dec  6 13:33:04 hqnl0246134 sshd[217528]: Failed password for invalid user ruser from 159.223.96.213 port 59392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 13:33:05,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326385.738929, 'message': 'Dec  6 13:33:04 hqnl0246134 sshd[217528]: Disconnected from invalid user ruser 159.223.96.213 port 59392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 13:33:19,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:33:19,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:33:19,064] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:33:19,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 13:33:22,321] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:33:22,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:33:22,340] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:33:22,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0463 seconds
INFO    [2022-12-06 13:33:23,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326403.7564094, 'message': 'Dec  6 13:33:23 hqnl0246134 sshd[217552]: Invalid user test123 from 200.94.86.84 port 57666', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 13:33:23,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326403.7567606, 'message': 'Dec  6 13:33:23 hqnl0246134 sshd[217552]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.94.86.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 13:33:23,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326403.7569945, 'message': 'Dec  6 13:33:23 hqnl0246134 sshd[217552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.94.86.84 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 13:33:25,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326405.762113, 'message': 'Dec  6 13:33:25 hqnl0246134 sshd[217552]: Failed password for invalid user test123 from 200.94.86.84 port 57666 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-06 13:33:25,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326405.762361, 'message': 'Dec  6 13:33:25 hqnl0246134 sshd[217555]: Invalid user ftp_user from 112.221.4.3 port 38468', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 13:33:25,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326405.7624989, 'message': 'Dec  6 13:33:25 hqnl0246134 sshd[217555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.221.4.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 13:33:25,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326405.7626476, 'message': 'Dec  6 13:33:25 hqnl0246134 sshd[217555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.221.4.3 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 13:33:27,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326407.7629566, 'message': 'Dec  6 13:33:26 hqnl0246134 sshd[217552]: Disconnected from invalid user test123 200.94.86.84 port 57666 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 13:33:29,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326409.7694163, 'message': 'Dec  6 13:33:27 hqnl0246134 sshd[217555]: Failed password for invalid user ftp_user from 112.221.4.3 port 38468 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 13:33:31,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326411.7667823, 'message': 'Dec  6 13:33:29 hqnl0246134 sshd[217555]: Disconnected from invalid user ftp_user 112.221.4.3 port 38468 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
WARNING [2022-12-06 13:33:46,072] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:33:46,074] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:33:54,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:33:54,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:33:54,587] defence360agent.internals.the_sink: LocalIncidentList(<1 item(s)>) processed in 0.1003 seconds
INFO    [2022-12-06 13:33:54,588] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0992 seconds
INFO    [2022-12-06 13:34:21,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:34:21,909] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:34:21,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:34:21,967] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0567 seconds
INFO    [2022-12-06 13:34:26,298] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:34:26,299] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:34:26,308] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:34:26,323] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
WARNING [2022-12-06 13:34:46,078] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:34:46,080] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:35:05,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326505.9197788, 'message': 'Dec  6 13:35:04 hqnl0246134 sshd[217667]: Invalid user ninja from 167.172.187.120 port 60020', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 13:35:05,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326505.9205256, 'message': 'Dec  6 13:35:04 hqnl0246134 sshd[217667]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 13:35:05,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326505.9207861, 'message': 'Dec  6 13:35:04 hqnl0246134 sshd[217667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 13:35:07,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326507.918773, 'message': 'Dec  6 13:35:06 hqnl0246134 sshd[217667]: Failed password for invalid user ninja from 167.172.187.120 port 60020 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 13:35:09,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326509.920805, 'message': 'Dec  6 13:35:08 hqnl0246134 sshd[217667]: Disconnected from invalid user ninja 167.172.187.120 port 60020 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 13:35:10,358] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:35:10,428] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:35:10,429] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:35:10,430] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:35:10,430] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:35:10,430] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:35:10,443] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:35:10,461] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0301 seconds
WARNING [2022-12-06 13:35:10,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:35:10,473] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:35:10,491] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0378 seconds
INFO    [2022-12-06 13:35:10,493] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0348 seconds
INFO    [2022-12-06 13:35:11,129] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:35:11,130] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:35:11,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:35:11,151] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 13:35:17,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:35:17,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:35:17,978] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:35:17,990] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 13:35:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:35:20,735] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:35:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:35:20,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 13:35:40,568] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:35:40,569] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:35:40,570] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 13:35:46,084] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:35:46,085] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:35:50,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326549.9682212, 'message': 'Dec  6 13:35:48 hqnl0246134 sshd[217724]: Invalid user user1 from 159.223.96.213 port 43694', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 13:35:50,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326549.9688997, 'message': 'Dec  6 13:35:48 hqnl0246134 sshd[217724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.96.213 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 13:35:50,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326549.9691072, 'message': 'Dec  6 13:35:48 hqnl0246134 sshd[217724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.96.213 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 13:35:51,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326551.9728987, 'message': 'Dec  6 13:35:50 hqnl0246134 sshd[217724]: Failed password for invalid user user1 from 159.223.96.213 port 43694 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 13:35:53,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326553.9760857, 'message': 'Dec  6 13:35:52 hqnl0246134 sshd[217724]: Disconnected from invalid user user1 159.223.96.213 port 43694 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 13:35:54,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:35:54,544] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0491 seconds
INFO    [2022-12-06 13:36:14,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326574.008819, 'message': 'Dec  6 13:36:12 hqnl0246134 sshd[217748]: Invalid user dbuser from 200.94.86.84 port 52730', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 13:36:14,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326574.00919, 'message': 'Dec  6 13:36:12 hqnl0246134 sshd[217748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.94.86.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 13:36:14,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326574.0105653, 'message': 'Dec  6 13:36:12 hqnl0246134 sshd[217748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.94.86.84 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 13:36:16,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326576.0093157, 'message': 'Dec  6 13:36:14 hqnl0246134 sshd[217748]: Failed password for invalid user dbuser from 200.94.86.84 port 52730 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 13:36:18,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326578.0117757, 'message': 'Dec  6 13:36:16 hqnl0246134 sshd[217748]: Disconnected from invalid user dbuser 200.94.86.84 port 52730 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 13:36:18,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:36:18,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:36:19,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:36:19,042] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0574 seconds
INFO    [2022-12-06 13:36:22,767] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:36:22,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:36:22,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:36:22,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0417 seconds
INFO    [2022-12-06 13:36:30,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326590.0249395, 'message': 'Dec  6 13:36:28 hqnl0246134 sshd[217770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.221.4.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 13:36:30,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326590.0252311, 'message': 'Dec  6 13:36:28 hqnl0246134 sshd[217770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.221.4.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 13:36:32,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326592.026938, 'message': 'Dec  6 13:36:30 hqnl0246134 sshd[217770]: Failed password for root from 112.221.4.3 port 56736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 13:36:46,088] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:36:46,089] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:36:54,515] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:36:54,555] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0547 seconds
INFO    [2022-12-06 13:37:17,994] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:37:17,995] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:37:18,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:37:18,018] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 13:37:20,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:37:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:37:20,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:37:20,649] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-06 13:37:36,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326656.1173615, 'message': 'Dec  6 13:37:34 hqnl0246134 sshd[217826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 13:37:36,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326656.1176322, 'message': 'Dec  6 13:37:34 hqnl0246134 sshd[217826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 13:37:38,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326658.119679, 'message': 'Dec  6 13:37:36 hqnl0246134 sshd[217826]: Failed password for root from 61.177.172.104 port 30280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 13:37:40,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326660.1296504, 'message': 'Dec  6 13:37:38 hqnl0246134 sshd[217826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 13:37:42,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326662.1278727, 'message': 'Dec  6 13:37:41 hqnl0246134 sshd[217826]: Failed password for root from 61.177.172.104 port 30280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 13:37:44,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326664.1355417, 'message': 'Dec  6 13:37:43 hqnl0246134 sshd[217845]: Invalid user liuhai from 167.172.187.120 port 50418', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:37:44,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326664.136052, 'message': 'Dec  6 13:37:43 hqnl0246134 sshd[217826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:37:44,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326664.1357584, 'message': 'Dec  6 13:37:43 hqnl0246134 sshd[217845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 13:37:44,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326664.1359437, 'message': 'Dec  6 13:37:43 hqnl0246134 sshd[217845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 13:37:46,092] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:37:46,092] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:37:46,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326666.1373637, 'message': 'Dec  6 13:37:45 hqnl0246134 sshd[217845]: Failed password for invalid user liuhai from 167.172.187.120 port 50418 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 13:37:46,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326666.1376371, 'message': 'Dec  6 13:37:45 hqnl0246134 sshd[217826]: Failed password for root from 61.177.172.104 port 30280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 13:37:48,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670326668.1378136, 'message': 'Dec  6 13:37:47 hqnl0246134 sshd[217845]: Disconnected from invalid user liuhai 167.172.187.120 port 50418 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 13:37:50,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326670.1416256, 'message': 'Dec  6 13:37:50 hqnl0246134 sshd[217849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 13:37:50,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326670.1419806, 'message': 'Dec  6 13:37:50 hqnl0246134 sshd[217849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 13:37:50,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:37:50,954] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:37:50,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:37:50,975] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 13:37:54,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326674.1456559, 'message': 'Dec  6 13:37:52 hqnl0246134 sshd[217849]: Failed password for root from 61.177.172.104 port 27650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 13:37:54,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:37:54,546] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0434 seconds
INFO    [2022-12-06 13:37:56,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326676.1494095, 'message': 'Dec  6 13:37:54 hqnl0246134 sshd[217849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 13:37:58,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326678.15284, 'message': 'Dec  6 13:37:56 hqnl0246134 sshd[217849]: Failed password for root from 61.177.172.104 port 27650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 13:38:00,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326680.154012, 'message': 'Dec  6 13:37:58 hqnl0246134 sshd[217849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 13:38:02,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326682.1544075, 'message': 'Dec  6 13:38:00 hqnl0246134 sshd[217849]: Failed password for root from 61.177.172.104 port 27650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 13:38:04,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326684.159171, 'message': 'Dec  6 13:38:02 hqnl0246134 sshd[217865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 13:38:04,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326684.159369, 'message': 'Dec  6 13:38:02 hqnl0246134 sshd[217865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 13:38:06,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326686.1614587, 'message': 'Dec  6 13:38:05 hqnl0246134 sshd[217865]: Failed password for root from 61.177.172.104 port 63389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 13:38:08,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326688.164172, 'message': 'Dec  6 13:38:07 hqnl0246134 sshd[217865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 13:38:10,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326690.1658196, 'message': 'Dec  6 13:38:09 hqnl0246134 sshd[217865]: Failed password for root from 61.177.172.104 port 63389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 13:38:12,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326692.1672964, 'message': 'Dec  6 13:38:11 hqnl0246134 sshd[217865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 13:38:13,850] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:38:13,915] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:38:13,915] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:38:13,916] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:38:13,916] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:38:13,916] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:38:13,926] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:38:13,943] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0263 seconds
WARNING [2022-12-06 13:38:13,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:38:13,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:38:13,971] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0339 seconds
INFO    [2022-12-06 13:38:13,972] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0319 seconds
INFO    [2022-12-06 13:38:14,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326694.1707008, 'message': 'Dec  6 13:38:14 hqnl0246134 sshd[217865]: Failed password for root from 61.177.172.104 port 63389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 13:38:17,961] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:38:17,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:38:17,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:38:17,986] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 13:38:18,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326698.176174, 'message': 'Dec  6 13:38:17 hqnl0246134 sshd[217885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 13:38:18,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326698.1764348, 'message': 'Dec  6 13:38:17 hqnl0246134 sshd[217885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 13:38:20,642] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:38:20,643] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:38:20,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:38:20,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-06 13:38:22,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326702.1830156, 'message': 'Dec  6 13:38:20 hqnl0246134 sshd[217885]: Failed password for root from 61.177.172.104 port 48599 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 13:38:22,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326702.183201, 'message': 'Dec  6 13:38:20 hqnl0246134 sshd[217893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 13:38:22,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326702.1833227, 'message': 'Dec  6 13:38:20 hqnl0246134 sshd[217893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 13:38:24,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326704.1852086, 'message': 'Dec  6 13:38:22 hqnl0246134 sshd[217885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 13:38:24,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326704.1855106, 'message': 'Dec  6 13:38:23 hqnl0246134 sshd[217893]: Failed password for root from 61.177.172.124 port 63127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 13:38:24,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326704.1856241, 'message': 'Dec  6 13:38:23 hqnl0246134 sshd[217885]: Failed password for root from 61.177.172.104 port 48599 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 13:38:26,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326706.18801, 'message': 'Dec  6 13:38:24 hqnl0246134 sshd[217885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 13:38:26,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326706.1883047, 'message': 'Dec  6 13:38:24 hqnl0246134 sshd[217893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 13:38:28,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326708.1904624, 'message': 'Dec  6 13:38:26 hqnl0246134 sshd[217900]: Accepted password for supportwwwuser from 212.58.119.251 port 10674 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 13:38:28,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326708.1913807, 'message': 'Dec  6 13:38:27 hqnl0246134 sshd[217885]: Failed password for root from 61.177.172.104 port 48599 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 13:38:28,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326708.1915064, 'message': 'Dec  6 13:38:27 hqnl0246134 sshd[217893]: Failed password for root from 61.177.172.124 port 63127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 13:38:30,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326710.1940742, 'message': 'Dec  6 13:38:29 hqnl0246134 sshd[217893]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 13:38:32,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326712.1971555, 'message': 'Dec  6 13:38:30 hqnl0246134 sshd[217942]: Accepted password for supportwwwuser from 212.58.119.251 port 10675 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0924 seconds
INFO    [2022-12-06 13:38:32,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326712.1974444, 'message': 'Dec  6 13:38:31 hqnl0246134 sshd[217893]: Failed password for root from 61.177.172.124 port 63127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0929 seconds
INFO    [2022-12-06 13:38:32,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326712.1976473, 'message': 'Dec  6 13:38:31 hqnl0246134 sshd[217939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0929 seconds
INFO    [2022-12-06 13:38:32,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326712.1979082, 'message': 'Dec  6 13:38:31 hqnl0246134 sshd[217939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 13:38:34,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326714.1978447, 'message': 'Dec  6 13:38:33 hqnl0246134 sshd[217939]: Failed password for root from 61.177.172.104 port 24013 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 13:38:36,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326716.2004383, 'message': 'Dec  6 13:38:35 hqnl0246134 sshd[217969]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 13:38:36,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326716.2008393, 'message': 'Dec  6 13:38:35 hqnl0246134 sshd[217939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 13:38:36,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326716.200965, 'message': 'Dec  6 13:38:36 hqnl0246134 sshd[217971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 13:38:36,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326716.200686, 'message': 'Dec  6 13:38:35 hqnl0246134 sshd[217969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 13:38:36,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326716.2010813, 'message': 'Dec  6 13:38:36 hqnl0246134 sshd[217971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 13:38:38,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326718.2038426, 'message': 'Dec  6 13:38:37 hqnl0246134 sshd[217969]: Failed password for root from 61.177.172.124 port 62787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 13:38:40,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326720.205737, 'message': 'Dec  6 13:38:38 hqnl0246134 sshd[217939]: Failed password for root from 61.177.172.104 port 24013 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-06 13:38:40,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326720.2070043, 'message': 'Dec  6 13:38:38 hqnl0246134 sshd[217971]: Failed password for root from 61.177.173.39 port 39493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-06 13:38:40,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326720.2071111, 'message': 'Dec  6 13:38:39 hqnl0246134 sshd[217969]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-06 13:38:42,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326722.2065728, 'message': 'Dec  6 13:38:40 hqnl0246134 sshd[217939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 13:38:42,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326722.2068071, 'message': 'Dec  6 13:38:40 hqnl0246134 sshd[217971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 13:38:42,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326722.2069614, 'message': 'Dec  6 13:38:41 hqnl0246134 sshd[217969]: Failed password for root from 61.177.172.124 port 62787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 13:38:42,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326722.2070675, 'message': 'Dec  6 13:38:41 hqnl0246134 sshd[217969]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 13:38:44,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670326724.2097793, 'message': 'Dec  6 13:38:42 hqnl0246134 sshd[217939]: Failed password for root from 61.177.172.104 port 24013 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 13:38:44,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326724.2100549, 'message': 'Dec  6 13:38:42 hqnl0246134 sshd[218006]: Invalid user rf from 159.223.96.213 port 49428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 13:38:44,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326724.2104545, 'message': 'Dec  6 13:38:42 hqnl0246134 sshd[217971]: Failed password for root from 61.177.173.39 port 39493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 13:38:44,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326724.21019, 'message': 'Dec  6 13:38:42 hqnl0246134 sshd[218006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.96.213 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 13:38:44,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326724.2105644, 'message': 'Dec  6 13:38:43 hqnl0246134 sshd[217969]: Failed password for root from 61.177.172.124 port 62787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 13:38:44,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326724.2103455, 'message': 'Dec  6 13:38:42 hqnl0246134 sshd[218006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.96.213 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 13:38:45,198] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:38:45,199] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:38:45,200] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 13:38:46,097] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:38:46,097] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:38:46,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326726.2122684, 'message': 'Dec  6 13:38:44 hqnl0246134 sshd[218006]: Failed password for invalid user rf from 159.223.96.213 port 49428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 13:38:46,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326726.2124922, 'message': 'Dec  6 13:38:45 hqnl0246134 sshd[217971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 13:38:46,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.96.213', 'timestamp': 1670326726.2126262, 'message': 'Dec  6 13:38:45 hqnl0246134 sshd[218006]: Disconnected from invalid user rf 159.223.96.213 port 49428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 13:38:48,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326728.2159636, 'message': 'Dec  6 13:38:46 hqnl0246134 sshd[218008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 13:38:48,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326728.216309, 'message': 'Dec  6 13:38:46 hqnl0246134 sshd[217971]: Failed password for root from 61.177.173.39 port 39493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 13:38:48,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326728.2161674, 'message': 'Dec  6 13:38:46 hqnl0246134 sshd[218008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 13:38:50,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326730.219973, 'message': 'Dec  6 13:38:48 hqnl0246134 sshd[218008]: Failed password for root from 61.177.172.124 port 37295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:38:50,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326730.220431, 'message': 'Dec  6 13:38:48 hqnl0246134 sshd[218010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 13:38:50,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326730.2202392, 'message': 'Dec  6 13:38:48 hqnl0246134 sshd[218008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 13:38:50,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326730.2205358, 'message': 'Dec  6 13:38:48 hqnl0246134 sshd[218010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 13:38:52,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326732.2223132, 'message': 'Dec  6 13:38:51 hqnl0246134 sshd[218008]: Failed password for root from 61.177.172.124 port 37295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 13:38:52,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326732.2230325, 'message': 'Dec  6 13:38:51 hqnl0246134 sshd[218010]: Failed password for root from 61.177.173.39 port 32675 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 13:38:54,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326734.2258296, 'message': 'Dec  6 13:38:52 hqnl0246134 sshd[218008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-06 13:38:54,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326734.2261162, 'message': 'Dec  6 13:38:53 hqnl0246134 sshd[218010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
WARNING [2022-12-06 13:38:54,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:38:54,556] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0501 seconds
INFO    [2022-12-06 13:38:56,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326736.2257655, 'message': 'Dec  6 13:38:54 hqnl0246134 sshd[218010]: Failed password for root from 61.177.173.39 port 32675 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 13:38:56,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326736.2260416, 'message': 'Dec  6 13:38:55 hqnl0246134 sshd[218008]: Failed password for root from 61.177.172.124 port 37295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 13:38:56,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326736.2291126, 'message': 'Dec  6 13:38:55 hqnl0246134 sshd[218010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 13:38:58,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326738.2288043, 'message': 'Dec  6 13:38:57 hqnl0246134 sshd[218010]: Failed password for root from 61.177.173.39 port 32675 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 13:39:00,203] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:39:00,204] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:39:00,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:39:00,227] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 13:39:00,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326740.2298539, 'message': 'Dec  6 13:38:58 hqnl0246134 sshd[218016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 13:39:00,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326740.2300322, 'message': 'Dec  6 13:38:58 hqnl0246134 sshd[218016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 13:39:02,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326742.2339542, 'message': 'Dec  6 13:39:00 hqnl0246134 sshd[218016]: Failed password for root from 61.177.172.124 port 32447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-06 13:39:02,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326742.2345536, 'message': 'Dec  6 13:39:01 hqnl0246134 sshd[218023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 13:39:02,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326742.2343872, 'message': 'Dec  6 13:39:01 hqnl0246134 sshd[218016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0550 seconds
INFO    [2022-12-06 13:39:02,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326742.2347097, 'message': 'Dec  6 13:39:01 hqnl0246134 sshd[218023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0550 seconds
INFO    [2022-12-06 13:39:04,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326744.2387567, 'message': 'Dec  6 13:39:03 hqnl0246134 sshd[218016]: Failed password for root from 61.177.172.124 port 32447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 13:39:04,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326744.2390387, 'message': 'Dec  6 13:39:03 hqnl0246134 sshd[218023]: Failed password for root from 61.177.173.39 port 22539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 13:39:06,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326746.2424312, 'message': 'Dec  6 13:39:05 hqnl0246134 sshd[218016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 13:39:06,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326746.2425964, 'message': 'Dec  6 13:39:05 hqnl0246134 sshd[218023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 13:39:08,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670326748.2479482, 'message': 'Dec  6 13:39:07 hqnl0246134 sshd[218016]: Failed password for root from 61.177.172.124 port 32447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 13:39:08,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326748.248293, 'message': 'Dec  6 13:39:07 hqnl0246134 sshd[218023]: Failed password for root from 61.177.173.39 port 22539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 13:39:08,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326748.2484248, 'message': 'Dec  6 13:39:07 hqnl0246134 sshd[218023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 13:39:10,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670326750.249964, 'message': 'Dec  6 13:39:09 hqnl0246134 sshd[218023]: Failed password for root from 61.177.173.39 port 22539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 13:39:14,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326754.255365, 'message': 'Dec  6 13:39:13 hqnl0246134 sshd[218165]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.94.86.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 13:39:14,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326754.255618, 'message': 'Dec  6 13:39:13 hqnl0246134 sshd[218165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.94.86.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 13:39:16,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.94.86.84', 'timestamp': 1670326756.2573957, 'message': 'Dec  6 13:39:15 hqnl0246134 sshd[218165]: Failed password for root from 200.94.86.84 port 47811 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 13:39:17,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:39:17,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:39:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:39:17,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 13:39:20,549] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:39:20,549] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:39:20,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:39:20,566] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-06 13:39:44,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326784.315277, 'message': 'Dec  6 13:39:42 hqnl0246134 sshd[218189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.221.4.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 13:39:44,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326784.3163157, 'message': 'Dec  6 13:39:42 hqnl0246134 sshd[218189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.221.4.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0386 seconds
WARNING [2022-12-06 13:39:46,102] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:39:46,103] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:39:46,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.221.4.3', 'timestamp': 1670326786.313621, 'message': 'Dec  6 13:39:44 hqnl0246134 sshd[218189]: Failed password for root from 112.221.4.3 port 46758 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 13:39:54,520] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:39:54,547] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-06 13:40:17,994] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:40:17,994] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:40:18,003] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:40:18,016] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 13:40:20,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:40:20,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:40:20,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:40:20,917] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
WARNING [2022-12-06 13:40:46,110] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:40:46,113] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:41:17,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:41:17,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:41:17,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:41:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-06 13:41:20,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:41:20,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:41:20,654] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:41:20,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 13:41:44,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670326904.5189228, 'message': 'Dec  6 13:41:42 hqnl0246134 sshd[218313]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 13:41:44,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670326904.5199955, 'message': 'Dec  6 13:41:42 hqnl0246134 sshd[218313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 13:41:44,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.255.8.153', 'timestamp': 1670326904.5202043, 'message': 'Dec  6 13:41:44 hqnl0246134 sshd[218313]: Failed password for root from 36.255.8.153 port 41506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 13:41:46,116] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:41:46,117] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:41:52,681] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:41:52,682] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:41:52,729] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:41:52,757] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0635 seconds
WARNING [2022-12-06 13:41:53,280] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:41:54,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:41:54,543] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0267 seconds
INFO    [2022-12-06 13:42:18,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:42:18,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:42:18,017] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:42:18,030] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 13:42:20,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:42:20,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:42:20,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:42:20,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 13:42:36,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670326956.5858285, 'message': 'Dec  6 13:42:35 hqnl0246134 sshd[218356]: Accepted password for supportwwwuser from 212.58.119.251 port 10560 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0908 seconds
WARNING [2022-12-06 13:42:46,120] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:42:46,123] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:42:54,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:42:54,557] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-06 13:43:18,130] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:43:18,131] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:43:18,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:43:18,164] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-06 13:43:21,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:43:21,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:43:21,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:43:21,319] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 13:43:40,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670327020.665188, 'message': 'Dec  6 13:43:39 hqnl0246134 sshd[218460]: Accepted password for supportwwwuser from 212.58.119.251 port 10588 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0247 seconds
WARNING [2022-12-06 13:43:46,125] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:43:46,127] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:43:46,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327026.672863, 'message': 'Dec  6 13:43:45 hqnl0246134 sshd[218508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 13:43:46,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327026.6731563, 'message': 'Dec  6 13:43:45 hqnl0246134 sshd[218508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 13:43:48,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327028.674426, 'message': 'Dec  6 13:43:47 hqnl0246134 sshd[218508]: Failed password for root from 36.255.8.153 port 33386 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 13:43:54,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:43:54,714] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.1847 seconds
INFO    [2022-12-06 13:44:18,311] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:44:18,312] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:44:18,324] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:44:18,340] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-06 13:44:21,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:44:21,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:44:21,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:44:21,696] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
WARNING [2022-12-06 13:44:46,130] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:44:46,132] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:45:19,093] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:45:19,094] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:45:19,106] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:45:19,121] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
INFO    [2022-12-06 13:45:22,527] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:45:22,528] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:45:22,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:45:22,548] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 13:45:26,090] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:45:26,176] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:45:26,177] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:45:26,177] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:45:26,178] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:45:26,178] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:45:26,194] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:45:26,218] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0390 seconds
WARNING [2022-12-06 13:45:26,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:45:26,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:45:26,247] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0377 seconds
INFO    [2022-12-06 13:45:26,266] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0517 seconds
INFO    [2022-12-06 13:45:42,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327142.8150873, 'message': 'Dec  6 13:45:42 hqnl0246134 sshd[218640]: Invalid user ftp_user from 36.255.8.153 port 36800', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 13:45:42,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327142.8159857, 'message': 'Dec  6 13:45:42 hqnl0246134 sshd[218640]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 13:45:42,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327142.8161876, 'message': 'Dec  6 13:45:42 hqnl0246134 sshd[218640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 13:45:44,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327144.8113663, 'message': 'Dec  6 13:45:44 hqnl0246134 sshd[218640]: Failed password for invalid user ftp_user from 36.255.8.153 port 36800 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0418 seconds
WARNING [2022-12-06 13:45:46,136] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:45:46,137] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:45:46,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670327146.8145337, 'message': 'Dec  6 13:45:44 hqnl0246134 sshd[218640]: Disconnected from invalid user ftp_user 36.255.8.153 port 36800 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 13:45:48,373] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:45:48,374] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:45:48,382] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:45:48,394] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
WARNING [2022-12-06 13:45:54,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:45:54,602] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0641 seconds
INFO    [2022-12-06 13:45:56,310] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:45:56,310] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:45:56,311] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 13:46:25,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:46:25,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:46:25,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:46:25,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0265 seconds
INFO    [2022-12-06 13:46:30,216] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:46:30,217] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:46:30,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:46:30,246] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
WARNING [2022-12-06 13:46:46,140] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:46:46,144] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:47:21,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670327240.943313, 'message': 'Dec  6 13:47:19 hqnl0246134 sshd[218754]: Accepted password for supportwwwuser from 212.58.119.251 port 10699 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.1720 seconds
INFO    [2022-12-06 13:47:22,007] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:47:22,008] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:47:22,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:47:22,034] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0253 seconds
INFO    [2022-12-06 13:47:27,448] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:47:27,448] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:47:27,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:47:27,493] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0405 seconds
INFO    [2022-12-06 13:47:34,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670327254.960004, 'message': 'Dec  6 13:47:34 hqnl0246134 sshd[218795]: Accepted password for supportwwwuser from 212.58.119.251 port 10714 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0370 seconds
WARNING [2022-12-06 13:47:46,147] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:47:46,148] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:47:54,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:47:54,641] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0950 seconds
INFO    [2022-12-06 13:48:22,389] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:48:22,390] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:48:22,401] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:48:22,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 13:48:26,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:48:26,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:48:26,989] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:48:27,001] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 13:48:39,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327319.0405016, 'message': 'Dec  6 13:48:37 hqnl0246134 sshd[218875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0754 seconds
INFO    [2022-12-06 13:48:39,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327319.0420644, 'message': 'Dec  6 13:48:37 hqnl0246134 sshd[218875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0637 seconds
INFO    [2022-12-06 13:48:39,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327319.047188, 'message': 'Dec  6 13:48:39 hqnl0246134 sshd[218875]: Failed password for root from 61.177.173.49 port 10801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 13:48:43,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327323.0418563, 'message': 'Dec  6 13:48:41 hqnl0246134 sshd[218875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1356 seconds
INFO    [2022-12-06 13:48:45,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327325.040829, 'message': 'Dec  6 13:48:43 hqnl0246134 sshd[218875]: Failed password for root from 61.177.173.49 port 10801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 13:48:45,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327325.0412652, 'message': 'Dec  6 13:48:44 hqnl0246134 sshd[218875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
WARNING [2022-12-06 13:48:46,152] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:48:46,153] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:48:47,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327327.0426664, 'message': 'Dec  6 13:48:46 hqnl0246134 sshd[218875]: Failed password for root from 61.177.173.49 port 10801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0790 seconds
INFO    [2022-12-06 13:48:51,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327331.0512092, 'message': 'Dec  6 13:48:50 hqnl0246134 sshd[218894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 13:48:51,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327331.0516472, 'message': 'Dec  6 13:48:50 hqnl0246134 sshd[218894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 13:48:53,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327333.0539892, 'message': 'Dec  6 13:48:52 hqnl0246134 sshd[218894]: Failed password for root from 61.177.173.49 port 44136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
WARNING [2022-12-06 13:48:54,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:48:54,615] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0629 seconds
INFO    [2022-12-06 13:48:55,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327335.0555882, 'message': 'Dec  6 13:48:54 hqnl0246134 sshd[218894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 13:48:57,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327337.061495, 'message': 'Dec  6 13:48:56 hqnl0246134 sshd[218894]: Failed password for root from 61.177.173.49 port 44136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 13:48:59,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327339.064469, 'message': 'Dec  6 13:48:57 hqnl0246134 sshd[218894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 13:48:59,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670327339.0656738, 'message': 'Dec  6 13:48:58 hqnl0246134 sshd[218894]: Failed password for root from 61.177.173.49 port 44136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 13:49:20,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:49:20,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:49:21,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:49:21,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 13:49:25,468] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:49:25,469] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:49:25,490] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:49:25,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
WARNING [2022-12-06 13:49:46,156] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:49:46,158] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 13:49:54,568] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:49:54,601] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-06 13:49:55,591] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:49:55,681] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:49:55,682] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:49:55,682] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:49:55,682] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:49:55,683] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:49:55,702] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:49:55,730] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0465 seconds
WARNING [2022-12-06 13:49:55,736] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:49:55,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:49:55,770] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0477 seconds
INFO    [2022-12-06 13:49:55,772] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0450 seconds
INFO    [2022-12-06 13:50:19,181] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:50:19,183] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:50:19,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:50:19,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0689 seconds
INFO    [2022-12-06 13:50:19,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327419.1912515, 'message': 'Dec  6 13:50:17 hqnl0246134 sshd[218988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0671 seconds
INFO    [2022-12-06 13:50:19,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327419.1915693, 'message': 'Dec  6 13:50:17 hqnl0246134 sshd[218988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 13:50:21,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327421.2822187, 'message': 'Dec  6 13:50:19 hqnl0246134 sshd[218988]: Failed password for root from 61.177.173.36 port 12997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-06 13:50:22,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:50:22,786] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:50:22,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:50:22,815] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-06 13:50:23,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327423.196433, 'message': 'Dec  6 13:50:21 hqnl0246134 sshd[218988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 13:50:25,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327425.199427, 'message': 'Dec  6 13:50:24 hqnl0246134 sshd[218988]: Failed password for root from 61.177.173.36 port 12997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-06 13:50:25,813] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:50:25,814] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:50:25,815] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 13:50:27,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327427.2024894, 'message': 'Dec  6 13:50:26 hqnl0246134 sshd[218988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:50:29,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327429.20668, 'message': 'Dec  6 13:50:28 hqnl0246134 sshd[218988]: Failed password for root from 61.177.173.36 port 12997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 13:50:31,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327431.2068272, 'message': 'Dec  6 13:50:30 hqnl0246134 sshd[219004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 13:50:31,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327431.207105, 'message': 'Dec  6 13:50:30 hqnl0246134 sshd[219004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 13:50:33,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327433.2091827, 'message': 'Dec  6 13:50:32 hqnl0246134 sshd[219004]: Failed password for root from 61.177.173.36 port 52060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 13:50:34,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:50:34,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:50:34,494] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:50:34,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0371 seconds
INFO    [2022-12-06 13:50:35,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327435.2123673, 'message': 'Dec  6 13:50:34 hqnl0246134 sshd[219004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 13:50:35,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670327435.2126174, 'message': 'Dec  6 13:50:34 hqnl0246134 sshd[219010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 13:50:35,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670327435.212755, 'message': 'Dec  6 13:50:34 hqnl0246134 sshd[219010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 13:50:37,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327437.2165215, 'message': 'Dec  6 13:50:36 hqnl0246134 sshd[219004]: Failed password for root from 61.177.173.36 port 52060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 13:50:37,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.220', 'timestamp': 1670327437.2172604, 'message': 'Dec  6 13:50:36 hqnl0246134 sshd[219010]: Failed password for root from 152.89.196.220 port 56850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 13:50:39,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327439.2180598, 'message': 'Dec  6 13:50:38 hqnl0246134 sshd[219004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 13:50:41,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327441.2180235, 'message': 'Dec  6 13:50:41 hqnl0246134 sshd[219004]: Failed password for root from 61.177.173.36 port 52060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 13:50:45,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327445.2259102, 'message': 'Dec  6 13:50:44 hqnl0246134 sshd[219013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 13:50:45,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327445.2264655, 'message': 'Dec  6 13:50:44 hqnl0246134 sshd[219013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 13:50:46,160] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:50:46,161] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:50:47,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327447.2260368, 'message': 'Dec  6 13:50:46 hqnl0246134 sshd[219013]: Failed password for root from 61.177.173.36 port 47002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 13:50:49,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327449.2289104, 'message': 'Dec  6 13:50:49 hqnl0246134 sshd[219013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 13:50:51,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327451.2301402, 'message': 'Dec  6 13:50:51 hqnl0246134 sshd[219013]: Failed password for root from 61.177.173.36 port 47002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 13:50:53,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327453.2336595, 'message': 'Dec  6 13:50:51 hqnl0246134 sshd[219013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
WARNING [2022-12-06 13:50:54,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:50:54,625] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0645 seconds
INFO    [2022-12-06 13:50:55,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670327455.2343423, 'message': 'Dec  6 13:50:53 hqnl0246134 sshd[219013]: Failed password for root from 61.177.173.36 port 47002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 13:51:18,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:51:18,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:51:18,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:51:18,562] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 13:51:23,720] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:51:23,720] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:51:23,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:51:23,763] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-06 13:51:40,069] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 13:51:40,072] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 13:51:41,084] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-06 13:51:46,165] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:51:46,166] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:51:49,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670327509.3110347, 'message': 'Dec  6 13:51:48 hqnl0246134 sshd[219107]: Accepted password for supportwwwuser from 212.58.119.251 port 10502 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0294 seconds
WARNING [2022-12-06 13:51:53,283] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 13:51:54,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:51:54,605] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0412 seconds
INFO    [2022-12-06 13:52:18,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:52:18,646] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:52:18,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:52:18,674] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 13:52:21,464] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:52:21,465] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:52:21,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:52:21,483] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-06 13:52:46,169] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:52:46,170] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:53:18,420] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:53:18,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:53:18,438] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:53:18,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0403 seconds
INFO    [2022-12-06 13:53:22,162] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:53:22,163] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:53:22,171] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:53:22,184] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 13:53:46,172] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:53:46,174] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:54:17,832] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:54:17,833] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:54:17,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:54:17,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0343 seconds
INFO    [2022-12-06 13:54:20,394] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:54:20,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:54:20,401] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:54:20,412] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-06 13:54:46,176] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:54:46,178] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:55:17,985] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:55:17,986] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:55:17,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:55:18,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 13:55:20,546] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:55:20,547] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:55:20,559] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:55:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0293 seconds
INFO    [2022-12-06 13:55:44,072] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:55:44,171] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:55:44,171] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:55:44,171] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:55:44,172] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:55:44,172] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:55:44,185] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:55:44,202] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0297 seconds
WARNING [2022-12-06 13:55:44,209] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:55:44,212] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:55:44,229] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0330 seconds
INFO    [2022-12-06 13:55:44,230] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0300 seconds
WARNING [2022-12-06 13:55:46,181] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:55:46,182] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:56:14,306] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:56:14,307] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:56:14,309] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 13:56:17,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:56:17,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:56:17,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:56:17,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 13:56:20,450] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:56:20,451] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:56:20,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:56:20,471] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 13:56:46,185] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:56:46,187] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:57:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:57:17,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:57:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:57:17,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 13:57:20,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:57:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:57:20,619] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:57:20,632] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 13:57:46,201] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:57:46,202] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:57:58,189] defence360agent.files: Updating all files
INFO    [2022-12-06 13:57:58,557] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 13:57:58,557] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 13:57:58,954] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 13:57:58,955] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 13:57:59,224] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 13:57:59,224] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 13:57:59,542] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 13:57:59,543] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 13:57:59,543] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 13:57:59,806] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 11:57:59 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E325B5C5FA52C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 13:57:59,808] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 13:57:59,808] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 13:58:00,351] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 13:58:00,352] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 13:58:00,612] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 13:58:00,612] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 13:58:00,930] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 13:58:00,931] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 13:58:01,322] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 13:58:01,323] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 13:58:01,896] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 13:58:01,898] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 13:58:18,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:58:18,005] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:58:18,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:58:18,027] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 13:58:20,594] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:58:20,594] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:58:20,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:58:20,615] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 13:58:46,205] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:58:46,206] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:59:05,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327945.9517808, 'message': 'Dec  6 13:59:05 hqnl0246134 sshd[219571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 13:59:06,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327945.952815, 'message': 'Dec  6 13:59:05 hqnl0246134 sshd[219571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 13:59:09,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327949.9589405, 'message': 'Dec  6 13:59:08 hqnl0246134 sshd[219571]: Failed password for root from 61.177.173.51 port 32350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 13:59:09,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327949.9591963, 'message': 'Dec  6 13:59:09 hqnl0246134 sshd[219571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 13:59:13,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327953.9653895, 'message': 'Dec  6 13:59:12 hqnl0246134 sshd[219571]: Failed password for root from 61.177.173.51 port 32350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 13:59:14,224] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 13:59:14,297] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 13:59:14,297] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 13:59:14,298] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 13:59:14,298] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 13:59:14,298] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 13:59:14,308] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 13:59:14,324] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0258 seconds
WARNING [2022-12-06 13:59:14,331] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 13:59:14,333] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:59:14,351] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0326 seconds
INFO    [2022-12-06 13:59:14,352] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0301 seconds
INFO    [2022-12-06 13:59:16,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327955.9685898, 'message': 'Dec  6 13:59:14 hqnl0246134 sshd[219571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 13:59:18,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327957.971404, 'message': 'Dec  6 13:59:16 hqnl0246134 sshd[219571]: Failed password for root from 61.177.173.51 port 32350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 13:59:18,282] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:59:18,282] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:59:18,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:59:18,302] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 13:59:19,550] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:59:19,550] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:59:19,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:59:19,605] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0447 seconds
INFO    [2022-12-06 13:59:20,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327959.9737031, 'message': 'Dec  6 13:59:18 hqnl0246134 sshd[219586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 13:59:20,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327959.9739618, 'message': 'Dec  6 13:59:18 hqnl0246134 sshd[219586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 13:59:21,741] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 13:59:21,741] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 13:59:21,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:59:21,760] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 13:59:22,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327961.984181, 'message': 'Dec  6 13:59:20 hqnl0246134 sshd[219586]: Failed password for root from 61.177.173.51 port 23928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 13:59:22,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327961.9844604, 'message': 'Dec  6 13:59:20 hqnl0246134 sshd[219586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 13:59:24,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327963.9903083, 'message': 'Dec  6 13:59:22 hqnl0246134 sshd[219586]: Failed password for root from 61.177.173.51 port 23928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 13:59:24,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327963.9906616, 'message': 'Dec  6 13:59:23 hqnl0246134 sshd[219586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 13:59:26,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670327965.9925952, 'message': 'Dec  6 13:59:24 hqnl0246134 sshd[219586]: Failed password for root from 61.177.173.51 port 23928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 13:59:46,210] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 13:59:46,211] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 13:59:51,514] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 13:59:51,514] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 13:59:51,515] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 13:59:55,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 13:59:55,642] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 1.0530 seconds
INFO    [2022-12-06 14:00:18,086] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:00:18,087] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:00:18,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:00:18,114] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0262 seconds
INFO    [2022-12-06 14:00:20,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328020.0778813, 'message': 'Dec  6 14:00:18 hqnl0246134 sshd[219619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.61.75.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:00:20,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328020.0782025, 'message': 'Dec  6 14:00:18 hqnl0246134 sshd[219619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.61.75.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:00:20,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:00:20,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:00:20,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:00:20,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
INFO    [2022-12-06 14:00:22,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670328022.0811343, 'message': 'Dec  6 14:00:20 hqnl0246134 sshd[219615]: Accepted password for supportwwwuser from 212.58.119.251 port 10730 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 14:00:22,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328022.081312, 'message': 'Dec  6 14:00:20 hqnl0246134 sshd[219619]: Failed password for root from 20.61.75.88 port 46654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 14:00:28,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670328028.0899827, 'message': 'Dec  6 14:00:27 hqnl0246134 sshd[219725]: Accepted password for supportwwwuser from 212.58.119.251 port 10496 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 14:00:29,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:00:29,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:00:29,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:00:29,499] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 14:00:46,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670328046.109658, 'message': 'Dec  6 14:00:44 hqnl0246134 sshd[219787]: Accepted password for supportwwwuser from 212.58.119.251 port 10506 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0637 seconds
WARNING [2022-12-06 14:00:46,214] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:00:46,214] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:00:54,638] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:00:54,721] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.1204 seconds
INFO    [2022-12-06 14:01:19,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:01:19,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:01:19,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:01:19,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0473 seconds
INFO    [2022-12-06 14:01:22,956] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:01:22,957] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:01:22,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:01:22,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0273 seconds
WARNING [2022-12-06 14:01:46,218] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:01:46,222] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:01:53,286] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 14:02:18,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328138.2045262, 'message': 'Dec  6 14:02:17 hqnl0246134 sshd[219904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-06 14:02:18,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328138.2053447, 'message': 'Dec  6 14:02:17 hqnl0246134 sshd[219904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 14:02:19,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:02:19,539] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:02:19,570] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:02:19,593] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0431 seconds
INFO    [2022-12-06 14:02:20,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328140.2051964, 'message': 'Dec  6 14:02:18 hqnl0246134 sshd[219904]: Failed password for root from 61.177.173.35 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1910 seconds
INFO    [2022-12-06 14:02:20,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328140.2056315, 'message': 'Dec  6 14:02:19 hqnl0246134 sshd[219904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 14:02:22,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328142.2388213, 'message': 'Dec  6 14:02:21 hqnl0246134 sshd[219904]: Failed password for root from 61.177.173.35 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 14:02:22,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328142.2391994, 'message': 'Dec  6 14:02:21 hqnl0246134 sshd[219904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 14:02:22,906] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:02:22,906] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:02:22,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:02:22,935] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 14:02:24,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328144.2136822, 'message': 'Dec  6 14:02:23 hqnl0246134 sshd[219904]: Failed password for root from 61.177.173.35 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-06 14:02:28,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328148.2192848, 'message': 'Dec  6 14:02:27 hqnl0246134 sshd[219926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:02:28,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328148.2195215, 'message': 'Dec  6 14:02:27 hqnl0246134 sshd[219926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 14:02:32,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328152.2240372, 'message': 'Dec  6 14:02:30 hqnl0246134 sshd[219926]: Failed password for root from 61.177.173.35 port 50537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 14:02:34,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328154.2255902, 'message': 'Dec  6 14:02:32 hqnl0246134 sshd[219926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 14:02:36,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328156.226123, 'message': 'Dec  6 14:02:34 hqnl0246134 sshd[219926]: Failed password for root from 61.177.173.35 port 50537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 14:02:38,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328158.2321188, 'message': 'Dec  6 14:02:37 hqnl0246134 sshd[219926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 14:02:40,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328160.2337096, 'message': 'Dec  6 14:02:39 hqnl0246134 sshd[219926]: Failed password for root from 61.177.173.35 port 50537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:02:44,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328164.2399511, 'message': 'Dec  6 14:02:43 hqnl0246134 sshd[219931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 14:02:44,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328164.2403345, 'message': 'Dec  6 14:02:43 hqnl0246134 sshd[219931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 14:02:46,225] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:02:46,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:02:46,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328166.2411008, 'message': 'Dec  6 14:02:45 hqnl0246134 sshd[219931]: Failed password for root from 61.177.173.35 port 51113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 14:02:46,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328166.2413461, 'message': 'Dec  6 14:02:45 hqnl0246134 sshd[219931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:02:48,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328168.242159, 'message': 'Dec  6 14:02:48 hqnl0246134 sshd[219931]: Failed password for root from 61.177.173.35 port 51113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:02:50,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328170.2459621, 'message': 'Dec  6 14:02:49 hqnl0246134 sshd[219931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 14:02:54,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328174.2516716, 'message': 'Dec  6 14:02:52 hqnl0246134 sshd[219931]: Failed password for root from 61.177.173.35 port 51113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0440 seconds
WARNING [2022-12-06 14:02:54,622] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:02:54,673] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0645 seconds
INFO    [2022-12-06 14:03:20,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:03:20,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:03:20,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:03:20,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-06 14:03:21,791] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:03:21,858] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:03:21,858] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:03:21,859] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:03:21,859] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:03:21,859] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:03:21,873] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:03:21,893] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0329 seconds
WARNING [2022-12-06 14:03:21,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:03:21,903] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:03:21,922] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0365 seconds
INFO    [2022-12-06 14:03:21,924] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0333 seconds
INFO    [2022-12-06 14:03:24,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:03:24,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:03:24,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:03:24,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0734 seconds
INFO    [2022-12-06 14:03:28,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670328208.2936976, 'message': 'Dec  6 14:03:27 hqnl0246134 sshd[219975]: Accepted password for supportwwwuser from 212.58.119.251 port 10544 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 14:03:32,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670328212.3071434, 'message': 'Dec  6 14:03:30 hqnl0246134 sshd[220009]: Accepted password for supportwwwuser from 212.58.119.251 port 10555 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 14:03:46,237] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:03:46,245] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:03:51,988] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:03:51,991] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:03:52,000] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-06 14:03:54,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:03:54,712] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0989 seconds
INFO    [2022-12-06 14:04:23,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:04:23,649] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:04:23,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:04:23,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1333 seconds
INFO    [2022-12-06 14:04:30,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:04:30,849] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:04:30,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:04:30,880] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
WARNING [2022-12-06 14:04:46,252] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:04:46,267] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:05:18,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:05:18,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:05:18,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:05:18,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 14:05:21,633] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:05:21,633] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:05:21,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:05:21,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
WARNING [2022-12-06 14:05:46,271] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:05:46,273] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:06:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:06:17,966] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:06:17,978] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:06:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-06 14:06:20,712] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:06:20,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:06:20,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:06:20,737] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-06 14:06:22,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328382.5406203, 'message': 'Dec  6 14:06:22 hqnl0246134 sshd[220224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 14:06:22,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328382.5413735, 'message': 'Dec  6 14:06:22 hqnl0246134 sshd[220224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 14:06:24,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328384.5388691, 'message': 'Dec  6 14:06:23 hqnl0246134 sshd[220224]: Failed password for root from 61.177.172.19 port 44629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 14:06:26,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328386.5409367, 'message': 'Dec  6 14:06:26 hqnl0246134 sshd[220224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 14:06:28,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328388.5946007, 'message': 'Dec  6 14:06:27 hqnl0246134 sshd[220224]: Failed password for root from 61.177.172.19 port 44629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:06:30,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328390.544651, 'message': 'Dec  6 14:06:28 hqnl0246134 sshd[220224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 14:06:32,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328392.547591, 'message': 'Dec  6 14:06:30 hqnl0246134 sshd[220224]: Failed password for root from 61.177.172.19 port 44629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 14:06:35,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:06:35,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:06:35,562] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:06:35,574] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 14:06:36,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328396.5523784, 'message': 'Dec  6 14:06:34 hqnl0246134 sshd[220235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:06:36,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328396.552573, 'message': 'Dec  6 14:06:34 hqnl0246134 sshd[220235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:06:38,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328398.5540636, 'message': 'Dec  6 14:06:36 hqnl0246134 sshd[220235]: Failed password for root from 61.177.172.19 port 36709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 14:06:38,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328398.5543582, 'message': 'Dec  6 14:06:37 hqnl0246134 sshd[220235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:06:40,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328400.5584824, 'message': 'Dec  6 14:06:39 hqnl0246134 sshd[220235]: Failed password for root from 61.177.172.19 port 36709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 14:06:40,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328400.5598366, 'message': 'Dec  6 14:06:39 hqnl0246134 sshd[220235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 14:06:42,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328402.5579212, 'message': 'Dec  6 14:06:41 hqnl0246134 sshd[220235]: Failed password for root from 61.177.172.19 port 36709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 14:06:44,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328404.5605996, 'message': 'Dec  6 14:06:44 hqnl0246134 sshd[220242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 14:06:44,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328404.5609505, 'message': 'Dec  6 14:06:44 hqnl0246134 sshd[220242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 14:06:46,276] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:06:46,277] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:06:46,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328406.5618162, 'message': 'Dec  6 14:06:45 hqnl0246134 sshd[220242]: Failed password for root from 61.177.172.19 port 49022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 14:06:46,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328406.5620732, 'message': 'Dec  6 14:06:46 hqnl0246134 sshd[220242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 14:06:48,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328408.5643215, 'message': 'Dec  6 14:06:47 hqnl0246134 sshd[220242]: Failed password for root from 61.177.172.19 port 49022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:06:50,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328410.5675826, 'message': 'Dec  6 14:06:49 hqnl0246134 sshd[220242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 14:06:52,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328412.5695486, 'message': 'Dec  6 14:06:51 hqnl0246134 sshd[220242]: Failed password for root from 61.177.172.19 port 49022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 14:06:54,630] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:06:54,683] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0600 seconds
INFO    [2022-12-06 14:06:56,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328416.5734665, 'message': 'Dec  6 14:06:54 hqnl0246134 sshd[220264]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.30.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 14:06:56,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328416.5748405, 'message': 'Dec  6 14:06:55 hqnl0246134 sshd[220261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 14:06:56,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328416.5747263, 'message': 'Dec  6 14:06:54 hqnl0246134 sshd[220264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.30.249  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 14:06:56,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328416.575087, 'message': 'Dec  6 14:06:55 hqnl0246134 sshd[220261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 14:06:58,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328418.7242467, 'message': 'Dec  6 14:06:57 hqnl0246134 sshd[220264]: Failed password for root from 20.232.30.249 port 50136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 14:06:58,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328418.7245498, 'message': 'Dec  6 14:06:57 hqnl0246134 sshd[220261]: Failed password for root from 61.177.172.19 port 27396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 14:07:00,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328420.5766983, 'message': 'Dec  6 14:06:59 hqnl0246134 sshd[220261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:07:02,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328422.5783055, 'message': 'Dec  6 14:07:01 hqnl0246134 sshd[220261]: Failed password for root from 61.177.172.19 port 27396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 14:07:02,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328422.5785573, 'message': 'Dec  6 14:07:01 hqnl0246134 sshd[220261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 14:07:04,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670328424.5794024, 'message': 'Dec  6 14:07:04 hqnl0246134 sshd[220261]: Failed password for root from 61.177.172.19 port 27396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 14:07:06,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328426.585202, 'message': 'Dec  6 14:07:06 hqnl0246134 sshd[220276]: Invalid user guest from 87.98.171.219 port 58826', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:07:06,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328426.5858293, 'message': 'Dec  6 14:07:06 hqnl0246134 sshd[220276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.171.219 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:07:06,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328426.5859463, 'message': 'Dec  6 14:07:06 hqnl0246134 sshd[220276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.171.219 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:07:10,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328430.5930243, 'message': 'Dec  6 14:07:08 hqnl0246134 sshd[220276]: Failed password for invalid user guest from 87.98.171.219 port 58826 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:07:10,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328430.5934541, 'message': 'Dec  6 14:07:08 hqnl0246134 sshd[220276]: Disconnected from invalid user guest 87.98.171.219 port 58826 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 14:07:17,894] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:07:17,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:07:17,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:07:17,913] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 14:07:20,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:07:20,574] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:07:20,583] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:07:20,595] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 14:07:46,281] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:07:46,284] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:07:54,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:07:54,686] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0547 seconds
INFO    [2022-12-06 14:08:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:08:17,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:08:17,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:08:17,946] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 14:08:20,696] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:08:20,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:08:20,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:08:20,732] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0346 seconds
INFO    [2022-12-06 14:08:20,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328500.7062695, 'message': 'Dec  6 14:08:20 hqnl0246134 sshd[220345]: Invalid user user4 from 51.222.13.62 port 50264', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 14:08:20,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328500.7064707, 'message': 'Dec  6 14:08:20 hqnl0246134 sshd[220345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.222.13.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 14:08:20,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328500.7066333, 'message': 'Dec  6 14:08:20 hqnl0246134 sshd[220345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.222.13.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 14:08:22,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328502.7093463, 'message': 'Dec  6 14:08:22 hqnl0246134 sshd[220345]: Failed password for invalid user user4 from 51.222.13.62 port 50264 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 14:08:24,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328504.7098505, 'message': 'Dec  6 14:08:23 hqnl0246134 sshd[220345]: Disconnected from invalid user user4 51.222.13.62 port 50264 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:08:25,841] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:08:25,841] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:08:25,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:08:25,859] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-06 14:08:46,287] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:08:46,289] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:08:54,650] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:08:54,676] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0401 seconds
INFO    [2022-12-06 14:09:17,916] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:09:17,917] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:09:17,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:09:17,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 14:09:20,566] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:09:20,566] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:09:20,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:09:20,594] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-06 14:09:42,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328582.8387783, 'message': 'Dec  6 14:09:41 hqnl0246134 sshd[220532]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 14:09:42,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328582.8408322, 'message': 'Dec  6 14:09:41 hqnl0246134 sshd[220532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:09:44,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328584.840007, 'message': 'Dec  6 14:09:43 hqnl0246134 sshd[220532]: Failed password for root from 61.177.173.50 port 29935 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
WARNING [2022-12-06 14:09:46,292] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:09:46,293] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:09:46,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328586.8430321, 'message': 'Dec  6 14:09:45 hqnl0246134 sshd[220532]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:09:48,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328588.8461394, 'message': 'Dec  6 14:09:47 hqnl0246134 sshd[220532]: Failed password for root from 61.177.173.50 port 29935 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 14:09:48,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670328588.84906, 'message': 'Dec  6 14:09:48 hqnl0246134 sshd[220534]: Invalid user temp from 34.148.81.208 port 51292', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 14:09:48,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328588.8489177, 'message': 'Dec  6 14:09:47 hqnl0246134 sshd[220532]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 14:09:48,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670328588.8492553, 'message': 'Dec  6 14:09:48 hqnl0246134 sshd[220534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 14:09:48,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670328588.849435, 'message': 'Dec  6 14:09:48 hqnl0246134 sshd[220534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 14:09:50,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328590.8487113, 'message': 'Dec  6 14:09:49 hqnl0246134 sshd[220532]: Failed password for root from 61.177.173.50 port 29935 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 14:09:52,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670328592.8502135, 'message': 'Dec  6 14:09:51 hqnl0246134 sshd[220534]: Failed password for invalid user temp from 34.148.81.208 port 51292 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:09:52,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670328592.8504272, 'message': 'Dec  6 14:09:51 hqnl0246134 sshd[220534]: Disconnected from invalid user temp 34.148.81.208 port 51292 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 14:09:54,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:09:54,670] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-06 14:09:54,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328594.852527, 'message': 'Dec  6 14:09:53 hqnl0246134 sshd[220547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:09:54,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328594.8527107, 'message': 'Dec  6 14:09:53 hqnl0246134 sshd[220547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:09:56,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328596.8538647, 'message': 'Dec  6 14:09:55 hqnl0246134 sshd[220547]: Failed password for root from 61.177.173.50 port 20887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:09:58,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328598.8569915, 'message': 'Dec  6 14:09:57 hqnl0246134 sshd[220547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 14:10:00,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328600.8574367, 'message': 'Dec  6 14:09:59 hqnl0246134 sshd[220547]: Failed password for root from 61.177.173.50 port 20887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0669 seconds
INFO    [2022-12-06 14:10:00,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328600.8576412, 'message': 'Dec  6 14:10:00 hqnl0246134 sshd[220547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 14:10:03,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670328602.8702724, 'message': 'Dec  6 14:10:02 hqnl0246134 sshd[220547]: Failed password for root from 61.177.173.50 port 20887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1856 seconds
INFO    [2022-12-06 14:10:17,873] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:10:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:10:17,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:10:17,892] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 14:10:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:10:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:10:20,619] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:10:20,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-06 14:10:46,297] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:10:46,298] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:10:54,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:10:54,676] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 14:10:54,773] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:10:54,840] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:10:54,841] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:10:54,841] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:10:54,841] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:10:54,842] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:10:54,853] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:10:54,875] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0329 seconds
WARNING [2022-12-06 14:10:54,890] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:10:54,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:10:54,923] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0569 seconds
INFO    [2022-12-06 14:10:54,924] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0531 seconds
INFO    [2022-12-06 14:11:17,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:11:17,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:11:17,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:11:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 14:11:21,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:11:21,971] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:11:21,982] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:11:21,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-06 14:11:24,970] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:11:24,971] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:11:24,971] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 14:11:46,305] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:11:46,306] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:11:53,293] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 14:12:17,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:12:17,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:12:17,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:12:17,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-06 14:12:20,570] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:12:20,570] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:12:20,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:12:20,594] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
WARNING [2022-12-06 14:12:46,308] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:12:46,311] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:13:02,753] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 14:13:02,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:13:02,781] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0244 seconds
INFO    [2022-12-06 14:13:18,312] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:13:18,313] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:13:18,326] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:13:18,342] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-06 14:13:21,168] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:13:21,169] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:13:21,184] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:13:21,202] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0323 seconds
INFO    [2022-12-06 14:13:21,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670328801.17171, 'message': 'Dec  6 14:13:20 hqnl0246134 sshd[220770]: Invalid user mine from 209.73.215.135 port 38996', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 14:13:21,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.73.215.135', 'timestamp': 1670328801.1719494, 'message': 'Dec  6 14:13:20 hqnl0246134 sshd[220770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.73.215.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 14:13:21,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.73.215.135', 'timestamp': 1670328801.1720924, 'message': 'Dec  6 14:13:20 hqnl0246134 sshd[220770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.73.215.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 14:13:23,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670328803.1100807, 'message': 'Dec  6 14:13:22 hqnl0246134 sshd[220770]: Failed password for invalid user mine from 209.73.215.135 port 38996 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:13:23,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670328803.1103687, 'message': 'Dec  6 14:13:22 hqnl0246134 sshd[220770]: Disconnected from invalid user mine 209.73.215.135 port 38996 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:13:25,448] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:13:25,448] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:13:25,455] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:13:25,468] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 14:13:46,316] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:13:46,318] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:13:54,661] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:13:54,688] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0369 seconds
INFO    [2022-12-06 14:13:55,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328835.159915, 'message': 'Dec  6 14:13:54 hqnl0246134 sshd[220788]: Invalid user hbase from 20.61.75.88 port 33330', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:13:55,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328835.1601684, 'message': 'Dec  6 14:13:54 hqnl0246134 sshd[220788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.61.75.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:13:55,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328835.1603796, 'message': 'Dec  6 14:13:54 hqnl0246134 sshd[220788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.61.75.88 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 14:13:57,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328837.163278, 'message': 'Dec  6 14:13:56 hqnl0246134 sshd[220788]: Failed password for invalid user hbase from 20.61.75.88 port 33330 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 14:13:59,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.61.75.88', 'timestamp': 1670328839.1675105, 'message': 'Dec  6 14:13:58 hqnl0246134 sshd[220788]: Disconnected from invalid user hbase 20.61.75.88 port 33330 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 14:14:18,131] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:14:18,132] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:14:18,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:14:18,169] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
INFO    [2022-12-06 14:14:19,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328859.1946018, 'message': 'Dec  6 14:14:18 hqnl0246134 sshd[220813]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 14:14:19,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328859.1948383, 'message': 'Dec  6 14:14:18 hqnl0246134 sshd[220813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 14:14:20,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:14:20,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:14:20,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:14:20,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
INFO    [2022-12-06 14:14:21,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328861.1951683, 'message': 'Dec  6 14:14:20 hqnl0246134 sshd[220813]: Failed password for root from 61.177.173.35 port 36069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:14:23,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328863.1967063, 'message': 'Dec  6 14:14:22 hqnl0246134 sshd[220813]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:14:25,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328865.1992044, 'message': 'Dec  6 14:14:24 hqnl0246134 sshd[220813]: Failed password for root from 61.177.173.35 port 36069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 14:14:25,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328865.1995203, 'message': 'Dec  6 14:14:24 hqnl0246134 sshd[220813]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 14:14:27,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328867.2008944, 'message': 'Dec  6 14:14:27 hqnl0246134 sshd[220813]: Failed password for root from 61.177.173.35 port 36069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 14:14:33,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328873.2105954, 'message': 'Dec  6 14:14:31 hqnl0246134 sshd[220836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:14:33,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328873.2110128, 'message': 'Dec  6 14:14:31 hqnl0246134 sshd[220836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:14:35,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328875.2118492, 'message': 'Dec  6 14:14:34 hqnl0246134 sshd[220836]: Failed password for root from 61.177.173.35 port 26753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 14:14:37,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328877.2144341, 'message': 'Dec  6 14:14:36 hqnl0246134 sshd[220836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:14:39,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328879.2180727, 'message': 'Dec  6 14:14:38 hqnl0246134 sshd[220836]: Failed password for root from 61.177.173.35 port 26753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:14:41,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328881.2202508, 'message': 'Dec  6 14:14:40 hqnl0246134 sshd[220836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:14:43,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328883.222019, 'message': 'Dec  6 14:14:42 hqnl0246134 sshd[220836]: Failed password for root from 61.177.173.35 port 26753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:14:45,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328885.2246504, 'message': 'Dec  6 14:14:44 hqnl0246134 sshd[220840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:14:45,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328885.2248597, 'message': 'Dec  6 14:14:44 hqnl0246134 sshd[220840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 14:14:46,322] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:14:46,323] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:14:47,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328887.2260199, 'message': 'Dec  6 14:14:46 hqnl0246134 sshd[220840]: Failed password for root from 61.177.173.35 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 14:14:47,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328887.2262418, 'message': 'Dec  6 14:14:47 hqnl0246134 sshd[220840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:14:51,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328891.2372866, 'message': 'Dec  6 14:14:49 hqnl0246134 sshd[220840]: Failed password for root from 61.177.173.35 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 14:14:53,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328893.2336051, 'message': 'Dec  6 14:14:51 hqnl0246134 sshd[220840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
WARNING [2022-12-06 14:14:54,665] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:14:54,690] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 14:14:55,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670328895.2338524, 'message': 'Dec  6 14:14:53 hqnl0246134 sshd[220840]: Failed password for root from 61.177.173.35 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 14:15:17,014] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:15:17,078] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:15:17,079] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:15:17,079] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:15:17,079] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:15:17,080] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:15:17,090] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:15:17,109] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0292 seconds
WARNING [2022-12-06 14:15:17,116] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:15:17,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:15:17,135] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0317 seconds
INFO    [2022-12-06 14:15:17,137] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0296 seconds
INFO    [2022-12-06 14:15:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:15:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:15:17,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:15:17,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 14:15:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:15:20,735] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:15:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:15:20,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 14:15:35,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328935.2820358, 'message': 'Dec  6 14:15:33 hqnl0246134 sshd[220910]: Invalid user customer1 from 20.232.30.249 port 50582', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 14:15:35,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328935.2830024, 'message': 'Dec  6 14:15:33 hqnl0246134 sshd[220910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.30.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 14:15:35,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328935.283389, 'message': 'Dec  6 14:15:33 hqnl0246134 sshd[220910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.30.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 14:15:35,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328935.2836738, 'message': 'Dec  6 14:15:34 hqnl0246134 sshd[220910]: Failed password for invalid user customer1 from 20.232.30.249 port 50582 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 14:15:37,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670328937.2845304, 'message': 'Dec  6 14:15:36 hqnl0246134 sshd[220910]: Disconnected from invalid user customer1 20.232.30.249 port 50582 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 14:15:38,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:15:38,533] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:15:38,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:15:38,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 14:15:45,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328945.2994905, 'message': 'Dec  6 14:15:44 hqnl0246134 sshd[220919]: Invalid user ops from 87.98.171.219 port 56572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 14:15:45,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328945.2998564, 'message': 'Dec  6 14:15:44 hqnl0246134 sshd[220919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.171.219 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 14:15:45,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328945.3060818, 'message': 'Dec  6 14:15:44 hqnl0246134 sshd[220919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.171.219 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 14:15:46,325] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:15:46,326] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:15:47,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328947.3008544, 'message': 'Dec  6 14:15:46 hqnl0246134 sshd[220919]: Failed password for invalid user ops from 87.98.171.219 port 56572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 14:15:47,974] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:15:47,975] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:15:47,977] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 14:15:49,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670328949.301732, 'message': 'Dec  6 14:15:47 hqnl0246134 sshd[220919]: Disconnected from invalid user ops 87.98.171.219 port 56572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 14:15:54,671] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:15:54,710] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0520 seconds
INFO    [2022-12-06 14:16:17,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:16:17,731] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:16:17,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:16:17,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0239 seconds
INFO    [2022-12-06 14:16:20,352] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:16:20,352] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:16:20,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:16:20,380] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-06 14:16:39,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328999.3777971, 'message': 'Dec  6 14:16:37 hqnl0246134 sshd[220962]: Invalid user ts3 from 51.222.13.62 port 58588', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 14:16:39,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328999.3785133, 'message': 'Dec  6 14:16:37 hqnl0246134 sshd[220962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.222.13.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 14:16:39,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.222.13.62', 'timestamp': 1670328999.378695, 'message': 'Dec  6 14:16:37 hqnl0246134 sshd[220962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.222.13.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 14:16:41,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329001.380299, 'message': 'Dec  6 14:16:39 hqnl0246134 sshd[220962]: Failed password for invalid user ts3 from 51.222.13.62 port 58588 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 14:16:43,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329003.382595, 'message': 'Dec  6 14:16:41 hqnl0246134 sshd[220962]: Disconnected from invalid user ts3 51.222.13.62 port 58588 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 14:16:46,328] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:16:46,329] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:16:49,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329009.388478, 'message': 'Dec  6 14:16:47 hqnl0246134 sshd[220967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.73.215.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 14:16:49,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329009.388745, 'message': 'Dec  6 14:16:47 hqnl0246134 sshd[220967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.73.215.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:16:51,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329011.3902788, 'message': 'Dec  6 14:16:49 hqnl0246134 sshd[220967]: Failed password for root from 209.73.215.135 port 35530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 14:16:52,713] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:16:52,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:16:52,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:16:52,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-06 14:16:54,669] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:16:54,690] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0284 seconds
INFO    [2022-12-06 14:17:18,040] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:17:18,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:17:18,052] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:17:18,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 14:17:20,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:17:20,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:17:20,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:17:20,951] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0568 seconds
INFO    [2022-12-06 14:17:29,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329049.4400368, 'message': 'Dec  6 14:17:27 hqnl0246134 sshd[221026]: Invalid user server from 34.148.81.208 port 53838', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 14:17:29,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329049.4406836, 'message': 'Dec  6 14:17:27 hqnl0246134 sshd[221026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:17:29,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329049.4408755, 'message': 'Dec  6 14:17:27 hqnl0246134 sshd[221026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 14:17:31,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329051.4930584, 'message': 'Dec  6 14:17:29 hqnl0246134 sshd[221026]: Failed password for invalid user server from 34.148.81.208 port 53838 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 14:17:33,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329053.44197, 'message': 'Dec  6 14:17:31 hqnl0246134 sshd[221026]: Disconnected from invalid user server 34.148.81.208 port 53838 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:17:45,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329065.4575787, 'message': 'Dec  6 14:17:44 hqnl0246134 sshd[221034]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.73.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:17:45,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329065.4578793, 'message': 'Dec  6 14:17:44 hqnl0246134 sshd[221034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.73.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 14:17:46,340] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:17:46,341] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:17:47,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329067.457879, 'message': 'Dec  6 14:17:45 hqnl0246134 sshd[221034]: Failed password for root from 178.128.73.254 port 40228 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 14:17:54,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:17:54,698] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0318 seconds
INFO    [2022-12-06 14:18:18,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:18:18,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:18:18,121] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:18:18,133] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 14:18:20,824] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:18:20,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:18:20,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:18:20,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-06 14:18:46,343] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:18:46,345] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:19:15,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329155.5658195, 'message': 'Dec  6 14:19:14 hqnl0246134 sshd[221099]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.30.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 14:19:15,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329155.5663717, 'message': 'Dec  6 14:19:14 hqnl0246134 sshd[221099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.30.249  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:19:17,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329157.566103, 'message': 'Dec  6 14:19:16 hqnl0246134 sshd[221099]: Failed password for root from 20.232.30.249 port 50754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 14:19:18,016] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:19:18,017] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:19:18,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:19:18,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 14:19:20,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:19:20,687] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 14:19:20,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:19:20,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:19:20,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:19:20,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:19:20,785] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0972 seconds
INFO    [2022-12-06 14:19:20,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-06 14:19:33,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329173.5969563, 'message': 'Dec  6 14:19:31 hqnl0246134 sshd[221131]: Invalid user eirik from 209.73.215.135 port 53890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 14:19:33,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329173.601853, 'message': 'Dec  6 14:19:31 hqnl0246134 sshd[221131]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.73.215.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 14:19:33,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329173.6021163, 'message': 'Dec  6 14:19:31 hqnl0246134 sshd[221131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.73.215.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 14:19:35,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329175.5982935, 'message': 'Dec  6 14:19:33 hqnl0246134 sshd[221131]: Failed password for invalid user eirik from 209.73.215.135 port 53890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:19:35,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329175.5986278, 'message': 'Dec  6 14:19:33 hqnl0246134 sshd[221131]: Disconnected from invalid user eirik 209.73.215.135 port 53890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:19:40,357] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:19:40,425] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:19:40,426] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:19:40,426] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:19:40,427] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:19:40,427] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:19:40,445] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:19:40,474] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0452 seconds
WARNING [2022-12-06 14:19:40,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:19:40,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:19:40,512] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0487 seconds
INFO    [2022-12-06 14:19:40,514] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0433 seconds
INFO    [2022-12-06 14:19:41,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329181.6063302, 'message': 'Dec  6 14:19:40 hqnl0246134 sshd[221134]: Invalid user admin from 164.90.231.253 port 48980', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 14:19:41,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329181.6066065, 'message': 'Dec  6 14:19:40 hqnl0246134 sshd[221134]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.90.231.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:19:41,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329181.606854, 'message': 'Dec  6 14:19:40 hqnl0246134 sshd[221134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.231.253 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:19:43,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329183.608831, 'message': 'Dec  6 14:19:41 hqnl0246134 sshd[221136]: Invalid user test from 51.222.13.62 port 40820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0607 seconds
INFO    [2022-12-06 14:19:43,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329183.6095843, 'message': 'Dec  6 14:19:42 hqnl0246134 sshd[221134]: Failed password for invalid user admin from 164.90.231.253 port 48980 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0611 seconds
INFO    [2022-12-06 14:19:43,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329183.6092055, 'message': 'Dec  6 14:19:42 hqnl0246134 sshd[221136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.222.13.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 14:19:43,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329183.6093998, 'message': 'Dec  6 14:19:42 hqnl0246134 sshd[221136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.222.13.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 14:19:45,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329185.61093, 'message': 'Dec  6 14:19:44 hqnl0246134 sshd[221136]: Failed password for invalid user test from 51.222.13.62 port 40820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 14:19:45,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329185.6111243, 'message': 'Dec  6 14:19:44 hqnl0246134 sshd[221134]: Disconnected from invalid user admin 164.90.231.253 port 48980 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 14:19:45,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329185.6112313, 'message': 'Dec  6 14:19:44 hqnl0246134 sshd[221136]: Disconnected from invalid user test 51.222.13.62 port 40820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 14:19:46,348] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:19:46,349] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:19:54,678] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:19:54,709] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 14:20:01,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329201.6433134, 'message': 'Dec  6 14:19:59 hqnl0246134 sshd[221152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.142.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 14:20:01,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329201.643731, 'message': 'Dec  6 14:20:01 hqnl0246134 sshd[221150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.171.219 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 14:20:01,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329201.6435845, 'message': 'Dec  6 14:19:59 hqnl0246134 sshd[221152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.142.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 14:20:01,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329201.6439028, 'message': 'Dec  6 14:20:01 hqnl0246134 sshd[221150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.171.219  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-06 14:20:03,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329203.6464562, 'message': 'Dec  6 14:20:01 hqnl0246134 sshd[221152]: Failed password for root from 167.172.142.20 port 41320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0683 seconds
INFO    [2022-12-06 14:20:03,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670329203.6466632, 'message': 'Dec  6 14:20:03 hqnl0246134 sshd[221168]: Invalid user cpd from 41.73.252.229 port 56356', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 14:20:03,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329203.6469767, 'message': 'Dec  6 14:20:03 hqnl0246134 sshd[221150]: Failed password for root from 87.98.171.219 port 48694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-06 14:20:03,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670329203.6470988, 'message': 'Dec  6 14:20:03 hqnl0246134 sshd[221168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 14:20:03,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670329203.6472926, 'message': 'Dec  6 14:20:03 hqnl0246134 sshd[221168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 14:20:05,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670329205.6485357, 'message': 'Dec  6 14:20:05 hqnl0246134 sshd[221168]: Failed password for invalid user cpd from 41.73.252.229 port 56356 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 14:20:07,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670329207.6508567, 'message': 'Dec  6 14:20:07 hqnl0246134 sshd[221168]: Disconnected from invalid user cpd 41.73.252.229 port 56356 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 14:20:10,574] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:20:10,574] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:20:10,576] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 14:20:17,973] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:20:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:20:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:20:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 14:20:20,649] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:20:20,650] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:20:20,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:20:20,669] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 14:20:21,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329221.6689663, 'message': 'Dec  6 14:20:20 hqnl0246134 sshd[221192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 14:20:21,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329221.669292, 'message': 'Dec  6 14:20:21 hqnl0246134 sshd[221196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 14:20:21,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329221.6691582, 'message': 'Dec  6 14:20:20 hqnl0246134 sshd[221192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:20:21,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329221.6700716, 'message': 'Dec  6 14:20:21 hqnl0246134 sshd[221196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 14:20:23,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329223.671997, 'message': 'Dec  6 14:20:21 hqnl0246134 sshd[221209]: Invalid user huawei from 71.238.230.5 port 57182', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 14:20:23,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329223.6726432, 'message': 'Dec  6 14:20:22 hqnl0246134 sshd[221192]: Failed password for root from 61.177.173.49 port 35163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 14:20:23,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329223.6727626, 'message': 'Dec  6 14:20:23 hqnl0246134 sshd[221196]: Failed password for root from 61.177.172.98 port 41538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 14:20:23,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329223.6723752, 'message': 'Dec  6 14:20:22 hqnl0246134 sshd[221209]: pam_imunify(sshd:auth): [IM360_RBL] The IP 71.238.230.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:20:23,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329223.6725254, 'message': 'Dec  6 14:20:22 hqnl0246134 sshd[221209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.238.230.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 14:20:23,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329223.6728837, 'message': 'Dec  6 14:20:23 hqnl0246134 sshd[221209]: Failed password for invalid user huawei from 71.238.230.5 port 57182 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 14:20:25,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329225.6743515, 'message': 'Dec  6 14:20:24 hqnl0246134 sshd[221209]: Disconnected from invalid user huawei 71.238.230.5 port 57182 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 14:20:25,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329225.6746118, 'message': 'Dec  6 14:20:24 hqnl0246134 sshd[221192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 14:20:25,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329225.6815825, 'message': 'Dec  6 14:20:25 hqnl0246134 sshd[221196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 14:20:27,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329227.6774282, 'message': 'Dec  6 14:20:26 hqnl0246134 sshd[221192]: Failed password for root from 61.177.173.49 port 35163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 14:20:27,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329227.6778736, 'message': 'Dec  6 14:20:27 hqnl0246134 sshd[221196]: Failed password for root from 61.177.172.98 port 41538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 14:20:27,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329227.6780024, 'message': 'Dec  6 14:20:27 hqnl0246134 sshd[221196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:20:29,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329229.6792507, 'message': 'Dec  6 14:20:29 hqnl0246134 sshd[221192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 14:20:29,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329229.6796956, 'message': 'Dec  6 14:20:29 hqnl0246134 sshd[221196]: Failed password for root from 61.177.172.98 port 41538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 14:20:31,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329231.681732, 'message': 'Dec  6 14:20:31 hqnl0246134 sshd[221192]: Failed password for root from 61.177.173.49 port 35163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 14:20:33,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329233.6829946, 'message': 'Dec  6 14:20:33 hqnl0246134 sshd[221222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 14:20:33,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329233.6890316, 'message': 'Dec  6 14:20:33 hqnl0246134 sshd[221222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 14:20:35,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329235.6852922, 'message': 'Dec  6 14:20:35 hqnl0246134 sshd[221222]: Failed password for root from 61.177.172.98 port 54337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 14:20:37,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329237.6859088, 'message': 'Dec  6 14:20:37 hqnl0246134 sshd[221222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 14:20:38,248] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:20:38,249] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:20:38,261] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:20:38,279] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0286 seconds
INFO    [2022-12-06 14:20:39,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329239.688225, 'message': 'Dec  6 14:20:37 hqnl0246134 sshd[221229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 14:20:39,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329239.6885095, 'message': 'Dec  6 14:20:39 hqnl0246134 sshd[221222]: Failed password for root from 61.177.172.98 port 54337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 14:20:39,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329239.688399, 'message': 'Dec  6 14:20:37 hqnl0246134 sshd[221229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 14:20:39,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329239.688611, 'message': 'Dec  6 14:20:39 hqnl0246134 sshd[221222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 14:20:41,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329241.6920865, 'message': 'Dec  6 14:20:39 hqnl0246134 sshd[221229]: Failed password for root from 61.177.173.49 port 41043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 14:20:41,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329241.6925106, 'message': 'Dec  6 14:20:41 hqnl0246134 sshd[221222]: Failed password for root from 61.177.172.98 port 54337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 14:20:41,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329241.6923518, 'message': 'Dec  6 14:20:40 hqnl0246134 sshd[221229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:20:43,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329243.6942651, 'message': 'Dec  6 14:20:42 hqnl0246134 sshd[221229]: Failed password for root from 61.177.173.49 port 41043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 14:20:43,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329243.694593, 'message': 'Dec  6 14:20:43 hqnl0246134 sshd[221235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 14:20:43,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329243.69448, 'message': 'Dec  6 14:20:43 hqnl0246134 sshd[221229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:20:43,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329243.6947606, 'message': 'Dec  6 14:20:43 hqnl0246134 sshd[221235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 14:20:45,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670329245.696016, 'message': 'Dec  6 14:20:44 hqnl0246134 sshd[221229]: Failed password for root from 61.177.173.49 port 41043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 14:20:45,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329245.6962109, 'message': 'Dec  6 14:20:45 hqnl0246134 sshd[221235]: Failed password for root from 61.177.172.98 port 61156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 14:20:46,352] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:20:46,353] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:20:47,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329247.699334, 'message': 'Dec  6 14:20:45 hqnl0246134 sshd[221235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 14:20:49,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329249.702038, 'message': 'Dec  6 14:20:47 hqnl0246134 sshd[221235]: Failed password for root from 61.177.172.98 port 61156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 14:20:49,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329249.7022395, 'message': 'Dec  6 14:20:48 hqnl0246134 sshd[221235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 14:20:51,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329251.7044034, 'message': 'Dec  6 14:20:50 hqnl0246134 sshd[221235]: Failed password for root from 61.177.172.98 port 61156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-06 14:20:54,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:20:54,749] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0732 seconds
INFO    [2022-12-06 14:20:55,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329255.7089155, 'message': 'Dec  6 14:20:54 hqnl0246134 sshd[221246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:20:55,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329255.7092319, 'message': 'Dec  6 14:20:54 hqnl0246134 sshd[221246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:20:57,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329257.710244, 'message': 'Dec  6 14:20:56 hqnl0246134 sshd[221246]: Failed password for root from 61.177.172.98 port 18968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:20:57,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329257.7104416, 'message': 'Dec  6 14:20:56 hqnl0246134 sshd[221246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 14:20:59,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329259.7117915, 'message': 'Dec  6 14:20:58 hqnl0246134 sshd[221246]: Failed password for root from 61.177.172.98 port 18968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 14:20:59,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329259.7120035, 'message': 'Dec  6 14:20:59 hqnl0246134 sshd[221246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 14:21:01,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670329261.7140656, 'message': 'Dec  6 14:21:01 hqnl0246134 sshd[221246]: Failed password for root from 61.177.172.98 port 18968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 14:21:17,842] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:21:17,843] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:21:17,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:21:17,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 14:21:20,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:21:20,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:21:20,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:21:20,480] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 14:21:21,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.154.248.181', 'timestamp': 1670329281.7278512, 'message': 'Dec  6 14:21:20 hqnl0246134 sshd[221268]: Invalid user admin from 36.154.248.181 port 54758', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 14:21:21,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.154.248.181', 'timestamp': 1670329281.7283614, 'message': 'Dec  6 14:21:20 hqnl0246134 sshd[221268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.154.248.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 14:21:21,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.154.248.181', 'timestamp': 1670329281.7285812, 'message': 'Dec  6 14:21:20 hqnl0246134 sshd[221268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.154.248.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 14:21:23,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.154.248.181', 'timestamp': 1670329283.7300098, 'message': 'Dec  6 14:21:23 hqnl0246134 sshd[221268]: Failed password for invalid user admin from 36.154.248.181 port 54758 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:21:25,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.154.248.181', 'timestamp': 1670329285.7325008, 'message': 'Dec  6 14:21:24 hqnl0246134 sshd[221268]: Disconnected from invalid user admin 36.154.248.181 port 54758 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 14:21:46,356] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:21:46,357] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:21:53,295] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 14:21:53,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329313.7673354, 'message': 'Dec  6 14:21:53 hqnl0246134 sshd[221297]: Invalid user user from 34.148.81.208 port 44456', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 14:21:53,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329313.7676938, 'message': 'Dec  6 14:21:53 hqnl0246134 sshd[221297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:21:53,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329313.767923, 'message': 'Dec  6 14:21:53 hqnl0246134 sshd[221297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-06 14:21:54,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:21:54,711] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-06 14:21:55,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329315.769317, 'message': 'Dec  6 14:21:54 hqnl0246134 sshd[221316]: Invalid user auxiliar from 179.61.251.73 port 56820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 14:21:55,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329315.769851, 'message': 'Dec  6 14:21:55 hqnl0246134 sshd[221297]: Failed password for invalid user user from 34.148.81.208 port 44456 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 14:21:55,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329315.769541, 'message': 'Dec  6 14:21:55 hqnl0246134 sshd[221316]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.61.251.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:21:55,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329315.7696755, 'message': 'Dec  6 14:21:55 hqnl0246134 sshd[221316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.61.251.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:21:57,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329317.7700505, 'message': 'Dec  6 14:21:57 hqnl0246134 sshd[221297]: Disconnected from invalid user user 34.148.81.208 port 44456 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 14:21:57,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329317.770398, 'message': 'Dec  6 14:21:57 hqnl0246134 sshd[221316]: Failed password for invalid user auxiliar from 179.61.251.73 port 56820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 14:21:59,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329319.7701483, 'message': 'Dec  6 14:21:59 hqnl0246134 sshd[221316]: Disconnected from invalid user auxiliar 179.61.251.73 port 56820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 14:22:00,075] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:22:00,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:22:00,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:22:00,094] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 14:22:17,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329337.7933936, 'message': 'Dec  6 14:22:17 hqnl0246134 sshd[221339]: Invalid user chen from 209.73.215.135 port 44020', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 14:22:17,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329337.7939186, 'message': 'Dec  6 14:22:17 hqnl0246134 sshd[221339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.73.215.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0662 seconds
INFO    [2022-12-06 14:22:17,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329337.7940676, 'message': 'Dec  6 14:22:17 hqnl0246134 sshd[221339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.73.215.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 14:22:19,655] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:22:19,655] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:22:19,662] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:22:19,674] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 14:22:21,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329341.797696, 'message': 'Dec  6 14:22:20 hqnl0246134 sshd[221339]: Failed password for invalid user chen from 209.73.215.135 port 44020 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 14:22:21,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.73.215.135', 'timestamp': 1670329341.8010368, 'message': 'Dec  6 14:22:21 hqnl0246134 sshd[221339]: Disconnected from invalid user chen 209.73.215.135 port 44020 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 14:22:22,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:22:22,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:22:22,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:22:22,726] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-06 14:22:39,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329359.8288002, 'message': 'Dec  6 14:22:38 hqnl0246134 sshd[221361]: Invalid user angel from 51.222.13.62 port 45456', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 14:22:39,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329359.8291507, 'message': 'Dec  6 14:22:38 hqnl0246134 sshd[221361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.222.13.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 14:22:39,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329359.8294423, 'message': 'Dec  6 14:22:38 hqnl0246134 sshd[221361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.222.13.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:22:41,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329361.8305204, 'message': 'Dec  6 14:22:40 hqnl0246134 sshd[221361]: Failed password for invalid user angel from 51.222.13.62 port 45456 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:22:41,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.222.13.62', 'timestamp': 1670329361.8307538, 'message': 'Dec  6 14:22:40 hqnl0246134 sshd[221361]: Disconnected from invalid user angel 51.222.13.62 port 45456 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 14:22:46,361] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:22:46,362] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:22:54,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:22:54,719] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-06 14:22:59,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329379.8500156, 'message': 'Dec  6 14:22:58 hqnl0246134 sshd[221375]: Invalid user guest from 20.232.30.249 port 50930', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 14:22:59,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329379.8505094, 'message': 'Dec  6 14:22:58 hqnl0246134 sshd[221375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.30.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:22:59,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329379.850787, 'message': 'Dec  6 14:22:58 hqnl0246134 sshd[221375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.30.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:22:59,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329379.8592293, 'message': 'Dec  6 14:22:59 hqnl0246134 sshd[221375]: Failed password for invalid user guest from 20.232.30.249 port 50930 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:23:01,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.30.249', 'timestamp': 1670329381.8501072, 'message': 'Dec  6 14:23:00 hqnl0246134 sshd[221375]: Disconnected from invalid user guest 20.232.30.249 port 50930 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 14:23:03,699] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:23:03,699] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:23:03,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:23:03,721] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 14:23:15,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329395.867702, 'message': 'Dec  6 14:23:14 hqnl0246134 sshd[221391]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 14:23:15,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329395.8681126, 'message': 'Dec  6 14:23:14 hqnl0246134 sshd[221391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 14:23:17,932] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:23:17,932] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:23:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:23:17,966] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
INFO    [2022-12-06 14:23:17,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329397.9348035, 'message': 'Dec  6 14:23:17 hqnl0246134 sshd[221391]: Failed password for root from 61.177.173.52 port 61546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:23:19,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329399.8699002, 'message': 'Dec  6 14:23:18 hqnl0246134 sshd[221391]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 14:23:20,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:23:20,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:23:20,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:23:20,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 14:23:21,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329401.8742507, 'message': 'Dec  6 14:23:20 hqnl0246134 sshd[221391]: Failed password for root from 61.177.173.52 port 61546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 14:23:23,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329403.873908, 'message': 'Dec  6 14:23:22 hqnl0246134 sshd[221391]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 14:23:25,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329405.8761618, 'message': 'Dec  6 14:23:24 hqnl0246134 sshd[221391]: Failed password for root from 61.177.173.52 port 61546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:23:27,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329407.8775237, 'message': 'Dec  6 14:23:26 hqnl0246134 sshd[221417]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 14:23:27,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329407.8777301, 'message': 'Dec  6 14:23:27 hqnl0246134 sshd[221417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 14:23:29,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329409.8806453, 'message': 'Dec  6 14:23:29 hqnl0246134 sshd[221417]: Failed password for root from 61.177.173.52 port 63776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:23:31,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329411.8833144, 'message': 'Dec  6 14:23:31 hqnl0246134 sshd[221417]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 14:23:33,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670329413.8865044, 'message': 'Dec  6 14:23:33 hqnl0246134 sshd[221417]: Failed password for root from 61.177.173.52 port 63776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 14:23:46,366] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:23:46,368] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:23:53,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329433.9259822, 'message': 'Dec  6 14:23:53 hqnl0246134 sshd[221431]: Invalid user user from 87.98.171.219 port 48060', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 14:23:53,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329433.926461, 'message': 'Dec  6 14:23:53 hqnl0246134 sshd[221431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.98.171.219 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:23:53,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329433.926641, 'message': 'Dec  6 14:23:53 hqnl0246134 sshd[221431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.171.219 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 14:23:54,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:23:54,745] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0496 seconds
INFO    [2022-12-06 14:23:55,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329435.9276452, 'message': 'Dec  6 14:23:55 hqnl0246134 sshd[221431]: Failed password for invalid user user from 87.98.171.219 port 48060 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 14:23:57,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.98.171.219', 'timestamp': 1670329437.929426, 'message': 'Dec  6 14:23:56 hqnl0246134 sshd[221431]: Disconnected from invalid user user 87.98.171.219 port 48060 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 14:24:05,862] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:24:05,932] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:24:05,933] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:24:05,933] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:24:05,933] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:24:05,933] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:24:05,948] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:24:05,972] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0377 seconds
WARNING [2022-12-06 14:24:05,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:24:05,986] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:24:06,007] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0431 seconds
INFO    [2022-12-06 14:24:06,009] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0402 seconds
INFO    [2022-12-06 14:24:17,973] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:24:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:24:17,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:24:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 14:24:20,640] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:24:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:24:20,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:24:20,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 14:24:36,073] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:24:36,074] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:24:36,075] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 14:24:40,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329480.0179024, 'message': 'Dec  6 14:24:39 hqnl0246134 sshd[221466]: Invalid user rp from 43.154.75.210 port 30262', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:24:40,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329480.0182781, 'message': 'Dec  6 14:24:39 hqnl0246134 sshd[221466]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.154.75.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:24:40,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329480.0184464, 'message': 'Dec  6 14:24:39 hqnl0246134 sshd[221466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.75.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:24:42,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329482.018041, 'message': 'Dec  6 14:24:41 hqnl0246134 sshd[221466]: Failed password for invalid user rp from 43.154.75.210 port 30262 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:24:44,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329484.021606, 'message': 'Dec  6 14:24:42 hqnl0246134 sshd[221466]: Disconnected from invalid user rp 43.154.75.210 port 30262 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:24:45,417] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:24:45,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:24:45,430] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:24:45,451] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-06 14:24:46,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.117.121', 'timestamp': 1670329486.0246563, 'message': 'Dec  6 14:24:44 hqnl0246134 sshd[221468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.117.121 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 14:24:46,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.219.167.66', 'timestamp': 1670329486.0250468, 'message': 'Dec  6 14:24:45 hqnl0246134 sshd[221475]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.219.167.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 14:24:46,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.117.121', 'timestamp': 1670329486.0248544, 'message': 'Dec  6 14:24:44 hqnl0246134 sshd[221468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.117.121  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 14:24:46,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.219.167.66', 'timestamp': 1670329486.0251894, 'message': 'Dec  6 14:24:45 hqnl0246134 sshd[221475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.219.167.66  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
WARNING [2022-12-06 14:24:46,374] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:24:46,375] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:24:48,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.92.117.121', 'timestamp': 1670329488.0360513, 'message': 'Dec  6 14:24:46 hqnl0246134 sshd[221468]: Failed password for root from 164.92.117.121 port 55388 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 14:24:48,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '87.219.167.66', 'timestamp': 1670329488.036526, 'message': 'Dec  6 14:24:47 hqnl0246134 sshd[221475]: Failed password for root from 87.219.167.66 port 56530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-06 14:24:54,713] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:24:54,790] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0911 seconds
INFO    [2022-12-06 14:25:17,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:25:17,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:25:17,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:25:17,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 14:25:20,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329520.0922744, 'message': 'Dec  6 14:25:18 hqnl0246134 sshd[221528]: Invalid user admin from 115.246.239.141 port 48994', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 14:25:20,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.203.149.110', 'timestamp': 1670329520.0928886, 'message': 'Dec  6 14:25:19 hqnl0246134 sshd[221523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.203.149.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 14:25:20,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329520.0925422, 'message': 'Dec  6 14:25:18 hqnl0246134 sshd[221528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.246.239.141 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 14:25:20,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.203.149.110', 'timestamp': 1670329520.0930305, 'message': 'Dec  6 14:25:19 hqnl0246134 sshd[221523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.149.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 14:25:20,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329520.0926805, 'message': 'Dec  6 14:25:18 hqnl0246134 sshd[221528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.246.239.141 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 14:25:20,568] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:25:20,569] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:25:20,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:25:20,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 14:25:22,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329522.1010115, 'message': 'Dec  6 14:25:20 hqnl0246134 sshd[221528]: Failed password for invalid user admin from 115.246.239.141 port 48994 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 14:25:22,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.203.149.110', 'timestamp': 1670329522.101241, 'message': 'Dec  6 14:25:21 hqnl0246134 sshd[221523]: Failed password for root from 20.203.149.110 port 38138 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 14:25:24,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329524.1055913, 'message': 'Dec  6 14:25:22 hqnl0246134 sshd[221528]: Disconnected from invalid user admin 115.246.239.141 port 48994 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 14:25:46,377] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:25:46,379] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:25:54,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:25:54,743] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-06 14:25:58,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329558.1533923, 'message': 'Dec  6 14:25:56 hqnl0246134 sshd[221567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-06 14:25:58,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329558.1546488, 'message': 'Dec  6 14:25:56 hqnl0246134 sshd[221567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 14:26:00,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.15.64', 'timestamp': 1670329560.1546886, 'message': 'Dec  6 14:25:58 hqnl0246134 sshd[221570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.15.64 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 14:26:00,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.148.81.208', 'timestamp': 1670329560.1553397, 'message': 'Dec  6 14:25:59 hqnl0246134 sshd[221567]: Failed password for root from 34.148.81.208 port 35096 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 14:26:00,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.15.64', 'timestamp': 1670329560.1550562, 'message': 'Dec  6 14:25:58 hqnl0246134 sshd[221570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.15.64  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 14:26:02,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.15.64', 'timestamp': 1670329562.1582367, 'message': 'Dec  6 14:26:00 hqnl0246134 sshd[221570]: Failed password for root from 43.153.15.64 port 43644 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:26:03,537] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:26:03,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:26:03,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:26:03,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 14:26:06,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:26:06,360] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:26:06,369] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:26:06,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 14:26:17,692] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:26:17,693] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:26:17,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:26:17,729] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
INFO    [2022-12-06 14:26:20,288] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:26:20,288] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:26:20,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:26:20,307] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 14:26:22,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329582.2036479, 'message': 'Dec  6 14:26:22 hqnl0246134 sshd[221609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:26:22,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329582.2038882, 'message': 'Dec  6 14:26:22 hqnl0246134 sshd[221609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 14:26:24,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329584.2055929, 'message': 'Dec  6 14:26:23 hqnl0246134 sshd[221609]: Failed password for root from 61.177.173.35 port 61454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 14:26:24,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329584.2060335, 'message': 'Dec  6 14:26:24 hqnl0246134 sshd[221609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:26:26,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329586.208778, 'message': 'Dec  6 14:26:26 hqnl0246134 sshd[221609]: Failed password for root from 61.177.173.35 port 61454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 14:26:28,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329588.211325, 'message': 'Dec  6 14:26:26 hqnl0246134 sshd[221609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:26:30,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329590.213693, 'message': 'Dec  6 14:26:28 hqnl0246134 sshd[221609]: Failed password for root from 61.177.173.35 port 61454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 14:26:32,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329592.2169974, 'message': 'Dec  6 14:26:30 hqnl0246134 sshd[221620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 14:26:32,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329592.2172048, 'message': 'Dec  6 14:26:30 hqnl0246134 sshd[221620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 14:26:32,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329592.217904, 'message': 'Dec  6 14:26:32 hqnl0246134 sshd[221620]: Failed password for root from 61.177.173.35 port 16776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 14:26:34,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329594.285342, 'message': 'Dec  6 14:26:32 hqnl0246134 sshd[221620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:26:36,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329596.222513, 'message': 'Dec  6 14:26:35 hqnl0246134 sshd[221620]: Failed password for root from 61.177.173.35 port 16776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 14:26:38,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329598.2255762, 'message': 'Dec  6 14:26:37 hqnl0246134 sshd[221620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 14:26:40,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329600.2260096, 'message': 'Dec  6 14:26:38 hqnl0246134 sshd[221620]: Failed password for root from 61.177.173.35 port 16776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 14:26:42,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329602.228721, 'message': 'Dec  6 14:26:40 hqnl0246134 sshd[221624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:26:42,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329602.228985, 'message': 'Dec  6 14:26:40 hqnl0246134 sshd[221624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:26:44,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329604.229846, 'message': 'Dec  6 14:26:42 hqnl0246134 sshd[221624]: Failed password for root from 61.177.173.35 port 49253 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 14:26:44,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329604.2300189, 'message': 'Dec  6 14:26:43 hqnl0246134 sshd[221624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 14:26:46,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329606.2305439, 'message': 'Dec  6 14:26:45 hqnl0246134 sshd[221624]: Failed password for root from 61.177.173.35 port 49253 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 14:26:46,381] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:26:46,382] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:26:48,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329608.2334442, 'message': 'Dec  6 14:26:47 hqnl0246134 sshd[221624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 14:26:50,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670329610.2336137, 'message': 'Dec  6 14:26:49 hqnl0246134 sshd[221624]: Failed password for root from 61.177.173.35 port 49253 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0391 seconds
WARNING [2022-12-06 14:26:54,715] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:26:54,738] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0320 seconds
INFO    [2022-12-06 14:26:56,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329616.2442193, 'message': 'Dec  6 14:26:54 hqnl0246134 sshd[221661]: Invalid user roman from 178.128.73.254 port 53206', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 14:26:56,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329616.244506, 'message': 'Dec  6 14:26:54 hqnl0246134 sshd[221661]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.73.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:26:56,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329616.2446454, 'message': 'Dec  6 14:26:54 hqnl0246134 sshd[221661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.73.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 14:26:58,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329618.2473083, 'message': 'Dec  6 14:26:56 hqnl0246134 sshd[221661]: Failed password for invalid user roman from 178.128.73.254 port 53206 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 14:26:58,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329618.247637, 'message': 'Dec  6 14:26:57 hqnl0246134 sshd[221661]: Disconnected from invalid user roman 178.128.73.254 port 53206 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 14:27:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:27:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:27:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:27:17,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 14:27:20,626] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:27:20,626] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:27:20,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:27:20,645] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-06 14:27:46,386] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:27:46,389] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:27:54,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:27:54,751] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-06 14:27:58,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329678.3437827, 'message': 'Dec  6 14:27:58 hqnl0246134 sshd[221719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.90.231.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:27:58,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329678.3441324, 'message': 'Dec  6 14:27:58 hqnl0246134 sshd[221719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.231.253  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 14:28:00,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670329680.3419504, 'message': 'Dec  6 14:27:59 hqnl0246134 sshd[221722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-06 14:28:00,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329680.3422894, 'message': 'Dec  6 14:28:00 hqnl0246134 sshd[221719]: Failed password for root from 164.90.231.253 port 44874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 14:28:00,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670329680.3421617, 'message': 'Dec  6 14:27:59 hqnl0246134 sshd[221722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 14:28:01,901] defence360agent.files: Updating all files
INFO    [2022-12-06 14:28:02,283] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:02,283] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 14:28:02,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.123', 'timestamp': 1670329682.363095, 'message': 'Dec  6 14:28:01 hqnl0246134 sshd[221722]: Failed password for root from 152.89.196.123 port 38014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 14:28:02,682] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:02,682] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 14:28:02,955] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:02,955] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 14:28:03,307] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:03,308] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 14:28:03,308] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 14:28:03,671] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 12:28:03 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E33FF59949DCC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 14:28:03,725] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:28:03,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 14:28:03,736] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 14:28:03,737] defence360agent.files: php-immunity files update finished (not updated)
WARNING [2022-12-06 14:28:04,481] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:28:04,777] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:04,777] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 14:28:04,859] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 1.1232 seconds
INFO    [2022-12-06 14:28:05,096] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:05,097] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 14:28:05,362] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:05,362] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 14:28:05,791] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:05,792] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 14:28:06,363] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 14:28:06,365] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 14:28:18,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:28:18,837] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:28:18,849] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:28:18,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0313 seconds
INFO    [2022-12-06 14:28:21,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:28:21,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:28:21,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:28:21,616] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 14:28:46,392] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:28:46,393] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:28:54,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329734.4239185, 'message': 'Dec  6 14:28:53 hqnl0246134 sshd[221770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.154.75.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 14:28:54,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329734.4245842, 'message': 'Dec  6 14:28:53 hqnl0246134 sshd[221770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.75.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 14:28:54,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:28:54,749] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0304 seconds
INFO    [2022-12-06 14:28:56,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329736.4283853, 'message': 'Dec  6 14:28:56 hqnl0246134 sshd[221770]: Failed password for root from 43.154.75.210 port 30586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 14:29:04,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.141.46.19', 'timestamp': 1670329744.446434, 'message': 'Dec  6 14:29:02 hqnl0246134 sshd[221788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.141.46.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 14:29:04,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329744.446782, 'message': 'Dec  6 14:29:03 hqnl0246134 sshd[221790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.73.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 14:29:04,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.141.46.19', 'timestamp': 1670329744.446621, 'message': 'Dec  6 14:29:02 hqnl0246134 sshd[221788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.46.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 14:29:04,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329744.4468987, 'message': 'Dec  6 14:29:03 hqnl0246134 sshd[221790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.73.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 14:29:06,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '209.141.46.19', 'timestamp': 1670329746.4482696, 'message': 'Dec  6 14:29:04 hqnl0246134 sshd[221788]: Failed password for root from 209.141.46.19 port 49182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 14:29:06,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329746.4484804, 'message': 'Dec  6 14:29:05 hqnl0246134 sshd[221790]: Failed password for root from 178.128.73.254 port 58622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 14:29:06,507] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:29:06,571] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:29:06,572] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:29:06,572] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:29:06,572] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:29:06,573] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:29:06,586] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:29:06,602] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0285 seconds
WARNING [2022-12-06 14:29:06,608] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:29:06,611] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:29:06,639] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0422 seconds
INFO    [2022-12-06 14:29:06,640] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0408 seconds
INFO    [2022-12-06 14:29:07,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:29:07,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:29:07,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:29:07,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 14:29:10,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '135.148.157.18', 'timestamp': 1670329750.455043, 'message': 'Dec  6 14:29:10 hqnl0246134 sshd[221798]: Invalid user user from 135.148.157.18 port 37632', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 14:29:12,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '135.148.157.18', 'timestamp': 1670329752.456832, 'message': 'Dec  6 14:29:10 hqnl0246134 sshd[221798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 135.148.157.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:29:12,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '135.148.157.18', 'timestamp': 1670329752.4571016, 'message': 'Dec  6 14:29:10 hqnl0246134 sshd[221798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.148.157.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:29:12,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '135.148.157.18', 'timestamp': 1670329752.4580038, 'message': 'Dec  6 14:29:12 hqnl0246134 sshd[221798]: Failed password for invalid user user from 135.148.157.18 port 37632 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:29:14,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '135.148.157.18', 'timestamp': 1670329754.4577305, 'message': 'Dec  6 14:29:14 hqnl0246134 sshd[221798]: Disconnected from invalid user user 135.148.157.18 port 37632 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 14:29:17,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:29:17,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:29:17,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:29:17,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 14:29:20,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:29:20,406] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:29:20,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:29:20,425] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 14:29:36,702] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:29:36,703] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:29:36,704] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-06 14:29:46,401] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:29:46,403] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:29:54,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:29:54,757] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-06 14:30:17,748] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:30:17,749] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:30:17,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:30:17,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 14:30:20,445] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:30:20,446] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:30:20,453] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:30:20,465] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 14:30:26,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329826.557735, 'message': 'Dec  6 14:30:24 hqnl0246134 sshd[221894]: Invalid user oracle from 179.61.251.73 port 44822', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 14:30:26,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329826.5581508, 'message': 'Dec  6 14:30:24 hqnl0246134 sshd[221894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.61.251.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 14:30:26,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329826.5583673, 'message': 'Dec  6 14:30:24 hqnl0246134 sshd[221894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.61.251.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 14:30:26,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329826.5584738, 'message': 'Dec  6 14:30:26 hqnl0246134 sshd[221894]: Failed password for invalid user oracle from 179.61.251.73 port 44822 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 14:30:26,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670329826.5585885, 'message': 'Dec  6 14:30:26 hqnl0246134 sshd[221894]: Disconnected from invalid user oracle 179.61.251.73 port 44822 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 14:30:29,752] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:30:29,752] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:30:29,760] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:30:29,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-06 14:30:44,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329844.5735095, 'message': 'Dec  6 14:30:42 hqnl0246134 sshd[221920]: Invalid user tool from 164.90.231.253 port 34234', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 14:30:44,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329844.575238, 'message': 'Dec  6 14:30:42 hqnl0246134 sshd[221920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.90.231.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 14:30:44,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329844.5754464, 'message': 'Dec  6 14:30:42 hqnl0246134 sshd[221920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.231.253 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:30:44,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329844.575633, 'message': 'Dec  6 14:30:44 hqnl0246134 sshd[221920]: Failed password for invalid user tool from 164.90.231.253 port 34234 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 14:30:46,408] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:30:46,409] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:30:46,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.90.231.253', 'timestamp': 1670329846.5739179, 'message': 'Dec  6 14:30:45 hqnl0246134 sshd[221920]: Disconnected from invalid user tool 164.90.231.253 port 34234 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
WARNING [2022-12-06 14:30:54,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:30:54,781] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0532 seconds
INFO    [2022-12-06 14:31:08,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329868.609271, 'message': 'Dec  6 14:31:08 hqnl0246134 sshd[221942]: Invalid user ftpuser from 178.128.73.254 port 35796', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 14:31:08,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329868.6097817, 'message': 'Dec  6 14:31:08 hqnl0246134 sshd[221942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.73.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 14:31:08,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329868.6099644, 'message': 'Dec  6 14:31:08 hqnl0246134 sshd[221942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.73.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:31:12,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329872.61276, 'message': 'Dec  6 14:31:10 hqnl0246134 sshd[221942]: Failed password for invalid user ftpuser from 178.128.73.254 port 35796 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:31:12,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.73.254', 'timestamp': 1670329872.61309, 'message': 'Dec  6 14:31:11 hqnl0246134 sshd[221942]: Disconnected from invalid user ftpuser 178.128.73.254 port 35796 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:31:16,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329876.6164093, 'message': 'Dec  6 14:31:15 hqnl0246134 sshd[221948]: Invalid user share from 71.238.230.5 port 57700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 14:31:16,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329876.6166987, 'message': 'Dec  6 14:31:15 hqnl0246134 sshd[221948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 71.238.230.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:31:16,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329876.6168485, 'message': 'Dec  6 14:31:15 hqnl0246134 sshd[221948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.238.230.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 14:31:17,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:31:17,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:31:18,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:31:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 14:31:18,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329878.6175401, 'message': 'Dec  6 14:31:18 hqnl0246134 sshd[221948]: Failed password for invalid user share from 71.238.230.5 port 57700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 14:31:20,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:31:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:31:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:31:20,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-06 14:31:20,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670329880.6357405, 'message': 'Dec  6 14:31:19 hqnl0246134 sshd[221948]: Disconnected from invalid user share 71.238.230.5 port 57700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-06 14:31:46,414] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:31:46,415] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:31:53,299] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 14:31:54,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:31:54,761] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0304 seconds
INFO    [2022-12-06 14:32:02,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329922.6878028, 'message': 'Dec  6 14:32:02 hqnl0246134 sshd[221993]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.154.75.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 14:32:02,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329922.6882706, 'message': 'Dec  6 14:32:02 hqnl0246134 sshd[221993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.75.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:32:04,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329924.6896365, 'message': 'Dec  6 14:32:04 hqnl0246134 sshd[222003]: Invalid user test from 167.172.142.20 port 33936', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:32:04,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329924.6899931, 'message': 'Dec  6 14:32:04 hqnl0246134 sshd[222003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.142.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:32:04,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329924.6901867, 'message': 'Dec  6 14:32:04 hqnl0246134 sshd[222003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.142.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 14:32:06,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.154.75.210', 'timestamp': 1670329926.6900926, 'message': 'Dec  6 14:32:05 hqnl0246134 sshd[221993]: Failed password for root from 43.154.75.210 port 30796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 14:32:06,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329926.6926303, 'message': 'Dec  6 14:32:05 hqnl0246134 sshd[222003]: Failed password for invalid user test from 167.172.142.20 port 33936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 14:32:06,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670329926.6927695, 'message': 'Dec  6 14:32:06 hqnl0246134 sshd[222003]: Disconnected from invalid user test 167.172.142.20 port 33936 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:32:09,175] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:32:09,176] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:32:09,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:32:09,195] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 14:32:17,739] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:32:17,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:32:17,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:32:17,763] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 14:32:20,513] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:32:20,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:32:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:32:20,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 14:32:24,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329944.712886, 'message': 'Dec  6 14:32:22 hqnl0246134 sshd[222021]: Invalid user iptv from 115.246.239.141 port 45674', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 14:32:24,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329944.7132704, 'message': 'Dec  6 14:32:22 hqnl0246134 sshd[222021]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.246.239.141 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 14:32:24,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329944.7134712, 'message': 'Dec  6 14:32:22 hqnl0246134 sshd[222021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.246.239.141 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 14:32:24,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329944.7136347, 'message': 'Dec  6 14:32:24 hqnl0246134 sshd[222021]: Failed password for invalid user iptv from 115.246.239.141 port 45674 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:32:26,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.239.141', 'timestamp': 1670329946.71169, 'message': 'Dec  6 14:32:25 hqnl0246134 sshd[222021]: Disconnected from invalid user iptv 115.246.239.141 port 45674 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-06 14:32:46,421] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:32:46,421] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:32:54,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:32:54,883] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1397 seconds
INFO    [2022-12-06 14:33:14,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.158.153.66', 'timestamp': 1670329994.7701318, 'message': 'Dec  6 14:33:13 hqnl0246134 sshd[222057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.158.153.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 14:33:14,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.158.153.66', 'timestamp': 1670329994.770886, 'message': 'Dec  6 14:33:13 hqnl0246134 sshd[222057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.153.66  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 14:33:16,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.158.153.66', 'timestamp': 1670329996.770017, 'message': 'Dec  6 14:33:15 hqnl0246134 sshd[222057]: Failed password for root from 51.158.153.66 port 37218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:33:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:33:17,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:33:17,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:33:17,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 14:33:18,261] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:33:18,262] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:33:18,270] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:33:18,282] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 14:33:20,457] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:33:20,458] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:33:20,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:33:20,476] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 14:33:20,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.90.231.253', 'timestamp': 1670330000.774015, 'message': 'Dec  6 14:33:19 hqnl0246134 sshd[222071]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.90.231.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 14:33:20,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.90.231.253', 'timestamp': 1670330000.7741985, 'message': 'Dec  6 14:33:19 hqnl0246134 sshd[222071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.231.253  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:33:22,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.90.231.253', 'timestamp': 1670330002.7781763, 'message': 'Dec  6 14:33:21 hqnl0246134 sshd[222071]: Failed password for root from 164.90.231.253 port 51816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 14:33:26,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330006.782324, 'message': 'Dec  6 14:33:24 hqnl0246134 sshd[222078]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.61.251.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:33:26,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330006.7826343, 'message': 'Dec  6 14:33:24 hqnl0246134 sshd[222078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.61.251.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:33:26,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330006.7828143, 'message': 'Dec  6 14:33:26 hqnl0246134 sshd[222078]: Failed password for root from 179.61.251.73 port 36018 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 14:33:46,425] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:33:46,426] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:33:46,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330026.8062866, 'message': 'Dec  6 14:33:46 hqnl0246134 sshd[222093]: Invalid user julius from 41.73.252.229 port 51544', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:33:46,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330026.8065042, 'message': 'Dec  6 14:33:46 hqnl0246134 sshd[222093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:33:46,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330026.806657, 'message': 'Dec  6 14:33:46 hqnl0246134 sshd[222093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:33:48,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330028.8096402, 'message': 'Dec  6 14:33:48 hqnl0246134 sshd[222093]: Failed password for invalid user julius from 41.73.252.229 port 51544 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:33:48,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330028.8098333, 'message': 'Dec  6 14:33:48 hqnl0246134 sshd[222093]: Disconnected from invalid user julius 41.73.252.229 port 51544 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-06 14:33:54,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:33:54,775] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 14:33:54,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330034.8194845, 'message': 'Dec  6 14:33:53 hqnl0246134 sshd[222097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 14:33:54,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330034.8198566, 'message': 'Dec  6 14:33:53 hqnl0246134 sshd[222101]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.141.46.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 14:33:54,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.82.233.183', 'timestamp': 1670330034.8201463, 'message': 'Dec  6 14:33:54 hqnl0246134 sshd[222100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.82.233.183 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 14:33:54,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330034.819678, 'message': 'Dec  6 14:33:53 hqnl0246134 sshd[222097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 14:33:54,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330034.820009, 'message': 'Dec  6 14:33:53 hqnl0246134 sshd[222101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.46.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 14:33:54,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.82.233.183', 'timestamp': 1670330034.8202684, 'message': 'Dec  6 14:33:54 hqnl0246134 sshd[222100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.233.183  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 14:33:56,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330036.821511, 'message': 'Dec  6 14:33:55 hqnl0246134 sshd[222097]: Failed password for root from 186.10.125.209 port 27105 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0658 seconds
INFO    [2022-12-06 14:33:56,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330036.822075, 'message': 'Dec  6 14:33:56 hqnl0246134 sshd[222101]: Failed password for root from 209.141.46.19 port 49708 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0660 seconds
INFO    [2022-12-06 14:33:56,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.82.233.183', 'timestamp': 1670330036.8223042, 'message': 'Dec  6 14:33:56 hqnl0246134 sshd[222100]: Failed password for root from 161.82.233.183 port 45226 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0654 seconds
INFO    [2022-12-06 14:34:08,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330048.8340418, 'message': 'Dec  6 14:34:07 hqnl0246134 sshd[222124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 71.238.230.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 14:34:08,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330048.8343635, 'message': 'Dec  6 14:34:07 hqnl0246134 sshd[222124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.238.230.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:34:10,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330050.8377213, 'message': 'Dec  6 14:34:09 hqnl0246134 sshd[222124]: Failed password for root from 71.238.230.5 port 57924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:34:18,137] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:34:18,138] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:34:18,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:34:18,169] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-06 14:34:21,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:34:21,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:34:21,050] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:34:21,065] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 14:34:38,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330078.8777947, 'message': 'Dec  6 14:34:38 hqnl0246134 sshd[222151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 14:34:38,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330078.8782177, 'message': 'Dec  6 14:34:38 hqnl0246134 sshd[222151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:34:42,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330082.877765, 'message': 'Dec  6 14:34:40 hqnl0246134 sshd[222151]: Failed password for root from 61.177.172.19 port 28305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 14:34:44,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330084.8816314, 'message': 'Dec  6 14:34:42 hqnl0246134 sshd[222151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-06 14:34:46,428] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:34:46,429] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:34:46,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330086.884464, 'message': 'Dec  6 14:34:45 hqnl0246134 sshd[222151]: Failed password for root from 61.177.172.19 port 28305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 14:34:48,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330088.887326, 'message': 'Dec  6 14:34:47 hqnl0246134 sshd[222151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 14:34:50,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330090.890405, 'message': 'Dec  6 14:34:49 hqnl0246134 sshd[222151]: Failed password for root from 61.177.172.19 port 28305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 14:34:54,177] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:34:54,178] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:34:54,185] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:34:54,197] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 14:34:54,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:34:54,787] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0377 seconds
INFO    [2022-12-06 14:34:54,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330094.895369, 'message': 'Dec  6 14:34:53 hqnl0246134 sshd[222156]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 14:34:54,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330094.8955574, 'message': 'Dec  6 14:34:53 hqnl0246134 sshd[222156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:34:56,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330096.8969772, 'message': 'Dec  6 14:34:55 hqnl0246134 sshd[222156]: Failed password for root from 61.177.172.19 port 35545 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 14:34:58,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330098.8981907, 'message': 'Dec  6 14:34:57 hqnl0246134 sshd[222169]: Invalid user dummy from 167.172.142.20 port 52236', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 14:34:58,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330098.8987615, 'message': 'Dec  6 14:34:57 hqnl0246134 sshd[222156]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 14:34:58,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330098.8984032, 'message': 'Dec  6 14:34:57 hqnl0246134 sshd[222169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.142.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 14:34:58,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330098.8985882, 'message': 'Dec  6 14:34:57 hqnl0246134 sshd[222169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.142.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 14:35:00,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330100.900376, 'message': 'Dec  6 14:34:59 hqnl0246134 sshd[222169]: Failed password for invalid user dummy from 167.172.142.20 port 52236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 14:35:00,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330100.9005532, 'message': 'Dec  6 14:35:00 hqnl0246134 sshd[222156]: Failed password for root from 61.177.172.19 port 35545 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 14:35:00,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330100.9006958, 'message': 'Dec  6 14:35:00 hqnl0246134 sshd[222169]: Disconnected from invalid user dummy 167.172.142.20 port 52236 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 14:35:02,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330102.9024773, 'message': 'Dec  6 14:35:02 hqnl0246134 sshd[222156]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 14:35:04,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330104.9050002, 'message': 'Dec  6 14:35:04 hqnl0246134 sshd[222156]: Failed password for root from 61.177.172.19 port 35545 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:35:06,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670330106.9081933, 'message': 'Dec  6 14:35:05 hqnl0246134 sshd[222190]: Invalid user ubuntu from 43.154.75.210 port 31002', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 14:35:06,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.154.75.210', 'timestamp': 1670330106.9085035, 'message': 'Dec  6 14:35:05 hqnl0246134 sshd[222190]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.154.75.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 14:35:06,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.154.75.210', 'timestamp': 1670330106.9087074, 'message': 'Dec  6 14:35:05 hqnl0246134 sshd[222190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.75.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 14:35:08,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670330108.9116297, 'message': 'Dec  6 14:35:07 hqnl0246134 sshd[222190]: Failed password for invalid user ubuntu from 43.154.75.210 port 31002 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 14:35:08,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.165.247.254', 'timestamp': 1670330108.9119542, 'message': 'Dec  6 14:35:08 hqnl0246134 sshd[222198]: Invalid user testftp from 122.165.247.254 port 50989', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 14:35:08,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.165.247.254', 'timestamp': 1670330108.9121897, 'message': 'Dec  6 14:35:08 hqnl0246134 sshd[222198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.165.247.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:35:08,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.165.247.254', 'timestamp': 1670330108.9125483, 'message': 'Dec  6 14:35:08 hqnl0246134 sshd[222198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.165.247.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:35:10,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330110.9136188, 'message': 'Dec  6 14:35:09 hqnl0246134 sshd[222192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0662 seconds
INFO    [2022-12-06 14:35:10,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.154.75.210', 'timestamp': 1670330110.9141674, 'message': 'Dec  6 14:35:10 hqnl0246134 sshd[222190]: Disconnected from invalid user ubuntu 43.154.75.210 port 31002 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0661 seconds
INFO    [2022-12-06 14:35:10,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.165.247.254', 'timestamp': 1670330110.914354, 'message': 'Dec  6 14:35:10 hqnl0246134 sshd[222198]: Failed password for invalid user testftp from 122.165.247.254 port 50989 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0653 seconds
INFO    [2022-12-06 14:35:11,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330110.9139154, 'message': 'Dec  6 14:35:09 hqnl0246134 sshd[222192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:35:12,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.165.247.254', 'timestamp': 1670330112.9154255, 'message': 'Dec  6 14:35:11 hqnl0246134 sshd[222198]: Disconnected from invalid user testftp 122.165.247.254 port 50989 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 14:35:12,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330112.9156034, 'message': 'Dec  6 14:35:11 hqnl0246134 sshd[222192]: Failed password for root from 61.177.172.19 port 35691 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 14:35:14,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330114.9179792, 'message': 'Dec  6 14:35:13 hqnl0246134 sshd[222192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 14:35:16,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330116.9215345, 'message': 'Dec  6 14:35:15 hqnl0246134 sshd[222192]: Failed password for root from 61.177.172.19 port 35691 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 14:35:16,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330116.9219344, 'message': 'Dec  6 14:35:16 hqnl0246134 sshd[222192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 14:35:17,975] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:35:17,976] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:35:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:35:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 14:35:18,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330118.92405, 'message': 'Dec  6 14:35:18 hqnl0246134 sshd[222192]: Failed password for root from 61.177.172.19 port 35691 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 14:35:20,805] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:35:20,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:35:20,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:35:20,825] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 14:35:22,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330122.928065, 'message': 'Dec  6 14:35:22 hqnl0246134 sshd[222219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 14:35:22,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330122.9284256, 'message': 'Dec  6 14:35:22 hqnl0246134 sshd[222219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:35:26,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330126.9325333, 'message': 'Dec  6 14:35:25 hqnl0246134 sshd[222219]: Failed password for root from 61.177.172.19 port 35581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 14:35:28,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330128.933613, 'message': 'Dec  6 14:35:27 hqnl0246134 sshd[222219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 14:35:30,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330130.9389286, 'message': 'Dec  6 14:35:29 hqnl0246134 sshd[222219]: Failed password for root from 61.177.172.19 port 35581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 14:35:32,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330132.9438531, 'message': 'Dec  6 14:35:31 hqnl0246134 sshd[222219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 14:35:34,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330134.945563, 'message': 'Dec  6 14:35:33 hqnl0246134 sshd[222219]: Failed password for root from 61.177.172.19 port 35581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 14:35:46,433] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:35:46,434] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:35:46,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330146.9578433, 'message': 'Dec  6 14:35:45 hqnl0246134 sshd[222235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.246.239.141 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 14:35:47,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330146.9580638, 'message': 'Dec  6 14:35:45 hqnl0246134 sshd[222235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.246.239.141  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 14:35:48,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330148.9630692, 'message': 'Dec  6 14:35:47 hqnl0246134 sshd[222235]: Failed password for root from 115.246.239.141 port 35188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-06 14:35:54,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:35:54,790] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-06 14:36:05,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330164.9827304, 'message': 'Dec  6 14:36:03 hqnl0246134 sshd[222257]: Invalid user guest from 43.153.15.64 port 45648', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:36:05,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330164.9831965, 'message': 'Dec  6 14:36:03 hqnl0246134 sshd[222257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.15.64 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:36:05,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330164.98335, 'message': 'Dec  6 14:36:03 hqnl0246134 sshd[222257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.15.64 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:36:07,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330167.1373215, 'message': 'Dec  6 14:36:05 hqnl0246134 sshd[222257]: Failed password for invalid user guest from 43.153.15.64 port 45648 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 14:36:07,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330167.1375637, 'message': 'Dec  6 14:36:06 hqnl0246134 sshd[222257]: Disconnected from invalid user guest 43.153.15.64 port 45648 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:36:09,295] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:36:09,296] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:36:09,303] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:36:09,314] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 14:36:17,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:36:17,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:36:17,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:36:17,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 14:36:20,647] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:36:20,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:36:20,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:36:20,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 14:36:29,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330189.0143924, 'message': 'Dec  6 14:36:28 hqnl0246134 sshd[222297]: Invalid user webmaster from 179.61.251.73 port 55442', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 14:36:29,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330189.014954, 'message': 'Dec  6 14:36:28 hqnl0246134 sshd[222297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.61.251.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:36:29,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330189.015122, 'message': 'Dec  6 14:36:28 hqnl0246134 sshd[222297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.61.251.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 14:36:31,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330191.0154443, 'message': 'Dec  6 14:36:29 hqnl0246134 sshd[222297]: Failed password for invalid user webmaster from 179.61.251.73 port 55442 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:36:31,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.61.251.73', 'timestamp': 1670330191.0156946, 'message': 'Dec  6 14:36:29 hqnl0246134 sshd[222297]: Disconnected from invalid user webmaster 179.61.251.73 port 55442 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:36:41,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670330201.0289364, 'message': 'Dec  6 14:36:40 hqnl0246134 sshd[222302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-06 14:36:41,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330201.0295, 'message': 'Dec  6 14:36:40 hqnl0246134 sshd[222304]: Invalid user oracle from 209.141.46.19 port 56010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 14:36:41,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670330201.029348, 'message': 'Dec  6 14:36:40 hqnl0246134 sshd[222302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 14:36:41,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330201.029757, 'message': 'Dec  6 14:36:41 hqnl0246134 sshd[222304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.141.46.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 14:36:41,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330201.0299222, 'message': 'Dec  6 14:36:41 hqnl0246134 sshd[222304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.46.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:36:43,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670330203.0302658, 'message': 'Dec  6 14:36:42 hqnl0246134 sshd[222302]: Failed password for root from 61.177.173.52 port 39043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 14:36:43,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330203.0304992, 'message': 'Dec  6 14:36:42 hqnl0246134 sshd[222304]: Failed password for invalid user oracle from 209.141.46.19 port 56010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-06 14:36:43,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670330203.030803, 'message': 'Dec  6 14:36:42 hqnl0246134 sshd[222302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 14:36:43,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330203.030654, 'message': 'Dec  6 14:36:42 hqnl0246134 sshd[222304]: Disconnected from invalid user oracle 209.141.46.19 port 56010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
WARNING [2022-12-06 14:36:46,437] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:36:46,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:36:47,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670330207.035358, 'message': 'Dec  6 14:36:45 hqnl0246134 sshd[222302]: Failed password for root from 61.177.173.52 port 39043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:36:50,503] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:36:50,571] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:36:50,572] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:36:50,572] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:36:50,572] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:36:50,572] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:36:50,582] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:36:50,600] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0276 seconds
WARNING [2022-12-06 14:36:50,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:36:50,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:36:50,634] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0384 seconds
INFO    [2022-12-06 14:36:50,635] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0369 seconds
INFO    [2022-12-06 14:36:53,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330213.0445685, 'message': 'Dec  6 14:36:52 hqnl0246134 sshd[222307]: Invalid user jiayu from 164.92.117.121 port 56006', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 14:36:53,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330213.0449796, 'message': 'Dec  6 14:36:52 hqnl0246134 sshd[222307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.117.121 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:36:53,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330213.045122, 'message': 'Dec  6 14:36:52 hqnl0246134 sshd[222307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.117.121 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 14:36:54,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:36:54,789] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0320 seconds
INFO    [2022-12-06 14:36:55,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330215.0485303, 'message': 'Dec  6 14:36:53 hqnl0246134 sshd[222307]: Failed password for invalid user jiayu from 164.92.117.121 port 56006 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 14:36:55,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330215.0489962, 'message': 'Dec  6 14:36:54 hqnl0246134 sshd[222317]: Invalid user testuser1 from 71.238.230.5 port 58148', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 14:36:55,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330215.0487351, 'message': 'Dec  6 14:36:54 hqnl0246134 sshd[222307]: Disconnected from invalid user jiayu 164.92.117.121 port 56006 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 14:36:55,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330215.0494137, 'message': 'Dec  6 14:36:54 hqnl0246134 sshd[222317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 71.238.230.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 14:36:55,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330215.0499249, 'message': 'Dec  6 14:36:54 hqnl0246134 sshd[222317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.238.230.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:36:57,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330217.0516486, 'message': 'Dec  6 14:36:56 hqnl0246134 sshd[222317]: Failed password for invalid user testuser1 from 71.238.230.5 port 58148 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 14:36:59,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '71.238.230.5', 'timestamp': 1670330219.05368, 'message': 'Dec  6 14:36:58 hqnl0246134 sshd[222317]: Disconnected from invalid user testuser1 71.238.230.5 port 58148 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 14:37:17,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:37:17,749] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:37:17,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:37:17,768] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 14:37:20,561] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:37:20,562] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:37:20,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:37:20,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 14:37:21,984] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:37:21,984] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:37:21,985] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 14:37:25,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330245.0862794, 'message': 'Dec  6 14:37:24 hqnl0246134 sshd[222353]: Invalid user aaa from 186.10.125.209 port 25939', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:37:25,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330245.0865383, 'message': 'Dec  6 14:37:24 hqnl0246134 sshd[222353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:37:25,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330245.086819, 'message': 'Dec  6 14:37:24 hqnl0246134 sshd[222353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:37:27,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330247.0869672, 'message': 'Dec  6 14:37:26 hqnl0246134 sshd[222353]: Failed password for invalid user aaa from 186.10.125.209 port 25939 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 14:37:29,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330249.0901859, 'message': 'Dec  6 14:37:28 hqnl0246134 sshd[222353]: Disconnected from invalid user aaa 186.10.125.209 port 25939 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 14:37:29,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330249.0904098, 'message': 'Dec  6 14:37:28 hqnl0246134 sshd[222363]: Invalid user leonardo from 41.73.252.229 port 40716', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 14:37:29,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330249.090602, 'message': 'Dec  6 14:37:28 hqnl0246134 sshd[222363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:37:29,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330249.0907605, 'message': 'Dec  6 14:37:28 hqnl0246134 sshd[222363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 14:37:31,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330251.0975997, 'message': 'Dec  6 14:37:30 hqnl0246134 sshd[222363]: Failed password for invalid user leonardo from 41.73.252.229 port 40716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 14:37:33,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330253.09776, 'message': 'Dec  6 14:37:32 hqnl0246134 sshd[222363]: Disconnected from invalid user leonardo 41.73.252.229 port 40716 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 14:37:34,671] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:37:34,671] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:37:34,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:37:34,692] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 14:37:45,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330265.1248007, 'message': 'Dec  6 14:37:43 hqnl0246134 sshd[222374]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.36.14.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 14:37:45,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330265.1256015, 'message': 'Dec  6 14:37:43 hqnl0246134 sshd[222374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.36.14.101  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 14:37:46,443] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:37:46,444] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:37:47,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330267.1227937, 'message': 'Dec  6 14:37:45 hqnl0246134 sshd[222374]: Failed password for root from 177.36.14.101 port 56269 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 14:37:47,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330267.1230543, 'message': 'Dec  6 14:37:47 hqnl0246134 sshd[222379]: Invalid user solr from 167.172.142.20 port 42286', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 14:37:47,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330267.123195, 'message': 'Dec  6 14:37:47 hqnl0246134 sshd[222379]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.142.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:37:47,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330267.123434, 'message': 'Dec  6 14:37:47 hqnl0246134 sshd[222379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.142.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:37:49,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330269.1246629, 'message': 'Dec  6 14:37:48 hqnl0246134 sshd[222379]: Failed password for invalid user solr from 167.172.142.20 port 42286 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 14:37:51,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.142.20', 'timestamp': 1670330271.1260045, 'message': 'Dec  6 14:37:49 hqnl0246134 sshd[222379]: Disconnected from invalid user solr 167.172.142.20 port 42286 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 14:37:54,767] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:37:54,798] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0392 seconds
INFO    [2022-12-06 14:38:11,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330291.1638436, 'message': 'Dec  6 14:38:09 hqnl0246134 sshd[222406]: Invalid user pc from 87.219.167.66 port 42154', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 14:38:11,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330291.1642275, 'message': 'Dec  6 14:38:10 hqnl0246134 sshd[222406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.219.167.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:38:11,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330291.1644266, 'message': 'Dec  6 14:38:10 hqnl0246134 sshd[222406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.219.167.66 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:38:13,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330293.1682692, 'message': 'Dec  6 14:38:11 hqnl0246134 sshd[222406]: Failed password for invalid user pc from 87.219.167.66 port 42154 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:38:15,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330295.1729128, 'message': 'Dec  6 14:38:13 hqnl0246134 sshd[222406]: Disconnected from invalid user pc 87.219.167.66 port 42154 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 14:38:17,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:38:17,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:38:17,963] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:38:17,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-06 14:38:20,931] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:38:20,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:38:20,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:38:20,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 14:38:29,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330309.1977258, 'message': 'Dec  6 14:38:28 hqnl0246134 sshd[222431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 14:38:29,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330309.198687, 'message': 'Dec  6 14:38:28 hqnl0246134 sshd[222431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 14:38:31,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330311.1987512, 'message': 'Dec  6 14:38:30 hqnl0246134 sshd[222431]: Failed password for root from 61.177.173.35 port 10122 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 14:38:33,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330313.205696, 'message': 'Dec  6 14:38:32 hqnl0246134 sshd[222431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 14:38:35,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330315.2106366, 'message': 'Dec  6 14:38:34 hqnl0246134 sshd[222431]: Failed password for root from 61.177.173.35 port 10122 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:38:35,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330315.2109108, 'message': 'Dec  6 14:38:34 hqnl0246134 sshd[222431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:38:37,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.154.248.181', 'timestamp': 1670330317.214608, 'message': 'Dec  6 14:38:35 hqnl0246134 sshd[222433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.154.248.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 14:38:37,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330317.2150943, 'message': 'Dec  6 14:38:36 hqnl0246134 sshd[222431]: Failed password for root from 61.177.173.35 port 10122 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 14:38:37,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.154.248.181', 'timestamp': 1670330317.214945, 'message': 'Dec  6 14:38:35 hqnl0246134 sshd[222433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.154.248.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:38:37,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.154.248.181', 'timestamp': 1670330317.2152448, 'message': 'Dec  6 14:38:36 hqnl0246134 sshd[222433]: Failed password for root from 36.154.248.181 port 48242 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:38:41,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330321.2196813, 'message': 'Dec  6 14:38:40 hqnl0246134 sshd[222436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 14:38:41,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330321.220095, 'message': 'Dec  6 14:38:40 hqnl0246134 sshd[222436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 14:38:43,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330323.2216067, 'message': 'Dec  6 14:38:41 hqnl0246134 sshd[222436]: Failed password for root from 61.177.173.35 port 32721 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 14:38:43,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330323.221935, 'message': 'Dec  6 14:38:42 hqnl0246134 sshd[222436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 14:38:45,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330325.224141, 'message': 'Dec  6 14:38:44 hqnl0246134 sshd[222436]: Failed password for root from 61.177.173.35 port 32721 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 14:38:45,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330325.2244453, 'message': 'Dec  6 14:38:44 hqnl0246134 sshd[222436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 14:38:46,447] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:38:46,449] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:38:47,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330327.2257185, 'message': 'Dec  6 14:38:47 hqnl0246134 sshd[222436]: Failed password for root from 61.177.173.35 port 32721 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 14:38:51,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330331.2307227, 'message': 'Dec  6 14:38:50 hqnl0246134 sshd[222444]: Invalid user VM from 43.153.15.64 port 53072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 14:38:51,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330331.231173, 'message': 'Dec  6 14:38:50 hqnl0246134 sshd[222442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 14:38:51,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330331.230909, 'message': 'Dec  6 14:38:50 hqnl0246134 sshd[222444]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.15.64 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-06 14:38:51,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330331.2312906, 'message': 'Dec  6 14:38:50 hqnl0246134 sshd[222442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-06 14:38:51,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330331.2310212, 'message': 'Dec  6 14:38:50 hqnl0246134 sshd[222444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.15.64 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:38:51,936] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:38:51,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:38:51,944] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:38:51,956] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 14:38:53,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330333.2316887, 'message': 'Dec  6 14:38:52 hqnl0246134 sshd[222444]: Failed password for invalid user VM from 43.153.15.64 port 53072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 14:38:53,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330333.231936, 'message': 'Dec  6 14:38:52 hqnl0246134 sshd[222442]: Failed password for root from 61.177.173.35 port 14133 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 14:38:53,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330333.2320495, 'message': 'Dec  6 14:38:53 hqnl0246134 sshd[222442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 14:38:54,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:38:54,802] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0388 seconds
INFO    [2022-12-06 14:38:55,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330335.2368128, 'message': 'Dec  6 14:38:54 hqnl0246134 sshd[222444]: Disconnected from invalid user VM 43.153.15.64 port 53072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 14:38:55,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330335.2370012, 'message': 'Dec  6 14:38:54 hqnl0246134 sshd[222449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.246.239.141 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 14:38:55,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330335.2372217, 'message': 'Dec  6 14:38:54 hqnl0246134 sshd[222442]: Failed password for root from 61.177.173.35 port 14133 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 14:38:55,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330335.2371168, 'message': 'Dec  6 14:38:54 hqnl0246134 sshd[222449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.246.239.141  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 14:38:57,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330337.2413135, 'message': 'Dec  6 14:38:55 hqnl0246134 sshd[222442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 14:38:57,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.246.239.141', 'timestamp': 1670330337.2417746, 'message': 'Dec  6 14:38:56 hqnl0246134 sshd[222449]: Failed password for root from 115.246.239.141 port 52940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 14:38:57,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670330337.2419674, 'message': 'Dec  6 14:38:57 hqnl0246134 sshd[222442]: Failed password for root from 61.177.173.35 port 14133 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:39:18,082] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:39:18,082] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:39:18,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:39:18,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 14:39:20,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:39:20,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:39:20,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:39:20,834] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 14:39:21,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330361.2691023, 'message': 'Dec  6 14:39:21 hqnl0246134 sshd[222604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 209.141.46.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 14:39:21,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330361.269505, 'message': 'Dec  6 14:39:21 hqnl0246134 sshd[222604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.46.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 14:39:23,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '209.141.46.19', 'timestamp': 1670330363.2699678, 'message': 'Dec  6 14:39:23 hqnl0246134 sshd[222604]: Failed password for root from 209.141.46.19 port 34076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 14:39:41,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330381.290973, 'message': 'Dec  6 14:39:41 hqnl0246134 sshd[222617]: Invalid user scan from 164.92.117.121 port 56212', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 14:39:41,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330381.291521, 'message': 'Dec  6 14:39:41 hqnl0246134 sshd[222617]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.117.121 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:39:41,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330381.2916603, 'message': 'Dec  6 14:39:41 hqnl0246134 sshd[222617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.117.121 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:39:43,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330383.2927866, 'message': 'Dec  6 14:39:42 hqnl0246134 sshd[222617]: Failed password for invalid user scan from 164.92.117.121 port 56212 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 14:39:43,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330383.2930686, 'message': 'Dec  6 14:39:42 hqnl0246134 sshd[222617]: Disconnected from invalid user scan 164.92.117.121 port 56212 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 14:39:46,452] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:39:46,453] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:39:54,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:39:54,806] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 14:40:13,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330413.333171, 'message': 'Dec  6 14:40:12 hqnl0246134 sshd[222662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.219.167.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 14:40:13,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330413.3335404, 'message': 'Dec  6 14:40:12 hqnl0246134 sshd[222662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.219.167.66  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:40:15,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330415.3351736, 'message': 'Dec  6 14:40:13 hqnl0246134 sshd[222662]: Failed password for root from 87.219.167.66 port 35680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:40:16,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:40:16,906] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:40:16,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:40:16,931] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0239 seconds
INFO    [2022-12-06 14:40:17,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:40:17,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:40:17,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:40:17,911] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0262 seconds
INFO    [2022-12-06 14:40:20,601] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:40:20,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:40:20,608] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:40:20,619] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 14:40:41,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330441.373669, 'message': 'Dec  6 14:40:40 hqnl0246134 sshd[222697]: Invalid user nexus from 186.10.125.209 port 5054', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 14:40:41,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330441.3742495, 'message': 'Dec  6 14:40:40 hqnl0246134 sshd[222697]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:40:41,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330441.3744016, 'message': 'Dec  6 14:40:40 hqnl0246134 sshd[222697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 14:40:43,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330443.3753915, 'message': 'Dec  6 14:40:42 hqnl0246134 sshd[222697]: Failed password for invalid user nexus from 186.10.125.209 port 5054 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 14:40:45,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330445.3793483, 'message': 'Dec  6 14:40:44 hqnl0246134 sshd[222697]: Disconnected from invalid user nexus 186.10.125.209 port 5054 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
WARNING [2022-12-06 14:40:46,458] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:40:46,459] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:40:54,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:40:54,817] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 14:41:13,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330473.4061465, 'message': 'Dec  6 14:41:12 hqnl0246134 sshd[222721]: Invalid user albert123 from 41.73.252.229 port 58116', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 14:41:13,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330473.40647, 'message': 'Dec  6 14:41:12 hqnl0246134 sshd[222721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 14:41:13,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330473.4066193, 'message': 'Dec  6 14:41:12 hqnl0246134 sshd[222721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 14:41:15,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330475.4058838, 'message': 'Dec  6 14:41:14 hqnl0246134 sshd[222721]: Failed password for invalid user albert123 from 41.73.252.229 port 58116 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:41:17,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670330477.4091675, 'message': 'Dec  6 14:41:16 hqnl0246134 sshd[222721]: Disconnected from invalid user albert123 41.73.252.229 port 58116 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:41:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:41:18,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:41:18,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:41:18,052] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 14:41:20,428] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:41:20,493] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:41:20,494] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:41:20,494] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:41:20,495] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:41:20,495] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:41:20,505] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:41:20,521] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0259 seconds
WARNING [2022-12-06 14:41:20,528] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:41:20,531] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:41:20,562] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0468 seconds
INFO    [2022-12-06 14:41:20,564] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0456 seconds
INFO    [2022-12-06 14:41:20,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:41:20,743] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:41:20,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:41:20,766] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 14:41:21,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330481.4149892, 'message': 'Dec  6 14:41:20 hqnl0246134 sshd[222731]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 14:41:21,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330481.4152598, 'message': 'Dec  6 14:41:20 hqnl0246134 sshd[222731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:41:23,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330483.418355, 'message': 'Dec  6 14:41:22 hqnl0246134 sshd[222731]: Failed password for root from 61.177.173.46 port 12903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 14:41:25,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330485.4224482, 'message': 'Dec  6 14:41:24 hqnl0246134 sshd[222731]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 14:41:27,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330487.4242752, 'message': 'Dec  6 14:41:27 hqnl0246134 sshd[222731]: Failed password for root from 61.177.173.46 port 12903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:41:29,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330489.4259598, 'message': 'Dec  6 14:41:29 hqnl0246134 sshd[222731]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 14:41:33,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330493.430981, 'message': 'Dec  6 14:41:31 hqnl0246134 sshd[222731]: Failed password for root from 61.177.173.46 port 12903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 14:41:41,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330501.4446692, 'message': 'Dec  6 14:41:39 hqnl0246134 sshd[222748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 14:41:41,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330501.4458058, 'message': 'Dec  6 14:41:39 hqnl0246134 sshd[222750]: Invalid user git from 43.153.15.64 port 56298', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 14:41:41,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330501.4456103, 'message': 'Dec  6 14:41:39 hqnl0246134 sshd[222748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 14:41:41,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330501.4459455, 'message': 'Dec  6 14:41:39 hqnl0246134 sshd[222750]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.15.64 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 14:41:41,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330501.4460733, 'message': 'Dec  6 14:41:39 hqnl0246134 sshd[222750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.15.64 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 14:41:43,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330503.4466722, 'message': 'Dec  6 14:41:41 hqnl0246134 sshd[222748]: Failed password for root from 61.177.173.46 port 17255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:41:43,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330503.446898, 'message': 'Dec  6 14:41:41 hqnl0246134 sshd[222750]: Failed password for invalid user git from 43.153.15.64 port 56298 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 14:41:45,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.15.64', 'timestamp': 1670330505.4497519, 'message': 'Dec  6 14:41:43 hqnl0246134 sshd[222750]: Disconnected from invalid user git 43.153.15.64 port 56298 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 14:41:45,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330505.4501135, 'message': 'Dec  6 14:41:44 hqnl0246134 sshd[222748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
WARNING [2022-12-06 14:41:46,464] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:41:46,465] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:41:47,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330507.4510565, 'message': 'Dec  6 14:41:46 hqnl0246134 sshd[222748]: Failed password for root from 61.177.173.46 port 17255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 14:41:47,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330507.4515047, 'message': 'Dec  6 14:41:46 hqnl0246134 sshd[222748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 14:41:49,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670330509.4526255, 'message': 'Dec  6 14:41:49 hqnl0246134 sshd[222748]: Failed password for root from 61.177.173.46 port 17255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 14:41:50,628] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:41:50,629] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:41:50,630] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 14:41:53,301] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 14:41:54,496] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:41:54,496] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:41:54,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:41:54,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
WARNING [2022-12-06 14:41:54,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:41:54,815] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-06 14:42:09,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330529.4749587, 'message': 'Dec  6 14:42:09 hqnl0246134 sshd[222788]: Invalid user ftptest from 87.219.167.66 port 51318', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 14:42:09,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330529.4753273, 'message': 'Dec  6 14:42:09 hqnl0246134 sshd[222788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.219.167.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:42:09,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330529.4760118, 'message': 'Dec  6 14:42:09 hqnl0246134 sshd[222788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.219.167.66 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 14:42:13,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330533.4779112, 'message': 'Dec  6 14:42:11 hqnl0246134 sshd[222788]: Failed password for invalid user ftptest from 87.219.167.66 port 51318 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:42:13,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.219.167.66', 'timestamp': 1670330533.4781363, 'message': 'Dec  6 14:42:12 hqnl0246134 sshd[222788]: Disconnected from invalid user ftptest 87.219.167.66 port 51318 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 14:42:20,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:42:20,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:42:20,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:42:20,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0604 seconds
INFO    [2022-12-06 14:42:23,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:42:23,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:42:23,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:42:23,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 14:42:33,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330553.5075624, 'message': 'Dec  6 14:42:31 hqnl0246134 sshd[222821]: Invalid user angie from 164.92.117.121 port 56424', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 14:42:33,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330553.5084398, 'message': 'Dec  6 14:42:31 hqnl0246134 sshd[222821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.117.121 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 14:42:33,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330553.50872, 'message': 'Dec  6 14:42:31 hqnl0246134 sshd[222821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.117.121 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 14:42:33,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330553.5089867, 'message': 'Dec  6 14:42:33 hqnl0246134 sshd[222821]: Failed password for invalid user angie from 164.92.117.121 port 56424 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 14:42:35,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.117.121', 'timestamp': 1670330555.5067866, 'message': 'Dec  6 14:42:33 hqnl0246134 sshd[222821]: Disconnected from invalid user angie 164.92.117.121 port 56424 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 14:42:46,470] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:42:46,471] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:42:54,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:42:54,820] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-06 14:43:17,939] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:43:17,940] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:43:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:43:17,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 14:43:20,534] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:43:20,535] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:43:20,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:43:20,569] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
WARNING [2022-12-06 14:43:46,477] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:43:46,479] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:43:59,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330639.5978355, 'message': 'Dec  6 14:43:58 hqnl0246134 sshd[222883]: Invalid user admin from 186.10.125.209 port 23282', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0625 seconds
INFO    [2022-12-06 14:43:59,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330639.5985925, 'message': 'Dec  6 14:43:58 hqnl0246134 sshd[222883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 14:43:59,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330639.598797, 'message': 'Dec  6 14:43:58 hqnl0246134 sshd[222883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 14:44:01,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330641.6004083, 'message': 'Dec  6 14:44:00 hqnl0246134 sshd[222883]: Failed password for invalid user admin from 186.10.125.209 port 23282 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 14:44:03,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670330643.6018205, 'message': 'Dec  6 14:44:02 hqnl0246134 sshd[222883]: Disconnected from invalid user admin 186.10.125.209 port 23282 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:44:05,377] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:44:05,377] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:44:05,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:44:05,400] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 14:44:17,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:44:17,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:44:17,828] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:44:17,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 14:44:20,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:44:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:44:20,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:44:20,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 14:44:23,957] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:44:24,027] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:44:24,027] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:44:24,028] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:44:24,028] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:44:24,029] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:44:24,043] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:44:24,059] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0301 seconds
WARNING [2022-12-06 14:44:24,066] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:44:24,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:44:24,086] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0323 seconds
INFO    [2022-12-06 14:44:24,088] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0303 seconds
WARNING [2022-12-06 14:44:46,482] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:44:46,483] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:44:54,154] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:44:54,155] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:44:54,156] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 14:44:54,809] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:44:54,855] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0591 seconds
INFO    [2022-12-06 14:45:17,732] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:45:17,733] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:45:17,740] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:45:17,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 14:45:20,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:45:20,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:45:20,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:45:20,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 14:45:43,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330743.7199018, 'message': 'Dec  6 14:45:43 hqnl0246134 sshd[223009]: Invalid user mythtv from 177.36.14.101 port 58299', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 14:45:43,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330743.7207992, 'message': 'Dec  6 14:45:43 hqnl0246134 sshd[223009]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.36.14.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 14:45:43,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330743.7210522, 'message': 'Dec  6 14:45:43 hqnl0246134 sshd[223009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.36.14.101 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:45:45,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330745.7211983, 'message': 'Dec  6 14:45:45 hqnl0246134 sshd[223009]: Failed password for invalid user mythtv from 177.36.14.101 port 58299 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 14:45:46,488] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:45:46,489] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:45:47,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.36.14.101', 'timestamp': 1670330747.7245314, 'message': 'Dec  6 14:45:47 hqnl0246134 sshd[223009]: Disconnected from invalid user mythtv 177.36.14.101 port 58299 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
WARNING [2022-12-06 14:45:54,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:45:54,831] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0290 seconds
INFO    [2022-12-06 14:46:17,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:46:17,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:46:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:46:17,956] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0311 seconds
INFO    [2022-12-06 14:46:20,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:46:20,776] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:46:20,785] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:46:20,797] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 14:46:37,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670330797.7749705, 'message': 'Dec  6 14:46:36 hqnl0246134 sshd[223061]: Invalid user tester from 159.203.182.218 port 59838', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 14:46:37,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.203.182.218', 'timestamp': 1670330797.7756152, 'message': 'Dec  6 14:46:36 hqnl0246134 sshd[223061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.203.182.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:46:37,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.203.182.218', 'timestamp': 1670330797.7758813, 'message': 'Dec  6 14:46:36 hqnl0246134 sshd[223061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.182.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:46:40,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670330799.7762637, 'message': 'Dec  6 14:46:38 hqnl0246134 sshd[223061]: Failed password for invalid user tester from 159.203.182.218 port 59838 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2345 seconds
INFO    [2022-12-06 14:46:40,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670330799.7766364, 'message': 'Dec  6 14:46:39 hqnl0246134 sshd[223061]: Disconnected from invalid user tester 159.203.182.218 port 59838 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 14:46:46,493] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:46:46,494] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:46:54,816] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:46:54,839] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 14:47:13,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670330833.818592, 'message': 'Dec  6 14:47:13 hqnl0246134 sshd[223091]: Invalid user st from 43.153.81.96 port 48612', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:47:13,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670330833.818962, 'message': 'Dec  6 14:47:13 hqnl0246134 sshd[223091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:47:13,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670330833.8191018, 'message': 'Dec  6 14:47:13 hqnl0246134 sshd[223091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 14:47:17,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670330837.8201623, 'message': 'Dec  6 14:47:16 hqnl0246134 sshd[223091]: Failed password for invalid user st from 43.153.81.96 port 48612 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 14:47:17,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670330837.8204944, 'message': 'Dec  6 14:47:16 hqnl0246134 sshd[223091]: Disconnected from invalid user st 43.153.81.96 port 48612 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:47:18,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:47:18,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:47:18,444] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:47:18,456] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 14:47:19,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:47:19,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:47:19,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:47:20,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 14:47:21,452] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:47:21,452] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:47:21,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:47:21,487] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0341 seconds
WARNING [2022-12-06 14:47:46,499] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:47:46,500] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:47:54,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:47:54,852] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0419 seconds
INFO    [2022-12-06 14:48:18,310] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:48:18,311] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:48:18,320] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:48:18,332] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 14:48:21,063] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:48:21,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:48:21,071] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:48:21,082] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 14:48:46,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.203.149.110', 'timestamp': 1670330925.9844348, 'message': 'Dec  6 14:48:44 hqnl0246134 sshd[223170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.203.149.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:48:46,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.203.149.110', 'timestamp': 1670330925.9847107, 'message': 'Dec  6 14:48:44 hqnl0246134 sshd[223170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.149.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 14:48:46,504] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:48:46,505] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:48:48,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.203.149.110', 'timestamp': 1670330927.9865954, 'message': 'Dec  6 14:48:46 hqnl0246134 sshd[223170]: Failed password for root from 20.203.149.110 port 34082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 14:48:54,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:48:54,842] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0254 seconds
INFO    [2022-12-06 14:49:00,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330940.0010552, 'message': 'Dec  6 14:48:58 hqnl0246134 sshd[223179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 14:49:00,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330940.0015726, 'message': 'Dec  6 14:48:58 hqnl0246134 sshd[223179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 14:49:02,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330942.0042217, 'message': 'Dec  6 14:49:01 hqnl0246134 sshd[223179]: Failed password for root from 61.177.172.19 port 22636 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 14:49:04,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330944.0071986, 'message': 'Dec  6 14:49:03 hqnl0246134 sshd[223179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 14:49:04,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670330944.0075605, 'message': 'Dec  6 14:49:03 hqnl0246134 sshd[223197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 14:49:04,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670330944.0078397, 'message': 'Dec  6 14:49:03 hqnl0246134 sshd[223197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:49:06,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330946.0085928, 'message': 'Dec  6 14:49:05 hqnl0246134 sshd[223179]: Failed password for root from 61.177.172.19 port 22636 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 14:49:06,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.128.169.130', 'timestamp': 1670330946.008997, 'message': 'Dec  6 14:49:05 hqnl0246134 sshd[223197]: Failed password for root from 190.128.169.130 port 40628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 14:49:08,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330948.0099146, 'message': 'Dec  6 14:49:07 hqnl0246134 sshd[223179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 14:49:10,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330950.0126815, 'message': 'Dec  6 14:49:09 hqnl0246134 sshd[223179]: Failed password for root from 61.177.172.19 port 22636 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 14:49:12,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330952.0163934, 'message': 'Dec  6 14:49:11 hqnl0246134 sshd[223201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 14:49:12,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330952.0166545, 'message': 'Dec  6 14:49:11 hqnl0246134 sshd[223201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:49:16,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330956.0177228, 'message': 'Dec  6 14:49:14 hqnl0246134 sshd[223201]: Failed password for root from 61.177.172.19 port 56469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 14:49:18,051] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:49:18,052] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:49:18,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:49:18,085] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0320 seconds
INFO    [2022-12-06 14:49:18,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330958.0537455, 'message': 'Dec  6 14:49:16 hqnl0246134 sshd[223201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 14:49:20,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330960.0270925, 'message': 'Dec  6 14:49:18 hqnl0246134 sshd[223201]: Failed password for root from 61.177.172.19 port 56469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 14:49:20,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330960.0272896, 'message': 'Dec  6 14:49:18 hqnl0246134 sshd[223201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:49:20,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:49:20,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:49:20,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:49:20,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 14:49:22,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330962.0427577, 'message': 'Dec  6 14:49:20 hqnl0246134 sshd[223201]: Failed password for root from 61.177.172.19 port 56469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 14:49:24,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330964.0453165, 'message': 'Dec  6 14:49:23 hqnl0246134 sshd[223214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:49:24,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330964.0454905, 'message': 'Dec  6 14:49:23 hqnl0246134 sshd[223214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 14:49:26,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330966.0513873, 'message': 'Dec  6 14:49:25 hqnl0246134 sshd[223214]: Failed password for root from 61.177.172.19 port 18033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:49:28,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330968.0539887, 'message': 'Dec  6 14:49:27 hqnl0246134 sshd[223214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 14:49:28,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670330968.0542076, 'message': 'Dec  6 14:49:27 hqnl0246134 sshd[223217]: Invalid user st from 20.6.106.29 port 57790', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 14:49:28,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.6.106.29', 'timestamp': 1670330968.054347, 'message': 'Dec  6 14:49:27 hqnl0246134 sshd[223217]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.6.106.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 14:49:28,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.6.106.29', 'timestamp': 1670330968.054479, 'message': 'Dec  6 14:49:27 hqnl0246134 sshd[223217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.6.106.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 14:49:30,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330970.0578976, 'message': 'Dec  6 14:49:29 hqnl0246134 sshd[223214]: Failed password for root from 61.177.172.19 port 18033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 14:49:30,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670330970.058407, 'message': 'Dec  6 14:49:29 hqnl0246134 sshd[223217]: Failed password for invalid user st from 20.6.106.29 port 57790 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 14:49:32,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330972.0618792, 'message': 'Dec  6 14:49:30 hqnl0246134 sshd[223214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 14:49:32,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670330972.0620832, 'message': 'Dec  6 14:49:31 hqnl0246134 sshd[223217]: Disconnected from invalid user st 20.6.106.29 port 57790 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 14:49:34,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330974.0652926, 'message': 'Dec  6 14:49:32 hqnl0246134 sshd[223214]: Failed password for root from 61.177.172.19 port 18033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:49:38,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330978.0680382, 'message': 'Dec  6 14:49:36 hqnl0246134 sshd[223233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 14:49:38,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330978.0682852, 'message': 'Dec  6 14:49:36 hqnl0246134 sshd[223233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 14:49:40,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330980.0726633, 'message': 'Dec  6 14:49:38 hqnl0246134 sshd[223233]: Failed password for root from 61.177.172.19 port 62300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:49:40,992] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:49:41,058] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:49:41,059] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:49:41,059] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:49:41,059] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:49:41,060] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:49:41,071] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:49:41,088] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0280 seconds
WARNING [2022-12-06 14:49:41,095] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:49:41,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:49:41,115] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-06 14:49:41,116] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0306 seconds
INFO    [2022-12-06 14:49:42,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330982.0768473, 'message': 'Dec  6 14:49:40 hqnl0246134 sshd[223233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 14:49:42,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330982.077148, 'message': 'Dec  6 14:49:42 hqnl0246134 sshd[223233]: Failed password for root from 61.177.172.19 port 62300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 14:49:44,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330984.087531, 'message': 'Dec  6 14:49:42 hqnl0246134 sshd[223233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:49:46,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670330986.090753, 'message': 'Dec  6 14:49:44 hqnl0246134 sshd[223233]: Failed password for root from 61.177.172.19 port 62300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 14:49:46,513] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:49:46,514] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:49:49,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:49:49,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:49:49,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:49:49,556] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 14:49:54,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:49:54,857] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-06 14:50:11,226] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:50:11,228] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:50:11,229] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 14:50:18,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:50:18,102] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:50:18,122] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:50:18,143] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0395 seconds
INFO    [2022-12-06 14:50:20,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:50:20,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:50:20,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:50:20,854] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 14:50:24,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331024.1585135, 'message': 'Dec  6 14:50:23 hqnl0246134 sshd[223296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 14:50:24,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331024.1587994, 'message': 'Dec  6 14:50:23 hqnl0246134 sshd[223296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 14:50:26,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331026.1599252, 'message': 'Dec  6 14:50:25 hqnl0246134 sshd[223296]: Failed password for root from 61.177.173.48 port 40762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 14:50:28,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331028.1650672, 'message': 'Dec  6 14:50:27 hqnl0246134 sshd[223296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 14:50:30,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331030.1694696, 'message': 'Dec  6 14:50:29 hqnl0246134 sshd[223296]: Failed password for root from 61.177.173.48 port 40762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 14:50:30,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331030.1698358, 'message': 'Dec  6 14:50:29 hqnl0246134 sshd[223296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:50:32,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331032.173249, 'message': 'Dec  6 14:50:31 hqnl0246134 sshd[223296]: Failed password for root from 61.177.173.48 port 40762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 14:50:34,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331034.1741211, 'message': 'Dec  6 14:50:33 hqnl0246134 sshd[223312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0789 seconds
INFO    [2022-12-06 14:50:34,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331034.1744366, 'message': 'Dec  6 14:50:33 hqnl0246134 sshd[223312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0867 seconds
INFO    [2022-12-06 14:50:36,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331036.1784463, 'message': 'Dec  6 14:50:35 hqnl0246134 sshd[223312]: Failed password for root from 61.177.173.48 port 16384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 14:50:36,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331036.1786215, 'message': 'Dec  6 14:50:35 hqnl0246134 sshd[223312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 14:50:38,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331038.1831565, 'message': 'Dec  6 14:50:38 hqnl0246134 sshd[223312]: Failed password for root from 61.177.173.48 port 16384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 14:50:42,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331042.1928341, 'message': 'Dec  6 14:50:40 hqnl0246134 sshd[223312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 14:50:42,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331042.1933765, 'message': 'Dec  6 14:50:42 hqnl0246134 sshd[223312]: Failed password for root from 61.177.173.48 port 16384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 14:50:46,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331046.2070248, 'message': 'Dec  6 14:50:44 hqnl0246134 sshd[223317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:50:46,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331046.207374, 'message': 'Dec  6 14:50:44 hqnl0246134 sshd[223317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 14:50:46,520] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:50:46,520] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:50:48,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331048.2094047, 'message': 'Dec  6 14:50:46 hqnl0246134 sshd[223317]: Failed password for root from 61.177.173.48 port 42563 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:50:48,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331048.2096283, 'message': 'Dec  6 14:50:46 hqnl0246134 sshd[223317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 14:50:50,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331050.2105265, 'message': 'Dec  6 14:50:48 hqnl0246134 sshd[223317]: Failed password for root from 61.177.173.48 port 42563 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 14:50:50,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331050.210781, 'message': 'Dec  6 14:50:49 hqnl0246134 sshd[223317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:50:52,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670331052.2125056, 'message': 'Dec  6 14:50:51 hqnl0246134 sshd[223317]: Failed password for root from 61.177.173.48 port 42563 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 14:50:54,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:50:54,872] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0417 seconds
INFO    [2022-12-06 14:50:56,129] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:50:56,130] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:50:56,141] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:50:56,161] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-06 14:51:18,113] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:51:18,114] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:51:18,128] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:51:18,150] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0342 seconds
INFO    [2022-12-06 14:51:21,418] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:51:21,419] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:51:21,431] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:51:21,451] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
INFO    [2022-12-06 14:51:24,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331084.2665, 'message': 'Dec  6 14:51:24 hqnl0246134 sshd[223370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.22.160.91 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 14:51:24,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331084.2667813, 'message': 'Dec  6 14:51:24 hqnl0246134 sshd[223370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.160.91  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 14:51:26,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331086.2689018, 'message': 'Dec  6 14:51:26 hqnl0246134 sshd[223370]: Failed password for root from 144.22.160.91 port 42298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 14:51:40,075] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 14:51:40,077] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 14:51:40,979] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-06 14:51:46,525] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:51:46,527] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:51:48,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331108.3012874, 'message': 'Dec  6 14:51:47 hqnl0246134 sshd[223400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.36.14.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 14:51:48,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331108.3020043, 'message': 'Dec  6 14:51:47 hqnl0246134 sshd[223400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.36.14.101  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 14:51:50,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331110.3026645, 'message': 'Dec  6 14:51:49 hqnl0246134 sshd[223400]: Failed password for root from 177.36.14.101 port 54093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 14:51:50,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331110.3029056, 'message': 'Dec  6 14:51:49 hqnl0246134 sshd[223403]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 14:51:50,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331110.3030279, 'message': 'Dec  6 14:51:49 hqnl0246134 sshd[223403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:51:52,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331112.306152, 'message': 'Dec  6 14:51:51 hqnl0246134 sshd[223403]: Failed password for root from 61.177.173.46 port 34256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 14:51:53,304] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 14:51:54,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331114.3066707, 'message': 'Dec  6 14:51:53 hqnl0246134 sshd[223403]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 14:51:54,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:51:54,866] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-06 14:51:56,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331116.3080523, 'message': 'Dec  6 14:51:55 hqnl0246134 sshd[223403]: Failed password for root from 61.177.173.46 port 34256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 14:51:58,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331118.3100045, 'message': 'Dec  6 14:51:58 hqnl0246134 sshd[223403]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 14:52:00,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331120.3129492, 'message': 'Dec  6 14:51:59 hqnl0246134 sshd[223403]: Failed password for root from 61.177.173.46 port 34256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 14:52:02,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:52:02,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:52:02,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:52:02,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0285 seconds
INFO    [2022-12-06 14:52:04,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331124.3154137, 'message': 'Dec  6 14:52:04 hqnl0246134 sshd[223433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 14:52:04,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331124.3156154, 'message': 'Dec  6 14:52:04 hqnl0246134 sshd[223433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:52:06,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331126.3163824, 'message': 'Dec  6 14:52:05 hqnl0246134 sshd[223433]: Failed password for root from 61.177.173.46 port 63821 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 14:52:08,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331128.3190515, 'message': 'Dec  6 14:52:06 hqnl0246134 sshd[223433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 14:52:10,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331130.320305, 'message': 'Dec  6 14:52:08 hqnl0246134 sshd[223433]: Failed password for root from 61.177.173.46 port 63821 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 14:52:10,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331130.3205607, 'message': 'Dec  6 14:52:09 hqnl0246134 sshd[223433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 14:52:12,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670331132.3212454, 'message': 'Dec  6 14:52:10 hqnl0246134 sshd[223433]: Failed password for root from 61.177.173.46 port 63821 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:52:17,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:52:17,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:52:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:52:17,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 14:52:20,545] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:52:20,545] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:52:20,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:52:20,563] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 14:52:22,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331142.3284733, 'message': 'Dec  6 14:52:21 hqnl0246134 sshd[223448]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.203.149.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 14:52:22,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331142.3287058, 'message': 'Dec  6 14:52:21 hqnl0246134 sshd[223448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.149.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 14:52:24,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331144.3315723, 'message': 'Dec  6 14:52:22 hqnl0246134 sshd[223448]: Failed password for root from 20.203.149.110 port 52850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 14:52:46,530] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:52:46,532] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:52:54,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:52:54,882] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 14:53:18,144] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:53:18,145] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:53:18,155] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:53:18,168] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 14:53:22,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:53:22,870] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:53:22,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:53:22,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 14:53:46,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331226.4290812, 'message': 'Dec  6 14:53:46 hqnl0246134 sshd[223519]: Invalid user teamspeak from 138.68.50.30 port 40820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-06 14:53:46,535] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:53:46,536] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:53:48,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331228.4313571, 'message': 'Dec  6 14:53:46 hqnl0246134 sshd[223519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.50.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 14:53:48,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331228.431572, 'message': 'Dec  6 14:53:46 hqnl0246134 sshd[223519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.50.30 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 14:53:50,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331230.4336383, 'message': 'Dec  6 14:53:48 hqnl0246134 sshd[223519]: Failed password for invalid user teamspeak from 138.68.50.30 port 40820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 14:53:50,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331230.4338832, 'message': 'Dec  6 14:53:49 hqnl0246134 sshd[223519]: Disconnected from invalid user teamspeak 138.68.50.30 port 40820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 14:53:51,727] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:53:51,727] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:53:51,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:53:51,746] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 14:53:54,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:53:54,881] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-06 14:53:58,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331238.442968, 'message': 'Dec  6 14:53:57 hqnl0246134 sshd[223528]: Invalid user ju from 190.128.169.130 port 36950', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 14:53:58,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331238.4433715, 'message': 'Dec  6 14:53:57 hqnl0246134 sshd[223528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 14:53:58,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331238.44351, 'message': 'Dec  6 14:53:57 hqnl0246134 sshd[223528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 14:54:00,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331240.444161, 'message': 'Dec  6 14:53:59 hqnl0246134 sshd[223528]: Failed password for invalid user ju from 190.128.169.130 port 36950 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 14:54:00,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331240.4445662, 'message': 'Dec  6 14:53:59 hqnl0246134 sshd[223528]: Disconnected from invalid user ju 190.128.169.130 port 36950 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:54:17,849] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:54:17,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:54:17,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:54:17,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 14:54:20,451] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:54:20,452] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:54:20,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:54:20,470] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 14:54:46,539] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:54:46,540] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 14:54:54,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:54:54,884] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-06 14:55:18,464] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:55:18,466] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:55:18,478] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:55:18,494] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 14:55:21,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:55:21,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:55:21,340] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:55:21,352] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
WARNING [2022-12-06 14:55:46,545] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:55:46,546] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:55:50,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670331350.5785778, 'message': 'Dec  6 14:55:49 hqnl0246134 sshd[223650]: Accepted publickey for root from 188.32.176.34 port 45146 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-06 14:55:54,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:55:54,883] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 14:56:00,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331360.5929592, 'message': 'Dec  6 14:55:59 hqnl0246134 sshd[223703]: Invalid user sftp from 20.203.149.110 port 46694', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 14:56:00,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331360.5933719, 'message': 'Dec  6 14:55:59 hqnl0246134 sshd[223703]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.203.149.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 14:56:00,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331360.5935996, 'message': 'Dec  6 14:55:59 hqnl0246134 sshd[223703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.149.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 14:56:02,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331362.597882, 'message': 'Dec  6 14:56:01 hqnl0246134 sshd[223703]: Failed password for invalid user sftp from 20.203.149.110 port 46694 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1829 seconds
INFO    [2022-12-06 14:56:02,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331362.5989647, 'message': 'Dec  6 14:56:01 hqnl0246134 sshd[223728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1868 seconds
INFO    [2022-12-06 14:56:02,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.203.149.110', 'timestamp': 1670331362.5986476, 'message': 'Dec  6 14:56:01 hqnl0246134 sshd[223703]: Disconnected from invalid user sftp 20.203.149.110 port 46694 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1249 seconds
INFO    [2022-12-06 14:56:02,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331362.5993733, 'message': 'Dec  6 14:56:01 hqnl0246134 sshd[223728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1202 seconds
INFO    [2022-12-06 14:56:04,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331364.597337, 'message': 'Dec  6 14:56:04 hqnl0246134 sshd[223728]: Failed password for root from 190.128.169.130 port 60676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 14:56:04,746] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 14:56:04,815] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 14:56:04,815] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 14:56:04,816] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 14:56:04,816] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 14:56:04,817] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 14:56:04,835] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 14:56:04,867] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0493 seconds
WARNING [2022-12-06 14:56:04,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 14:56:04,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:56:04,924] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0683 seconds
INFO    [2022-12-06 14:56:04,927] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0653 seconds
INFO    [2022-12-06 14:56:05,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:56:05,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:56:05,697] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:56:05,715] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-06 14:56:18,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:56:18,438] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:56:18,450] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:56:18,476] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-06 14:56:21,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:56:21,287] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:56:21,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:56:21,308] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 14:56:34,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670331394.6391191, 'message': 'Dec  6 14:56:34 hqnl0246134 sshd[223759]: Accepted password for supportwwwuser from 212.58.119.251 port 10644 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 14:56:35,025] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 14:56:35,025] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 14:56:35,027] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 14:56:36,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670331396.6412914, 'message': 'Dec  6 14:56:36 hqnl0246134 sshd[223808]: Accepted publickey for root from 188.32.176.34 port 57284 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 14:56:44,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.58.119.251', 'timestamp': 1670331404.6519413, 'message': 'Dec  6 14:56:43 hqnl0246134 sshd[223865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.58.119.251  user=supportwwwuser', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0795 seconds
WARNING [2022-12-06 14:56:46,549] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:56:46,551] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:56:46,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.58.119.251', 'timestamp': 1670331406.665886, 'message': 'Dec  6 14:56:45 hqnl0246134 sshd[223865]: Failed password for supportwwwuser from 212.58.119.251 port 10668 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 14:56:48,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670331408.654843, 'message': 'Dec  6 14:56:47 hqnl0246134 sshd[223865]: Accepted password for supportwwwuser from 212.58.119.251 port 10668 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0343 seconds
WARNING [2022-12-06 14:56:54,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:56:54,981] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.1214 seconds
INFO    [2022-12-06 14:56:58,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670331418.6672032, 'message': 'Dec  6 14:56:58 hqnl0246134 sshd[223935]: Accepted password for supportwwwuser from 212.58.119.251 port 10677 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.1842 seconds
INFO    [2022-12-06 14:57:00,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331420.6720374, 'message': 'Dec  6 14:56:59 hqnl0246134 sshd[223939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.66.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 14:57:00,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331420.6725676, 'message': 'Dec  6 14:56:59 hqnl0246134 sshd[223939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.66.204  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 14:57:02,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331422.6848154, 'message': 'Dec  6 14:57:01 hqnl0246134 sshd[223939]: Failed password for root from 206.189.66.204 port 57430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1473 seconds
INFO    [2022-12-06 14:57:20,857] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:57:20,858] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:57:20,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:57:20,962] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0926 seconds
INFO    [2022-12-06 14:57:22,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331442.707134, 'message': 'Dec  6 14:57:21 hqnl0246134 sshd[224044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.203.182.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1023 seconds
INFO    [2022-12-06 14:57:22,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331442.7074983, 'message': 'Dec  6 14:57:21 hqnl0246134 sshd[224044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.182.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 14:57:24,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331444.7060342, 'message': 'Dec  6 14:57:23 hqnl0246134 sshd[224044]: Failed password for root from 159.203.182.218 port 46600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1504 seconds
INFO    [2022-12-06 14:57:26,862] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:57:26,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:57:26,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:57:27,091] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.2156 seconds
INFO    [2022-12-06 14:57:27,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331446.877023, 'message': 'Dec  6 14:57:24 hqnl0246134 sshd[224054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.2271 seconds
INFO    [2022-12-06 14:57:27,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331446.8772237, 'message': 'Dec  6 14:57:24 hqnl0246134 sshd[224054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1222 seconds
INFO    [2022-12-06 14:57:28,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331448.719536, 'message': 'Dec  6 14:57:26 hqnl0246134 sshd[224054]: Failed password for root from 61.177.172.104 port 51858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0976 seconds
INFO    [2022-12-06 14:57:31,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331450.8431828, 'message': 'Dec  6 14:57:29 hqnl0246134 sshd[224054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.2990 seconds
INFO    [2022-12-06 14:57:32,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331452.715077, 'message': 'Dec  6 14:57:30 hqnl0246134 sshd[224054]: Failed password for root from 61.177.172.104 port 51858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 14:57:32,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331452.7155752, 'message': 'Dec  6 14:57:31 hqnl0246134 sshd[224054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 14:57:33,661] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:57:33,663] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:57:33,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:57:33,804] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1307 seconds
INFO    [2022-12-06 14:57:34,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331454.7162461, 'message': 'Dec  6 14:57:33 hqnl0246134 sshd[224054]: Failed password for root from 61.177.172.104 port 51858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 14:57:38,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331458.7213187, 'message': 'Dec  6 14:57:38 hqnl0246134 sshd[224086]: Invalid user ts3server from 43.153.103.39 port 60028', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1096 seconds
INFO    [2022-12-06 14:57:38,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331458.7216535, 'message': 'Dec  6 14:57:38 hqnl0246134 sshd[224086]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.103.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0864 seconds
INFO    [2022-12-06 14:57:39,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331458.7218578, 'message': 'Dec  6 14:57:38 hqnl0246134 sshd[224086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.103.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1233 seconds
INFO    [2022-12-06 14:57:40,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331460.73807, 'message': 'Dec  6 14:57:40 hqnl0246134 sshd[224086]: Failed password for invalid user ts3server from 43.153.103.39 port 60028 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1092 seconds
INFO    [2022-12-06 14:57:42,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331462.7305133, 'message': 'Dec  6 14:57:41 hqnl0246134 sshd[224086]: Disconnected from invalid user ts3server 43.153.103.39 port 60028 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0918 seconds
INFO    [2022-12-06 14:57:42,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331462.7307928, 'message': 'Dec  6 14:57:42 hqnl0246134 sshd[224091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.36.14.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0920 seconds
INFO    [2022-12-06 14:57:42,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331462.7309883, 'message': 'Dec  6 14:57:42 hqnl0246134 sshd[224091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.36.14.101  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 14:57:44,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.36.14.101', 'timestamp': 1670331464.7346745, 'message': 'Dec  6 14:57:44 hqnl0246134 sshd[224091]: Failed password for root from 177.36.14.101 port 49886 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
WARNING [2022-12-06 14:57:46,554] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:57:46,556] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:57:52,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331472.7414873, 'message': 'Dec  6 14:57:51 hqnl0246134 sshd[224104]: Invalid user sysadmin from 190.128.169.130 port 56174', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 14:57:52,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331472.7424817, 'message': 'Dec  6 14:57:51 hqnl0246134 sshd[224104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 14:57:52,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331472.7427113, 'message': 'Dec  6 14:57:51 hqnl0246134 sshd[224104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 14:57:54,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331474.741197, 'message': 'Dec  6 14:57:53 hqnl0246134 sshd[224104]: Failed password for invalid user sysadmin from 190.128.169.130 port 56174 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 14:57:54,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670331474.741588, 'message': 'Dec  6 14:57:54 hqnl0246134 sshd[224106]: Invalid user Administrator from 152.89.196.123 port 16746', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 14:57:54,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670331474.7414553, 'message': 'Dec  6 14:57:53 hqnl0246134 sshd[224104]: Disconnected from invalid user sysadmin 190.128.169.130 port 56174 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 14:57:54,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670331474.7417164, 'message': 'Dec  6 14:57:54 hqnl0246134 sshd[224106]: Failed none for invalid user Administrator from 152.89.196.123 port 16746 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 14:57:54,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670331474.7418318, 'message': 'Dec  6 14:57:54 hqnl0246134 sshd[224106]: Disconnected from invalid user Administrator 152.89.196.123 port 16746 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 14:57:54,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:57:54,941] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0752 seconds
INFO    [2022-12-06 14:58:06,367] defence360agent.files: Updating all files
INFO    [2022-12-06 14:58:06,764] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:06,764] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 14:58:07,156] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:07,156] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 14:58:07,483] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:07,483] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 14:58:07,878] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:07,878] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 14:58:07,879] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 14:58:08,204] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 12:58:08 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E35A38138CF73'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 14:58:08,208] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 14:58:08,209] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 14:58:09,023] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:09,023] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 14:58:09,289] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:09,290] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 14:58:09,620] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:09,621] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 14:58:10,406] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:10,406] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 14:58:10,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331490.7602913, 'message': 'Dec  6 14:58:08 hqnl0246134 sshd[224144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 14:58:10,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331490.7633052, 'message': 'Dec  6 14:58:08 hqnl0246134 sshd[224144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0569 seconds
INFO    [2022-12-06 14:58:11,011] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 14:58:11,013] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 14:58:12,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331492.7590256, 'message': 'Dec  6 14:58:11 hqnl0246134 sshd[224144]: Failed password for root from 61.177.172.104 port 59595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0658 seconds
INFO    [2022-12-06 14:58:12,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331492.759443, 'message': 'Dec  6 14:58:11 hqnl0246134 sshd[224144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 14:58:14,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331494.7675178, 'message': 'Dec  6 14:58:13 hqnl0246134 sshd[224144]: Failed password for root from 61.177.172.104 port 59595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 14:58:14,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331494.7680075, 'message': 'Dec  6 14:58:13 hqnl0246134 sshd[224144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 14:58:16,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331496.7649462, 'message': 'Dec  6 14:58:15 hqnl0246134 sshd[224144]: Failed password for root from 61.177.172.104 port 59595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 14:58:19,662] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:58:19,663] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:58:19,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:58:19,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0836 seconds
INFO    [2022-12-06 14:58:20,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331500.778781, 'message': 'Dec  6 14:58:19 hqnl0246134 sshd[224152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0914 seconds
INFO    [2022-12-06 14:58:21,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331500.7964234, 'message': 'Dec  6 14:58:19 hqnl0246134 sshd[224152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1685 seconds
INFO    [2022-12-06 14:58:22,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331502.774393, 'message': 'Dec  6 14:58:21 hqnl0246134 sshd[224152]: Failed password for root from 61.177.172.104 port 39271 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1225 seconds
INFO    [2022-12-06 14:58:24,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:58:24,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:58:24,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:58:24,751] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0573 seconds
INFO    [2022-12-06 14:58:24,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '218.255.9.36', 'timestamp': 1670331504.785266, 'message': 'Dec  6 14:58:23 hqnl0246134 sshd[224161]: Invalid user user from 218.255.9.36 port 35458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0669 seconds
INFO    [2022-12-06 14:58:24,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331504.785493, 'message': 'Dec  6 14:58:23 hqnl0246134 sshd[224152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 14:58:24,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '218.255.9.36', 'timestamp': 1670331504.78567, 'message': 'Dec  6 14:58:23 hqnl0246134 sshd[224161]: pam_imunify(sshd:auth): [IM360_RBL] The IP 218.255.9.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 14:58:24,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '218.255.9.36', 'timestamp': 1670331504.7859163, 'message': 'Dec  6 14:58:23 hqnl0246134 sshd[224161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.255.9.36 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 14:58:26,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331506.787782, 'message': 'Dec  6 14:58:25 hqnl0246134 sshd[224166]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-06 14:58:26,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331506.7886121, 'message': 'Dec  6 14:58:25 hqnl0246134 sshd[224152]: Failed password for root from 61.177.172.104 port 39271 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-06 14:58:26,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '218.255.9.36', 'timestamp': 1670331506.7889109, 'message': 'Dec  6 14:58:25 hqnl0246134 sshd[224161]: Failed password for invalid user user from 218.255.9.36 port 35458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 14:58:26,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331506.7880335, 'message': 'Dec  6 14:58:25 hqnl0246134 sshd[224166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 14:58:26,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '39.91.167.180', 'timestamp': 1670331506.789275, 'message': 'Dec  6 14:58:26 hqnl0246134 sshd[224167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 39.91.167.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 14:58:26,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331506.789079, 'message': 'Dec  6 14:58:26 hqnl0246134 sshd[224152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-06 14:58:26,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '39.91.167.180', 'timestamp': 1670331506.789431, 'message': 'Dec  6 14:58:26 hqnl0246134 sshd[224167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.91.167.180  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 14:58:28,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '218.255.9.36', 'timestamp': 1670331508.7895534, 'message': 'Dec  6 14:58:27 hqnl0246134 sshd[224161]: Disconnected from invalid user user 218.255.9.36 port 35458 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0782 seconds
INFO    [2022-12-06 14:58:28,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331508.7899156, 'message': 'Dec  6 14:58:27 hqnl0246134 sshd[224166]: Failed password for root from 43.153.81.96 port 44248 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0790 seconds
INFO    [2022-12-06 14:58:28,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331508.790063, 'message': 'Dec  6 14:58:28 hqnl0246134 sshd[224152]: Failed password for root from 61.177.172.104 port 39271 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0789 seconds
INFO    [2022-12-06 14:58:28,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '39.91.167.180', 'timestamp': 1670331508.7901845, 'message': 'Dec  6 14:58:28 hqnl0246134 sshd[224167]: Failed password for root from 39.91.167.180 port 58188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0784 seconds
INFO    [2022-12-06 14:58:32,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331512.7929993, 'message': 'Dec  6 14:58:32 hqnl0246134 sshd[224173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 14:58:32,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331512.7936096, 'message': 'Dec  6 14:58:32 hqnl0246134 sshd[224173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 14:58:34,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331514.796538, 'message': 'Dec  6 14:58:34 hqnl0246134 sshd[224173]: Failed password for root from 61.177.172.104 port 12081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 14:58:34,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331514.796807, 'message': 'Dec  6 14:58:34 hqnl0246134 sshd[224173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 14:58:36,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.191.92.38', 'timestamp': 1670331516.7984734, 'message': 'Dec  6 14:58:35 hqnl0246134 sshd[224183]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.191.92.38 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0812 seconds
INFO    [2022-12-06 14:58:36,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331516.7993798, 'message': 'Dec  6 14:58:36 hqnl0246134 sshd[224173]: Failed password for root from 61.177.172.104 port 12081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0806 seconds
INFO    [2022-12-06 14:58:36,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.191.92.38', 'timestamp': 1670331516.7989328, 'message': 'Dec  6 14:58:35 hqnl0246134 sshd[224183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.92.38  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 14:58:38,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331518.7984822, 'message': 'Dec  6 14:58:36 hqnl0246134 sshd[224173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 14:58:38,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.191.92.38', 'timestamp': 1670331518.7987292, 'message': 'Dec  6 14:58:36 hqnl0246134 sshd[224183]: Failed password for root from 103.191.92.38 port 44356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 14:58:40,707] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:58:40,709] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:58:40,719] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:58:40,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 14:58:40,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331520.8018215, 'message': 'Dec  6 14:58:39 hqnl0246134 sshd[224173]: Failed password for root from 61.177.172.104 port 12081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0579 seconds
INFO    [2022-12-06 14:58:44,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331524.8079956, 'message': 'Dec  6 14:58:42 hqnl0246134 sshd[224204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-06 14:58:44,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331524.8085425, 'message': 'Dec  6 14:58:42 hqnl0246134 sshd[224204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
WARNING [2022-12-06 14:58:46,559] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:58:46,560] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:58:46,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331526.8100123, 'message': 'Dec  6 14:58:44 hqnl0246134 sshd[224204]: Failed password for root from 61.177.172.104 port 23996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 14:58:46,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331526.8103786, 'message': 'Dec  6 14:58:45 hqnl0246134 sshd[224204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 14:58:48,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331528.8174047, 'message': 'Dec  6 14:58:46 hqnl0246134 sshd[224204]: Failed password for root from 61.177.172.104 port 23996 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 14:58:48,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331528.8214316, 'message': 'Dec  6 14:58:47 hqnl0246134 sshd[224204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 14:58:50,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670331530.818334, 'message': 'Dec  6 14:58:49 hqnl0246134 sshd[224204]: Failed password for root from 61.177.172.104 port 23996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
WARNING [2022-12-06 14:58:54,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:58:54,940] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0682 seconds
INFO    [2022-12-06 14:59:20,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:59:20,008] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:59:20,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:59:20,051] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0330 seconds
INFO    [2022-12-06 14:59:20,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331560.857952, 'message': 'Dec  6 14:59:19 hqnl0246134 sshd[224268]: Invalid user postgres from 20.6.106.29 port 56326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 14:59:20,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331560.8614686, 'message': 'Dec  6 14:59:19 hqnl0246134 sshd[224268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.6.106.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 14:59:20,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331560.8616178, 'message': 'Dec  6 14:59:19 hqnl0246134 sshd[224268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.6.106.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 14:59:22,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331562.8503609, 'message': 'Dec  6 14:59:22 hqnl0246134 sshd[224268]: Failed password for invalid user postgres from 20.6.106.29 port 56326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 14:59:24,047] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:59:24,048] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:59:24,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:59:24,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 14:59:24,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331564.8508394, 'message': 'Dec  6 14:59:24 hqnl0246134 sshd[224268]: Disconnected from invalid user postgres 20.6.106.29 port 56326 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 14:59:46,566] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 14:59:46,571] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 14:59:48,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331588.921037, 'message': 'Dec  6 14:59:48 hqnl0246134 sshd[224298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.50.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 14:59:48,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331588.9230402, 'message': 'Dec  6 14:59:48 hqnl0246134 sshd[224298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.50.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 14:59:51,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.50.30', 'timestamp': 1670331590.9190297, 'message': 'Dec  6 14:59:50 hqnl0246134 sshd[224298]: Failed password for root from 138.68.50.30 port 52204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1079 seconds
WARNING [2022-12-06 14:59:54,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:59:55,032] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.1564 seconds
INFO    [2022-12-06 14:59:55,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331594.9270287, 'message': 'Dec  6 14:59:53 hqnl0246134 sshd[224306]: Invalid user http from 45.141.84.10 port 45356', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1080 seconds
INFO    [2022-12-06 14:59:57,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331596.9289496, 'message': 'Dec  6 14:59:55 hqnl0246134 sshd[224306]: Failed none for invalid user http from 45.141.84.10 port 45356 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0790 seconds
INFO    [2022-12-06 14:59:57,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 14:59:57,997] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 14:59:58,010] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 14:59:58,056] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0587 seconds
INFO    [2022-12-06 14:59:58,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331598.9305162, 'message': 'Dec  6 14:59:57 hqnl0246134 sshd[224306]: Disconnecting invalid user http 45.141.84.10 port 45356: Change of username or service not allowed: (http,ssh-connection) -> (factory,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 15:00:17,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.172.153.100', 'timestamp': 1670331617.134622, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224367]: Invalid user cron from 45.172.153.100 port 49334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0663 seconds
INFO    [2022-12-06 15:00:17,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331617.1358087, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224370]: Invalid user kwx from 159.203.182.218 port 34236', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0669 seconds
INFO    [2022-12-06 15:00:17,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.172.153.100', 'timestamp': 1670331617.135451, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.172.153.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0561 seconds
INFO    [2022-12-06 15:00:17,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331617.1359825, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.203.182.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-06 15:00:17,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.172.153.100', 'timestamp': 1670331617.1356602, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.153.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 15:00:17,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331617.136107, 'message': 'Dec  6 15:00:15 hqnl0246134 sshd[224370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.182.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 15:00:19,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.172.153.100', 'timestamp': 1670331619.1272345, 'message': 'Dec  6 15:00:17 hqnl0246134 sshd[224367]: Failed password for invalid user cron from 45.172.153.100 port 49334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-06 15:00:19,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331619.1275003, 'message': 'Dec  6 15:00:17 hqnl0246134 sshd[224370]: Failed password for invalid user kwx from 159.203.182.218 port 34236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0708 seconds
INFO    [2022-12-06 15:00:19,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.172.153.100', 'timestamp': 1670331619.127761, 'message': 'Dec  6 15:00:17 hqnl0246134 sshd[224367]: Disconnected from invalid user cron 45.172.153.100 port 49334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-06 15:00:19,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.203.182.218', 'timestamp': 1670331619.127643, 'message': 'Dec  6 15:00:17 hqnl0246134 sshd[224370]: Disconnected from invalid user kwx 159.203.182.218 port 34236 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0606 seconds
INFO    [2022-12-06 15:00:19,787] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:00:19,788] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:00:19,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:00:19,821] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-06 15:00:23,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331623.1311765, 'message': 'Dec  6 15:00:22 hqnl0246134 sshd[224352]: Invalid user factory from 45.141.84.10 port 40237', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1335 seconds
INFO    [2022-12-06 15:00:25,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331625.1335092, 'message': 'Dec  6 15:00:23 hqnl0246134 sshd[224352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1095 seconds
INFO    [2022-12-06 15:00:25,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331625.1338553, 'message': 'Dec  6 15:00:23 hqnl0246134 sshd[224352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.141.84.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0824 seconds
INFO    [2022-12-06 15:00:26,126] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:00:26,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:00:26,144] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:00:26,170] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0414 seconds
INFO    [2022-12-06 15:00:27,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331627.134684, 'message': 'Dec  6 15:00:25 hqnl0246134 sshd[224352]: Failed password for invalid user factory from 45.141.84.10 port 40237 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 15:00:31,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331631.2182822, 'message': 'Dec  6 15:00:29 hqnl0246134 sshd[224394]: Invalid user admin1 from 43.153.103.39 port 41072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 15:00:31,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331631.2216406, 'message': 'Dec  6 15:00:30 hqnl0246134 sshd[224352]: Disconnecting invalid user factory 45.141.84.10 port 40237: Change of username or service not allowed: (factory,ssh-connection) -> (3comcso,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 15:00:31,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331631.2212856, 'message': 'Dec  6 15:00:29 hqnl0246134 sshd[224394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.103.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-06 15:00:31,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331631.2214663, 'message': 'Dec  6 15:00:29 hqnl0246134 sshd[224394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.103.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-06 15:00:33,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331633.194011, 'message': 'Dec  6 15:00:32 hqnl0246134 sshd[224394]: Failed password for invalid user admin1 from 43.153.103.39 port 41072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 15:00:33,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.103.39', 'timestamp': 1670331633.1943092, 'message': 'Dec  6 15:00:32 hqnl0246134 sshd[224394]: Disconnected from invalid user admin1 43.153.103.39 port 41072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
WARNING [2022-12-06 15:00:46,578] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:00:46,581] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:00:59,379] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:00:59,668] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 4.7697 seconds
INFO    [2022-12-06 15:01:01,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331661.242569, 'message': 'Dec  6 15:01:01 hqnl0246134 sshd[224426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.22.160.91 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.3418 seconds
INFO    [2022-12-06 15:01:01,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331661.243087, 'message': 'Dec  6 15:01:01 hqnl0246134 sshd[224426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.160.91  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0908 seconds
INFO    [2022-12-06 15:01:02,425] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:01:02,566] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:01:02,567] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:01:02,567] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:01:02,567] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:01:02,568] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:01:02,958] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:01:03,166] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.5886 seconds
WARNING [2022-12-06 15:01:03,394] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:01:03,470] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:01:03,872] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.8332 seconds
INFO    [2022-12-06 15:01:03,875] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.7552 seconds
INFO    [2022-12-06 15:01:03,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.22.160.91', 'timestamp': 1670331663.250032, 'message': 'Dec  6 15:01:02 hqnl0246134 sshd[224426]: Failed password for root from 144.22.160.91 port 44706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.5460 seconds
INFO    [2022-12-06 15:01:17,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331677.2543948, 'message': 'Dec  6 15:01:16 hqnl0246134 sshd[224419]: Invalid user 3comcso from 45.141.84.10 port 59917', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-06 15:01:19,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331679.254944, 'message': 'Dec  6 15:01:17 hqnl0246134 sshd[224419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0713 seconds
INFO    [2022-12-06 15:01:19,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331679.2552223, 'message': 'Dec  6 15:01:17 hqnl0246134 sshd[224419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.141.84.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 15:01:21,199] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:01:21,200] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:01:21,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:01:21,251] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0491 seconds
INFO    [2022-12-06 15:01:21,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331681.2574744, 'message': 'Dec  6 15:01:19 hqnl0246134 sshd[224448]: Invalid user postgres from 43.153.81.96 port 34458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0747 seconds
INFO    [2022-12-06 15:01:21,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331681.2582064, 'message': 'Dec  6 15:01:19 hqnl0246134 sshd[224419]: Failed password for invalid user 3comcso from 45.141.84.10 port 59917 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0752 seconds
INFO    [2022-12-06 15:01:21,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331681.2577913, 'message': 'Dec  6 15:01:19 hqnl0246134 sshd[224448]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 15:01:21,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331681.258019, 'message': 'Dec  6 15:01:19 hqnl0246134 sshd[224448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 15:01:23,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331683.2596862, 'message': 'Dec  6 15:01:22 hqnl0246134 sshd[224448]: Failed password for invalid user postgres from 43.153.81.96 port 34458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0710 seconds
INFO    [2022-12-06 15:01:25,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331685.2670345, 'message': 'Dec  6 15:01:23 hqnl0246134 sshd[224419]: Disconnecting invalid user 3comcso 45.141.84.10 port 59917: Change of username or service not allowed: (3comcso,ssh-connection) -> (,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2901 seconds
INFO    [2022-12-06 15:01:25,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670331685.2673876, 'message': 'Dec  6 15:01:23 hqnl0246134 sshd[224448]: Disconnected from invalid user postgres 43.153.81.96 port 34458 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2904 seconds
INFO    [2022-12-06 15:01:31,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:01:31,350] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:01:31,401] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:01:31,474] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1236 seconds
INFO    [2022-12-06 15:01:34,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:01:34,771] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:01:34,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:01:34,820] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0436 seconds
INFO    [2022-12-06 15:01:40,458] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:01:40,462] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:01:40,463] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 15:01:45,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.106.169.34', 'timestamp': 1670331705.3100533, 'message': 'Dec  6 15:01:44 hqnl0246134 sshd[224477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.106.169.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 15:01:45,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.106.169.34', 'timestamp': 1670331705.3111267, 'message': 'Dec  6 15:01:44 hqnl0246134 sshd[224477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.106.169.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 15:01:46,584] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:01:46,585] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:01:47,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.106.169.34', 'timestamp': 1670331707.3083153, 'message': 'Dec  6 15:01:47 hqnl0246134 sshd[224477]: Failed password for root from 92.106.169.34 port 58382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 15:01:49,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331709.3108094, 'message': 'Dec  6 15:01:49 hqnl0246134 sshd[224472]: Invalid user  from 45.141.84.10 port 38000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 15:01:51,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331711.3156588, 'message': 'Dec  6 15:01:50 hqnl0246134 sshd[224480]: Invalid user ftp_user from 206.189.66.204 port 50404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 15:01:51,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331711.3168907, 'message': 'Dec  6 15:01:51 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 15:01:51,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331711.316309, 'message': 'Dec  6 15:01:50 hqnl0246134 sshd[224480]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.66.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 15:01:51,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331711.3173444, 'message': 'Dec  6 15:01:51 hqnl0246134 sshd[224472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.141.84.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-06 15:01:51,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331711.3166623, 'message': 'Dec  6 15:01:51 hqnl0246134 sshd[224480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.66.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
WARNING [2022-12-06 15:01:53,306] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 15:01:53,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331713.3406355, 'message': 'Dec  6 15:01:52 hqnl0246134 sshd[224480]: Failed password for invalid user ftp_user from 206.189.66.204 port 50404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0692 seconds
INFO    [2022-12-06 15:01:53,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331713.3414652, 'message': 'Dec  6 15:01:52 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0697 seconds
WARNING [2022-12-06 15:01:54,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:01:55,040] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.1369 seconds
INFO    [2022-12-06 15:01:55,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.66.204', 'timestamp': 1670331715.3424025, 'message': 'Dec  6 15:01:53 hqnl0246134 sshd[224480]: Disconnected from invalid user ftp_user 206.189.66.204 port 50404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 15:02:01,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331721.3536863, 'message': 'Dec  6 15:01:59 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 15:02:01,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331721.3548675, 'message': 'Dec  6 15:02:00 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 15:02:07,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331727.3570213, 'message': 'Dec  6 15:02:06 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-06 15:02:09,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331729.3572721, 'message': 'Dec  6 15:02:08 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 15:02:11,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331731.3584511, 'message': 'Dec  6 15:02:09 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 15:02:11,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331731.3586953, 'message': 'Dec  6 15:02:10 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 15:02:21,586] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:02:21,587] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:02:21,616] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:02:21,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0492 seconds
INFO    [2022-12-06 15:02:23,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331743.3768368, 'message': 'Dec  6 15:02:22 hqnl0246134 sshd[224523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0675 seconds
INFO    [2022-12-06 15:02:23,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331743.377315, 'message': 'Dec  6 15:02:22 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-06 15:02:23,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331743.3771033, 'message': 'Dec  6 15:02:22 hqnl0246134 sshd[224523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 15:02:25,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331745.3806345, 'message': 'Dec  6 15:02:24 hqnl0246134 sshd[224523]: Failed password for root from 61.177.173.50 port 57282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0697 seconds
INFO    [2022-12-06 15:02:25,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331745.3828702, 'message': 'Dec  6 15:02:24 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0706 seconds
INFO    [2022-12-06 15:02:26,002] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:02:26,003] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:02:26,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:02:26,076] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0725 seconds
INFO    [2022-12-06 15:02:27,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331747.3778887, 'message': 'Dec  6 15:02:26 hqnl0246134 sshd[224530]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.6.106.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1282 seconds
INFO    [2022-12-06 15:02:27,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331747.3782613, 'message': 'Dec  6 15:02:27 hqnl0246134 sshd[224523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1286 seconds
INFO    [2022-12-06 15:02:27,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331747.3781137, 'message': 'Dec  6 15:02:26 hqnl0246134 sshd[224530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.6.106.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-06 15:02:29,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331749.3833697, 'message': 'Dec  6 15:02:28 hqnl0246134 sshd[224472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.141.84.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1336 seconds
INFO    [2022-12-06 15:02:29,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.6.106.29', 'timestamp': 1670331749.3837824, 'message': 'Dec  6 15:02:29 hqnl0246134 sshd[224530]: Failed password for root from 20.6.106.29 port 40020 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1336 seconds
INFO    [2022-12-06 15:02:29,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331749.384018, 'message': 'Dec  6 15:02:29 hqnl0246134 sshd[224523]: Failed password for root from 61.177.173.50 port 57282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1331 seconds
INFO    [2022-12-06 15:02:31,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331751.3846684, 'message': 'Dec  6 15:02:30 hqnl0246134 sshd[224472]: Failed password for invalid user  from 45.141.84.10 port 38000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1086 seconds
INFO    [2022-12-06 15:02:31,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': None, 'timestamp': 1670331751.385357, 'message': 'Dec  6 15:02:30 hqnl0246134 sshd[224472]: error: maximum authentication attempts exceeded for invalid user  from 45.141.84.10 port 38000 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1088 seconds
INFO    [2022-12-06 15:02:31,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.141.84.10', 'timestamp': 1670331751.3857064, 'message': 'Dec  6 15:02:30 hqnl0246134 sshd[224472]: Disconnecting invalid user  45.141.84.10 port 38000: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 15:02:33,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331753.3864093, 'message': 'Dec  6 15:02:31 hqnl0246134 sshd[224523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 15:02:35,514] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:02:35,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:02:35,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:02:35,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331755.3871932, 'message': 'Dec  6 15:02:33 hqnl0246134 sshd[224523]: Failed password for root from 61.177.173.50 port 57282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1913 seconds
INFO    [2022-12-06 15:02:35,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0649 seconds
INFO    [2022-12-06 15:02:37,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331757.391225, 'message': 'Dec  6 15:02:37 hqnl0246134 sshd[224541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 15:02:37,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331757.391822, 'message': 'Dec  6 15:02:37 hqnl0246134 sshd[224541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 15:02:41,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331761.3944986, 'message': 'Dec  6 15:02:39 hqnl0246134 sshd[224541]: Failed password for root from 61.177.173.50 port 63514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0640 seconds
INFO    [2022-12-06 15:02:43,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670331763.3964796, 'message': 'Dec  6 15:02:41 hqnl0246134 sshd[224541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 15:02:46,589] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:02:46,590] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:02:54,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:02:55,069] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1516 seconds
INFO    [2022-12-06 15:02:55,070] defence360agent.internals.the_sink: UnreportableLocalIncidentList(<1 item(s)>) processed in 0.1512 seconds
INFO    [2022-12-06 15:03:22,184] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:03:22,189] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:03:22,236] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:03:22,286] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0814 seconds
INFO    [2022-12-06 15:03:29,670] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:03:29,672] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:03:29,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:03:29,705] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-06 15:03:40,128] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:03:40,129] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:03:40,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:03:40,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
WARNING [2022-12-06 15:03:46,652] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:03:46,654] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:04:20,666] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:04:20,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:04:20,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:04:20,719] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0497 seconds
INFO    [2022-12-06 15:04:25,450] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:04:25,451] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:04:25,483] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:04:25,497] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0321 seconds
WARNING [2022-12-06 15:04:46,660] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:04:46,664] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:04:57,545] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:04:57,551] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:04:57,570] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:04:57,597] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0445 seconds
INFO    [2022-12-06 15:05:20,978] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:05:20,979] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:05:20,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:05:21,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 15:05:24,333] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:05:24,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:05:24,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:05:24,360] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
WARNING [2022-12-06 15:05:46,669] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:05:46,670] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:06:18,662] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:06:18,663] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:06:18,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:06:18,691] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-06 15:06:21,447] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:06:21,448] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:06:21,457] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:06:21,470] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
WARNING [2022-12-06 15:06:46,674] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:06:46,676] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:06:58,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:06:58,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:06:58,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:06:58,071] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0463 seconds
INFO    [2022-12-06 15:07:18,312] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:07:18,314] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:07:18,325] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:07:18,340] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-06 15:07:21,189] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:07:21,189] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:07:21,198] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:07:21,209] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 15:07:46,681] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:07:46,684] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:08:18,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:08:18,744] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:08:18,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:08:18,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0359 seconds
INFO    [2022-12-06 15:08:21,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:08:21,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:08:21,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:08:21,923] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-06 15:08:24,537] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:08:24,615] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:08:24,616] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:08:24,616] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:08:24,616] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:08:24,617] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:08:24,636] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:08:24,657] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0402 seconds
WARNING [2022-12-06 15:08:24,665] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:08:24,668] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:08:24,688] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0395 seconds
INFO    [2022-12-06 15:08:24,690] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0359 seconds
WARNING [2022-12-06 15:08:46,691] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:08:46,695] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:09:05,726] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:09:05,727] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:09:05,728] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 15:09:18,187] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:09:18,189] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:09:18,203] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:09:18,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-06 15:09:21,243] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:09:21,244] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:09:21,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:09:21,263] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 15:09:31,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:09:31,297] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:09:31,304] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:09:31,315] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
WARNING [2022-12-06 15:09:46,697] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:09:46,699] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:10:18,233] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:10:18,234] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:10:18,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:10:18,271] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0355 seconds
INFO    [2022-12-06 15:10:21,465] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:10:21,465] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:10:21,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:10:21,488] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
WARNING [2022-12-06 15:10:46,702] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:10:46,703] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:11:18,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:11:18,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:11:18,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:11:18,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-06 15:11:23,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:11:23,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:11:23,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:11:23,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
WARNING [2022-12-06 15:11:46,707] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:11:46,708] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:11:53,310] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 15:12:19,157] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:12:19,159] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:12:19,174] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:12:19,195] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0352 seconds
INFO    [2022-12-06 15:12:22,464] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:12:22,464] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:12:22,499] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:12:22,554] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0615 seconds
INFO    [2022-12-06 15:12:24,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:12:24,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:12:24,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:12:24,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0320 seconds
WARNING [2022-12-06 15:12:46,712] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:12:46,715] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:12:48,712] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:12:48,713] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:12:48,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:12:48,742] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0289 seconds
INFO    [2022-12-06 15:13:03,153] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 15:13:03,162] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:13:03,175] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0206 seconds
INFO    [2022-12-06 15:13:21,129] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:13:21,130] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:13:21,140] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:13:21,154] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 15:13:24,180] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:13:24,180] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:13:24,187] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:13:24,200] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 15:13:33,202] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:13:33,274] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:13:33,275] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:13:33,275] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:13:33,276] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:13:33,276] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:13:33,296] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:13:33,339] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0616 seconds
WARNING [2022-12-06 15:13:33,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:13:33,350] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:13:33,370] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0397 seconds
INFO    [2022-12-06 15:13:33,372] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0357 seconds
INFO    [2022-12-06 15:13:41,208] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:13:41,209] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:13:41,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:13:41,237] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0266 seconds
WARNING [2022-12-06 15:13:46,719] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:13:46,720] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:14:03,403] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:14:03,404] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:14:03,407] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 15:14:19,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:14:19,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:14:19,035] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:14:19,051] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-06 15:14:22,420] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:14:22,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:14:22,432] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:14:22,452] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
WARNING [2022-12-06 15:14:46,723] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:14:46,725] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:15:18,625] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:15:18,626] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:15:18,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:15:18,674] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0473 seconds
INFO    [2022-12-06 15:15:19,968] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:15:19,969] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:15:19,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:15:20,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0359 seconds
INFO    [2022-12-06 15:15:21,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:15:21,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:15:21,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:22:43,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '39.91.167.180', 'timestamp': 1670332963.1655474, 'message': 'Dec  6 15:22:42 hqnl0246134 sshd[226293]: Invalid user ts3srv from 39.91.167.180 port 35176', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 15:22:45,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '39.91.167.180', 'timestamp': 1670332965.146072, 'message': 'Dec  6 15:22:44 hqnl0246134 sshd[226293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 39.91.167.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 15:22:45,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '39.91.167.180', 'timestamp': 1670332965.1465433, 'message': 'Dec  6 15:22:44 hqnl0246134 sshd[226293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.91.167.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 15:22:45,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '39.91.167.180', 'timestamp': 1670332965.1468155, 'message': 'Dec  6 15:22:44 hqnl0246134 sshd[226293]: Failed password for invalid user ts3srv from 39.91.167.180 port 35176 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 15:22:46,801] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:22:46,802] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:22:47,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '39.91.167.180', 'timestamp': 1670332967.1442983, 'message': 'Dec  6 15:22:45 hqnl0246134 sshd[226293]: Disconnected from invalid user ts3srv 39.91.167.180 port 35176 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 15:23:08,715] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:23:09,634] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 1.2149 seconds
INFO    [2022-12-06 15:23:16,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670332995.4848375, 'message': 'Dec  6 15:23:13 hqnl0246134 sshd[226328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 1.0769 seconds
INFO    [2022-12-06 15:23:17,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670332995.485682, 'message': 'Dec  6 15:23:13 hqnl0246134 sshd[226328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.4698 seconds
INFO    [2022-12-06 15:23:17,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670332997.2204838, 'message': 'Dec  6 15:23:15 hqnl0246134 sshd[226328]: Failed password for root from 61.177.173.53 port 25578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.6961 seconds
INFO    [2022-12-06 15:23:23,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670332999.2278054, 'message': 'Dec  6 15:23:17 hqnl0246134 sshd[226328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 4.4211 seconds
INFO    [2022-12-06 15:23:23,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333003.454458, 'message': 'Dec  6 15:23:19 hqnl0246134 sshd[226328]: Failed password for root from 61.177.173.53 port 25578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1541 seconds
INFO    [2022-12-06 15:23:26,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333006.1712387, 'message': 'Dec  6 15:23:25 hqnl0246134 sshd[226328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0729 seconds
INFO    [2022-12-06 15:23:26,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333006.1754541, 'message': 'Dec  6 15:23:25 hqnl0246134 sshd[226328]: Failed password for root from 61.177.173.53 port 25578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 15:23:29,296] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:23:29,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:23:29,309] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:23:29,334] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0333 seconds
INFO    [2022-12-06 15:23:32,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333012.15381, 'message': 'Dec  6 15:23:31 hqnl0246134 sshd[226377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 15:23:32,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333012.1542046, 'message': 'Dec  6 15:23:31 hqnl0246134 sshd[226377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-06 15:23:32,529] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:23:32,531] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:23:32,539] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:23:32,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 15:23:33,307] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:23:33,307] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:23:33,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:23:33,327] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 15:23:34,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333014.1543622, 'message': 'Dec  6 15:23:33 hqnl0246134 sshd[226377]: Failed password for root from 61.177.173.53 port 32288 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:23:36,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333016.1585667, 'message': 'Dec  6 15:23:35 hqnl0246134 sshd[226377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 15:23:38,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333018.1581483, 'message': 'Dec  6 15:23:36 hqnl0246134 sshd[226377]: Failed password for root from 61.177.173.53 port 32288 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 15:23:40,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333020.160285, 'message': 'Dec  6 15:23:39 hqnl0246134 sshd[226377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:23:42,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670333022.1626103, 'message': 'Dec  6 15:23:41 hqnl0246134 sshd[226377]: Failed password for root from 61.177.173.53 port 32288 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 15:23:46,814] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:23:46,819] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:24:06,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.165.247.254', 'timestamp': 1670333046.192629, 'message': 'Dec  6 15:24:04 hqnl0246134 sshd[227872]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.165.247.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 15:24:06,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.165.247.254', 'timestamp': 1670333046.1934912, 'message': 'Dec  6 15:24:04 hqnl0246134 sshd[227872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.165.247.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 15:24:08,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.165.247.254', 'timestamp': 1670333048.195843, 'message': 'Dec  6 15:24:06 hqnl0246134 sshd[227872]: Failed password for root from 122.165.247.254 port 54974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-06 15:24:08,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:24:08,565] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0837 seconds
INFO    [2022-12-06 15:24:18,306] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:24:18,308] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:24:18,324] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:24:18,339] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-06 15:24:21,276] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:24:21,277] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:24:21,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:24:21,301] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-06 15:24:21,937] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:24:22,022] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:24:22,023] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:24:22,023] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:24:22,024] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:24:22,024] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:24:22,040] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:24:22,067] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0428 seconds
WARNING [2022-12-06 15:24:22,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:24:22,080] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:24:22,103] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0473 seconds
INFO    [2022-12-06 15:24:22,105] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0406 seconds
WARNING [2022-12-06 15:24:46,822] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:24:46,823] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:24:52,173] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:24:52,174] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:24:52,184] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 15:25:00,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670333100.2574234, 'message': 'Dec  6 15:24:59 hqnl0246134 sshd[228174]: Accepted publickey for root from 188.32.176.34 port 49518 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0364 seconds
WARNING [2022-12-06 15:25:08,503] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:25:08,713] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.2278 seconds
INFO    [2022-12-06 15:25:19,272] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:25:19,273] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:25:19,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:25:19,297] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 15:25:22,517] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:25:22,518] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:25:22,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:25:22,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0483 seconds
WARNING [2022-12-06 15:25:46,827] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:25:46,828] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:26:10,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333170.3412511, 'message': 'Dec  6 15:26:10 hqnl0246134 sshd[228392]: pam_imunify(sshd:auth): [IM360_RBL] The IP 114.4.227.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 15:26:10,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333170.342153, 'message': 'Dec  6 15:26:10 hqnl0246134 sshd[228392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.4.227.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 15:26:14,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333174.3427088, 'message': 'Dec  6 15:26:12 hqnl0246134 sshd[228392]: Failed password for root from 114.4.227.194 port 56080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0584 seconds
INFO    [2022-12-06 15:26:17,702] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:26:17,703] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:26:17,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:26:17,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0722 seconds
INFO    [2022-12-06 15:26:19,176] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:26:19,177] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:26:19,191] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:26:19,202] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 15:26:22,196] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:26:22,197] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:26:22,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:26:22,219] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 15:26:30,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333190.3628626, 'message': 'Dec  6 15:26:30 hqnl0246134 sshd[228455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 15:26:30,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333190.3633533, 'message': 'Dec  6 15:26:30 hqnl0246134 sshd[228455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 15:26:32,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333192.3620324, 'message': 'Dec  6 15:26:32 hqnl0246134 sshd[228455]: Failed password for root from 61.177.173.39 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:26:34,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333194.3642478, 'message': 'Dec  6 15:26:34 hqnl0246134 sshd[228455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0584 seconds
INFO    [2022-12-06 15:26:36,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333196.3659914, 'message': 'Dec  6 15:26:36 hqnl0246134 sshd[228455]: Failed password for root from 61.177.173.39 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:26:38,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333198.3681772, 'message': 'Dec  6 15:26:36 hqnl0246134 sshd[228455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 15:26:40,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333200.3708591, 'message': 'Dec  6 15:26:38 hqnl0246134 sshd[228455]: Failed password for root from 61.177.173.39 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 15:26:42,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333202.3726535, 'message': 'Dec  6 15:26:40 hqnl0246134 sshd[228463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:26:42,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333202.3741298, 'message': 'Dec  6 15:26:40 hqnl0246134 sshd[228463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 15:26:44,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333204.37546, 'message': 'Dec  6 15:26:43 hqnl0246134 sshd[228463]: Failed password for root from 61.177.173.39 port 46455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 15:26:44,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333204.3757257, 'message': 'Dec  6 15:26:43 hqnl0246134 sshd[228465]: Invalid user teste from 177.9.50.112 port 44172', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 15:26:44,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333204.3758614, 'message': 'Dec  6 15:26:43 hqnl0246134 sshd[228465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.9.50.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:26:44,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333204.3760028, 'message': 'Dec  6 15:26:43 hqnl0246134 sshd[228465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.9.50.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:26:46,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333206.3797047, 'message': 'Dec  6 15:26:44 hqnl0246134 sshd[228463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 15:26:46,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333206.3802977, 'message': 'Dec  6 15:26:45 hqnl0246134 sshd[228465]: Failed password for invalid user teste from 177.9.50.112 port 44172 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 15:26:46,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333206.3819218, 'message': 'Dec  6 15:26:46 hqnl0246134 sshd[228465]: Disconnected from invalid user teste 177.9.50.112 port 44172 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
WARNING [2022-12-06 15:26:46,831] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:26:46,832] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:26:48,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333208.3805175, 'message': 'Dec  6 15:26:47 hqnl0246134 sshd[228463]: Failed password for root from 61.177.173.39 port 46455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 15:26:50,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333210.3819017, 'message': 'Dec  6 15:26:49 hqnl0246134 sshd[228463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 15:26:52,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333212.3845654, 'message': 'Dec  6 15:26:51 hqnl0246134 sshd[228463]: Failed password for root from 61.177.173.39 port 46455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 15:26:56,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333216.3896449, 'message': 'Dec  6 15:26:55 hqnl0246134 sshd[228495]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 15:26:56,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333216.3902996, 'message': 'Dec  6 15:26:55 hqnl0246134 sshd[228495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 15:26:58,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333218.3915854, 'message': 'Dec  6 15:26:57 hqnl0246134 sshd[228495]: Failed password for root from 61.177.173.39 port 45843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 15:26:58,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333218.391872, 'message': 'Dec  6 15:26:57 hqnl0246134 sshd[228495]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 15:27:00,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333220.3941913, 'message': 'Dec  6 15:26:59 hqnl0246134 sshd[228495]: Failed password for root from 61.177.173.39 port 45843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:27:00,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333220.394421, 'message': 'Dec  6 15:26:59 hqnl0246134 sshd[228495]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:27:02,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670333222.3978677, 'message': 'Dec  6 15:27:01 hqnl0246134 sshd[228495]: Failed password for root from 61.177.173.39 port 45843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0365 seconds
WARNING [2022-12-06 15:27:08,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:27:08,542] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0491 seconds
INFO    [2022-12-06 15:27:18,294] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:27:18,295] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:27:18,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:27:18,318] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-06 15:27:21,132] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:27:21,133] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:27:21,141] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:27:21,154] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 15:27:46,834] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:27:46,835] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:28:11,018] defence360agent.files: Updating all files
INFO    [2022-12-06 15:28:11,494] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:11,495] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 15:28:12,021] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:12,021] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 15:28:12,299] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:12,299] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 15:28:12,678] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:12,679] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 15:28:12,679] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 15:28:12,948] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 13:28:12 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E3747B4BFB0B9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 15:28:12,951] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 15:28:12,952] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 15:28:13,539] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:13,540] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 15:28:13,807] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:13,809] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 15:28:14,073] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:14,075] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 15:28:14,522] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:14,523] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 15:28:15,137] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 15:28:15,142] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 15:28:18,199] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:28:18,199] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:28:18,210] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:28:18,224] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 15:28:21,385] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:28:21,386] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:28:21,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:28:21,406] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 15:28:46,991] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:28:47,003] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:29:18,432] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:29:18,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:29:18,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:29:18,462] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 15:29:21,296] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:29:21,297] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:29:21,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:29:21,331] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0318 seconds
INFO    [2022-12-06 15:29:26,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333366.7122033, 'message': 'Dec  6 15:29:25 hqnl0246134 sshd[228691]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-06 15:29:26,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333366.7131758, 'message': 'Dec  6 15:29:25 hqnl0246134 sshd[228691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 15:29:28,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333368.7118611, 'message': 'Dec  6 15:29:27 hqnl0246134 sshd[228691]: Failed password for root from 43.153.81.96 port 53148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 15:29:33,262] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:29:33,262] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:29:33,274] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:29:33,290] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-06 15:29:44,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333384.7354636, 'message': 'Dec  6 15:29:43 hqnl0246134 sshd[228702]: Invalid user jm from 43.153.20.186 port 60892', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 15:29:44,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333384.741436, 'message': 'Dec  6 15:29:43 hqnl0246134 sshd[228702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.20.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 15:29:44,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333384.7416096, 'message': 'Dec  6 15:29:43 hqnl0246134 sshd[228702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.20.186 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 15:29:46,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333386.7369268, 'message': 'Dec  6 15:29:45 hqnl0246134 sshd[228702]: Failed password for invalid user jm from 43.153.20.186 port 60892 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 15:29:46,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333386.7371337, 'message': 'Dec  6 15:29:46 hqnl0246134 sshd[228702]: Disconnected from invalid user jm 43.153.20.186 port 60892 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-06 15:29:47,007] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:29:47,008] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:29:56,147] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:29:56,221] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:29:56,222] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:29:56,222] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:29:56,222] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:29:56,223] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:29:56,248] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:29:56,279] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0534 seconds
WARNING [2022-12-06 15:29:56,291] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:29:56,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:29:56,317] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0481 seconds
INFO    [2022-12-06 15:29:56,319] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0436 seconds
INFO    [2022-12-06 15:30:00,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.121.203.115', 'timestamp': 1670333400.7543578, 'message': 'Dec  6 15:29:59 hqnl0246134 sshd[228714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.121.203.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 15:30:00,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.121.203.115', 'timestamp': 1670333400.7554572, 'message': 'Dec  6 15:29:59 hqnl0246134 sshd[228714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.203.115  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 15:30:02,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.121.203.115', 'timestamp': 1670333402.755741, 'message': 'Dec  6 15:30:00 hqnl0246134 sshd[228714]: Failed password for root from 186.121.203.115 port 37724 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0774 seconds
WARNING [2022-12-06 15:30:08,529] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:30:08,585] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0868 seconds
INFO    [2022-12-06 15:30:14,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333414.7749474, 'message': 'Dec  6 15:30:12 hqnl0246134 sshd[228745]: Invalid user julian from 128.199.68.220 port 37494', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1355 seconds
INFO    [2022-12-06 15:30:15,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333414.7777746, 'message': 'Dec  6 15:30:12 hqnl0246134 sshd[228745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.68.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1489 seconds
INFO    [2022-12-06 15:30:15,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333414.7779346, 'message': 'Dec  6 15:30:12 hqnl0246134 sshd[228745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 15:30:16,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333416.7845478, 'message': 'Dec  6 15:30:15 hqnl0246134 sshd[228745]: Failed password for invalid user julian from 128.199.68.220 port 37494 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-06 15:30:16,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333416.7849715, 'message': 'Dec  6 15:30:16 hqnl0246134 sshd[228745]: Disconnected from invalid user julian 128.199.68.220 port 37494 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 15:30:19,441] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:30:19,442] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:30:19,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:30:19,483] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0396 seconds
INFO    [2022-12-06 15:30:22,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:30:22,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:30:22,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:30:22,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0384 seconds
INFO    [2022-12-06 15:30:22,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333422.8453836, 'message': 'Dec  6 15:30:20 hqnl0246134 sshd[228766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 15:30:22,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333422.8457386, 'message': 'Dec  6 15:30:20 hqnl0246134 sshd[228766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 15:30:22,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333422.845963, 'message': 'Dec  6 15:30:22 hqnl0246134 sshd[228766]: Failed password for root from 61.177.173.52 port 17115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 15:30:24,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333424.7786288, 'message': 'Dec  6 15:30:22 hqnl0246134 sshd[228766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-06 15:30:24,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333424.7789204, 'message': 'Dec  6 15:30:24 hqnl0246134 sshd[228766]: Failed password for root from 61.177.173.52 port 17115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 15:30:26,348] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:30:26,350] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:30:26,352] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 15:30:26,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333426.781134, 'message': 'Dec  6 15:30:25 hqnl0246134 sshd[228766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 15:30:28,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333428.7822928, 'message': 'Dec  6 15:30:27 hqnl0246134 sshd[228766]: Failed password for root from 61.177.173.52 port 17115 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 15:30:32,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333432.7877896, 'message': 'Dec  6 15:30:31 hqnl0246134 sshd[228777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 15:30:32,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333432.7880616, 'message': 'Dec  6 15:30:31 hqnl0246134 sshd[228777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 15:30:34,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333434.7903936, 'message': 'Dec  6 15:30:33 hqnl0246134 sshd[228777]: Failed password for root from 61.177.173.52 port 44618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 15:30:36,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333436.7941868, 'message': 'Dec  6 15:30:35 hqnl0246134 sshd[228777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:30:38,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333438.7963758, 'message': 'Dec  6 15:30:37 hqnl0246134 sshd[228777]: Failed password for root from 61.177.173.52 port 44618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 15:30:38,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333438.7966228, 'message': 'Dec  6 15:30:37 hqnl0246134 sshd[228777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 15:30:40,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670333440.7991095, 'message': 'Dec  6 15:30:40 hqnl0246134 sshd[228777]: Failed password for root from 61.177.173.52 port 44618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-06 15:30:47,011] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:30:47,014] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:31:08,520] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:31:08,557] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0536 seconds
INFO    [2022-12-06 15:31:16,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333476.8552258, 'message': 'Dec  6 15:31:15 hqnl0246134 sshd[228800]: Invalid user administrator from 103.226.250.223 port 41512', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 15:31:16,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333476.8555522, 'message': 'Dec  6 15:31:15 hqnl0246134 sshd[228800]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.226.250.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 15:31:16,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333476.855704, 'message': 'Dec  6 15:31:15 hqnl0246134 sshd[228800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.250.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 15:31:18,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:31:18,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:31:18,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:31:18,617] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 15:31:18,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333478.8546028, 'message': 'Dec  6 15:31:17 hqnl0246134 sshd[228800]: Failed password for invalid user administrator from 103.226.250.223 port 41512 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 15:31:20,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333480.8582828, 'message': 'Dec  6 15:31:19 hqnl0246134 sshd[228800]: Disconnected from invalid user administrator 103.226.250.223 port 41512 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 15:31:21,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:31:21,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:31:21,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:31:21,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 15:31:22,050] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:31:22,051] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:31:22,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:31:22,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 15:31:47,017] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:31:47,020] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:31:53,322] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 15:32:08,520] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:32:08,552] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0436 seconds
INFO    [2022-12-06 15:32:12,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333532.9140701, 'message': 'Dec  6 15:32:11 hqnl0246134 sshd[228867]: Invalid user guest from 43.153.81.96 port 43340', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 15:32:12,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333532.9144707, 'message': 'Dec  6 15:32:12 hqnl0246134 sshd[228867]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 15:32:13,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333532.9168983, 'message': 'Dec  6 15:32:12 hqnl0246134 sshd[228867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 15:32:14,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333534.9190657, 'message': 'Dec  6 15:32:14 hqnl0246134 sshd[228867]: Failed password for invalid user guest from 43.153.81.96 port 43340 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 15:32:14,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333534.9193869, 'message': 'Dec  6 15:32:14 hqnl0246134 sshd[228867]: Disconnected from invalid user guest 43.153.81.96 port 43340 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 15:32:16,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333536.9212081, 'message': 'Dec  6 15:32:16 hqnl0246134 sshd[228870]: Invalid user amir from 177.9.50.112 port 42322', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 15:32:17,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333536.9214923, 'message': 'Dec  6 15:32:16 hqnl0246134 sshd[228870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.9.50.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0727 seconds
INFO    [2022-12-06 15:32:17,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333536.9271188, 'message': 'Dec  6 15:32:16 hqnl0246134 sshd[228870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.9.50.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0649 seconds
INFO    [2022-12-06 15:32:18,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333538.9215617, 'message': 'Dec  6 15:32:18 hqnl0246134 sshd[228870]: Failed password for invalid user amir from 177.9.50.112 port 42322 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 15:32:19,410] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:32:19,411] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:32:19,418] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:32:19,430] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 15:32:20,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333540.9239213, 'message': 'Dec  6 15:32:20 hqnl0246134 sshd[228870]: Disconnected from invalid user amir 177.9.50.112 port 42322 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-06 15:32:22,378] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:32:22,378] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:32:22,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:32:22,436] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0570 seconds
INFO    [2022-12-06 15:32:30,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333550.9419215, 'message': 'Dec  6 15:32:29 hqnl0246134 sshd[228907]: Invalid user build from 43.153.20.186 port 54656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 15:32:30,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333550.9434118, 'message': 'Dec  6 15:32:30 hqnl0246134 sshd[228907]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.20.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 15:32:30,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333550.9435663, 'message': 'Dec  6 15:32:30 hqnl0246134 sshd[228907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.20.186 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 15:32:32,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333552.9486237, 'message': 'Dec  6 15:32:32 hqnl0246134 sshd[228907]: Failed password for invalid user build from 43.153.20.186 port 54656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 15:32:34,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333554.9501376, 'message': 'Dec  6 15:32:33 hqnl0246134 sshd[228907]: Disconnected from invalid user build 43.153.20.186 port 54656 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-06 15:32:47,023] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:32:47,024] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:33:01,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333580.9972486, 'message': 'Dec  6 15:33:00 hqnl0246134 sshd[228925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 114.4.227.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 15:33:01,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333580.9984913, 'message': 'Dec  6 15:33:00 hqnl0246134 sshd[228925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.4.227.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 15:33:03,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333582.985917, 'message': 'Dec  6 15:33:02 hqnl0246134 sshd[228925]: Failed password for root from 114.4.227.194 port 49146 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 15:33:08,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:33:08,780] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.2675 seconds
INFO    [2022-12-06 15:33:19,338] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:33:19,339] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:33:19,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:33:19,475] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1243 seconds
INFO    [2022-12-06 15:33:22,386] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:33:22,387] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:33:22,397] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:33:22,408] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 15:33:33,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333613.0377045, 'message': 'Dec  6 15:33:32 hqnl0246134 sshd[228967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 15:33:33,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333613.0384347, 'message': 'Dec  6 15:33:32 hqnl0246134 sshd[228967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0576 seconds
INFO    [2022-12-06 15:33:35,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333615.030911, 'message': 'Dec  6 15:33:34 hqnl0246134 sshd[228967]: Failed password for root from 61.177.173.51 port 53442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 15:33:37,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333617.0325658, 'message': 'Dec  6 15:33:36 hqnl0246134 sshd[228967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 15:33:39,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333619.0341413, 'message': 'Dec  6 15:33:37 hqnl0246134 sshd[228973]: Invalid user guest from 128.199.68.220 port 55416', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 15:33:39,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333619.034857, 'message': 'Dec  6 15:33:38 hqnl0246134 sshd[228967]: Failed password for root from 61.177.173.51 port 53442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 15:33:39,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333619.034315, 'message': 'Dec  6 15:33:37 hqnl0246134 sshd[228973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.68.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 15:33:39,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333619.0350285, 'message': 'Dec  6 15:33:38 hqnl0246134 sshd[228967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 15:33:39,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333619.0344548, 'message': 'Dec  6 15:33:37 hqnl0246134 sshd[228973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 15:33:41,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333621.0367725, 'message': 'Dec  6 15:33:39 hqnl0246134 sshd[228973]: Failed password for invalid user guest from 128.199.68.220 port 55416 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-06 15:33:41,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670333621.0431418, 'message': 'Dec  6 15:33:40 hqnl0246134 sshd[228976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0774 seconds
INFO    [2022-12-06 15:33:41,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333621.0433557, 'message': 'Dec  6 15:33:40 hqnl0246134 sshd[228967]: Failed password for root from 61.177.173.51 port 53442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0786 seconds
INFO    [2022-12-06 15:33:41,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333621.0429735, 'message': 'Dec  6 15:33:40 hqnl0246134 sshd[228973]: Disconnected from invalid user guest 128.199.68.220 port 55416 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-06 15:33:41,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670333621.0432527, 'message': 'Dec  6 15:33:40 hqnl0246134 sshd[228976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220  user=uucp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 15:33:43,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:33:43,009] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:33:43,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:33:43,028] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 15:33:43,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.220', 'timestamp': 1670333623.037627, 'message': 'Dec  6 15:33:42 hqnl0246134 sshd[228976]: Failed password for uucp from 152.89.196.220 port 54366 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 15:33:43,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333623.038465, 'message': 'Dec  6 15:33:42 hqnl0246134 sshd[228980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 15:33:43,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333623.0386086, 'message': 'Dec  6 15:33:42 hqnl0246134 sshd[228980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 15:33:47,026] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:33:47,027] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:33:47,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333627.0419762, 'message': 'Dec  6 15:33:45 hqnl0246134 sshd[228980]: Failed password for root from 61.177.173.51 port 30524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:33:47,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333627.0422168, 'message': 'Dec  6 15:33:47 hqnl0246134 sshd[228980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 15:33:49,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333629.0428264, 'message': 'Dec  6 15:33:49 hqnl0246134 sshd[228980]: Failed password for root from 61.177.173.51 port 30524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 15:33:51,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333631.0459778, 'message': 'Dec  6 15:33:49 hqnl0246134 sshd[228980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 15:33:51,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670333631.053448, 'message': 'Dec  6 15:33:50 hqnl0246134 sshd[228980]: Failed password for root from 61.177.173.51 port 30524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-06 15:34:08,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:34:09,101] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.5809 seconds
INFO    [2022-12-06 15:34:18,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:34:18,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:34:18,342] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:34:18,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 15:34:21,805] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:34:21,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:34:21,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:34:21,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
WARNING [2022-12-06 15:34:47,030] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:34:47,032] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:34:57,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333697.126071, 'message': 'Dec  6 15:34:56 hqnl0246134 sshd[229054]: Invalid user julian from 43.153.81.96 port 33518', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0848 seconds
INFO    [2022-12-06 15:34:57,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333697.1276157, 'message': 'Dec  6 15:34:56 hqnl0246134 sshd[229054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.81.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 15:34:57,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333697.1279867, 'message': 'Dec  6 15:34:56 hqnl0246134 sshd[229054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 15:34:59,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333699.1237574, 'message': 'Dec  6 15:34:58 hqnl0246134 sshd[229054]: Failed password for invalid user julian from 43.153.81.96 port 33518 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 15:34:59,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.81.96', 'timestamp': 1670333699.1440043, 'message': 'Dec  6 15:34:58 hqnl0246134 sshd[229054]: Disconnected from invalid user julian 43.153.81.96 port 33518 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:35:01,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333701.1245732, 'message': 'Dec  6 15:34:59 hqnl0246134 sshd[229058]: Invalid user tsserver from 103.226.250.223 port 43412', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 15:35:01,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333701.1248746, 'message': 'Dec  6 15:34:59 hqnl0246134 sshd[229058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.226.250.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 15:35:01,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333701.1250997, 'message': 'Dec  6 15:34:59 hqnl0246134 sshd[229058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.250.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0509 seconds
INFO    [2022-12-06 15:35:03,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:35:03,438] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:35:03,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:35:03,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333703.1277578, 'message': 'Dec  6 15:35:01 hqnl0246134 sshd[229058]: Failed password for invalid user tsserver from 103.226.250.223 port 43412 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.3703 seconds
INFO    [2022-12-06 15:35:03,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0714 seconds
INFO    [2022-12-06 15:35:03,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333703.1364288, 'message': 'Dec  6 15:35:02 hqnl0246134 sshd[229058]: Disconnected from invalid user tsserver 103.226.250.223 port 43412 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-06 15:35:08,536] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:35:08,577] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0526 seconds
INFO    [2022-12-06 15:35:17,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670333717.1480887, 'message': 'Dec  6 15:35:16 hqnl0246134 sshd[229107]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 15:35:17,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670333717.1488087, 'message': 'Dec  6 15:35:16 hqnl0246134 sshd[229107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 15:35:18,621] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:35:18,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:35:18,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:35:18,640] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 15:35:19,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.148.81.208', 'timestamp': 1670333719.148478, 'message': 'Dec  6 15:35:18 hqnl0246134 sshd[229107]: Failed password for root from 34.148.81.208 port 37790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 15:35:21,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:35:21,696] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:35:21,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:35:21,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0636 seconds
INFO    [2022-12-06 15:35:25,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333725.1550047, 'message': 'Dec  6 15:35:24 hqnl0246134 sshd[229131]: Invalid user test from 43.153.20.186 port 60050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 15:35:25,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333725.155493, 'message': 'Dec  6 15:35:24 hqnl0246134 sshd[229131]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.20.186 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 15:35:25,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333725.1556454, 'message': 'Dec  6 15:35:24 hqnl0246134 sshd[229131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.20.186 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 15:35:27,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333727.1565335, 'message': 'Dec  6 15:35:26 hqnl0246134 sshd[229131]: Failed password for invalid user test from 43.153.20.186 port 60050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 15:35:27,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.20.186', 'timestamp': 1670333727.156729, 'message': 'Dec  6 15:35:27 hqnl0246134 sshd[229131]: Disconnected from invalid user test 43.153.20.186 port 60050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0534 seconds
WARNING [2022-12-06 15:35:47,036] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:35:47,038] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:36:01,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333761.1982036, 'message': 'Dec  6 15:36:00 hqnl0246134 sshd[229148]: Invalid user vbox from 177.9.50.112 port 48090', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-06 15:36:01,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333761.2001987, 'message': 'Dec  6 15:36:00 hqnl0246134 sshd[229148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.9.50.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:36:01,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333761.2006228, 'message': 'Dec  6 15:36:00 hqnl0246134 sshd[229148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.9.50.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 15:36:03,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333763.19661, 'message': 'Dec  6 15:36:02 hqnl0246134 sshd[229148]: Failed password for invalid user vbox from 177.9.50.112 port 48090 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 15:36:05,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333765.1976073, 'message': 'Dec  6 15:36:04 hqnl0246134 sshd[229148]: Disconnected from invalid user vbox 177.9.50.112 port 48090 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 15:36:07,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:36:07,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:36:07,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:36:07,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
WARNING [2022-12-06 15:36:08,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:36:08,640] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1123 seconds
INFO    [2022-12-06 15:36:18,256] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:36:18,257] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:36:18,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:36:18,296] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0378 seconds
INFO    [2022-12-06 15:36:19,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670333779.2132277, 'message': 'Dec  6 15:36:18 hqnl0246134 sshd[229175]: Invalid user elk from 104.131.39.193 port 44554', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 15:36:19,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.39.193', 'timestamp': 1670333779.2134736, 'message': 'Dec  6 15:36:18 hqnl0246134 sshd[229175]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.39.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 15:36:19,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.39.193', 'timestamp': 1670333779.2136292, 'message': 'Dec  6 15:36:18 hqnl0246134 sshd[229175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.39.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 15:36:21,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670333781.213909, 'message': 'Dec  6 15:36:20 hqnl0246134 sshd[229175]: Failed password for invalid user elk from 104.131.39.193 port 44554 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:36:21,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:36:21,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:36:21,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:36:21,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 15:36:23,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670333783.21755, 'message': 'Dec  6 15:36:21 hqnl0246134 sshd[229175]: Disconnected from invalid user elk 104.131.39.193 port 44554 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 15:36:37,390] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:36:37,460] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:36:37,461] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:36:37,461] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:36:37,461] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:36:37,462] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:36:37,474] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:36:37,508] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0456 seconds
WARNING [2022-12-06 15:36:37,515] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:36:37,518] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:36:37,537] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0360 seconds
INFO    [2022-12-06 15:36:37,539] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0333 seconds
WARNING [2022-12-06 15:36:47,043] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:36:47,044] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:36:49,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333809.268901, 'message': 'Dec  6 15:36:48 hqnl0246134 sshd[229194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 114.4.227.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 15:36:49,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333809.269364, 'message': 'Dec  6 15:36:48 hqnl0246134 sshd[229194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.4.227.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 15:36:51,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '114.4.227.194', 'timestamp': 1670333811.2723992, 'message': 'Dec  6 15:36:50 hqnl0246134 sshd[229194]: Failed password for root from 114.4.227.194 port 39314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 15:36:53,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333813.27661, 'message': 'Dec  6 15:36:51 hqnl0246134 sshd[229196]: Invalid user user from 128.199.68.220 port 45114', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 15:36:53,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333813.2770934, 'message': 'Dec  6 15:36:51 hqnl0246134 sshd[229196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.68.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 15:36:53,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333813.2774408, 'message': 'Dec  6 15:36:51 hqnl0246134 sshd[229196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:36:55,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333815.2782564, 'message': 'Dec  6 15:36:53 hqnl0246134 sshd[229196]: Failed password for invalid user user from 128.199.68.220 port 45114 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:36:55,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.68.220', 'timestamp': 1670333815.2785053, 'message': 'Dec  6 15:36:53 hqnl0246134 sshd[229196]: Disconnected from invalid user user 128.199.68.220 port 45114 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 15:37:07,588] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:37:07,588] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:37:07,589] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 15:37:08,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:37:08,854] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.3217 seconds
INFO    [2022-12-06 15:37:11,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.85.27.201', 'timestamp': 1670333831.3076766, 'message': 'Dec  6 15:37:10 hqnl0246134 sshd[229231]: Invalid user rsync from 95.85.27.201 port 50446', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 15:37:11,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.85.27.201', 'timestamp': 1670333831.307927, 'message': 'Dec  6 15:37:10 hqnl0246134 sshd[229231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.85.27.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 15:37:11,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.85.27.201', 'timestamp': 1670333831.3091276, 'message': 'Dec  6 15:37:10 hqnl0246134 sshd[229231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.27.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 15:37:13,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.85.27.201', 'timestamp': 1670333833.3076646, 'message': 'Dec  6 15:37:11 hqnl0246134 sshd[229231]: Failed password for invalid user rsync from 95.85.27.201 port 50446 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:37:13,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.85.27.201', 'timestamp': 1670333833.3080084, 'message': 'Dec  6 15:37:12 hqnl0246134 sshd[229231]: Disconnected from invalid user rsync 95.85.27.201 port 50446 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 15:37:18,334] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:37:18,335] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:37:18,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:37:18,402] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0465 seconds
INFO    [2022-12-06 15:37:21,154] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:37:21,155] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:37:21,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:37:21,178] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
WARNING [2022-12-06 15:37:47,047] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:37:47,049] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:38:08,632] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:38:08,766] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.2262 seconds
INFO    [2022-12-06 15:38:18,308] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:38:18,309] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:38:18,319] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:38:18,334] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
INFO    [2022-12-06 15:38:19,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670333899.3800519, 'message': 'Dec  6 15:38:18 hqnl0246134 sshd[229313]: Invalid user isaac from 2.200.248.77 port 58978', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 15:38:19,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.200.248.77', 'timestamp': 1670333899.3857913, 'message': 'Dec  6 15:38:18 hqnl0246134 sshd[229313]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.200.248.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 15:38:19,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.200.248.77', 'timestamp': 1670333899.385919, 'message': 'Dec  6 15:38:18 hqnl0246134 sshd[229313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.200.248.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:38:21,300] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:38:21,301] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:38:21,309] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:38:21,321] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 15:38:21,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670333901.380896, 'message': 'Dec  6 15:38:20 hqnl0246134 sshd[229313]: Failed password for invalid user isaac from 2.200.248.77 port 58978 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 15:38:21,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670333901.3810937, 'message': 'Dec  6 15:38:20 hqnl0246134 sshd[229313]: Disconnected from invalid user isaac 2.200.248.77 port 58978 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 15:38:23,516] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:38:23,516] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:38:23,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:38:23,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333903.384082, 'message': 'Dec  6 15:38:21 hqnl0246134 sshd[229315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1684 seconds
INFO    [2022-12-06 15:38:23,554] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0371 seconds
INFO    [2022-12-06 15:38:23,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333903.5185475, 'message': 'Dec  6 15:38:21 hqnl0246134 sshd[229315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 15:38:23,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333903.5189455, 'message': 'Dec  6 15:38:23 hqnl0246134 sshd[229315]: Failed password for root from 61.177.173.36 port 30157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 15:38:27,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333907.3877566, 'message': 'Dec  6 15:38:25 hqnl0246134 sshd[229315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 15:38:29,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333909.390245, 'message': 'Dec  6 15:38:27 hqnl0246134 sshd[229315]: Failed password for root from 61.177.173.36 port 30157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 15:38:31,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333911.39227, 'message': 'Dec  6 15:38:29 hqnl0246134 sshd[229315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 15:38:33,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333913.3955472, 'message': 'Dec  6 15:38:31 hqnl0246134 sshd[229315]: Failed password for root from 61.177.173.36 port 30157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 15:38:37,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670333917.400495, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229340]: Invalid user tor from 133.130.99.35 port 33624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 15:38:37,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333917.4007132, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229337]: Invalid user postgres from 103.226.250.223 port 57414', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 15:38:37,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670333917.4012346, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 15:38:37,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333917.4008625, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229337]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.226.250.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 15:38:37,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670333917.4013898, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 15:38:37,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333917.4010873, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.250.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 15:38:39,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333919.4024627, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229338]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 15:38:39,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333919.4029014, 'message': 'Dec  6 15:38:39 hqnl0246134 sshd[229337]: Failed password for invalid user postgres from 103.226.250.223 port 57414 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 15:38:39,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333919.4027486, 'message': 'Dec  6 15:38:37 hqnl0246134 sshd[229338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 15:38:41,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670333921.4042482, 'message': 'Dec  6 15:38:39 hqnl0246134 sshd[229340]: Failed password for invalid user tor from 133.130.99.35 port 33624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 15:38:41,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333921.404432, 'message': 'Dec  6 15:38:39 hqnl0246134 sshd[229338]: Failed password for root from 61.177.173.36 port 42973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 15:38:43,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.226.250.223', 'timestamp': 1670333923.4059262, 'message': 'Dec  6 15:38:41 hqnl0246134 sshd[229337]: Disconnected from invalid user postgres 103.226.250.223 port 57414 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0659 seconds
INFO    [2022-12-06 15:38:43,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670333923.4061809, 'message': 'Dec  6 15:38:41 hqnl0246134 sshd[229340]: Disconnected from invalid user tor 133.130.99.35 port 33624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 15:38:43,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333923.4063096, 'message': 'Dec  6 15:38:42 hqnl0246134 sshd[229338]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0668 seconds
INFO    [2022-12-06 15:38:45,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333925.406959, 'message': 'Dec  6 15:38:44 hqnl0246134 sshd[229338]: Failed password for root from 61.177.173.36 port 42973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
WARNING [2022-12-06 15:38:47,051] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:38:47,053] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:38:47,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333927.4090428, 'message': 'Dec  6 15:38:46 hqnl0246134 sshd[229338]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 15:38:49,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333929.4109957, 'message': 'Dec  6 15:38:48 hqnl0246134 sshd[229338]: Failed password for root from 61.177.173.36 port 42973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0760 seconds
INFO    [2022-12-06 15:38:53,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333933.4154625, 'message': 'Dec  6 15:38:52 hqnl0246134 sshd[229354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 15:38:53,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333933.4158726, 'message': 'Dec  6 15:38:52 hqnl0246134 sshd[229354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 15:38:55,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333935.4165528, 'message': 'Dec  6 15:38:54 hqnl0246134 sshd[229354]: Failed password for root from 61.177.173.36 port 52161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 15:38:55,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333935.4167974, 'message': 'Dec  6 15:38:54 hqnl0246134 sshd[229354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 15:38:57,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333937.4190564, 'message': 'Dec  6 15:38:56 hqnl0246134 sshd[229354]: Failed password for root from 61.177.173.36 port 52161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 15:38:59,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333939.420151, 'message': 'Dec  6 15:38:59 hqnl0246134 sshd[229354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 15:39:01,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670333941.4747388, 'message': 'Dec  6 15:39:01 hqnl0246134 sshd[229354]: Failed password for root from 61.177.173.36 port 52161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
WARNING [2022-12-06 15:39:08,619] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:39:08,849] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.2915 seconds
INFO    [2022-12-06 15:39:18,048] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:39:18,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:39:18,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:39:18,075] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 15:39:21,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:39:21,403] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:39:21,568] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:39:21,682] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.2780 seconds
INFO    [2022-12-06 15:39:39,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333979.5583823, 'message': 'Dec  6 15:39:39 hqnl0246134 sshd[229544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.9.50.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 15:39:39,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333979.5594647, 'message': 'Dec  6 15:39:39 hqnl0246134 sshd[229544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.9.50.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:39:41,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.9.50.112', 'timestamp': 1670333981.5563147, 'message': 'Dec  6 15:39:40 hqnl0246134 sshd[229544]: Failed password for root from 177.9.50.112 port 51712 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 15:39:44,373] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:39:44,374] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:39:44,383] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:39:44,394] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 15:39:47,056] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:39:47,057] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:40:08,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:40:08,599] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0375 seconds
INFO    [2022-12-06 15:40:18,242] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:40:18,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:40:18,253] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:40:18,266] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 15:40:21,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:40:21,212] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:40:21,219] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:40:21,231] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 15:40:27,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.144.167.169', 'timestamp': 1670334027.6152635, 'message': 'Dec  6 15:40:26 hqnl0246134 sshd[229617]: Invalid user test from 59.144.167.169 port 53458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 15:40:27,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.144.167.169', 'timestamp': 1670334027.6158876, 'message': 'Dec  6 15:40:26 hqnl0246134 sshd[229617]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.144.167.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 15:40:27,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.144.167.169', 'timestamp': 1670334027.621953, 'message': 'Dec  6 15:40:26 hqnl0246134 sshd[229617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.144.167.169 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 15:40:29,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.144.167.169', 'timestamp': 1670334029.615964, 'message': 'Dec  6 15:40:28 hqnl0246134 sshd[229617]: Failed password for invalid user test from 59.144.167.169 port 53458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 15:40:39,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334039.6254451, 'message': 'Dec  6 15:40:37 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 15:40:39,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334039.6260467, 'message': 'Dec  6 15:40:37 hqnl0246134 sshd[229619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 15:40:39,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334039.6263022, 'message': 'Dec  6 15:40:39 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:40:41,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334041.6258032, 'message': 'Dec  6 15:40:39 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:40:43,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334043.626555, 'message': 'Dec  6 15:40:41 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:40:45,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334045.6291242, 'message': 'Dec  6 15:40:44 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 15:40:45,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '114.4.227.194', 'timestamp': 1670334045.6328557, 'message': 'Dec  6 15:40:44 hqnl0246134 sshd[229622]: Invalid user yt from 114.4.227.194 port 57732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 15:40:45,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '114.4.227.194', 'timestamp': 1670334045.6336803, 'message': 'Dec  6 15:40:44 hqnl0246134 sshd[229622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 114.4.227.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 15:40:45,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '114.4.227.194', 'timestamp': 1670334045.6338325, 'message': 'Dec  6 15:40:44 hqnl0246134 sshd[229622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.4.227.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
WARNING [2022-12-06 15:40:47,060] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:40:47,060] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:40:47,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334047.6310835, 'message': 'Dec  6 15:40:46 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 15:40:47,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '114.4.227.194', 'timestamp': 1670334047.6315005, 'message': 'Dec  6 15:40:46 hqnl0246134 sshd[229622]: Failed password for invalid user yt from 114.4.227.194 port 57732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-06 15:40:47,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334047.6316073, 'message': 'Dec  6 15:40:47 hqnl0246134 sshd[229624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.85.27.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 15:40:47,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334047.6313663, 'message': 'Dec  6 15:40:46 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 15:40:47,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334047.63175, 'message': 'Dec  6 15:40:47 hqnl0246134 sshd[229624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.27.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-06 15:40:49,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '114.4.227.194', 'timestamp': 1670334049.6371143, 'message': 'Dec  6 15:40:48 hqnl0246134 sshd[229622]: Disconnected from invalid user yt 114.4.227.194 port 57732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0621 seconds
INFO    [2022-12-06 15:40:49,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334049.637391, 'message': 'Dec  6 15:40:48 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0629 seconds
INFO    [2022-12-06 15:40:49,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334049.6376853, 'message': 'Dec  6 15:40:48 hqnl0246134 sshd[229624]: Failed password for root from 95.85.27.201 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0629 seconds
INFO    [2022-12-06 15:40:49,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334049.637552, 'message': 'Dec  6 15:40:48 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:40:51,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334051.637609, 'message': 'Dec  6 15:40:50 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:40:51,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334051.6377935, 'message': 'Dec  6 15:40:51 hqnl0246134 sshd[229619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:40:53,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334053.6386623, 'message': 'Dec  6 15:40:53 hqnl0246134 sshd[229619]: Failed password for root from 222.168.30.19 port 1650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 15:40:55,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5758, 'attackers_ip': '222.168.30.19', 'timestamp': 1670334055.6412647, 'message': 'Dec  6 15:40:55 hqnl0246134 sshd[229619]: error: maximum authentication attempts exceeded for root from 222.168.30.19 port 1650 ssh2 [preauth]', 'severity': 3, 'name': 'Maximum authentication attempts exceeded.', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-06 15:41:08,583] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:41:08,945] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.3778 seconds
INFO    [2022-12-06 15:41:20,260] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:41:20,261] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:41:20,269] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:41:20,281] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 15:41:23,283] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:41:23,284] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:41:23,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:41:23,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0493 seconds
INFO    [2022-12-06 15:41:27,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670334087.6779826, 'message': 'Dec  6 15:41:26 hqnl0246134 sshd[229669]: Invalid user user1 from 194.169.175.102 port 55372', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 15:41:27,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.169.175.102', 'timestamp': 1670334087.6784284, 'message': 'Dec  6 15:41:26 hqnl0246134 sshd[229669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.169.175.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 15:41:27,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.169.175.102', 'timestamp': 1670334087.6786218, 'message': 'Dec  6 15:41:26 hqnl0246134 sshd[229669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 15:41:29,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670334089.6790366, 'message': 'Dec  6 15:41:29 hqnl0246134 sshd[229669]: Failed password for invalid user user1 from 194.169.175.102 port 55372 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 15:41:31,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670334091.681408, 'message': 'Dec  6 15:41:30 hqnl0246134 sshd[229669]: Disconnected from invalid user user1 194.169.175.102 port 55372 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 15:41:33,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:41:33,813] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:41:33,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:41:33,833] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-06 15:41:47,063] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:41:47,064] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:41:53,325] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 15:42:08,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:42:08,628] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0525 seconds
INFO    [2022-12-06 15:42:15,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334135.725766, 'message': 'Dec  6 15:42:13 hqnl0246134 sshd[229702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.228.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-06 15:42:15,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334135.7263465, 'message': 'Dec  6 15:42:13 hqnl0246134 sshd[229702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.228.25  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0596 seconds
INFO    [2022-12-06 15:42:17,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334137.725546, 'message': 'Dec  6 15:42:15 hqnl0246134 sshd[229702]: Failed password for root from 128.199.228.25 port 56812 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:42:18,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:42:18,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:42:18,134] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:42:18,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 15:42:21,321] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:42:21,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:42:21,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:42:21,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 15:42:39,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334159.7516117, 'message': 'Dec  6 15:42:38 hqnl0246134 sshd[229729]: Invalid user csgo from 186.121.203.115 port 60582', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 15:42:39,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334159.7527297, 'message': 'Dec  6 15:42:38 hqnl0246134 sshd[229729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.121.203.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 15:42:39,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334159.752991, 'message': 'Dec  6 15:42:38 hqnl0246134 sshd[229729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.203.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 15:42:41,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334161.7498844, 'message': 'Dec  6 15:42:41 hqnl0246134 sshd[229729]: Failed password for invalid user csgo from 186.121.203.115 port 60582 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 15:42:43,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334163.7519574, 'message': 'Dec  6 15:42:43 hqnl0246134 sshd[229729]: Disconnected from invalid user csgo 186.121.203.115 port 60582 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 15:42:47,067] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:42:47,068] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:42:47,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334167.7569244, 'message': 'Dec  6 15:42:46 hqnl0246134 sshd[229732]: Invalid user ai from 133.130.99.35 port 43060', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 15:42:47,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334167.7571192, 'message': 'Dec  6 15:42:46 hqnl0246134 sshd[229732]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:42:47,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334167.7572527, 'message': 'Dec  6 15:42:46 hqnl0246134 sshd[229732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 15:42:49,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334169.7589998, 'message': 'Dec  6 15:42:48 hqnl0246134 sshd[229732]: Failed password for invalid user ai from 133.130.99.35 port 43060 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 15:42:49,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334169.75939, 'message': 'Dec  6 15:42:48 hqnl0246134 sshd[229732]: Disconnected from invalid user ai 133.130.99.35 port 43060 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
WARNING [2022-12-06 15:43:08,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:43:08,637] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0555 seconds
INFO    [2022-12-06 15:43:19,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334199.7967613, 'message': 'Dec  6 15:43:17 hqnl0246134 sshd[229757]: Invalid user ubuntu from 34.148.81.208 port 43900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 15:43:19,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334199.798456, 'message': 'Dec  6 15:43:18 hqnl0246134 sshd[229764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.85.27.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-06 15:43:19,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334199.7975285, 'message': 'Dec  6 15:43:17 hqnl0246134 sshd[229757]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 15:43:19,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334199.798764, 'message': 'Dec  6 15:43:18 hqnl0246134 sshd[229764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.27.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 15:43:19,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334199.798163, 'message': 'Dec  6 15:43:17 hqnl0246134 sshd[229757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 15:43:20,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:43:20,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:43:20,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:43:20,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 15:43:21,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334201.7972245, 'message': 'Dec  6 15:43:19 hqnl0246134 sshd[229757]: Failed password for invalid user ubuntu from 34.148.81.208 port 43900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-06 15:43:21,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334201.79756, 'message': 'Dec  6 15:43:20 hqnl0246134 sshd[229764]: Failed password for root from 95.85.27.201 port 39214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 15:43:21,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334201.7974448, 'message': 'Dec  6 15:43:20 hqnl0246134 sshd[229757]: Disconnected from invalid user ubuntu 34.148.81.208 port 43900 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:43:23,174] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:43:23,174] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:43:23,186] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:43:23,199] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 15:43:23,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:43:23,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:43:23,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:43:23,698] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 15:43:33,933] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:43:34,017] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:43:34,017] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:43:34,018] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:43:34,018] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:43:34,018] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:43:34,033] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:43:34,053] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0341 seconds
WARNING [2022-12-06 15:43:34,061] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:43:34,064] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:43:34,085] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0408 seconds
INFO    [2022-12-06 15:43:34,086] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0357 seconds
WARNING [2022-12-06 15:43:47,071] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:43:47,072] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:43:55,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334235.8470347, 'message': 'Dec  6 15:43:54 hqnl0246134 sshd[229820]: Invalid user admin from 133.130.99.35 port 58362', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 15:43:55,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334235.8475103, 'message': 'Dec  6 15:43:54 hqnl0246134 sshd[229820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 15:43:55,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334235.8476703, 'message': 'Dec  6 15:43:54 hqnl0246134 sshd[229820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:43:57,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334237.8457174, 'message': 'Dec  6 15:43:57 hqnl0246134 sshd[229820]: Failed password for invalid user admin from 133.130.99.35 port 58362 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:43:59,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334239.8491693, 'message': 'Dec  6 15:43:58 hqnl0246134 sshd[229822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 15:43:59,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334239.849694, 'message': 'Dec  6 15:43:58 hqnl0246134 sshd[229820]: Disconnected from invalid user admin 133.130.99.35 port 58362 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 15:43:59,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334239.849515, 'message': 'Dec  6 15:43:58 hqnl0246134 sshd[229822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 15:43:59,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334239.8498578, 'message': 'Dec  6 15:43:59 hqnl0246134 sshd[229822]: Failed password for root from 61.177.173.49 port 49099 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 15:44:01,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334241.852899, 'message': 'Dec  6 15:44:00 hqnl0246134 sshd[229822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 15:44:03,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334243.8539226, 'message': 'Dec  6 15:44:01 hqnl0246134 sshd[229822]: Failed password for root from 61.177.173.49 port 49099 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 15:44:03,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334243.8542988, 'message': 'Dec  6 15:44:02 hqnl0246134 sshd[229822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 15:44:04,146] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:44:04,147] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:44:04,148] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 15:44:05,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334245.8569598, 'message': 'Dec  6 15:44:05 hqnl0246134 sshd[229822]: Failed password for root from 61.177.173.49 port 49099 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-06 15:44:08,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:44:08,630] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0442 seconds
INFO    [2022-12-06 15:44:11,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334251.8639662, 'message': 'Dec  6 15:44:10 hqnl0246134 sshd[229831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 15:44:11,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334251.8642747, 'message': 'Dec  6 15:44:10 hqnl0246134 sshd[229831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 15:44:13,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334253.8657796, 'message': 'Dec  6 15:44:12 hqnl0246134 sshd[229831]: Failed password for root from 61.177.173.49 port 64392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:44:13,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334253.8660917, 'message': 'Dec  6 15:44:13 hqnl0246134 sshd[229831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:44:17,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334257.8706179, 'message': 'Dec  6 15:44:16 hqnl0246134 sshd[229831]: Failed password for root from 61.177.173.49 port 64392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:44:18,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:44:18,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:44:18,367] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:44:18,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 15:44:19,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334259.8742929, 'message': 'Dec  6 15:44:17 hqnl0246134 sshd[229831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 15:44:19,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.109.225.178', 'timestamp': 1670334259.8745801, 'message': 'Dec  6 15:44:18 hqnl0246134 sshd[229838]: Invalid user kbe from 189.109.225.178 port 52598', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-06 15:44:19,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.109.225.178', 'timestamp': 1670334259.874797, 'message': 'Dec  6 15:44:18 hqnl0246134 sshd[229838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.109.225.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 15:44:19,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.109.225.178', 'timestamp': 1670334259.8749778, 'message': 'Dec  6 15:44:18 hqnl0246134 sshd[229838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.109.225.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 15:44:21,424] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:44:21,425] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:44:21,433] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:44:21,458] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0311 seconds
INFO    [2022-12-06 15:44:21,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670334261.8747413, 'message': 'Dec  6 15:44:20 hqnl0246134 sshd[229831]: Failed password for root from 61.177.173.49 port 64392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 15:44:21,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.109.225.178', 'timestamp': 1670334261.8750868, 'message': 'Dec  6 15:44:21 hqnl0246134 sshd[229838]: Failed password for invalid user kbe from 189.109.225.178 port 52598 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 15:44:23,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.109.225.178', 'timestamp': 1670334263.8768609, 'message': 'Dec  6 15:44:22 hqnl0246134 sshd[229838]: Disconnected from invalid user kbe 189.109.225.178 port 52598 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 15:44:27,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334267.8831491, 'message': 'Dec  6 15:44:26 hqnl0246134 sshd[229860]: Invalid user arun from 59.12.193.109 port 39680', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0689 seconds
INFO    [2022-12-06 15:44:27,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334267.8835318, 'message': 'Dec  6 15:44:26 hqnl0246134 sshd[229860]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.12.193.109 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 15:44:28,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334267.883868, 'message': 'Dec  6 15:44:26 hqnl0246134 sshd[229860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.193.109 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 15:44:29,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334269.8842432, 'message': 'Dec  6 15:44:28 hqnl0246134 sshd[229860]: Failed password for invalid user arun from 59.12.193.109 port 39680 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 15:44:31,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334271.8867645, 'message': 'Dec  6 15:44:30 hqnl0246134 sshd[229860]: Disconnected from invalid user arun 59.12.193.109 port 39680 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:44:33,434] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:44:33,435] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:44:33,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:44:33,460] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
WARNING [2022-12-06 15:44:47,075] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:44:47,076] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:45:00,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334299.9258716, 'message': 'Dec  6 15:44:59 hqnl0246134 sshd[229897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.25.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0803 seconds
INFO    [2022-12-06 15:45:02,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334301.9266908, 'message': 'Dec  6 15:45:01 hqnl0246134 sshd[229897]: Failed password for root from 27.71.25.144 port 50980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1019 seconds
INFO    [2022-12-06 15:45:05,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334305.934525, 'message': 'Dec  6 15:45:04 hqnl0246134 sshd[229916]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 15:45:05,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334305.934832, 'message': 'Dec  6 15:45:04 hqnl0246134 sshd[229916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 15:45:07,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '133.130.99.35', 'timestamp': 1670334307.9437268, 'message': 'Dec  6 15:45:06 hqnl0246134 sshd[229916]: Failed password for root from 133.130.99.35 port 45434 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 15:45:08,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:45:08,641] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0514 seconds
INFO    [2022-12-06 15:45:18,363] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:45:18,364] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:45:18,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:45:18,392] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0273 seconds
INFO    [2022-12-06 15:45:21,598] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:45:21,599] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:45:21,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:45:21,626] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-06 15:45:25,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334325.970016, 'message': 'Dec  6 15:45:25 hqnl0246134 sshd[229944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 15:45:26,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334325.9704936, 'message': 'Dec  6 15:45:25 hqnl0246134 sshd[229944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 15:45:27,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334327.9724762, 'message': 'Dec  6 15:45:27 hqnl0246134 sshd[229944]: Failed password for root from 61.177.172.98 port 56809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 15:45:29,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334329.9742687, 'message': 'Dec  6 15:45:29 hqnl0246134 sshd[229944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:45:32,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334331.9821048, 'message': 'Dec  6 15:45:31 hqnl0246134 sshd[229944]: Failed password for root from 61.177.172.98 port 56809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 15:45:34,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334333.9848633, 'message': 'Dec  6 15:45:33 hqnl0246134 sshd[229944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 15:45:36,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334335.986324, 'message': 'Dec  6 15:45:35 hqnl0246134 sshd[229944]: Failed password for root from 61.177.172.98 port 56809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 15:45:47,079] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:45:47,081] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:45:48,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334348.0062637, 'message': 'Dec  6 15:45:47 hqnl0246134 sshd[229959]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 15:45:48,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334348.0067973, 'message': 'Dec  6 15:45:47 hqnl0246134 sshd[229961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 15:45:48,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334348.0066519, 'message': 'Dec  6 15:45:47 hqnl0246134 sshd[229959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 15:45:48,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334348.006907, 'message': 'Dec  6 15:45:47 hqnl0246134 sshd[229961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 15:45:50,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334350.0114703, 'message': 'Dec  6 15:45:49 hqnl0246134 sshd[229959]: Failed password for root from 61.177.172.90 port 49235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 15:45:50,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334350.011689, 'message': 'Dec  6 15:45:49 hqnl0246134 sshd[229961]: Failed password for root from 61.177.172.98 port 21910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 15:45:52,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334352.014657, 'message': 'Dec  6 15:45:51 hqnl0246134 sshd[229959]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 15:45:52,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334352.0149083, 'message': 'Dec  6 15:45:51 hqnl0246134 sshd[229961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 15:45:54,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334354.018008, 'message': 'Dec  6 15:45:52 hqnl0246134 sshd[229964]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.85.27.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 15:45:54,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334354.01865, 'message': 'Dec  6 15:45:52 hqnl0246134 sshd[229959]: Failed password for root from 61.177.172.90 port 49235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-06 15:45:54,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334354.0187938, 'message': 'Dec  6 15:45:53 hqnl0246134 sshd[229961]: Failed password for root from 61.177.172.98 port 21910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 15:45:54,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334354.018453, 'message': 'Dec  6 15:45:52 hqnl0246134 sshd[229964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.27.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 15:45:54,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334354.0190768, 'message': 'Dec  6 15:45:53 hqnl0246134 sshd[229959]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 15:45:54,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.85.27.201', 'timestamp': 1670334354.0189195, 'message': 'Dec  6 15:45:53 hqnl0246134 sshd[229964]: Failed password for root from 95.85.27.201 port 43210 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 15:45:56,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334356.023404, 'message': 'Dec  6 15:45:54 hqnl0246134 sshd[229961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 15:45:56,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334356.0249412, 'message': 'Dec  6 15:45:54 hqnl0246134 sshd[229959]: Failed password for root from 61.177.172.90 port 49235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 15:45:58,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334358.0250335, 'message': 'Dec  6 15:45:56 hqnl0246134 sshd[229961]: Failed password for root from 61.177.172.98 port 21910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 15:45:58,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334358.0252607, 'message': 'Dec  6 15:45:57 hqnl0246134 sshd[229975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 15:45:58,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334358.0254316, 'message': 'Dec  6 15:45:57 hqnl0246134 sshd[229975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 15:46:00,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334360.0260208, 'message': 'Dec  6 15:45:58 hqnl0246134 sshd[229977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.121.203.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 15:46:00,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334360.026418, 'message': 'Dec  6 15:45:59 hqnl0246134 sshd[229975]: Failed password for root from 61.177.172.90 port 17389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 15:46:00,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334360.0262396, 'message': 'Dec  6 15:45:58 hqnl0246134 sshd[229977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.203.115  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 15:46:02,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334362.0303469, 'message': 'Dec  6 15:46:00 hqnl0246134 sshd[229977]: Failed password for root from 186.121.203.115 port 35218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 15:46:02,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334362.0306234, 'message': 'Dec  6 15:46:01 hqnl0246134 sshd[229975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 15:46:04,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334364.029869, 'message': 'Dec  6 15:46:03 hqnl0246134 sshd[229987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 15:46:04,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334364.0300617, 'message': 'Dec  6 15:46:03 hqnl0246134 sshd[229987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 15:46:06,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334366.0321074, 'message': 'Dec  6 15:46:04 hqnl0246134 sshd[229975]: Failed password for root from 61.177.172.90 port 17389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-06 15:46:06,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334366.0323365, 'message': 'Dec  6 15:46:05 hqnl0246134 sshd[229987]: Failed password for root from 61.177.172.98 port 34498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-06 15:46:07,117] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:46:07,118] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:46:07,128] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:46:07,142] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 15:46:08,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334368.0354378, 'message': 'Dec  6 15:46:06 hqnl0246134 sshd[229987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 15:46:08,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334368.0356874, 'message': 'Dec  6 15:46:06 hqnl0246134 sshd[229975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 15:46:08,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334368.0358348, 'message': 'Dec  6 15:46:07 hqnl0246134 sshd[229987]: Failed password for root from 61.177.172.98 port 34498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-06 15:46:08,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:46:08,652] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0589 seconds
INFO    [2022-12-06 15:46:10,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334370.038294, 'message': 'Dec  6 15:46:08 hqnl0246134 sshd[229975]: Failed password for root from 61.177.172.90 port 17389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 15:46:10,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334370.0385983, 'message': 'Dec  6 15:46:08 hqnl0246134 sshd[229987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 15:46:11,398] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:46:11,398] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:46:11,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:46:11,418] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 15:46:12,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334372.0417967, 'message': 'Dec  6 15:46:10 hqnl0246134 sshd[230008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 15:46:12,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334372.0422957, 'message': 'Dec  6 15:46:11 hqnl0246134 sshd[229987]: Failed password for root from 61.177.172.98 port 34498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 15:46:12,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334372.0420997, 'message': 'Dec  6 15:46:10 hqnl0246134 sshd[230008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 15:46:14,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334374.0456932, 'message': 'Dec  6 15:46:12 hqnl0246134 sshd[230008]: Failed password for root from 61.177.172.90 port 45992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 15:46:14,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334374.0459692, 'message': 'Dec  6 15:46:12 hqnl0246134 sshd[230008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 15:46:16,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334376.0473757, 'message': 'Dec  6 15:46:14 hqnl0246134 sshd[230008]: Failed password for root from 61.177.172.90 port 45992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0659 seconds
INFO    [2022-12-06 15:46:16,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334376.0477285, 'message': 'Dec  6 15:46:14 hqnl0246134 sshd[230014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 15:46:16,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334376.0480227, 'message': 'Dec  6 15:46:16 hqnl0246134 sshd[230016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.186.252.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 15:46:16,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334376.0476124, 'message': 'Dec  6 15:46:14 hqnl0246134 sshd[230008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0617 seconds
INFO    [2022-12-06 15:46:16,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334376.047914, 'message': 'Dec  6 15:46:14 hqnl0246134 sshd[230014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0608 seconds
INFO    [2022-12-06 15:46:16,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334376.0481327, 'message': 'Dec  6 15:46:16 hqnl0246134 sshd[230016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.186.252.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-06 15:46:18,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334378.0490232, 'message': 'Dec  6 15:46:16 hqnl0246134 sshd[230008]: Failed password for root from 61.177.172.90 port 45992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0847 seconds
INFO    [2022-12-06 15:46:18,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334378.049417, 'message': 'Dec  6 15:46:16 hqnl0246134 sshd[230014]: Failed password for root from 61.177.172.98 port 57187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0853 seconds
INFO    [2022-12-06 15:46:18,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334378.049677, 'message': 'Dec  6 15:46:17 hqnl0246134 sshd[230016]: Failed password for root from 122.186.252.110 port 57298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0854 seconds
INFO    [2022-12-06 15:46:18,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334378.049546, 'message': 'Dec  6 15:46:17 hqnl0246134 sshd[230014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 15:46:18,499] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:46:18,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:46:18,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:46:18,523] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 15:46:20,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334380.0503798, 'message': 'Dec  6 15:46:18 hqnl0246134 sshd[230014]: Failed password for root from 61.177.172.98 port 57187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 15:46:20,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334380.0507185, 'message': 'Dec  6 15:46:19 hqnl0246134 sshd[230026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 15:46:20,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334380.050591, 'message': 'Dec  6 15:46:19 hqnl0246134 sshd[230014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 15:46:20,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334380.0508277, 'message': 'Dec  6 15:46:19 hqnl0246134 sshd[230026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 15:46:21,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:46:21,716] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:46:21,729] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:46:21,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-06 15:46:22,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670334382.0525591, 'message': 'Dec  6 15:46:21 hqnl0246134 sshd[230014]: Failed password for root from 61.177.172.98 port 57187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 15:46:24,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334384.056647, 'message': 'Dec  6 15:46:22 hqnl0246134 sshd[230026]: Failed password for root from 61.177.172.90 port 50391 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 15:46:26,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334386.0603657, 'message': 'Dec  6 15:46:24 hqnl0246134 sshd[230026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 15:46:28,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334388.0637808, 'message': 'Dec  6 15:46:26 hqnl0246134 sshd[230026]: Failed password for root from 61.177.172.90 port 50391 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:46:30,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334390.0674605, 'message': 'Dec  6 15:46:28 hqnl0246134 sshd[230026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 15:46:32,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334392.069925, 'message': 'Dec  6 15:46:30 hqnl0246134 sshd[230026]: Failed password for root from 61.177.172.90 port 50391 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 15:46:38,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334398.0751848, 'message': 'Dec  6 15:46:37 hqnl0246134 sshd[230049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:46:38,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334398.0762718, 'message': 'Dec  6 15:46:37 hqnl0246134 sshd[230049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 15:46:40,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334400.077589, 'message': 'Dec  6 15:46:39 hqnl0246134 sshd[230049]: Failed password for root from 61.177.172.90 port 60515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 15:46:42,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334402.0813446, 'message': 'Dec  6 15:46:40 hqnl0246134 sshd[230049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 15:46:42,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334402.0816438, 'message': 'Dec  6 15:46:41 hqnl0246134 sshd[230049]: Failed password for root from 61.177.172.90 port 60515 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:46:44,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334404.0857465, 'message': 'Dec  6 15:46:42 hqnl0246134 sshd[230049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 15:46:46,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670334406.0880313, 'message': 'Dec  6 15:46:44 hqnl0246134 sshd[230049]: Failed password for root from 61.177.172.90 port 60515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 15:46:47,084] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:46:47,085] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:47:08,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:47:08,660] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0589 seconds
INFO    [2022-12-06 15:47:18,230] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:47:18,230] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:47:18,245] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:47:18,263] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0288 seconds
INFO    [2022-12-06 15:47:20,991] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:47:20,992] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:47:20,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:47:21,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 15:47:42,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334462.1918242, 'message': 'Dec  6 15:47:40 hqnl0246134 sshd[230130]: Invalid user logview from 34.148.81.208 port 33466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 15:47:42,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334462.1949937, 'message': 'Dec  6 15:47:40 hqnl0246134 sshd[230134]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.83.17.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 15:47:42,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334462.1923583, 'message': 'Dec  6 15:47:40 hqnl0246134 sshd[230130]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 15:47:42,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334462.1954088, 'message': 'Dec  6 15:47:40 hqnl0246134 sshd[230134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.205  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 15:47:42,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334462.1951501, 'message': 'Dec  6 15:47:40 hqnl0246134 sshd[230130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 15:47:44,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334464.1906726, 'message': 'Dec  6 15:47:43 hqnl0246134 sshd[230130]: Failed password for invalid user logview from 34.148.81.208 port 33466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 15:47:44,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334464.190921, 'message': 'Dec  6 15:47:43 hqnl0246134 sshd[230134]: Failed password for root from 202.83.17.205 port 34220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 15:47:44,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334464.1910796, 'message': 'Dec  6 15:47:43 hqnl0246134 sshd[230130]: Disconnected from invalid user logview 34.148.81.208 port 33466 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 15:47:47,071] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:47:47,072] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:47:47,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:47:47,086] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:47:47,086] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:47:47,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0281 seconds
INFO    [2022-12-06 15:47:58,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334478.2127583, 'message': 'Dec  6 15:47:56 hqnl0246134 sshd[230151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.39.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 15:47:58,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334478.213404, 'message': 'Dec  6 15:47:56 hqnl0246134 sshd[230151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.39.193  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 15:47:58,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334478.2135787, 'message': 'Dec  6 15:47:57 hqnl0246134 sshd[230151]: Failed password for root from 104.131.39.193 port 43620 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
WARNING [2022-12-06 15:48:08,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:48:08,651] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0427 seconds
INFO    [2022-12-06 15:48:17,931] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:48:17,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:48:17,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:48:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0348 seconds
INFO    [2022-12-06 15:48:21,279] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:48:21,280] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:48:21,286] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:48:21,298] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 15:48:30,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334510.2580695, 'message': 'Dec  6 15:48:28 hqnl0246134 sshd[230193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.71.25.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 15:48:30,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334510.2614336, 'message': 'Dec  6 15:48:28 hqnl0246134 sshd[230193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.25.144  user=www-data', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 15:48:32,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334512.2574675, 'message': 'Dec  6 15:48:30 hqnl0246134 sshd[230193]: Failed password for www-data from 27.71.25.144 port 28831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-06 15:48:47,090] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:48:47,091] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:48:56,593] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:48:56,663] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:48:56,664] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:48:56,664] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:48:56,664] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:48:56,665] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:48:56,678] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:48:56,698] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0322 seconds
WARNING [2022-12-06 15:48:56,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:48:56,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:48:56,727] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0357 seconds
INFO    [2022-12-06 15:48:56,728] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0331 seconds
WARNING [2022-12-06 15:49:08,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:49:08,653] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 15:49:14,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334554.3255057, 'message': 'Dec  6 15:49:12 hqnl0246134 sshd[230219]: Invalid user oracle from 186.121.203.115 port 59602', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:49:14,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334554.325739, 'message': 'Dec  6 15:49:12 hqnl0246134 sshd[230219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.121.203.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 15:49:14,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334554.3258963, 'message': 'Dec  6 15:49:12 hqnl0246134 sshd[230219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.203.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 15:49:16,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334556.325877, 'message': 'Dec  6 15:49:15 hqnl0246134 sshd[230219]: Failed password for invalid user oracle from 186.121.203.115 port 59602 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 15:49:18,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.121.203.115', 'timestamp': 1670334558.3279207, 'message': 'Dec  6 15:49:16 hqnl0246134 sshd[230219]: Disconnected from invalid user oracle 186.121.203.115 port 59602 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0752 seconds
INFO    [2022-12-06 15:49:18,696] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:49:18,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:49:18,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:49:18,718] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 15:49:19,647] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:49:19,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:49:19,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:49:19,679] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
INFO    [2022-12-06 15:49:21,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:49:21,688] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:49:21,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:49:21,708] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 15:49:30,429] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:49:30,430] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:49:30,432] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 15:49:47,095] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:49:47,096] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:49:54,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334594.4217458, 'message': 'Dec  6 15:49:53 hqnl0246134 sshd[230256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.200.248.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 15:49:54,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334594.4222884, 'message': 'Dec  6 15:49:53 hqnl0246134 sshd[230256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.200.248.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 15:49:56,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334596.4266765, 'message': 'Dec  6 15:49:55 hqnl0246134 sshd[230256]: Failed password for root from 2.200.248.77 port 49930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 15:50:08,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:50:08,663] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0447 seconds
INFO    [2022-12-06 15:50:10,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334610.4549835, 'message': 'Dec  6 15:50:09 hqnl0246134 sshd[230305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 15:50:10,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334610.4567225, 'message': 'Dec  6 15:50:09 hqnl0246134 sshd[230305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 15:50:12,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334612.4571555, 'message': 'Dec  6 15:50:11 hqnl0246134 sshd[230305]: Failed password for root from 61.177.173.39 port 37505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 15:50:14,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334614.4619198, 'message': 'Dec  6 15:50:13 hqnl0246134 sshd[230305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:50:16,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334616.4648273, 'message': 'Dec  6 15:50:15 hqnl0246134 sshd[230305]: Failed password for root from 61.177.173.39 port 37505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 15:50:16,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334616.4650679, 'message': 'Dec  6 15:50:16 hqnl0246134 sshd[230305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 15:50:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:50:17,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:50:17,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:50:17,994] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-06 15:50:18,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334618.4661129, 'message': 'Dec  6 15:50:18 hqnl0246134 sshd[230305]: Failed password for root from 61.177.173.39 port 37505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 15:50:20,908] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:50:20,909] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:50:20,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:50:20,928] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 15:50:22,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334622.4703543, 'message': 'Dec  6 15:50:21 hqnl0246134 sshd[230329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 15:50:22,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334622.470621, 'message': 'Dec  6 15:50:21 hqnl0246134 sshd[230329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 15:50:24,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334624.4843087, 'message': 'Dec  6 15:50:24 hqnl0246134 sshd[230329]: Failed password for root from 61.177.173.39 port 31235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0789 seconds
INFO    [2022-12-06 15:50:26,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334626.4753568, 'message': 'Dec  6 15:50:26 hqnl0246134 sshd[230329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 15:50:28,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334628.479768, 'message': 'Dec  6 15:50:28 hqnl0246134 sshd[230329]: Failed password for root from 61.177.173.39 port 31235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 15:50:30,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334630.4827096, 'message': 'Dec  6 15:50:28 hqnl0246134 sshd[230329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 15:50:30,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334630.4829645, 'message': 'Dec  6 15:50:30 hqnl0246134 sshd[230329]: Failed password for root from 61.177.173.39 port 31235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 15:50:32,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334632.4864511, 'message': 'Dec  6 15:50:32 hqnl0246134 sshd[230344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 15:50:32,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334632.4869525, 'message': 'Dec  6 15:50:32 hqnl0246134 sshd[230344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:50:34,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334634.4879396, 'message': 'Dec  6 15:50:34 hqnl0246134 sshd[230344]: Failed password for root from 61.177.173.39 port 49428 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 15:50:38,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334638.4936774, 'message': 'Dec  6 15:50:36 hqnl0246134 sshd[230344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 15:50:38,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334638.4957695, 'message': 'Dec  6 15:50:38 hqnl0246134 sshd[230344]: Failed password for root from 61.177.173.39 port 49428 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 15:50:40,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334640.4943204, 'message': 'Dec  6 15:50:38 hqnl0246134 sshd[230344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 15:50:40,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334640.4945843, 'message': 'Dec  6 15:50:39 hqnl0246134 sshd[230347]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.39.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 15:50:40,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334640.4947324, 'message': 'Dec  6 15:50:39 hqnl0246134 sshd[230347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.39.193  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 15:50:42,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670334642.5021036, 'message': 'Dec  6 15:50:41 hqnl0246134 sshd[230344]: Failed password for root from 61.177.173.39 port 49428 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 15:50:42,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334642.502445, 'message': 'Dec  6 15:50:42 hqnl0246134 sshd[230347]: Failed password for root from 104.131.39.193 port 32860 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 15:50:47,100] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:50:47,101] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:50:58,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334658.5254018, 'message': 'Dec  6 15:50:56 hqnl0246134 sshd[230361]: Invalid user git from 27.71.25.144 port 53905', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 15:50:58,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334658.5259137, 'message': 'Dec  6 15:50:56 hqnl0246134 sshd[230361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.71.25.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 15:50:58,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334658.5260806, 'message': 'Dec  6 15:50:56 hqnl0246134 sshd[230361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.25.144 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 15:51:00,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334660.531517, 'message': 'Dec  6 15:50:59 hqnl0246134 sshd[230361]: Failed password for invalid user git from 27.71.25.144 port 53905 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 15:51:02,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334662.5337253, 'message': 'Dec  6 15:51:01 hqnl0246134 sshd[230361]: Disconnected from invalid user git 27.71.25.144 port 53905 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 15:51:04,018] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:51:04,018] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:51:04,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:51:04,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 15:51:08,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:51:08,661] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 15:51:18,031] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:51:18,032] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:51:18,038] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:51:18,050] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 15:51:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:51:20,659] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:51:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:51:20,677] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-06 15:51:40,087] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 15:51:40,093] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 15:51:40,995] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-06 15:51:47,105] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:51:47,106] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:51:48,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334708.5952766, 'message': 'Dec  6 15:51:46 hqnl0246134 sshd[230416]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.148.81.208 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 15:51:48,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334708.5962186, 'message': 'Dec  6 15:51:46 hqnl0246134 sshd[230416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.148.81.208  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 15:51:48,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.148.81.208', 'timestamp': 1670334708.5965147, 'message': 'Dec  6 15:51:48 hqnl0246134 sshd[230416]: Failed password for root from 34.148.81.208 port 51260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 15:51:53,328] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 15:52:08,636] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:52:08,663] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-06 15:52:17,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:52:17,898] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:52:17,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:52:17,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-06 15:52:20,725] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:52:20,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:52:20,733] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:52:20,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 15:52:44,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670334764.7015114, 'message': 'Dec  6 15:52:44 hqnl0246134 sshd[230487]: Invalid user analytics from 217.79.42.236 port 58246', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 15:52:44,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670334764.7021203, 'message': 'Dec  6 15:52:44 hqnl0246134 sshd[230487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 15:52:44,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670334764.702285, 'message': 'Dec  6 15:52:44 hqnl0246134 sshd[230487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 15:52:46,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670334766.663368, 'message': 'Dec  6 15:52:46 hqnl0246134 sshd[230487]: Failed password for invalid user analytics from 217.79.42.236 port 58246 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
WARNING [2022-12-06 15:52:47,108] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:52:47,109] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:52:50,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670334770.6697237, 'message': 'Dec  6 15:52:48 hqnl0246134 sshd[230487]: Disconnected from invalid user analytics 217.79.42.236 port 58246 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 15:53:02,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334782.6885722, 'message': 'Dec  6 15:53:02 hqnl0246134 sshd[230503]: Invalid user wy from 202.83.17.205 port 60644', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 15:53:02,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334782.6890612, 'message': 'Dec  6 15:53:02 hqnl0246134 sshd[230503]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.83.17.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 15:53:02,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334782.6892605, 'message': 'Dec  6 15:53:02 hqnl0246134 sshd[230503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 15:53:04,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334784.690569, 'message': 'Dec  6 15:53:04 hqnl0246134 sshd[230503]: Failed password for invalid user wy from 202.83.17.205 port 60644 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 15:53:06,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334786.6938019, 'message': 'Dec  6 15:53:06 hqnl0246134 sshd[230503]: Disconnected from invalid user wy 202.83.17.205 port 60644 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
WARNING [2022-12-06 15:53:08,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:53:08,665] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-06 15:53:08,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.89.12', 'timestamp': 1670334788.6968424, 'message': 'Dec  6 15:53:07 hqnl0246134 sshd[230512]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.89.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 15:53:08,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:53:08,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:53:08,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:53:08,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.89.12', 'timestamp': 1670334788.6971698, 'message': 'Dec  6 15:53:07 hqnl0246134 sshd[230512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.89.12  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1715 seconds
INFO    [2022-12-06 15:53:08,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0355 seconds
INFO    [2022-12-06 15:53:08,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.89.12', 'timestamp': 1670334788.6973965, 'message': 'Dec  6 15:53:08 hqnl0246134 sshd[230512]: Failed password for root from 43.153.89.12 port 50656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 15:53:17,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:53:17,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:53:17,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:53:17,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 15:53:20,329] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:53:20,329] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:53:20,338] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:53:20,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 15:53:20,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334800.7128258, 'message': 'Dec  6 15:53:19 hqnl0246134 sshd[230527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 27.71.25.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 15:53:20,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334800.7130013, 'message': 'Dec  6 15:53:19 hqnl0246134 sshd[230527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.25.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 15:53:22,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '27.71.25.144', 'timestamp': 1670334802.7186654, 'message': 'Dec  6 15:53:21 hqnl0246134 sshd[230527]: Failed password for root from 27.71.25.144 port 22478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 15:53:28,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334808.7258806, 'message': 'Dec  6 15:53:27 hqnl0246134 sshd[230544]: Invalid user user from 104.131.39.193 port 50494', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 15:53:28,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334808.7262375, 'message': 'Dec  6 15:53:27 hqnl0246134 sshd[230544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.39.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 15:53:28,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334808.7264132, 'message': 'Dec  6 15:53:27 hqnl0246134 sshd[230544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.39.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 15:53:30,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334810.7280126, 'message': 'Dec  6 15:53:29 hqnl0246134 sshd[230544]: Failed password for invalid user user from 104.131.39.193 port 50494 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 15:53:32,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.39.193', 'timestamp': 1670334812.7306604, 'message': 'Dec  6 15:53:31 hqnl0246134 sshd[230544]: Disconnected from invalid user user 104.131.39.193 port 50494 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 15:53:44,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334824.7590804, 'message': 'Dec  6 15:53:43 hqnl0246134 sshd[230547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.186.252.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 15:53:44,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334824.7594137, 'message': 'Dec  6 15:53:43 hqnl0246134 sshd[230547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.186.252.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:53:46,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.186.252.110', 'timestamp': 1670334826.7613, 'message': 'Dec  6 15:53:45 hqnl0246134 sshd[230547]: Failed password for root from 122.186.252.110 port 54558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 15:53:47,114] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:53:47,115] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:53:52,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334832.7774296, 'message': 'Dec  6 15:53:50 hqnl0246134 sshd[230552]: Invalid user ghost from 2.200.248.77 port 39582', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 15:53:52,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334832.778526, 'message': 'Dec  6 15:53:52 hqnl0246134 sshd[230555]: Invalid user postgres from 59.12.193.109 port 47801', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 15:53:52,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334832.7780142, 'message': 'Dec  6 15:53:50 hqnl0246134 sshd[230552]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.200.248.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 15:53:52,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334832.7787263, 'message': 'Dec  6 15:53:52 hqnl0246134 sshd[230555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.12.193.109 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 15:53:52,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334832.7782524, 'message': 'Dec  6 15:53:50 hqnl0246134 sshd[230552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.200.248.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 15:53:52,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334832.7789094, 'message': 'Dec  6 15:53:52 hqnl0246134 sshd[230555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.193.109 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 15:53:54,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670334834.7791812, 'message': 'Dec  6 15:53:52 hqnl0246134 sshd[230554]: Invalid user ivan from 58.17.200.197 port 57606', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 15:53:54,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334834.7794442, 'message': 'Dec  6 15:53:52 hqnl0246134 sshd[230552]: Failed password for invalid user ghost from 2.200.248.77 port 39582 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 15:53:54,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334834.7806876, 'message': 'Dec  6 15:53:53 hqnl0246134 sshd[230555]: Failed password for invalid user postgres from 59.12.193.109 port 47801 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 15:53:54,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '58.17.200.197', 'timestamp': 1670334834.7795591, 'message': 'Dec  6 15:53:53 hqnl0246134 sshd[230554]: pam_imunify(sshd:auth): [IM360_RBL] The IP 58.17.200.197 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 15:53:54,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670334834.7809303, 'message': 'Dec  6 15:53:54 hqnl0246134 sshd[230552]: Disconnected from invalid user ghost 2.200.248.77 port 39582 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 15:53:54,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '58.17.200.197', 'timestamp': 1670334834.7796624, 'message': 'Dec  6 15:53:53 hqnl0246134 sshd[230554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.17.200.197 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 15:53:54,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670334834.7808082, 'message': 'Dec  6 15:53:54 hqnl0246134 sshd[230554]: Failed password for invalid user ivan from 58.17.200.197 port 57606 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 15:53:56,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670334836.7813866, 'message': 'Dec  6 15:53:54 hqnl0246134 sshd[230555]: Disconnected from invalid user postgres 59.12.193.109 port 47801 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 15:53:56,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670334836.7817702, 'message': 'Dec  6 15:53:56 hqnl0246134 sshd[230554]: Disconnected from invalid user ivan 58.17.200.197 port 57606 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 15:53:58,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.86.165.90', 'timestamp': 1670334838.7880971, 'message': 'Dec  6 15:53:57 hqnl0246134 sshd[230566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.86.165.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 15:53:58,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.86.165.90', 'timestamp': 1670334838.7884157, 'message': 'Dec  6 15:53:57 hqnl0246134 sshd[230566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.86.165.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 15:54:00,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.86.165.90', 'timestamp': 1670334840.7933755, 'message': 'Dec  6 15:53:59 hqnl0246134 sshd[230566]: Failed password for root from 95.86.165.90 port 56208 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-06 15:54:08,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:54:08,694] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0599 seconds
INFO    [2022-12-06 15:54:17,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:54:17,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:54:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:54:17,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 15:54:20,529] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:54:20,530] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:54:20,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:54:20,554] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 15:54:30,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.144.246.33', 'timestamp': 1670334870.8514426, 'message': 'Dec  6 15:54:29 hqnl0246134 sshd[230603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.144.246.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 15:54:30,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.144.246.33', 'timestamp': 1670334870.8518605, 'message': 'Dec  6 15:54:29 hqnl0246134 sshd[230603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.246.33  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0673 seconds
INFO    [2022-12-06 15:54:32,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.144.246.33', 'timestamp': 1670334872.8540907, 'message': 'Dec  6 15:54:31 hqnl0246134 sshd[230603]: Failed password for root from 141.144.246.33 port 60560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 15:54:34,191] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:54:34,191] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:54:34,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:54:34,212] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 15:54:36,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.30.235', 'timestamp': 1670334876.8590696, 'message': 'Dec  6 15:54:35 hqnl0246134 sshd[230614]: Invalid user analytics from 188.166.30.235 port 54542', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 15:54:36,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.30.235', 'timestamp': 1670334876.8592415, 'message': 'Dec  6 15:54:35 hqnl0246134 sshd[230614]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.30.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 15:54:36,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.30.235', 'timestamp': 1670334876.8607934, 'message': 'Dec  6 15:54:35 hqnl0246134 sshd[230614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.30.235 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 15:54:38,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.30.235', 'timestamp': 1670334878.8627036, 'message': 'Dec  6 15:54:37 hqnl0246134 sshd[230614]: Failed password for invalid user analytics from 188.166.30.235 port 54542 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 15:54:38,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.30.235', 'timestamp': 1670334878.8630111, 'message': 'Dec  6 15:54:38 hqnl0246134 sshd[230614]: Disconnected from invalid user analytics 188.166.30.235 port 54542 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-06 15:54:47,121] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:54:47,122] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:54:52,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670334892.885457, 'message': 'Dec  6 15:54:51 hqnl0246134 sshd[230617]: Invalid user ventas from 190.246.155.29 port 50990', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 15:54:52,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.246.155.29', 'timestamp': 1670334892.885861, 'message': 'Dec  6 15:54:51 hqnl0246134 sshd[230617]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.246.155.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 15:54:52,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.246.155.29', 'timestamp': 1670334892.8860075, 'message': 'Dec  6 15:54:51 hqnl0246134 sshd[230617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 15:54:54,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670334894.8855674, 'message': 'Dec  6 15:54:53 hqnl0246134 sshd[230617]: Failed password for invalid user ventas from 190.246.155.29 port 50990 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 15:54:54,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670334894.8857956, 'message': 'Dec  6 15:54:54 hqnl0246134 sshd[230617]: Disconnected from invalid user ventas 190.246.155.29 port 50990 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 15:55:08,656] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:55:08,686] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0469 seconds
INFO    [2022-12-06 15:55:17,876] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:55:17,877] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:55:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:55:17,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 15:55:20,521] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:55:20,522] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:55:20,533] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:55:20,550] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
WARNING [2022-12-06 15:55:47,125] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:55:47,126] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:55:59,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.133.228.250', 'timestamp': 1670334959.0222828, 'message': 'Dec  6 15:55:57 hqnl0246134 sshd[230701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.133.228.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0615 seconds
INFO    [2022-12-06 15:55:59,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.133.228.250', 'timestamp': 1670334959.0229158, 'message': 'Dec  6 15:55:57 hqnl0246134 sshd[230701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.133.228.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 15:55:59,614] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:55:59,680] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:55:59,680] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:55:59,680] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:55:59,681] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:55:59,681] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:55:59,690] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:55:59,705] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0239 seconds
WARNING [2022-12-06 15:55:59,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:55:59,715] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:55:59,731] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0314 seconds
INFO    [2022-12-06 15:55:59,732] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0297 seconds
INFO    [2022-12-06 15:56:01,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.133.228.250', 'timestamp': 1670334961.0220153, 'message': 'Dec  6 15:56:00 hqnl0246134 sshd[230701]: Failed password for root from 112.133.228.250 port 37360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 15:56:05,528] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:56:05,529] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:56:05,539] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:56:05,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0281 seconds
WARNING [2022-12-06 15:56:08,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:56:08,676] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0336 seconds
INFO    [2022-12-06 15:56:17,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670334977.0384994, 'message': 'Dec  6 15:56:16 hqnl0246134 sshd[230722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 15:56:17,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:56:17,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:56:17,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:56:17,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
INFO    [2022-12-06 15:56:19,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670334979.0408115, 'message': 'Dec  6 15:56:18 hqnl0246134 sshd[230722]: Failed password for root from 61.177.173.18 port 30427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 15:56:19,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670334979.041007, 'message': 'Dec  6 15:56:18 hqnl0246134 sshd[230727]: Invalid user gui from 163.44.254.105 port 47790', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 15:56:20,514] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:56:20,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:56:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:56:20,533] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 15:56:21,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.254.105', 'timestamp': 1670334981.0451963, 'message': 'Dec  6 15:56:19 hqnl0246134 sshd[230727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.254.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 15:56:21,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334981.0455854, 'message': 'Dec  6 15:56:19 hqnl0246134 sshd[230731]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.83.17.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 15:56:21,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670334981.0458956, 'message': 'Dec  6 15:56:20 hqnl0246134 sshd[230722]: Failed password for root from 61.177.173.18 port 30427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 15:56:21,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.254.105', 'timestamp': 1670334981.0454369, 'message': 'Dec  6 15:56:19 hqnl0246134 sshd[230727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.254.105 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 15:56:21,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334981.0457528, 'message': 'Dec  6 15:56:19 hqnl0246134 sshd[230731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.205  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 15:56:21,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670334981.0460334, 'message': 'Dec  6 15:56:20 hqnl0246134 sshd[230727]: Failed password for invalid user gui from 163.44.254.105 port 47790 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 15:56:21,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.83.17.205', 'timestamp': 1670334981.04617, 'message': 'Dec  6 15:56:20 hqnl0246134 sshd[230731]: Failed password for root from 202.83.17.205 port 51062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 15:56:23,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670334983.049642, 'message': 'Dec  6 15:56:21 hqnl0246134 sshd[230727]: Disconnected from invalid user gui 163.44.254.105 port 47790 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 15:56:25,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670334985.0545032, 'message': 'Dec  6 15:56:23 hqnl0246134 sshd[230722]: Failed password for root from 61.177.173.18 port 30427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:56:27,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334987.0620391, 'message': 'Dec  6 15:56:25 hqnl0246134 sshd[230739]: Invalid user will from 128.199.228.25 port 49860', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 15:56:27,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334987.0625827, 'message': 'Dec  6 15:56:26 hqnl0246134 sshd[230739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.228.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 15:56:27,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334987.0635672, 'message': 'Dec  6 15:56:26 hqnl0246134 sshd[230739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.228.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 15:56:29,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334989.0636325, 'message': 'Dec  6 15:56:28 hqnl0246134 sshd[230739]: Failed password for invalid user will from 128.199.228.25 port 49860 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 15:56:31,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670334991.066797, 'message': 'Dec  6 15:56:29 hqnl0246134 sshd[230739]: Disconnected from invalid user will 128.199.228.25 port 49860 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 15:56:37,986] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:56:37,987] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:56:37,988] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 15:56:47,131] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:56:47,131] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 15:57:08,663] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:57:08,700] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0491 seconds
INFO    [2022-12-06 15:57:09,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335029.1232388, 'message': 'Dec  6 15:57:08 hqnl0246134 sshd[230778]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.186.252.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 15:57:09,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335029.1235404, 'message': 'Dec  6 15:57:08 hqnl0246134 sshd[230778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.186.252.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 15:57:11,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335031.1255977, 'message': 'Dec  6 15:57:10 hqnl0246134 sshd[230778]: Failed password for root from 122.186.252.110 port 44246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 15:57:17,954] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:57:17,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:57:17,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:57:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 15:57:20,579] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:57:20,580] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:57:20,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:57:20,599] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
WARNING [2022-12-06 15:57:47,137] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:57:47,138] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:57:51,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670335071.1822944, 'message': 'Dec  6 15:57:50 hqnl0246134 sshd[230808]: Invalid user bitbucket from 2.200.248.77 port 57452', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 15:57:51,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.200.248.77', 'timestamp': 1670335071.1827915, 'message': 'Dec  6 15:57:50 hqnl0246134 sshd[230808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.200.248.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 15:57:51,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.200.248.77', 'timestamp': 1670335071.1849782, 'message': 'Dec  6 15:57:50 hqnl0246134 sshd[230808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.200.248.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 15:57:53,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335073.1845243, 'message': 'Dec  6 15:57:51 hqnl0246134 sshd[230810]: Invalid user gui from 52.170.31.174 port 46740', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 15:57:53,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335073.1847072, 'message': 'Dec  6 15:57:52 hqnl0246134 sshd[230810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.170.31.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:57:53,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335073.1848354, 'message': 'Dec  6 15:57:52 hqnl0246134 sshd[230810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.31.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 15:57:55,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670335075.1862066, 'message': 'Dec  6 15:57:53 hqnl0246134 sshd[230808]: Failed password for invalid user bitbucket from 2.200.248.77 port 57452 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 15:57:55,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335075.1904044, 'message': 'Dec  6 15:57:54 hqnl0246134 sshd[230810]: Failed password for invalid user gui from 52.170.31.174 port 46740 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-06 15:57:55,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.200.248.77', 'timestamp': 1670335075.1909182, 'message': 'Dec  6 15:57:54 hqnl0246134 sshd[230808]: Disconnected from invalid user bitbucket 2.200.248.77 port 57452 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 15:57:55,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335075.1907208, 'message': 'Dec  6 15:57:54 hqnl0246134 sshd[230810]: Disconnected from invalid user gui 52.170.31.174 port 46740 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 15:57:56,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:57:56,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:57:56,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:57:56,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
WARNING [2022-12-06 15:58:08,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:58:08,717] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0559 seconds
INFO    [2022-12-06 15:58:11,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335091.2177796, 'message': 'Dec  6 15:58:09 hqnl0246134 sshd[230841]: Invalid user test_ftp from 190.246.155.29 port 57010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 15:58:11,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335091.218045, 'message': 'Dec  6 15:58:09 hqnl0246134 sshd[230841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.246.155.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 15:58:11,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335091.2182305, 'message': 'Dec  6 15:58:09 hqnl0246134 sshd[230841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 15:58:13,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335093.2235346, 'message': 'Dec  6 15:58:11 hqnl0246134 sshd[230841]: Failed password for invalid user test_ftp from 190.246.155.29 port 57010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 15:58:15,144] defence360agent.files: Updating all files
INFO    [2022-12-06 15:58:15,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335095.2262573, 'message': 'Dec  6 15:58:13 hqnl0246134 sshd[230841]: Disconnected from invalid user test_ftp 190.246.155.29 port 57010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 15:58:15,496] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:15,496] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 15:58:15,871] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:15,871] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 15:58:16,195] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:16,195] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 15:58:16,552] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:16,553] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 15:58:16,553] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 15:58:16,866] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 13:58:16 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E38EBB6AD90E4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 15:58:16,867] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 15:58:16,867] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 15:58:17,510] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:17,510] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 15:58:17,832] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:17,833] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 15:58:18,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:58:18,102] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:58:18,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:58:18,135] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0321 seconds
INFO    [2022-12-06 15:58:18,162] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:18,162] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 15:58:18,648] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:18,648] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 15:58:19,188] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 15:58:19,189] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 15:58:21,089] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:58:21,090] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:58:21,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:58:21,107] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 15:58:27,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335107.242192, 'message': 'Dec  6 15:58:26 hqnl0246134 sshd[230854]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.254.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 15:58:27,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335107.2426038, 'message': 'Dec  6 15:58:26 hqnl0246134 sshd[230854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.254.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 15:58:29,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335109.2455072, 'message': 'Dec  6 15:58:29 hqnl0246134 sshd[230865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.89.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 15:58:29,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335109.245815, 'message': 'Dec  6 15:58:29 hqnl0246134 sshd[230854]: Failed password for root from 163.44.254.105 port 42420 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 15:58:29,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335109.2456818, 'message': 'Dec  6 15:58:29 hqnl0246134 sshd[230865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.89.12  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 15:58:31,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335111.2485194, 'message': 'Dec  6 15:58:30 hqnl0246134 sshd[230865]: Failed password for root from 43.153.89.12 port 40032 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 15:58:35,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335115.255048, 'message': 'Dec  6 15:58:33 hqnl0246134 sshd[230868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.228.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 15:58:35,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335115.2554486, 'message': 'Dec  6 15:58:33 hqnl0246134 sshd[230868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.228.25  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 15:58:37,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335117.255849, 'message': 'Dec  6 15:58:35 hqnl0246134 sshd[230868]: Failed password for root from 128.199.228.25 port 50490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 15:58:45,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335125.2658148, 'message': 'Dec  6 15:58:43 hqnl0246134 sshd[230877]: Invalid user ubuntu from 20.58.20.99 port 39580', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 15:58:45,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335125.2662325, 'message': 'Dec  6 15:58:44 hqnl0246134 sshd[230877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.58.20.99 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 15:58:45,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335125.2692099, 'message': 'Dec  6 15:58:44 hqnl0246134 sshd[230877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.58.20.99 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 15:58:47,141] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:58:47,142] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:58:47,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335127.2658274, 'message': 'Dec  6 15:58:45 hqnl0246134 sshd[230877]: Failed password for invalid user ubuntu from 20.58.20.99 port 39580 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 15:58:47,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335127.2660851, 'message': 'Dec  6 15:58:46 hqnl0246134 sshd[230877]: Disconnected from invalid user ubuntu 20.58.20.99 port 39580 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-06 15:59:08,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:59:08,737] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0705 seconds
INFO    [2022-12-06 15:59:12,983] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 15:59:13,044] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 15:59:13,044] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 15:59:13,044] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 15:59:13,045] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 15:59:13,045] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 15:59:13,056] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 15:59:13,072] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0264 seconds
WARNING [2022-12-06 15:59:13,081] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 15:59:13,085] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:59:13,119] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0537 seconds
INFO    [2022-12-06 15:59:13,123] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0533 seconds
INFO    [2022-12-06 15:59:15,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335155.305694, 'message': 'Dec  6 15:59:13 hqnl0246134 sshd[230919]: Invalid user facturacion from 59.12.193.109 port 43549', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 15:59:15,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335155.3059313, 'message': 'Dec  6 15:59:13 hqnl0246134 sshd[230919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.12.193.109 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 15:59:15,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335155.306884, 'message': 'Dec  6 15:59:13 hqnl0246134 sshd[230919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.193.109 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 15:59:17,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335157.3075125, 'message': 'Dec  6 15:59:16 hqnl0246134 sshd[230919]: Failed password for invalid user facturacion from 59.12.193.109 port 43549 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 15:59:17,853] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:59:17,854] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:59:17,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:59:17,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 15:59:19,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335159.3107703, 'message': 'Dec  6 15:59:18 hqnl0246134 sshd[230919]: Disconnected from invalid user facturacion 59.12.193.109 port 43549 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 15:59:20,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:59:20,758] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:59:20,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:59:20,776] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 15:59:21,214] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 15:59:21,214] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 15:59:21,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 15:59:21,234] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 15:59:39,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670335179.3338294, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230950]: Invalid user will from 202.83.17.205 port 41488', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-06 15:59:39,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335179.3349607, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230952]: Invalid user postgres from 163.44.254.105 port 58400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-06 15:59:39,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.83.17.205', 'timestamp': 1670335179.3344924, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.83.17.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 15:59:39,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335179.3351674, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.254.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 15:59:39,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.83.17.205', 'timestamp': 1670335179.3347454, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 15:59:39,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335179.3377914, 'message': 'Dec  6 15:59:38 hqnl0246134 sshd[230952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.254.105 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 15:59:41,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670335181.3343046, 'message': 'Dec  6 15:59:40 hqnl0246134 sshd[230950]: Failed password for invalid user will from 202.83.17.205 port 41488 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 15:59:41,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335181.3346272, 'message': 'Dec  6 15:59:40 hqnl0246134 sshd[230952]: Failed password for invalid user postgres from 163.44.254.105 port 58400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 15:59:43,171] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 15:59:43,172] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 15:59:43,173] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 15:59:43,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335183.3366156, 'message': 'Dec  6 15:59:41 hqnl0246134 sshd[230952]: Disconnected from invalid user postgres 163.44.254.105 port 58400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 15:59:43,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.83.17.205', 'timestamp': 1670335183.3368492, 'message': 'Dec  6 15:59:42 hqnl0246134 sshd[230950]: Disconnected from invalid user will 202.83.17.205 port 41488 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 15:59:45,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335185.3403392, 'message': 'Dec  6 15:59:44 hqnl0246134 sshd[230954]: Invalid user allen from 190.246.155.29 port 45622', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 15:59:45,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335185.3405335, 'message': 'Dec  6 15:59:44 hqnl0246134 sshd[230954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.246.155.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 15:59:45,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335185.340647, 'message': 'Dec  6 15:59:44 hqnl0246134 sshd[230954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 15:59:47,145] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 15:59:47,146] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 15:59:47,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335187.3428986, 'message': 'Dec  6 15:59:46 hqnl0246134 sshd[230954]: Failed password for invalid user allen from 190.246.155.29 port 45622 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 15:59:47,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335187.3431463, 'message': 'Dec  6 15:59:47 hqnl0246134 sshd[230954]: Disconnected from invalid user allen 190.246.155.29 port 45622 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 15:59:57,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335197.3612928, 'message': 'Dec  6 15:59:55 hqnl0246134 sshd[230958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0626 seconds
INFO    [2022-12-06 15:59:57,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.109.225.178', 'timestamp': 1670335197.3622112, 'message': 'Dec  6 15:59:57 hqnl0246134 sshd[230960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.109.225.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0628 seconds
INFO    [2022-12-06 15:59:57,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335197.3619266, 'message': 'Dec  6 15:59:55 hqnl0246134 sshd[230958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-06 15:59:57,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.109.225.178', 'timestamp': 1670335197.3624706, 'message': 'Dec  6 15:59:57 hqnl0246134 sshd[230960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.109.225.178  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 15:59:59,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335199.3634307, 'message': 'Dec  6 15:59:57 hqnl0246134 sshd[230958]: Failed password for root from 61.177.172.19 port 13445 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 15:59:59,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.109.225.178', 'timestamp': 1670335199.363655, 'message': 'Dec  6 15:59:58 hqnl0246134 sshd[230960]: Failed password for root from 189.109.225.178 port 62842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 16:00:01,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335201.3772604, 'message': 'Dec  6 15:59:59 hqnl0246134 sshd[230958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:00:03,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335203.369596, 'message': 'Dec  6 16:00:01 hqnl0246134 sshd[230958]: Failed password for root from 61.177.172.19 port 13445 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 16:00:05,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335205.3734057, 'message': 'Dec  6 16:00:04 hqnl0246134 sshd[230958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:00:05,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335205.3735938, 'message': 'Dec  6 16:00:05 hqnl0246134 sshd[231007]: Invalid user gui from 43.153.89.12 port 47650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:00:05,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335205.3737054, 'message': 'Dec  6 16:00:05 hqnl0246134 sshd[231007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.89.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:00:05,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335205.3739042, 'message': 'Dec  6 16:00:05 hqnl0246134 sshd[231007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.89.12 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:00:07,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335207.3754184, 'message': 'Dec  6 16:00:05 hqnl0246134 sshd[230958]: Failed password for root from 61.177.172.19 port 13445 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-06 16:00:07,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335207.375774, 'message': 'Dec  6 16:00:06 hqnl0246134 sshd[231007]: Failed password for invalid user gui from 43.153.89.12 port 47650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0506 seconds
WARNING [2022-12-06 16:00:08,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:00:08,709] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0392 seconds
INFO    [2022-12-06 16:00:09,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335209.3771625, 'message': 'Dec  6 16:00:08 hqnl0246134 sshd[231007]: Disconnected from invalid user gui 43.153.89.12 port 47650 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:00:18,971] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:00:18,972] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:00:18,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:00:18,991] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 16:00:21,696] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:00:21,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:00:21,704] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:00:21,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 16:00:31,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.38.229', 'timestamp': 1670335231.4024115, 'message': 'Dec  6 16:00:31 hqnl0246134 sshd[231050]: Invalid user db2inst1 from 46.101.38.229 port 46886', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 16:00:33,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335233.4051096, 'message': 'Dec  6 16:00:31 hqnl0246134 sshd[231047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 16:00:33,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.38.229', 'timestamp': 1670335233.4055665, 'message': 'Dec  6 16:00:31 hqnl0246134 sshd[231050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.38.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:00:33,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335233.4054089, 'message': 'Dec  6 16:00:31 hqnl0246134 sshd[231047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 16:00:33,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.38.229', 'timestamp': 1670335233.4057016, 'message': 'Dec  6 16:00:31 hqnl0246134 sshd[231050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.38.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 16:00:33,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335233.4061246, 'message': 'Dec  6 16:00:32 hqnl0246134 sshd[231047]: Failed password for root from 61.177.172.19 port 29927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 16:00:33,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.38.229', 'timestamp': 1670335233.4062548, 'message': 'Dec  6 16:00:33 hqnl0246134 sshd[231050]: Failed password for invalid user db2inst1 from 46.101.38.229 port 46886 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 16:00:33,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.38.229', 'timestamp': 1670335233.4067523, 'message': 'Dec  6 16:00:33 hqnl0246134 sshd[231050]: Disconnected from invalid user db2inst1 46.101.38.229 port 46886 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:00:35,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335235.405748, 'message': 'Dec  6 16:00:33 hqnl0246134 sshd[231047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:00:37,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335237.4067686, 'message': 'Dec  6 16:00:36 hqnl0246134 sshd[231055]: Invalid user es from 122.186.252.110 port 33932', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 16:00:37,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335237.4076147, 'message': 'Dec  6 16:00:36 hqnl0246134 sshd[231047]: Failed password for root from 61.177.172.19 port 29927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 16:00:37,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335237.4071357, 'message': 'Dec  6 16:00:36 hqnl0246134 sshd[231055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.186.252.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:00:37,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335237.407403, 'message': 'Dec  6 16:00:36 hqnl0246134 sshd[231055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.186.252.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:00:39,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335239.4090788, 'message': 'Dec  6 16:00:37 hqnl0246134 sshd[231055]: Failed password for invalid user es from 122.186.252.110 port 33932 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:00:39,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335239.4093533, 'message': 'Dec  6 16:00:38 hqnl0246134 sshd[231047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 16:00:39,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.186.252.110', 'timestamp': 1670335239.409518, 'message': 'Dec  6 16:00:38 hqnl0246134 sshd[231055]: Disconnected from invalid user es 122.186.252.110 port 33932 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:00:41,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335241.4102252, 'message': 'Dec  6 16:00:40 hqnl0246134 sshd[231047]: Failed password for root from 61.177.172.19 port 29927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 16:00:41,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335241.4104972, 'message': 'Dec  6 16:00:41 hqnl0246134 sshd[231057]: Invalid user wy from 128.199.228.25 port 51100', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 16:00:41,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335241.4177, 'message': 'Dec  6 16:00:41 hqnl0246134 sshd[231057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.228.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:00:41,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335241.417839, 'message': 'Dec  6 16:00:41 hqnl0246134 sshd[231057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.228.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:00:43,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335243.4122705, 'message': 'Dec  6 16:00:42 hqnl0246134 sshd[231057]: Failed password for invalid user wy from 128.199.228.25 port 51100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:00:43,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.228.25', 'timestamp': 1670335243.420929, 'message': 'Dec  6 16:00:43 hqnl0246134 sshd[231057]: Disconnected from invalid user wy 128.199.228.25 port 51100 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:00:45,158] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:00:45,159] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:00:45,166] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:00:45,178] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 16:00:47,150] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:00:47,150] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:00:47,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335247.4164042, 'message': 'Dec  6 16:00:46 hqnl0246134 sshd[231061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 16:00:47,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335247.4167044, 'message': 'Dec  6 16:00:46 hqnl0246134 sshd[231061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:00:49,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335249.4217732, 'message': 'Dec  6 16:00:48 hqnl0246134 sshd[231061]: Failed password for root from 61.177.172.19 port 12871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 16:00:49,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335249.4260342, 'message': 'Dec  6 16:00:48 hqnl0246134 sshd[231067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.254.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 16:00:49,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335249.4262059, 'message': 'Dec  6 16:00:48 hqnl0246134 sshd[231067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.254.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:00:51,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.44.254.105', 'timestamp': 1670335251.4272025, 'message': 'Dec  6 16:00:50 hqnl0246134 sshd[231067]: Failed password for root from 163.44.254.105 port 46148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0642 seconds
INFO    [2022-12-06 16:00:51,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335251.4276092, 'message': 'Dec  6 16:00:50 hqnl0246134 sshd[231081]: Invalid user gui from 95.86.165.90 port 39640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-06 16:00:51,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335251.4283159, 'message': 'Dec  6 16:00:50 hqnl0246134 sshd[231061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0635 seconds
INFO    [2022-12-06 16:00:51,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335251.4278054, 'message': 'Dec  6 16:00:50 hqnl0246134 sshd[231081]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.86.165.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 16:00:51,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335251.4290986, 'message': 'Dec  6 16:00:51 hqnl0246134 sshd[231083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:00:51,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335251.4280198, 'message': 'Dec  6 16:00:50 hqnl0246134 sshd[231081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.86.165.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 16:00:51,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335251.429296, 'message': 'Dec  6 16:00:51 hqnl0246134 sshd[231083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:00:53,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335253.4329486, 'message': 'Dec  6 16:00:52 hqnl0246134 sshd[231081]: Failed password for invalid user gui from 95.86.165.90 port 39640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 16:00:53,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335253.4332037, 'message': 'Dec  6 16:00:52 hqnl0246134 sshd[231061]: Failed password for root from 61.177.172.19 port 12871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 16:00:53,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335253.4338903, 'message': 'Dec  6 16:00:53 hqnl0246134 sshd[231083]: Failed password for root from 61.177.173.18 port 20524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 16:00:53,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335253.4334826, 'message': 'Dec  6 16:00:53 hqnl0246134 sshd[231081]: Disconnected from invalid user gui 95.86.165.90 port 39640 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:00:53,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335253.4333305, 'message': 'Dec  6 16:00:52 hqnl0246134 sshd[231061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 16:00:55,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335255.4367702, 'message': 'Dec  6 16:00:55 hqnl0246134 sshd[231061]: Failed password for root from 61.177.172.19 port 12871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 16:00:57,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335257.438202, 'message': 'Dec  6 16:00:56 hqnl0246134 sshd[231083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-06 16:00:59,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335259.4410143, 'message': 'Dec  6 16:00:58 hqnl0246134 sshd[231083]: Failed password for root from 61.177.173.18 port 20524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:01:01,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335261.4495533, 'message': 'Dec  6 16:01:00 hqnl0246134 sshd[231083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:01:03,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335263.4458745, 'message': 'Dec  6 16:01:01 hqnl0246134 sshd[231083]: Failed password for root from 61.177.173.18 port 20524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
WARNING [2022-12-06 16:01:09,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:01:09,499] defence360agent.internals.the_sink: SensorIncidentList(<22 item(s)>) processed in 0.8140 seconds
INFO    [2022-12-06 16:01:09,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335269.4528131, 'message': 'Dec  6 16:01:07 hqnl0246134 sshd[231115]: Invalid user postgres from 58.17.200.197 port 54502', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-06 16:01:09,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335269.4529731, 'message': 'Dec  6 16:01:07 hqnl0246134 sshd[231115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 58.17.200.197 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:01:09,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335269.4531014, 'message': 'Dec  6 16:01:07 hqnl0246134 sshd[231115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.17.200.197 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:01:11,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335271.453584, 'message': 'Dec  6 16:01:09 hqnl0246134 sshd[231115]: Failed password for invalid user postgres from 58.17.200.197 port 54502 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:01:11,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335271.4537568, 'message': 'Dec  6 16:01:10 hqnl0246134 sshd[231115]: Disconnected from invalid user postgres 58.17.200.197 port 54502 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 16:01:19,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335279.4659212, 'message': 'Dec  6 16:01:18 hqnl0246134 sshd[231120]: Invalid user ahmad from 190.246.155.29 port 34224', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 16:01:19,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335279.466287, 'message': 'Dec  6 16:01:18 hqnl0246134 sshd[231120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.246.155.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:01:19,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335279.4665368, 'message': 'Dec  6 16:01:18 hqnl0246134 sshd[231120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:01:19,626] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:01:19,627] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:01:19,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:01:19,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:01:21,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335281.4738686, 'message': 'Dec  6 16:01:20 hqnl0246134 sshd[231120]: Failed password for invalid user ahmad from 190.246.155.29 port 34224 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 16:01:21,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335281.4740632, 'message': 'Dec  6 16:01:20 hqnl0246134 sshd[231125]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:01:21,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.246.155.29', 'timestamp': 1670335281.4742765, 'message': 'Dec  6 16:01:21 hqnl0246134 sshd[231120]: Disconnected from invalid user ahmad 190.246.155.29 port 34224 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 16:01:21,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335281.4741724, 'message': 'Dec  6 16:01:20 hqnl0246134 sshd[231125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 16:01:22,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:01:22,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:01:22,368] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:01:22,390] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
INFO    [2022-12-06 16:01:23,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335283.4764302, 'message': 'Dec  6 16:01:22 hqnl0246134 sshd[231125]: Failed password for root from 61.177.172.19 port 48680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:01:25,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335285.4789767, 'message': 'Dec  6 16:01:24 hqnl0246134 sshd[231134]: Invalid user postgres from 43.153.89.12 port 44878', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 16:01:25,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335285.4795153, 'message': 'Dec  6 16:01:25 hqnl0246134 sshd[231125]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 16:01:25,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335285.4792376, 'message': 'Dec  6 16:01:24 hqnl0246134 sshd[231134]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.89.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:01:25,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335285.479363, 'message': 'Dec  6 16:01:24 hqnl0246134 sshd[231134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.89.12 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 16:01:27,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335287.4814546, 'message': 'Dec  6 16:01:26 hqnl0246134 sshd[231134]: Failed password for invalid user postgres from 43.153.89.12 port 44878 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:01:27,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335287.4820008, 'message': 'Dec  6 16:01:26 hqnl0246134 sshd[231125]: Failed password for root from 61.177.172.19 port 48680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 16:01:27,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.89.12', 'timestamp': 1670335287.4818547, 'message': 'Dec  6 16:01:26 hqnl0246134 sshd[231134]: Disconnected from invalid user postgres 43.153.89.12 port 44878 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:01:29,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335289.482479, 'message': 'Dec  6 16:01:27 hqnl0246134 sshd[231125]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:01:31,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670335291.4859104, 'message': 'Dec  6 16:01:30 hqnl0246134 sshd[231125]: Failed password for root from 61.177.172.19 port 48680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-06 16:01:47,153] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:01:47,154] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:01:49,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335309.5054424, 'message': 'Dec  6 16:01:49 hqnl0246134 sshd[231157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0876 seconds
INFO    [2022-12-06 16:01:49,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335309.5061126, 'message': 'Dec  6 16:01:49 hqnl0246134 sshd[231155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0876 seconds
INFO    [2022-12-06 16:01:49,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335309.5059917, 'message': 'Dec  6 16:01:49 hqnl0246134 sshd[231157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0715 seconds
INFO    [2022-12-06 16:01:49,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335309.5062265, 'message': 'Dec  6 16:01:49 hqnl0246134 sshd[231155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0713 seconds
INFO    [2022-12-06 16:01:51,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335311.5068383, 'message': 'Dec  6 16:01:50 hqnl0246134 sshd[231157]: Failed password for root from 61.177.173.18 port 10073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 16:01:51,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335311.507197, 'message': 'Dec  6 16:01:50 hqnl0246134 sshd[231155]: Failed password for root from 61.177.172.104 port 15515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 16:01:51,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335311.5074604, 'message': 'Dec  6 16:01:51 hqnl0246134 sshd[231157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:01:51,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335311.5076482, 'message': 'Dec  6 16:01:51 hqnl0246134 sshd[231155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
WARNING [2022-12-06 16:01:53,331] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 16:01:55,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335315.5137217, 'message': 'Dec  6 16:01:53 hqnl0246134 sshd[231157]: Failed password for root from 61.177.173.18 port 10073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 16:01:55,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335315.5142102, 'message': 'Dec  6 16:01:53 hqnl0246134 sshd[231155]: Failed password for root from 61.177.172.104 port 15515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 16:01:57,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335317.5179918, 'message': 'Dec  6 16:01:55 hqnl0246134 sshd[231157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 16:01:57,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335317.5183415, 'message': 'Dec  6 16:01:55 hqnl0246134 sshd[231155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 16:01:59,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335319.52027, 'message': 'Dec  6 16:01:57 hqnl0246134 sshd[231157]: Failed password for root from 61.177.173.18 port 10073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 16:01:59,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335319.5204868, 'message': 'Dec  6 16:01:57 hqnl0246134 sshd[231155]: Failed password for root from 61.177.172.104 port 15515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 16:02:02,603] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:02:02,604] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:02:02,611] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:02:02,622] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 16:02:08,696] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:02:08,726] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-06 16:02:11,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335331.5490153, 'message': 'Dec  6 16:02:11 hqnl0246134 sshd[231196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 58.17.200.197 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 16:02:11,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335331.5493667, 'message': 'Dec  6 16:02:11 hqnl0246134 sshd[231196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.17.200.197  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:02:13,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335333.5518794, 'message': 'Dec  6 16:02:12 hqnl0246134 sshd[231196]: Failed password for root from 58.17.200.197 port 38422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 16:02:13,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335333.5522022, 'message': 'Dec  6 16:02:13 hqnl0246134 sshd[231199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.170.31.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 16:02:13,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335333.552454, 'message': 'Dec  6 16:02:13 hqnl0246134 sshd[231199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.31.174  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:02:15,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335335.554285, 'message': 'Dec  6 16:02:15 hqnl0246134 sshd[231199]: Failed password for root from 52.170.31.174 port 42612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:02:17,805] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:02:17,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:02:17,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:02:17,825] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 16:02:20,428] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:02:20,428] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:02:20,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:02:20,448] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 16:02:22,659] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:02:22,740] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:02:22,740] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:02:22,741] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:02:22,741] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:02:22,741] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:02:22,753] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:02:22,769] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0271 seconds
WARNING [2022-12-06 16:02:22,775] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:02:22,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:02:22,796] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0330 seconds
INFO    [2022-12-06 16:02:22,798] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
INFO    [2022-12-06 16:02:25,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335345.5704675, 'message': 'Dec  6 16:02:23 hqnl0246134 sshd[231211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0741 seconds
INFO    [2022-12-06 16:02:25,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335345.5710855, 'message': 'Dec  6 16:02:24 hqnl0246134 sshd[231213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0748 seconds
INFO    [2022-12-06 16:02:25,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335345.570777, 'message': 'Dec  6 16:02:23 hqnl0246134 sshd[231211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 16:02:25,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335345.5712564, 'message': 'Dec  6 16:02:24 hqnl0246134 sshd[231213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 16:02:25,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335345.5713956, 'message': 'Dec  6 16:02:25 hqnl0246134 sshd[231211]: Failed password for root from 61.177.172.104 port 26623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:02:27,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335347.5730064, 'message': 'Dec  6 16:02:26 hqnl0246134 sshd[231211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0519 seconds
INFO    [2022-12-06 16:02:27,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335347.5733402, 'message': 'Dec  6 16:02:26 hqnl0246134 sshd[231213]: Failed password for root from 61.177.173.39 port 51975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 16:02:27,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335347.5736704, 'message': 'Dec  6 16:02:26 hqnl0246134 sshd[231219]: Invalid user admin from 51.79.146.239 port 48588', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-06 16:02:27,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335347.5735483, 'message': 'Dec  6 16:02:26 hqnl0246134 sshd[231213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 16:02:27,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335347.573802, 'message': 'Dec  6 16:02:27 hqnl0246134 sshd[231219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.79.146.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 16:02:27,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335347.5739262, 'message': 'Dec  6 16:02:27 hqnl0246134 sshd[231219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.146.239 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:02:29,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335349.5749233, 'message': 'Dec  6 16:02:28 hqnl0246134 sshd[231211]: Failed password for root from 61.177.172.104 port 26623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 16:02:29,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335349.5751054, 'message': 'Dec  6 16:02:29 hqnl0246134 sshd[231213]: Failed password for root from 61.177.173.39 port 51975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 16:02:29,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335349.5752165, 'message': 'Dec  6 16:02:29 hqnl0246134 sshd[231219]: Failed password for invalid user admin from 51.79.146.239 port 48588 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-06 16:02:31,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335351.582236, 'message': 'Dec  6 16:02:30 hqnl0246134 sshd[231211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-06 16:02:31,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335351.582458, 'message': 'Dec  6 16:02:30 hqnl0246134 sshd[231219]: Disconnected from invalid user admin 51.79.146.239 port 48588 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0642 seconds
INFO    [2022-12-06 16:02:31,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335351.582568, 'message': 'Dec  6 16:02:31 hqnl0246134 sshd[231213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0641 seconds
INFO    [2022-12-06 16:02:33,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670335353.5840437, 'message': 'Dec  6 16:02:32 hqnl0246134 sshd[231211]: Failed password for root from 61.177.172.104 port 26623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:02:33,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335353.5842614, 'message': 'Dec  6 16:02:32 hqnl0246134 sshd[231213]: Failed password for root from 61.177.173.39 port 51975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:02:37,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335357.592986, 'message': 'Dec  6 16:02:35 hqnl0246134 sshd[231231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 16:02:37,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335357.593257, 'message': 'Dec  6 16:02:35 hqnl0246134 sshd[231231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:02:37,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335357.5933914, 'message': 'Dec  6 16:02:37 hqnl0246134 sshd[231231]: Failed password for root from 61.177.173.39 port 18819 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:02:39,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335359.5944262, 'message': 'Dec  6 16:02:38 hqnl0246134 sshd[231231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:02:39,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335359.5947163, 'message': 'Dec  6 16:02:38 hqnl0246134 sshd[231233]: Invalid user gui from 112.133.228.250 port 37482', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 16:02:39,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335359.594884, 'message': 'Dec  6 16:02:38 hqnl0246134 sshd[231233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.133.228.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:02:39,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335359.5950112, 'message': 'Dec  6 16:02:38 hqnl0246134 sshd[231233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.133.228.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:02:41,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335361.5968797, 'message': 'Dec  6 16:02:40 hqnl0246134 sshd[231231]: Failed password for root from 61.177.173.39 port 18819 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0900 seconds
INFO    [2022-12-06 16:02:41,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335361.5971034, 'message': 'Dec  6 16:02:40 hqnl0246134 sshd[231233]: Failed password for invalid user gui from 112.133.228.250 port 37482 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1069 seconds
INFO    [2022-12-06 16:02:41,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335361.5972438, 'message': 'Dec  6 16:02:40 hqnl0246134 sshd[231231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0957 seconds
INFO    [2022-12-06 16:02:41,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335361.5973997, 'message': 'Dec  6 16:02:41 hqnl0246134 sshd[231233]: Disconnected from invalid user gui 112.133.228.250 port 37482 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0956 seconds
INFO    [2022-12-06 16:02:43,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335363.599861, 'message': 'Dec  6 16:02:42 hqnl0246134 sshd[231236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 16:02:43,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335363.6003091, 'message': 'Dec  6 16:02:43 hqnl0246134 sshd[231231]: Failed password for root from 61.177.173.39 port 18819 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 16:02:43,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335363.6001198, 'message': 'Dec  6 16:02:42 hqnl0246134 sshd[231236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:02:45,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335365.6066768, 'message': 'Dec  6 16:02:44 hqnl0246134 sshd[231236]: Failed password for root from 61.177.173.18 port 62354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 16:02:45,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335365.607059, 'message': 'Dec  6 16:02:44 hqnl0246134 sshd[231236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-06 16:02:47,159] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:02:47,160] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:02:47,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335367.6088486, 'message': 'Dec  6 16:02:46 hqnl0246134 sshd[231236]: Failed password for root from 61.177.173.18 port 62354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 16:02:47,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335367.6091921, 'message': 'Dec  6 16:02:46 hqnl0246134 sshd[231245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 16:02:47,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335367.6093214, 'message': 'Dec  6 16:02:46 hqnl0246134 sshd[231245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:02:49,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335369.610551, 'message': 'Dec  6 16:02:48 hqnl0246134 sshd[231236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:02:49,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335369.6108832, 'message': 'Dec  6 16:02:49 hqnl0246134 sshd[231245]: Failed password for root from 61.177.173.39 port 58392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:02:51,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335371.6129124, 'message': 'Dec  6 16:02:50 hqnl0246134 sshd[231236]: Failed password for root from 61.177.173.18 port 62354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0579 seconds
INFO    [2022-12-06 16:02:51,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335371.6131945, 'message': 'Dec  6 16:02:51 hqnl0246134 sshd[231245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-06 16:02:52,869] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:02:52,870] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:02:52,871] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 16:02:53,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335373.6157339, 'message': 'Dec  6 16:02:53 hqnl0246134 sshd[231245]: Failed password for root from 61.177.173.39 port 58392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:02:55,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335375.6211336, 'message': 'Dec  6 16:02:55 hqnl0246134 sshd[231245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 16:02:57,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670335377.623771, 'message': 'Dec  6 16:02:57 hqnl0246134 sshd[231245]: Failed password for root from 61.177.173.39 port 58392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
WARNING [2022-12-06 16:03:08,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:03:08,734] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0419 seconds
INFO    [2022-12-06 16:03:11,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335391.651035, 'message': 'Dec  6 16:03:10 hqnl0246134 sshd[231269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 58.17.200.197 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 16:03:11,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335391.6512725, 'message': 'Dec  6 16:03:10 hqnl0246134 sshd[231269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.17.200.197  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 16:03:13,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '58.17.200.197', 'timestamp': 1670335393.6532824, 'message': 'Dec  6 16:03:13 hqnl0246134 sshd[231269]: Failed password for root from 58.17.200.197 port 50572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:03:20,609] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:03:20,610] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:03:20,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:03:20,645] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
INFO    [2022-12-06 16:03:21,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:03:21,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:03:21,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:03:21,837] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0353 seconds
INFO    [2022-12-06 16:03:24,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:03:24,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:03:24,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:03:24,764] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 16:03:35,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335415.6852152, 'message': 'Dec  6 16:03:34 hqnl0246134 sshd[231303]: Invalid user postgres from 95.86.165.90 port 41552', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 16:03:35,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335415.6856577, 'message': 'Dec  6 16:03:34 hqnl0246134 sshd[231303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.86.165.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:03:35,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335415.6867821, 'message': 'Dec  6 16:03:34 hqnl0246134 sshd[231303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.86.165.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:03:37,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335417.6860807, 'message': 'Dec  6 16:03:37 hqnl0246134 sshd[231303]: Failed password for invalid user postgres from 95.86.165.90 port 41552 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:03:37,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335417.6863496, 'message': 'Dec  6 16:03:37 hqnl0246134 sshd[231305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:03:37,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335417.686504, 'message': 'Dec  6 16:03:37 hqnl0246134 sshd[231305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 16:03:39,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335419.6904733, 'message': 'Dec  6 16:03:38 hqnl0246134 sshd[231303]: Disconnected from invalid user postgres 95.86.165.90 port 41552 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:03:39,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335419.6908054, 'message': 'Dec  6 16:03:39 hqnl0246134 sshd[231305]: Failed password for root from 61.177.173.18 port 14845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:03:41,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335421.693731, 'message': 'Dec  6 16:03:39 hqnl0246134 sshd[231305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:03:43,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335423.6973875, 'message': 'Dec  6 16:03:42 hqnl0246134 sshd[231305]: Failed password for root from 61.177.173.18 port 14845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:03:45,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335425.7003543, 'message': 'Dec  6 16:03:44 hqnl0246134 sshd[231305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 16:03:47,164] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:03:47,165] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:03:47,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335427.705412, 'message': 'Dec  6 16:03:46 hqnl0246134 sshd[231305]: Failed password for root from 61.177.173.18 port 14845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 16:03:53,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335433.7149966, 'message': 'Dec  6 16:03:52 hqnl0246134 sshd[231308]: Invalid user postgres from 112.133.228.250 port 37550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:03:53,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335433.7152581, 'message': 'Dec  6 16:03:52 hqnl0246134 sshd[231308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.133.228.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:03:53,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335433.7154088, 'message': 'Dec  6 16:03:52 hqnl0246134 sshd[231308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.133.228.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:03:55,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335435.7167163, 'message': 'Dec  6 16:03:55 hqnl0246134 sshd[231308]: Failed password for invalid user postgres from 112.133.228.250 port 37550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:03:57,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335437.7204032, 'message': 'Dec  6 16:03:57 hqnl0246134 sshd[231308]: Disconnected from invalid user postgres 112.133.228.250 port 37550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-06 16:04:08,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:04:08,735] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-06 16:04:11,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335451.7498212, 'message': 'Dec  6 16:04:10 hqnl0246134 sshd[231330]: Invalid user postgres from 52.170.31.174 port 43972', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:04:11,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335451.7500076, 'message': 'Dec  6 16:04:10 hqnl0246134 sshd[231330]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.170.31.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:04:11,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335451.7501488, 'message': 'Dec  6 16:04:10 hqnl0246134 sshd[231330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.31.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:04:13,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335453.7512233, 'message': 'Dec  6 16:04:12 hqnl0246134 sshd[231330]: Failed password for invalid user postgres from 52.170.31.174 port 43972 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 16:04:15,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335455.7536547, 'message': 'Dec  6 16:04:14 hqnl0246134 sshd[231330]: Disconnected from invalid user postgres 52.170.31.174 port 43972 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:04:17,832] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:04:17,833] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:04:17,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:04:17,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-06 16:04:20,497] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:04:20,497] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:04:20,505] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:04:20,517] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 16:04:31,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335471.793599, 'message': 'Dec  6 16:04:30 hqnl0246134 sshd[231356]: Invalid user tommy from 59.12.193.109 port 39291', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 16:04:31,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335471.7946641, 'message': 'Dec  6 16:04:31 hqnl0246134 sshd[231358]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 16:04:31,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335471.7941406, 'message': 'Dec  6 16:04:30 hqnl0246134 sshd[231356]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.12.193.109 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:04:31,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335471.7948709, 'message': 'Dec  6 16:04:31 hqnl0246134 sshd[231358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:04:31,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335471.7944086, 'message': 'Dec  6 16:04:30 hqnl0246134 sshd[231356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.193.109 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:04:33,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335473.7955592, 'message': 'Dec  6 16:04:32 hqnl0246134 sshd[231356]: Failed password for invalid user tommy from 59.12.193.109 port 39291 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:04:33,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.12.193.109', 'timestamp': 1670335473.795756, 'message': 'Dec  6 16:04:33 hqnl0246134 sshd[231356]: Disconnected from invalid user tommy 59.12.193.109 port 39291 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:04:35,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335475.7992177, 'message': 'Dec  6 16:04:33 hqnl0246134 sshd[231358]: Failed password for root from 61.177.173.18 port 21479 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:04:35,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335475.7995207, 'message': 'Dec  6 16:04:35 hqnl0246134 sshd[231358]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:04:37,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335477.8034625, 'message': 'Dec  6 16:04:37 hqnl0246134 sshd[231358]: Failed password for root from 61.177.173.18 port 21479 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 16:04:39,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335479.8062062, 'message': 'Dec  6 16:04:38 hqnl0246134 sshd[231358]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 16:04:39,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335479.806523, 'message': 'Dec  6 16:04:39 hqnl0246134 sshd[231358]: Failed password for root from 61.177.173.18 port 21479 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:04:43,350] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:04:43,351] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:04:43,364] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:04:43,378] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
WARNING [2022-12-06 16:04:47,168] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:04:47,169] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:04:47,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670335487.819744, 'message': 'Dec  6 16:04:45 hqnl0246134 sshd[231398]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:04:47,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670335487.8200834, 'message': 'Dec  6 16:04:45 hqnl0246134 sshd[231398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:04:49,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '217.79.42.236', 'timestamp': 1670335489.8244185, 'message': 'Dec  6 16:04:48 hqnl0246134 sshd[231398]: Failed password for root from 217.79.42.236 port 42266 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:04:55,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335495.8383641, 'message': 'Dec  6 16:04:54 hqnl0246134 sshd[231400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0733 seconds
INFO    [2022-12-06 16:04:55,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335495.8388438, 'message': 'Dec  6 16:04:54 hqnl0246134 sshd[231400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0653 seconds
INFO    [2022-12-06 16:04:57,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335497.8401878, 'message': 'Dec  6 16:04:55 hqnl0246134 sshd[231400]: Failed password for root from 61.177.173.51 port 17294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:04:59,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335499.8422387, 'message': 'Dec  6 16:04:58 hqnl0246134 sshd[231400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:05:01,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335501.8464863, 'message': 'Dec  6 16:05:00 hqnl0246134 sshd[231400]: Failed password for root from 61.177.173.51 port 17294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0744 seconds
INFO    [2022-12-06 16:05:01,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335501.8467617, 'message': 'Dec  6 16:05:00 hqnl0246134 sshd[231400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 16:05:03,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335503.8542447, 'message': 'Dec  6 16:05:01 hqnl0246134 sshd[231400]: Failed password for root from 61.177.173.51 port 17294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 16:05:05,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335505.8548455, 'message': 'Dec  6 16:05:04 hqnl0246134 sshd[231439]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.133.228.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:05:05,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335505.8551548, 'message': 'Dec  6 16:05:04 hqnl0246134 sshd[231439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.133.228.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:05:07,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335507.8582218, 'message': 'Dec  6 16:05:05 hqnl0246134 sshd[231437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:05:07,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.133.228.250', 'timestamp': 1670335507.8585844, 'message': 'Dec  6 16:05:07 hqnl0246134 sshd[231439]: Failed password for root from 112.133.228.250 port 37616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 16:05:07,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335507.8584154, 'message': 'Dec  6 16:05:05 hqnl0246134 sshd[231437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:05:07,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335507.8587646, 'message': 'Dec  6 16:05:07 hqnl0246134 sshd[231437]: Failed password for root from 61.177.173.51 port 42023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 16:05:08,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:05:08,749] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-06 16:05:09,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335509.8615963, 'message': 'Dec  6 16:05:08 hqnl0246134 sshd[231437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:05:11,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335511.8637104, 'message': 'Dec  6 16:05:11 hqnl0246134 sshd[231437]: Failed password for root from 61.177.173.51 port 42023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:05:13,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335513.8657155, 'message': 'Dec  6 16:05:13 hqnl0246134 sshd[231437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:05:15,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670335515.8679905, 'message': 'Dec  6 16:05:15 hqnl0246134 sshd[231437]: Failed password for root from 61.177.173.51 port 42023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 16:05:18,049] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:05:18,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:05:18,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:05:18,069] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 16:05:21,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:05:21,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:05:21,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:05:21,615] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 16:05:27,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335527.885956, 'message': 'Dec  6 16:05:26 hqnl0246134 sshd[231469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:05:27,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335527.8863525, 'message': 'Dec  6 16:05:26 hqnl0246134 sshd[231469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:05:29,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335529.8861916, 'message': 'Dec  6 16:05:28 hqnl0246134 sshd[231469]: Failed password for root from 61.177.173.18 port 32143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:05:31,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335531.8896267, 'message': 'Dec  6 16:05:30 hqnl0246134 sshd[231469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:05:33,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335533.896722, 'message': 'Dec  6 16:05:33 hqnl0246134 sshd[231469]: Failed password for root from 61.177.173.18 port 32143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 16:05:35,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335535.9019763, 'message': 'Dec  6 16:05:35 hqnl0246134 sshd[231469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:05:37,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335537.9074643, 'message': 'Dec  6 16:05:36 hqnl0246134 sshd[231469]: Failed password for root from 61.177.173.18 port 32143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 16:05:47,174] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:05:47,176] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:06:08,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:06:08,744] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0366 seconds
INFO    [2022-12-06 16:06:11,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335571.946577, 'message': 'Dec  6 16:06:11 hqnl0246134 sshd[231520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.86.165.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 16:06:11,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335571.9468472, 'message': 'Dec  6 16:06:11 hqnl0246134 sshd[231520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.86.165.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:06:13,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.86.165.90', 'timestamp': 1670335573.946201, 'message': 'Dec  6 16:06:12 hqnl0246134 sshd[231520]: Failed password for root from 95.86.165.90 port 41092 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:06:15,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:06:15,918] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:06:15,929] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:06:15,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 16:06:15,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335575.9465694, 'message': 'Dec  6 16:06:14 hqnl0246134 sshd[231525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.170.31.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:06:15,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335575.9467335, 'message': 'Dec  6 16:06:14 hqnl0246134 sshd[231525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.31.174  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:06:17,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:06:17,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:06:17,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:06:17,832] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 16:06:18,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.170.31.174', 'timestamp': 1670335577.9492218, 'message': 'Dec  6 16:06:17 hqnl0246134 sshd[231525]: Failed password for root from 52.170.31.174 port 45340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1318 seconds
INFO    [2022-12-06 16:06:20,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335579.9514291, 'message': 'Dec  6 16:06:18 hqnl0246134 sshd[231534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-06 16:06:20,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335579.9520113, 'message': 'Dec  6 16:06:19 hqnl0246134 sshd[231532]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.58.20.99 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-06 16:06:20,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335579.951798, 'message': 'Dec  6 16:06:18 hqnl0246134 sshd[231534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 16:06:20,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335579.9522402, 'message': 'Dec  6 16:06:19 hqnl0246134 sshd[231532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.58.20.99  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 16:06:21,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335581.9533882, 'message': 'Dec  6 16:06:20 hqnl0246134 sshd[231534]: Failed password for root from 61.177.173.18 port 22259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 16:06:21,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.58.20.99', 'timestamp': 1670335581.9538069, 'message': 'Dec  6 16:06:21 hqnl0246134 sshd[231532]: Failed password for root from 20.58.20.99 port 59826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 16:06:22,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335581.9536757, 'message': 'Dec  6 16:06:20 hqnl0246134 sshd[231534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:06:22,215] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:06:22,215] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:06:22,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:06:22,234] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 16:06:23,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335583.9542768, 'message': 'Dec  6 16:06:22 hqnl0246134 sshd[231534]: Failed password for root from 61.177.173.18 port 22259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:06:23,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335583.9545126, 'message': 'Dec  6 16:06:23 hqnl0246134 sshd[231534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:06:25,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335585.9569728, 'message': 'Dec  6 16:06:24 hqnl0246134 sshd[231534]: Failed password for root from 61.177.173.18 port 22259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 16:06:47,182] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:06:47,184] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:07:08,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:07:08,758] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0440 seconds
INFO    [2022-12-06 16:07:14,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335634.0174472, 'message': 'Dec  6 16:07:13 hqnl0246134 sshd[231590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:07:14,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335634.0177777, 'message': 'Dec  6 16:07:13 hqnl0246134 sshd[231590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:07:16,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335636.0178468, 'message': 'Dec  6 16:07:15 hqnl0246134 sshd[231590]: Failed password for root from 61.177.173.18 port 33495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:07:16,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335636.0180376, 'message': 'Dec  6 16:07:15 hqnl0246134 sshd[231590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 16:07:17,810] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:07:17,810] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:07:17,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:07:17,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 16:07:18,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335638.0205097, 'message': 'Dec  6 16:07:17 hqnl0246134 sshd[231590]: Failed password for root from 61.177.173.18 port 33495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:07:18,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335638.02071, 'message': 'Dec  6 16:07:17 hqnl0246134 sshd[231590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 16:07:20,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335640.022918, 'message': 'Dec  6 16:07:19 hqnl0246134 sshd[231590]: Failed password for root from 61.177.173.18 port 33495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 16:07:20,550] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:07:20,551] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:07:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:07:20,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0327 seconds
INFO    [2022-12-06 16:07:24,505] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:07:24,505] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:07:24,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:07:24,524] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 16:07:38,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335658.0475318, 'message': 'Dec  6 16:07:37 hqnl0246134 sshd[231618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.79.146.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 16:07:38,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335658.0481184, 'message': 'Dec  6 16:07:37 hqnl0246134 sshd[231618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.146.239  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:07:40,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335660.0504365, 'message': 'Dec  6 16:07:40 hqnl0246134 sshd[231618]: Failed password for root from 51.79.146.239 port 54584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 16:07:47,189] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:07:47,190] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:07:54,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670335674.0812237, 'message': 'Dec  6 16:07:52 hqnl0246134 sshd[231625]: Invalid user admin from 152.89.196.220 port 31972', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 16:07:54,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670335674.0816104, 'message': 'Dec  6 16:07:52 hqnl0246134 sshd[231625]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:07:54,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670335674.0825367, 'message': 'Dec  6 16:07:52 hqnl0246134 sshd[231625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:07:56,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670335676.0861113, 'message': 'Dec  6 16:07:54 hqnl0246134 sshd[231625]: Failed password for invalid user admin from 152.89.196.220 port 31972 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:07:58,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670335678.0910752, 'message': 'Dec  6 16:07:56 hqnl0246134 sshd[231625]: Disconnected from invalid user admin 152.89.196.220 port 31972 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:08:08,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335688.1148157, 'message': 'Dec  6 16:08:06 hqnl0246134 sshd[231643]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:08:08,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335688.1153965, 'message': 'Dec  6 16:08:06 hqnl0246134 sshd[231643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
WARNING [2022-12-06 16:08:08,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:08:08,752] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0340 seconds
INFO    [2022-12-06 16:08:10,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335690.1198003, 'message': 'Dec  6 16:08:08 hqnl0246134 sshd[231643]: Failed password for root from 61.177.173.18 port 37259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 16:08:10,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335690.11998, 'message': 'Dec  6 16:08:08 hqnl0246134 sshd[231643]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:08:12,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335692.125472, 'message': 'Dec  6 16:08:11 hqnl0246134 sshd[231643]: Failed password for root from 61.177.173.18 port 37259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 16:08:12,669] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:08:12,737] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:08:12,737] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:08:12,737] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:08:12,738] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:08:12,738] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:08:12,746] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:08:12,762] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0235 seconds
WARNING [2022-12-06 16:08:12,769] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:08:12,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:08:12,790] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0341 seconds
INFO    [2022-12-06 16:08:12,792] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0322 seconds
INFO    [2022-12-06 16:08:14,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335694.1259098, 'message': 'Dec  6 16:08:13 hqnl0246134 sshd[231643]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:08:16,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335696.1290722, 'message': 'Dec  6 16:08:14 hqnl0246134 sshd[231643]: Failed password for root from 61.177.173.18 port 37259 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:08:17,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:08:17,984] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:08:17,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:08:18,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-06 16:08:20,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:08:20,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:08:20,826] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:08:20,836] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 16:08:42,863] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:08:42,865] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:08:42,866] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 16:08:47,193] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:08:47,194] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:09:02,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335742.1972802, 'message': 'Dec  6 16:09:00 hqnl0246134 sshd[231676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 16:09:02,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335742.1979146, 'message': 'Dec  6 16:09:00 hqnl0246134 sshd[231676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:09:02,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335742.1981366, 'message': 'Dec  6 16:09:01 hqnl0246134 sshd[231676]: Failed password for root from 61.177.173.18 port 37141 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 16:09:04,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335744.209792, 'message': 'Dec  6 16:09:02 hqnl0246134 sshd[231676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 16:09:06,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335746.2240138, 'message': 'Dec  6 16:09:05 hqnl0246134 sshd[231676]: Failed password for root from 61.177.173.18 port 37141 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 16:09:08,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335748.2259712, 'message': 'Dec  6 16:09:07 hqnl0246134 sshd[231676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-06 16:09:08,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:09:08,755] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-06 16:09:10,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335750.2281919, 'message': 'Dec  6 16:09:09 hqnl0246134 sshd[231676]: Failed password for root from 61.177.173.18 port 37141 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:09:13,059] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:09:13,060] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:09:13,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:09:13,079] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 16:09:17,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:09:17,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:09:17,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:09:17,814] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 16:09:20,548] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:09:20,548] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:09:20,556] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:09:20,568] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 16:09:44,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670335784.288082, 'message': 'Dec  6 16:09:43 hqnl0246134 sshd[231865]: Invalid user ding from 141.144.246.33 port 38572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:09:44,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.144.246.33', 'timestamp': 1670335784.289038, 'message': 'Dec  6 16:09:43 hqnl0246134 sshd[231865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.144.246.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:09:44,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.144.246.33', 'timestamp': 1670335784.2892034, 'message': 'Dec  6 16:09:43 hqnl0246134 sshd[231865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.246.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:09:46,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670335786.2924497, 'message': 'Dec  6 16:09:45 hqnl0246134 sshd[231865]: Failed password for invalid user ding from 141.144.246.33 port 38572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 16:09:47,204] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:09:47,205] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:09:48,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670335788.2997904, 'message': 'Dec  6 16:09:47 hqnl0246134 sshd[231865]: Disconnected from invalid user ding 141.144.246.33 port 38572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 16:09:56,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335796.3254135, 'message': 'Dec  6 16:09:56 hqnl0246134 sshd[231867]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 16:09:56,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335796.3260193, 'message': 'Dec  6 16:09:56 hqnl0246134 sshd[231867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:10:00,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335800.3305693, 'message': 'Dec  6 16:09:58 hqnl0246134 sshd[231867]: Failed password for root from 61.177.173.18 port 42959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 16:10:02,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335802.337377, 'message': 'Dec  6 16:10:00 hqnl0246134 sshd[231867]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0796 seconds
INFO    [2022-12-06 16:10:04,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335804.3427894, 'message': 'Dec  6 16:10:02 hqnl0246134 sshd[231867]: Failed password for root from 61.177.173.18 port 42959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 16:10:04,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335804.3430383, 'message': 'Dec  6 16:10:02 hqnl0246134 sshd[231867]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 16:10:06,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335806.3445673, 'message': 'Dec  6 16:10:05 hqnl0246134 sshd[231867]: Failed password for root from 61.177.173.18 port 42959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-06 16:10:08,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:10:08,780] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-06 16:10:19,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:10:19,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:10:19,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:10:19,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 16:10:24,259] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:10:24,259] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:10:24,266] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:10:24,278] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 16:10:47,208] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:10:47,211] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:10:50,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335850.418111, 'message': 'Dec  6 16:10:49 hqnl0246134 sshd[231932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 16:10:50,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335850.4188046, 'message': 'Dec  6 16:10:49 hqnl0246134 sshd[231932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:10:52,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335852.4184282, 'message': 'Dec  6 16:10:51 hqnl0246134 sshd[231932]: Failed password for root from 61.177.173.18 port 41223 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 16:10:52,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335852.4187884, 'message': 'Dec  6 16:10:51 hqnl0246134 sshd[231932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:10:54,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335854.4258456, 'message': 'Dec  6 16:10:53 hqnl0246134 sshd[231932]: Failed password for root from 61.177.173.18 port 41223 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:10:54,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335854.4260483, 'message': 'Dec  6 16:10:53 hqnl0246134 sshd[231932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 16:10:56,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335856.4281316, 'message': 'Dec  6 16:10:56 hqnl0246134 sshd[231932]: Failed password for root from 61.177.173.18 port 41223 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 16:11:00,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:11:00,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:11:00,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:11:00,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-06 16:11:08,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:11:08,786] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 16:11:12,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335872.45791, 'message': 'Dec  6 16:11:11 hqnl0246134 sshd[231958]: Invalid user csserver from 51.79.146.239 port 44958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:11:12,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335872.4589987, 'message': 'Dec  6 16:11:11 hqnl0246134 sshd[231958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.79.146.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:11:12,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335872.4591072, 'message': 'Dec  6 16:11:11 hqnl0246134 sshd[231958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.146.239 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:11:14,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335874.4604619, 'message': 'Dec  6 16:11:13 hqnl0246134 sshd[231958]: Failed password for invalid user csserver from 51.79.146.239 port 44958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:11:14,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.79.146.239', 'timestamp': 1670335874.460688, 'message': 'Dec  6 16:11:14 hqnl0246134 sshd[231958]: Disconnected from invalid user csserver 51.79.146.239 port 44958 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:11:17,808] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:11:17,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:11:17,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:11:17,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 16:11:20,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:11:20,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:11:20,471] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:11:20,484] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 16:11:46,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335906.5420108, 'message': 'Dec  6 16:11:46 hqnl0246134 sshd[231985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 16:11:46,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335906.5427165, 'message': 'Dec  6 16:11:46 hqnl0246134 sshd[231985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
WARNING [2022-12-06 16:11:47,215] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:11:47,216] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:11:48,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335908.542522, 'message': 'Dec  6 16:11:48 hqnl0246134 sshd[231985]: Failed password for root from 61.177.173.18 port 41381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 16:11:52,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335912.5463135, 'message': 'Dec  6 16:11:50 hqnl0246134 sshd[231985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:11:52,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335912.5466328, 'message': 'Dec  6 16:11:52 hqnl0246134 sshd[231985]: Failed password for root from 61.177.173.18 port 41381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 16:11:53,335] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 16:11:54,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335914.5501738, 'message': 'Dec  6 16:11:52 hqnl0246134 sshd[231985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 16:11:56,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335916.5497575, 'message': 'Dec  6 16:11:55 hqnl0246134 sshd[231985]: Failed password for root from 61.177.173.18 port 41381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 16:12:08,768] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:12:08,793] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-06 16:12:17,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:12:17,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:12:17,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:12:17,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 16:12:20,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:12:20,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:12:20,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:12:20,842] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
INFO    [2022-12-06 16:12:40,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335960.6402655, 'message': 'Dec  6 16:12:39 hqnl0246134 sshd[232053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 16:12:40,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335960.6409588, 'message': 'Dec  6 16:12:39 hqnl0246134 sshd[232053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:12:42,309] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:12:42,376] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:12:42,376] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:12:42,376] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:12:42,377] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:12:42,377] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:12:42,386] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:12:42,403] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0259 seconds
WARNING [2022-12-06 16:12:42,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:12:42,414] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:12:42,432] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0355 seconds
INFO    [2022-12-06 16:12:42,434] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0330 seconds
INFO    [2022-12-06 16:12:42,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335962.6377788, 'message': 'Dec  6 16:12:41 hqnl0246134 sshd[232053]: Failed password for root from 61.177.173.18 port 46169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 16:12:44,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335964.640758, 'message': 'Dec  6 16:12:43 hqnl0246134 sshd[232053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:12:46,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335966.6567419, 'message': 'Dec  6 16:12:45 hqnl0246134 sshd[232053]: Failed password for root from 61.177.173.18 port 46169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:12:46,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335966.6570005, 'message': 'Dec  6 16:12:45 hqnl0246134 sshd[232053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 16:12:47,220] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:12:47,221] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:12:48,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670335968.6596074, 'message': 'Dec  6 16:12:47 hqnl0246134 sshd[232053]: Failed password for root from 61.177.173.18 port 46169 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:12:50,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:12:50,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:12:50,804] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:12:50,821] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-06 16:13:02,668] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 16:13:02,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:13:02,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0345 seconds
WARNING [2022-12-06 16:13:08,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:13:08,792] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0303 seconds
INFO    [2022-12-06 16:13:17,920] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:13:17,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:13:17,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:13:17,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 16:13:17,999] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:13:17,999] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:13:18,000] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 16:13:20,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:13:20,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:13:20,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:13:20,804] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 16:13:34,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336014.725655, 'message': 'Dec  6 16:13:34 hqnl0246134 sshd[232140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 16:13:34,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336014.7263756, 'message': 'Dec  6 16:13:34 hqnl0246134 sshd[232140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:13:36,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336016.7307875, 'message': 'Dec  6 16:13:36 hqnl0246134 sshd[232140]: Failed password for root from 61.177.173.18 port 42317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 16:13:36,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336016.7310815, 'message': 'Dec  6 16:13:36 hqnl0246134 sshd[232140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 16:13:38,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336018.7343922, 'message': 'Dec  6 16:13:38 hqnl0246134 sshd[232140]: Failed password for root from 61.177.173.18 port 42317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:13:40,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336020.7355604, 'message': 'Dec  6 16:13:38 hqnl0246134 sshd[232140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:13:42,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336022.7405589, 'message': 'Dec  6 16:13:41 hqnl0246134 sshd[232140]: Failed password for root from 61.177.173.18 port 42317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 16:13:47,225] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:13:47,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:14:08,780] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:14:08,813] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0473 seconds
INFO    [2022-12-06 16:14:17,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:14:17,876] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:14:17,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:14:17,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 16:14:20,497] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:14:20,498] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:14:20,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:14:20,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 16:14:26,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336066.818342, 'message': 'Dec  6 16:14:26 hqnl0246134 sshd[232174]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 16:14:26,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336066.8186724, 'message': 'Dec  6 16:14:26 hqnl0246134 sshd[232174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:14:28,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336068.8202918, 'message': 'Dec  6 16:14:28 hqnl0246134 sshd[232174]: Failed password for root from 61.177.173.18 port 28021 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:14:30,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336070.8223286, 'message': 'Dec  6 16:14:30 hqnl0246134 sshd[232174]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 16:14:32,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336072.8269248, 'message': 'Dec  6 16:14:30 hqnl0246134 sshd[232189]: Invalid user docker from 141.144.246.33 port 58118', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-06 16:14:32,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336072.8277087, 'message': 'Dec  6 16:14:31 hqnl0246134 sshd[232179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-06 16:14:32,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336072.827227, 'message': 'Dec  6 16:14:30 hqnl0246134 sshd[232189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.144.246.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0549 seconds
INFO    [2022-12-06 16:14:32,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336072.8281734, 'message': 'Dec  6 16:14:32 hqnl0246134 sshd[232174]: Failed password for root from 61.177.173.18 port 28021 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 16:14:32,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336072.8279662, 'message': 'Dec  6 16:14:31 hqnl0246134 sshd[232179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 16:14:32,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336072.8274777, 'message': 'Dec  6 16:14:30 hqnl0246134 sshd[232189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.246.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:14:32,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336072.8284163, 'message': 'Dec  6 16:14:32 hqnl0246134 sshd[232189]: Failed password for invalid user docker from 141.144.246.33 port 58118 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:14:34,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336074.835937, 'message': 'Dec  6 16:14:32 hqnl0246134 sshd[232179]: Failed password for root from 61.177.172.108 port 21686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 16:14:34,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336074.8361533, 'message': 'Dec  6 16:14:32 hqnl0246134 sshd[232174]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 16:14:34,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336074.8363218, 'message': 'Dec  6 16:14:33 hqnl0246134 sshd[232189]: Disconnected from invalid user docker 141.144.246.33 port 58118 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 16:14:34,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336074.8364432, 'message': 'Dec  6 16:14:33 hqnl0246134 sshd[232179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:14:35,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:14:35,680] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:14:35,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:14:35,700] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 16:14:36,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336076.8379307, 'message': 'Dec  6 16:14:35 hqnl0246134 sshd[232179]: Failed password for root from 61.177.172.108 port 21686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:14:36,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336076.8381333, 'message': 'Dec  6 16:14:35 hqnl0246134 sshd[232174]: Failed password for root from 61.177.173.18 port 28021 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 16:14:36,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336076.838246, 'message': 'Dec  6 16:14:36 hqnl0246134 sshd[232179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:14:38,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336078.841007, 'message': 'Dec  6 16:14:38 hqnl0246134 sshd[232179]: Failed password for root from 61.177.172.108 port 21686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:14:40,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.79.146.239', 'timestamp': 1670336080.843791, 'message': 'Dec  6 16:14:40 hqnl0246134 sshd[232199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.79.146.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:14:40,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.79.146.239', 'timestamp': 1670336080.8441288, 'message': 'Dec  6 16:14:40 hqnl0246134 sshd[232199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.146.239  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:14:42,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.79.146.239', 'timestamp': 1670336082.8452535, 'message': 'Dec  6 16:14:42 hqnl0246134 sshd[232199]: Failed password for root from 51.79.146.239 port 34418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:14:44,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336084.84974, 'message': 'Dec  6 16:14:43 hqnl0246134 sshd[232201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:14:44,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336084.850131, 'message': 'Dec  6 16:14:43 hqnl0246134 sshd[232201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 16:14:46,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336086.853303, 'message': 'Dec  6 16:14:45 hqnl0246134 sshd[232201]: Failed password for root from 61.177.172.108 port 49883 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 16:14:47,234] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:14:47,234] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:14:48,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336088.8537588, 'message': 'Dec  6 16:14:48 hqnl0246134 sshd[232201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:14:50,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336090.8558922, 'message': 'Dec  6 16:14:50 hqnl0246134 sshd[232201]: Failed password for root from 61.177.172.108 port 49883 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-06 16:14:54,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336094.8641818, 'message': 'Dec  6 16:14:52 hqnl0246134 sshd[232201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:14:54,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336094.8645842, 'message': 'Dec  6 16:14:54 hqnl0246134 sshd[232201]: Failed password for root from 61.177.172.108 port 49883 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:14:56,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336096.8664281, 'message': 'Dec  6 16:14:56 hqnl0246134 sshd[232212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 16:14:56,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336096.8668385, 'message': 'Dec  6 16:14:56 hqnl0246134 sshd[232212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:15:00,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336100.8726494, 'message': 'Dec  6 16:14:59 hqnl0246134 sshd[232212]: Failed password for root from 61.177.172.108 port 45871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 16:15:00,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336100.8729548, 'message': 'Dec  6 16:15:00 hqnl0246134 sshd[232215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 16:15:00,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336100.8730938, 'message': 'Dec  6 16:15:00 hqnl0246134 sshd[232215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:15:02,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336102.877683, 'message': 'Dec  6 16:15:01 hqnl0246134 sshd[232212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 16:15:02,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336102.8812816, 'message': 'Dec  6 16:15:02 hqnl0246134 sshd[232215]: Failed password for root from 61.177.173.47 port 20468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 16:15:04,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336104.8779876, 'message': 'Dec  6 16:15:03 hqnl0246134 sshd[232212]: Failed password for root from 61.177.172.108 port 45871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-06 16:15:04,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336104.8789017, 'message': 'Dec  6 16:15:04 hqnl0246134 sshd[232215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0592 seconds
INFO    [2022-12-06 16:15:04,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336104.8787317, 'message': 'Dec  6 16:15:03 hqnl0246134 sshd[232212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 16:15:06,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336106.885386, 'message': 'Dec  6 16:15:05 hqnl0246134 sshd[232212]: Failed password for root from 61.177.172.108 port 45871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 16:15:06,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336106.8857217, 'message': 'Dec  6 16:15:06 hqnl0246134 sshd[232215]: Failed password for root from 61.177.173.47 port 20468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
WARNING [2022-12-06 16:15:08,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:15:08,804] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-06 16:15:08,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336108.8855882, 'message': 'Dec  6 16:15:07 hqnl0246134 sshd[232215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 16:15:08,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336108.8858395, 'message': 'Dec  6 16:15:07 hqnl0246134 sshd[232245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 16:15:08,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336108.8860168, 'message': 'Dec  6 16:15:07 hqnl0246134 sshd[232245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 16:15:10,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336110.887739, 'message': 'Dec  6 16:15:09 hqnl0246134 sshd[232215]: Failed password for root from 61.177.173.47 port 20468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 16:15:10,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336110.8879306, 'message': 'Dec  6 16:15:09 hqnl0246134 sshd[232245]: Failed password for root from 61.177.172.108 port 16181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 16:15:12,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336112.891842, 'message': 'Dec  6 16:15:11 hqnl0246134 sshd[232245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:15:14,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336114.9001224, 'message': 'Dec  6 16:15:13 hqnl0246134 sshd[232253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:15:14,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336114.9004931, 'message': 'Dec  6 16:15:13 hqnl0246134 sshd[232245]: Failed password for root from 61.177.172.108 port 16181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:15:14,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336114.9003808, 'message': 'Dec  6 16:15:13 hqnl0246134 sshd[232253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 16:15:14,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336114.9006133, 'message': 'Dec  6 16:15:14 hqnl0246134 sshd[232245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 16:15:16,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336116.9018497, 'message': 'Dec  6 16:15:15 hqnl0246134 sshd[232253]: Failed password for root from 61.177.173.47 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:15:16,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336116.9021702, 'message': 'Dec  6 16:15:16 hqnl0246134 sshd[232245]: Failed password for root from 61.177.172.108 port 16181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:15:16,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336116.9020596, 'message': 'Dec  6 16:15:16 hqnl0246134 sshd[232253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:15:18,444] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:15:18,445] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:15:18,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:15:18,467] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 16:15:18,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336118.90426, 'message': 'Dec  6 16:15:17 hqnl0246134 sshd[232253]: Failed password for root from 61.177.173.47 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:15:20,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336120.9057057, 'message': 'Dec  6 16:15:18 hqnl0246134 sshd[232253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 16:15:20,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336120.9132109, 'message': 'Dec  6 16:15:19 hqnl0246134 sshd[232269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 16:15:20,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336120.91344, 'message': 'Dec  6 16:15:19 hqnl0246134 sshd[232269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:15:21,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:15:21,383] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:15:21,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:15:21,401] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 16:15:22,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336122.9146097, 'message': 'Dec  6 16:15:21 hqnl0246134 sshd[232253]: Failed password for root from 61.177.173.47 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 16:15:22,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336122.9148345, 'message': 'Dec  6 16:15:21 hqnl0246134 sshd[232269]: Failed password for root from 61.177.173.18 port 29217 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 16:15:24,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336124.9166257, 'message': 'Dec  6 16:15:24 hqnl0246134 sshd[232269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0618 seconds
INFO    [2022-12-06 16:15:24,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336124.916822, 'message': 'Dec  6 16:15:24 hqnl0246134 sshd[232277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0620 seconds
INFO    [2022-12-06 16:15:25,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336124.917387, 'message': 'Dec  6 16:15:24 hqnl0246134 sshd[232277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 16:15:26,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336126.9192064, 'message': 'Dec  6 16:15:25 hqnl0246134 sshd[232269]: Failed password for root from 61.177.173.18 port 29217 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 16:15:26,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336126.91987, 'message': 'Dec  6 16:15:26 hqnl0246134 sshd[232277]: Failed password for root from 61.177.173.47 port 42329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 16:15:27,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336126.9196725, 'message': 'Dec  6 16:15:26 hqnl0246134 sshd[232269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 16:15:28,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336128.9211078, 'message': 'Dec  6 16:15:27 hqnl0246134 sshd[232277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:15:28,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336128.9213731, 'message': 'Dec  6 16:15:28 hqnl0246134 sshd[232269]: Failed password for root from 61.177.173.18 port 29217 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 16:15:30,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336130.9247723, 'message': 'Dec  6 16:15:28 hqnl0246134 sshd[232277]: Failed password for root from 61.177.173.47 port 42329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 16:15:30,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336130.925143, 'message': 'Dec  6 16:15:29 hqnl0246134 sshd[232277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:15:32,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670336132.9275842, 'message': 'Dec  6 16:15:31 hqnl0246134 sshd[232277]: Failed password for root from 61.177.173.47 port 42329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 16:15:36,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336136.9343767, 'message': 'Dec  6 16:15:35 hqnl0246134 sshd[232291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 16:15:36,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336136.9347398, 'message': 'Dec  6 16:15:35 hqnl0246134 sshd[232291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 16:15:38,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336138.9391499, 'message': 'Dec  6 16:15:37 hqnl0246134 sshd[232291]: Failed password for root from 61.177.173.50 port 15547 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 16:15:38,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336138.9394336, 'message': 'Dec  6 16:15:38 hqnl0246134 sshd[232291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:15:40,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336140.9471326, 'message': 'Dec  6 16:15:40 hqnl0246134 sshd[232291]: Failed password for root from 61.177.173.50 port 15547 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 16:15:42,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336142.9548173, 'message': 'Dec  6 16:15:42 hqnl0246134 sshd[232291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:15:46,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336146.9590678, 'message': 'Dec  6 16:15:45 hqnl0246134 sshd[232291]: Failed password for root from 61.177.173.50 port 15547 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 16:15:47,237] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:15:47,238] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:15:51,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336150.9662807, 'message': 'Dec  6 16:15:49 hqnl0246134 sshd[232299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:15:51,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336150.966792, 'message': 'Dec  6 16:15:49 hqnl0246134 sshd[232299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 16:15:51,153] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:15:51,153] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:15:51,161] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:15:51,172] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 16:15:52,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336152.9744177, 'message': 'Dec  6 16:15:51 hqnl0246134 sshd[232299]: Failed password for root from 61.177.173.50 port 14077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:15:54,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336154.9824312, 'message': 'Dec  6 16:15:53 hqnl0246134 sshd[232299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:15:57,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336156.990501, 'message': 'Dec  6 16:15:55 hqnl0246134 sshd[232299]: Failed password for root from 61.177.173.50 port 14077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:15:59,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336159.0050178, 'message': 'Dec  6 16:15:58 hqnl0246134 sshd[232299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:16:01,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336161.0173514, 'message': 'Dec  6 16:15:59 hqnl0246134 sshd[232299]: Failed password for root from 61.177.173.50 port 14077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 16:16:08,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:16:08,807] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 16:16:13,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336173.057442, 'message': 'Dec  6 16:16:12 hqnl0246134 sshd[232334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:16:13,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336173.0611417, 'message': 'Dec  6 16:16:12 hqnl0246134 sshd[232334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:16:17,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336177.0663896, 'message': 'Dec  6 16:16:15 hqnl0246134 sshd[232334]: Failed password for root from 61.177.173.18 port 22955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 16:16:18,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:16:18,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:16:18,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:16:18,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0463 seconds
INFO    [2022-12-06 16:16:19,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336179.0682378, 'message': 'Dec  6 16:16:17 hqnl0246134 sshd[232334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 16:16:21,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336181.0761526, 'message': 'Dec  6 16:16:19 hqnl0246134 sshd[232334]: Failed password for root from 61.177.173.18 port 22955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:16:21,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:16:21,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:16:21,782] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:16:21,810] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
INFO    [2022-12-06 16:16:23,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336183.082942, 'message': 'Dec  6 16:16:21 hqnl0246134 sshd[232334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 16:16:25,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336185.087972, 'message': 'Dec  6 16:16:23 hqnl0246134 sshd[232334]: Failed password for root from 61.177.173.18 port 22955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 16:16:47,243] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:16:47,245] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:17:08,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:17:08,829] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0486 seconds
INFO    [2022-12-06 16:17:09,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336229.1979053, 'message': 'Dec  6 16:17:08 hqnl0246134 sshd[232420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:17:09,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336229.1982353, 'message': 'Dec  6 16:17:08 hqnl0246134 sshd[232420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:17:13,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336233.2001846, 'message': 'Dec  6 16:17:11 hqnl0246134 sshd[232420]: Failed password for root from 61.177.173.18 port 29453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:17:13,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336233.200438, 'message': 'Dec  6 16:17:13 hqnl0246134 sshd[232420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:17:17,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336237.2056484, 'message': 'Dec  6 16:17:15 hqnl0246134 sshd[232420]: Failed password for root from 61.177.173.18 port 29453 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 16:17:17,908] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:17:17,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:17:17,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:17:17,927] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 16:17:19,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336239.2058973, 'message': 'Dec  6 16:17:17 hqnl0246134 sshd[232420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:17:20,755] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:17:20,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:17:20,763] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:17:20,775] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 16:17:21,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336241.2093985, 'message': 'Dec  6 16:17:19 hqnl0246134 sshd[232420]: Failed password for root from 61.177.173.18 port 29453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 16:17:22,526] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:17:22,526] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:17:22,533] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:17:22,544] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 16:17:23,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336243.2101302, 'message': 'Dec  6 16:17:21 hqnl0246134 sshd[232456]: Invalid user woju from 141.144.246.33 port 44572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:17:23,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336243.2133188, 'message': 'Dec  6 16:17:21 hqnl0246134 sshd[232456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.144.246.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:17:23,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336243.2135823, 'message': 'Dec  6 16:17:21 hqnl0246134 sshd[232456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.246.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 16:17:25,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336245.2131236, 'message': 'Dec  6 16:17:23 hqnl0246134 sshd[232456]: Failed password for invalid user woju from 141.144.246.33 port 44572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:17:27,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.144.246.33', 'timestamp': 1670336247.2172322, 'message': 'Dec  6 16:17:25 hqnl0246134 sshd[232456]: Disconnected from invalid user woju 141.144.246.33 port 44572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:17:43,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336263.2390587, 'message': 'Dec  6 16:17:42 hqnl0246134 sshd[232476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 16:17:43,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336263.2397525, 'message': 'Dec  6 16:17:42 hqnl0246134 sshd[232476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 16:17:45,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336265.2412841, 'message': 'Dec  6 16:17:44 hqnl0246134 sshd[232476]: Failed password for root from 61.177.172.104 port 63212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 16:17:47,247] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:17:47,247] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:17:47,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336267.2440164, 'message': 'Dec  6 16:17:46 hqnl0246134 sshd[232476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 16:17:49,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336269.2482953, 'message': 'Dec  6 16:17:48 hqnl0246134 sshd[232476]: Failed password for root from 61.177.172.104 port 63212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 16:17:49,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336269.248831, 'message': 'Dec  6 16:17:49 hqnl0246134 sshd[232476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 16:17:53,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336273.2547252, 'message': 'Dec  6 16:17:51 hqnl0246134 sshd[232476]: Failed password for root from 61.177.172.104 port 63212 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:17:57,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336277.2580986, 'message': 'Dec  6 16:17:56 hqnl0246134 sshd[232487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:17:57,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336277.2582881, 'message': 'Dec  6 16:17:56 hqnl0246134 sshd[232487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:17:59,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336279.2627177, 'message': 'Dec  6 16:17:58 hqnl0246134 sshd[232487]: Failed password for root from 61.177.172.104 port 46024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:18:01,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336281.2658725, 'message': 'Dec  6 16:18:00 hqnl0246134 sshd[232487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 16:18:03,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336283.270716, 'message': 'Dec  6 16:18:01 hqnl0246134 sshd[232489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 16:18:03,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336283.2710714, 'message': 'Dec  6 16:18:02 hqnl0246134 sshd[232487]: Failed password for root from 61.177.172.104 port 46024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 16:18:03,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336283.2709343, 'message': 'Dec  6 16:18:01 hqnl0246134 sshd[232489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:18:03,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336283.2712123, 'message': 'Dec  6 16:18:02 hqnl0246134 sshd[232489]: Failed password for root from 61.177.173.18 port 23775 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:18:05,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336285.2767735, 'message': 'Dec  6 16:18:03 hqnl0246134 sshd[232489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 16:18:05,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336285.2769694, 'message': 'Dec  6 16:18:04 hqnl0246134 sshd[232487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 16:18:05,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336285.2771058, 'message': 'Dec  6 16:18:05 hqnl0246134 sshd[232489]: Failed password for root from 61.177.173.18 port 23775 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:18:07,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336287.2782056, 'message': 'Dec  6 16:18:05 hqnl0246134 sshd[232489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 16:18:07,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336287.2783785, 'message': 'Dec  6 16:18:06 hqnl0246134 sshd[232487]: Failed password for root from 61.177.172.104 port 46024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
WARNING [2022-12-06 16:18:08,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:18:08,818] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-06 16:18:09,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336289.2815335, 'message': 'Dec  6 16:18:07 hqnl0246134 sshd[232489]: Failed password for root from 61.177.173.18 port 23775 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:18:17,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:18:17,788] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:18:17,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:18:17,808] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 16:18:20,729] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:18:20,730] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:18:20,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:18:20,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-06 16:18:21,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336301.2957678, 'message': 'Dec  6 16:18:19 hqnl0246134 sshd[232516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 16:18:21,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336301.295955, 'message': 'Dec  6 16:18:19 hqnl0246134 sshd[232516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:18:23,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336303.3089032, 'message': 'Dec  6 16:18:21 hqnl0246134 sshd[232516]: Failed password for root from 61.177.172.104 port 53199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:18:25,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336305.3138373, 'message': 'Dec  6 16:18:23 hqnl0246134 sshd[232516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:18:27,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336307.3170373, 'message': 'Dec  6 16:18:25 hqnl0246134 sshd[232516]: Failed password for root from 61.177.172.104 port 53199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:18:27,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336307.3173578, 'message': 'Dec  6 16:18:26 hqnl0246134 sshd[232516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:18:29,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336309.3197148, 'message': 'Dec  6 16:18:28 hqnl0246134 sshd[232516]: Failed password for root from 61.177.172.104 port 53199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:18:32,808] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:18:32,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:18:32,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:18:32,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 16:18:37,190] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:18:37,259] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:18:37,259] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:18:37,260] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:18:37,260] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:18:37,261] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:18:37,276] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:18:37,292] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0307 seconds
WARNING [2022-12-06 16:18:37,299] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:18:37,301] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:18:37,317] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0309 seconds
INFO    [2022-12-06 16:18:37,319] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0290 seconds
WARNING [2022-12-06 16:18:47,250] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:18:47,250] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:18:55,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336335.3550441, 'message': 'Dec  6 16:18:54 hqnl0246134 sshd[232545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 16:18:55,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336335.3556714, 'message': 'Dec  6 16:18:54 hqnl0246134 sshd[232544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 16:18:55,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336335.3554342, 'message': 'Dec  6 16:18:54 hqnl0246134 sshd[232545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:18:55,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336335.355837, 'message': 'Dec  6 16:18:54 hqnl0246134 sshd[232544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:18:57,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336337.356086, 'message': 'Dec  6 16:18:56 hqnl0246134 sshd[232545]: Failed password for root from 61.177.173.18 port 25309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 16:18:57,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336337.3563027, 'message': 'Dec  6 16:18:57 hqnl0246134 sshd[232544]: Failed password for root from 61.177.172.104 port 30539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 16:18:59,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336339.3594742, 'message': 'Dec  6 16:18:58 hqnl0246134 sshd[232545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:18:59,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336339.3597074, 'message': 'Dec  6 16:18:59 hqnl0246134 sshd[232544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 16:19:01,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336341.3620636, 'message': 'Dec  6 16:19:00 hqnl0246134 sshd[232545]: Failed password for root from 61.177.173.18 port 25309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 16:19:01,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336341.362414, 'message': 'Dec  6 16:19:00 hqnl0246134 sshd[232544]: Failed password for root from 61.177.172.104 port 30539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 16:19:01,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336341.3625462, 'message': 'Dec  6 16:19:01 hqnl0246134 sshd[232545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:19:03,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336343.3626788, 'message': 'Dec  6 16:19:01 hqnl0246134 sshd[232544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:19:03,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336343.362869, 'message': 'Dec  6 16:19:03 hqnl0246134 sshd[232545]: Failed password for root from 61.177.173.18 port 25309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:19:05,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336345.363516, 'message': 'Dec  6 16:19:03 hqnl0246134 sshd[232544]: Failed password for root from 61.177.172.104 port 30539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 16:19:07,390] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:19:07,391] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:19:07,391] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-06 16:19:08,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:19:08,817] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0282 seconds
INFO    [2022-12-06 16:19:18,328] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:19:18,328] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:19:18,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:19:18,359] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-06 16:19:19,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336359.377263, 'message': 'Dec  6 16:19:18 hqnl0246134 sshd[232572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 16:19:19,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336359.3856313, 'message': 'Dec  6 16:19:18 hqnl0246134 sshd[232572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:19:21,245] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:19:21,246] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:19:21,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:19:21,265] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:19:21,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336361.3834088, 'message': 'Dec  6 16:19:20 hqnl0246134 sshd[232572]: Failed password for root from 61.177.172.104 port 61773 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:19:21,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336361.383634, 'message': 'Dec  6 16:19:20 hqnl0246134 sshd[232572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:19:23,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336363.388637, 'message': 'Dec  6 16:19:23 hqnl0246134 sshd[232572]: Failed password for root from 61.177.172.104 port 61773 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:19:25,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336365.393622, 'message': 'Dec  6 16:19:25 hqnl0246134 sshd[232572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:19:27,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670336367.396184, 'message': 'Dec  6 16:19:27 hqnl0246134 sshd[232572]: Failed password for root from 61.177.172.104 port 61773 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:19:45,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336385.4420907, 'message': 'Dec  6 16:19:44 hqnl0246134 sshd[232622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 16:19:45,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336385.4430175, 'message': 'Dec  6 16:19:44 hqnl0246134 sshd[232622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 16:19:47,253] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:19:47,254] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:19:47,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336387.4499154, 'message': 'Dec  6 16:19:46 hqnl0246134 sshd[232622]: Failed password for root from 61.177.173.18 port 13527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:19:49,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336389.459094, 'message': 'Dec  6 16:19:49 hqnl0246134 sshd[232622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:19:51,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336391.4622376, 'message': 'Dec  6 16:19:50 hqnl0246134 sshd[232622]: Failed password for root from 61.177.173.18 port 13527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:19:51,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336391.4624827, 'message': 'Dec  6 16:19:51 hqnl0246134 sshd[232622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:19:53,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336393.468072, 'message': 'Dec  6 16:19:53 hqnl0246134 sshd[232622]: Failed password for root from 61.177.173.18 port 13527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:19:56,234] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:19:56,234] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:19:56,242] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:19:56,262] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
WARNING [2022-12-06 16:20:08,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:20:08,836] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-06 16:20:17,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:20:17,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:20:17,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:20:17,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 16:20:20,513] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:20:20,513] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:20:20,520] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:20:20,531] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 16:20:37,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336437.5432353, 'message': 'Dec  6 16:20:36 hqnl0246134 sshd[232695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 16:20:37,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336437.543996, 'message': 'Dec  6 16:20:36 hqnl0246134 sshd[232695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 16:20:39,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336439.546127, 'message': 'Dec  6 16:20:38 hqnl0246134 sshd[232695]: Failed password for root from 61.177.173.18 port 13321 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:20:41,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336441.5493658, 'message': 'Dec  6 16:20:40 hqnl0246134 sshd[232695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:20:43,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336443.5557008, 'message': 'Dec  6 16:20:42 hqnl0246134 sshd[232695]: Failed password for root from 61.177.173.18 port 13321 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 16:20:43,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336443.5563354, 'message': 'Dec  6 16:20:42 hqnl0246134 sshd[232695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 16:20:45,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336445.5559294, 'message': 'Dec  6 16:20:44 hqnl0246134 sshd[232695]: Failed password for root from 61.177.173.18 port 13321 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
WARNING [2022-12-06 16:20:47,257] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:20:47,257] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:21:08,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:21:08,928] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.1265 seconds
INFO    [2022-12-06 16:21:17,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:21:17,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:21:17,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:21:17,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 16:21:20,519] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:21:20,520] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:21:20,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:21:20,538] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 16:21:31,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336491.6421092, 'message': 'Dec  6 16:21:30 hqnl0246134 sshd[232740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:21:31,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336491.6426542, 'message': 'Dec  6 16:21:30 hqnl0246134 sshd[232740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:21:33,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336493.6465547, 'message': 'Dec  6 16:21:32 hqnl0246134 sshd[232740]: Failed password for root from 61.177.173.18 port 15025 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 16:21:35,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336495.6521451, 'message': 'Dec  6 16:21:35 hqnl0246134 sshd[232740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:21:37,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336497.6577597, 'message': 'Dec  6 16:21:37 hqnl0246134 sshd[232740]: Failed password for root from 61.177.173.18 port 15025 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:21:39,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336499.6628685, 'message': 'Dec  6 16:21:39 hqnl0246134 sshd[232740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 16:21:41,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336501.6652036, 'message': 'Dec  6 16:21:41 hqnl0246134 sshd[232740]: Failed password for root from 61.177.173.18 port 15025 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:21:44,590] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:21:44,590] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:21:44,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:21:44,610] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 16:21:47,260] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:21:47,260] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:21:53,339] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 16:22:08,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:22:08,840] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-06 16:22:17,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:22:17,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:22:17,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:22:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-06 16:22:20,551] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:22:20,552] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:22:20,559] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:22:20,571] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 16:22:23,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336543.7489805, 'message': 'Dec  6 16:22:23 hqnl0246134 sshd[232797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 16:22:23,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336543.7492576, 'message': 'Dec  6 16:22:23 hqnl0246134 sshd[232797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 16:22:25,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336545.7526147, 'message': 'Dec  6 16:22:24 hqnl0246134 sshd[232797]: Failed password for root from 61.177.173.18 port 64876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 16:22:25,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336545.7530372, 'message': 'Dec  6 16:22:25 hqnl0246134 sshd[232797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:22:27,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336547.7557225, 'message': 'Dec  6 16:22:27 hqnl0246134 sshd[232797]: Failed password for root from 61.177.173.18 port 64876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:22:31,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336551.762855, 'message': 'Dec  6 16:22:29 hqnl0246134 sshd[232797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 16:22:33,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336553.7657952, 'message': 'Dec  6 16:22:31 hqnl0246134 sshd[232797]: Failed password for root from 61.177.173.18 port 64876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
WARNING [2022-12-06 16:22:47,263] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:22:47,265] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:23:08,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:23:08,843] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0304 seconds
INFO    [2022-12-06 16:23:17,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:23:17,864] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:23:17,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:23:17,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
INFO    [2022-12-06 16:23:17,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336597.865626, 'message': 'Dec  6 16:23:16 hqnl0246134 sshd[232840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 16:23:17,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336597.8658328, 'message': 'Dec  6 16:23:16 hqnl0246134 sshd[232840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:23:19,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336599.8457794, 'message': 'Dec  6 16:23:18 hqnl0246134 sshd[232840]: Failed password for root from 61.177.173.18 port 55946 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 16:23:19,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336599.8461304, 'message': 'Dec  6 16:23:18 hqnl0246134 sshd[232840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 16:23:20,562] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:23:20,562] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:23:20,570] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:23:20,582] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 16:23:21,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336601.8485422, 'message': 'Dec  6 16:23:20 hqnl0246134 sshd[232840]: Failed password for root from 61.177.173.18 port 55946 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0509 seconds
INFO    [2022-12-06 16:23:23,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336603.8497143, 'message': 'Dec  6 16:23:22 hqnl0246134 sshd[232840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:23:25,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336605.8510566, 'message': 'Dec  6 16:23:25 hqnl0246134 sshd[232840]: Failed password for root from 61.177.173.18 port 55946 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 16:23:29,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:23:29,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:23:29,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:23:29,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-06 16:23:47,269] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:23:47,270] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:24:08,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:24:08,854] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0369 seconds
INFO    [2022-12-06 16:24:09,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336649.891951, 'message': 'Dec  6 16:24:09 hqnl0246134 sshd[232917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 16:24:09,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336649.8922458, 'message': 'Dec  6 16:24:09 hqnl0246134 sshd[232917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 16:24:13,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336653.89735, 'message': 'Dec  6 16:24:12 hqnl0246134 sshd[232917]: Failed password for root from 61.177.173.18 port 51396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:24:15,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336655.8989453, 'message': 'Dec  6 16:24:14 hqnl0246134 sshd[232917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:24:17,707] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:24:17,708] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:24:17,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:24:17,737] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-06 16:24:17,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336657.9015136, 'message': 'Dec  6 16:24:16 hqnl0246134 sshd[232917]: Failed password for root from 61.177.173.18 port 51396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:24:19,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336659.9035234, 'message': 'Dec  6 16:24:18 hqnl0246134 sshd[232917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 16:24:20,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:24:20,489] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:24:20,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:24:20,509] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 16:24:21,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336661.907797, 'message': 'Dec  6 16:24:19 hqnl0246134 sshd[232917]: Failed password for root from 61.177.173.18 port 51396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 16:24:44,885] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:24:44,957] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:24:44,958] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:24:44,958] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:24:44,959] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:24:44,959] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:24:44,974] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:24:44,994] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0336 seconds
WARNING [2022-12-06 16:24:45,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:24:45,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:24:45,021] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0325 seconds
INFO    [2022-12-06 16:24:45,022] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0304 seconds
WARNING [2022-12-06 16:24:47,273] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:24:47,274] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:25:04,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336704.0022218, 'message': 'Dec  6 16:25:02 hqnl0246134 sshd[232947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 16:25:04,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336704.00264, 'message': 'Dec  6 16:25:02 hqnl0246134 sshd[232947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 16:25:06,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336706.0045276, 'message': 'Dec  6 16:25:04 hqnl0246134 sshd[232947]: Failed password for root from 61.177.173.18 port 45144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 16:25:08,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336708.0100958, 'message': 'Dec  6 16:25:06 hqnl0246134 sshd[232947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
WARNING [2022-12-06 16:25:08,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:25:08,847] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0254 seconds
INFO    [2022-12-06 16:25:10,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336710.0139842, 'message': 'Dec  6 16:25:08 hqnl0246134 sshd[232947]: Failed password for root from 61.177.173.18 port 45144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:25:10,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336710.0141585, 'message': 'Dec  6 16:25:08 hqnl0246134 sshd[232947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:25:12,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336712.0162096, 'message': 'Dec  6 16:25:11 hqnl0246134 sshd[232947]: Failed password for root from 61.177.173.18 port 45144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:25:15,085] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:25:15,085] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:25:15,086] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 16:25:16,179] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:25:16,180] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:25:16,187] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:25:16,198] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 16:25:17,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:25:17,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:25:17,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:25:17,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 16:25:20,416] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:25:20,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:25:20,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:25:20,434] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
WARNING [2022-12-06 16:25:47,278] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:25:47,279] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:25:54,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336754.1098278, 'message': 'Dec  6 16:25:53 hqnl0246134 sshd[233019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 16:25:54,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336754.1106071, 'message': 'Dec  6 16:25:53 hqnl0246134 sshd[233019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:25:56,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336756.1135478, 'message': 'Dec  6 16:25:54 hqnl0246134 sshd[233019]: Failed password for root from 61.177.173.18 port 36192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:25:56,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336756.113767, 'message': 'Dec  6 16:25:55 hqnl0246134 sshd[233019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:25:58,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336758.1191535, 'message': 'Dec  6 16:25:57 hqnl0246134 sshd[233019]: Failed password for root from 61.177.173.18 port 36192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:25:58,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336758.119362, 'message': 'Dec  6 16:25:57 hqnl0246134 sshd[233019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:26:00,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336760.1241164, 'message': 'Dec  6 16:25:59 hqnl0246134 sshd[233019]: Failed password for root from 61.177.173.18 port 36192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-06 16:26:08,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:26:08,859] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-06 16:26:17,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:26:17,984] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:26:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:26:18,003] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 16:26:20,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336780.156933, 'message': 'Dec  6 16:26:19 hqnl0246134 sshd[233051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 16:26:20,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336780.1571689, 'message': 'Dec  6 16:26:19 hqnl0246134 sshd[233051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:26:20,739] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:26:20,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:26:20,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:26:20,757] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 16:26:22,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336782.1581059, 'message': 'Dec  6 16:26:21 hqnl0246134 sshd[233051]: Failed password for root from 61.177.173.50 port 20202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:26:22,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336782.1583474, 'message': 'Dec  6 16:26:21 hqnl0246134 sshd[233051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:26:24,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336784.160258, 'message': 'Dec  6 16:26:23 hqnl0246134 sshd[233051]: Failed password for root from 61.177.173.50 port 20202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 16:26:24,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336784.1605115, 'message': 'Dec  6 16:26:24 hqnl0246134 sshd[233051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 16:26:26,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336786.1650884, 'message': 'Dec  6 16:26:25 hqnl0246134 sshd[233051]: Failed password for root from 61.177.173.50 port 20202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 16:26:28,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:26:28,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:26:28,959] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:26:28,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 16:26:34,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336794.170426, 'message': 'Dec  6 16:26:32 hqnl0246134 sshd[233064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 16:26:34,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336794.1711097, 'message': 'Dec  6 16:26:32 hqnl0246134 sshd[233064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:26:36,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336796.1696553, 'message': 'Dec  6 16:26:35 hqnl0246134 sshd[233064]: Failed password for root from 61.177.173.50 port 16782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:26:38,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336798.1712306, 'message': 'Dec  6 16:26:37 hqnl0246134 sshd[233064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:26:40,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336800.1739078, 'message': 'Dec  6 16:26:39 hqnl0246134 sshd[233064]: Failed password for root from 61.177.173.50 port 16782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 16:26:42,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336802.1746242, 'message': 'Dec  6 16:26:41 hqnl0246134 sshd[233064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 16:26:44,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670336804.1752121, 'message': 'Dec  6 16:26:43 hqnl0246134 sshd[233064]: Failed password for root from 61.177.173.50 port 16782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0621 seconds
INFO    [2022-12-06 16:26:46,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336806.1779013, 'message': 'Dec  6 16:26:45 hqnl0246134 sshd[233079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 16:26:46,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336806.1782155, 'message': 'Dec  6 16:26:45 hqnl0246134 sshd[233079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 16:26:47,283] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:26:47,284] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:26:48,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336808.1812658, 'message': 'Dec  6 16:26:47 hqnl0246134 sshd[233079]: Failed password for root from 61.177.173.18 port 33014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:26:48,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336808.1815593, 'message': 'Dec  6 16:26:47 hqnl0246134 sshd[233079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 16:26:50,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336810.183866, 'message': 'Dec  6 16:26:49 hqnl0246134 sshd[233079]: Failed password for root from 61.177.173.18 port 33014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:26:50,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336810.1841688, 'message': 'Dec  6 16:26:49 hqnl0246134 sshd[233079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:26:52,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336812.185618, 'message': 'Dec  6 16:26:51 hqnl0246134 sshd[233079]: Failed password for root from 61.177.173.18 port 33014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 16:26:56,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.62.197.164', 'timestamp': 1670336816.195254, 'message': 'Dec  6 16:26:56 hqnl0246134 sshd[233091]: Invalid user  from 64.62.197.164 port 20089', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-06 16:27:08,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:27:08,862] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-06 16:27:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:27:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:27:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:27:17,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 16:27:20,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336840.2233324, 'message': 'Dec  6 16:27:18 hqnl0246134 sshd[233112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:27:20,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336840.2237053, 'message': 'Dec  6 16:27:18 hqnl0246134 sshd[233112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:27:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:27:20,659] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:27:20,671] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:27:20,690] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0293 seconds
INFO    [2022-12-06 16:27:22,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336842.224814, 'message': 'Dec  6 16:27:20 hqnl0246134 sshd[233112]: Failed password for root from 61.177.173.48 port 25579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:27:22,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336842.2250268, 'message': 'Dec  6 16:27:20 hqnl0246134 sshd[233112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:27:24,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336844.2269578, 'message': 'Dec  6 16:27:22 hqnl0246134 sshd[233112]: Failed password for root from 61.177.173.48 port 25579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 16:27:24,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.122.7.237', 'timestamp': 1670336844.2274342, 'message': 'Dec  6 16:27:23 hqnl0246134 sshd[233126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.122.7.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-06 16:27:24,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336844.2272618, 'message': 'Dec  6 16:27:22 hqnl0246134 sshd[233112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-06 16:27:24,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.122.7.237', 'timestamp': 1670336844.2275956, 'message': 'Dec  6 16:27:23 hqnl0246134 sshd[233126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.122.7.237  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-06 16:27:24,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336844.2277493, 'message': 'Dec  6 16:27:24 hqnl0246134 sshd[233112]: Failed password for root from 61.177.173.48 port 25579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:27:26,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.122.7.237', 'timestamp': 1670336846.228079, 'message': 'Dec  6 16:27:25 hqnl0246134 sshd[233126]: Failed password for root from 20.122.7.237 port 39550 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 16:27:28,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336848.2304146, 'message': 'Dec  6 16:27:27 hqnl0246134 sshd[233128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 16:27:28,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336848.2306101, 'message': 'Dec  6 16:27:27 hqnl0246134 sshd[233128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:27:30,260] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:27:30,260] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:27:30,278] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:27:30,309] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0470 seconds
INFO    [2022-12-06 16:27:30,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336850.2629216, 'message': 'Dec  6 16:27:29 hqnl0246134 sshd[233128]: Failed password for root from 61.177.173.48 port 29054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 16:27:30,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336850.2631397, 'message': 'Dec  6 16:27:29 hqnl0246134 sshd[233128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 16:27:32,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336852.2338915, 'message': 'Dec  6 16:27:31 hqnl0246134 sshd[233128]: Failed password for root from 61.177.173.48 port 29054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 16:27:32,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336852.2340896, 'message': 'Dec  6 16:27:32 hqnl0246134 sshd[233128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:27:34,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336854.2374861, 'message': 'Dec  6 16:27:33 hqnl0246134 sshd[233128]: Failed password for root from 61.177.173.48 port 29054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 16:27:36,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336856.2379074, 'message': 'Dec  6 16:27:35 hqnl0246134 sshd[233144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:27:36,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336856.2381456, 'message': 'Dec  6 16:27:35 hqnl0246134 sshd[233144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:27:38,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336858.2418551, 'message': 'Dec  6 16:27:37 hqnl0246134 sshd[233146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 16:27:38,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336858.2425141, 'message': 'Dec  6 16:27:37 hqnl0246134 sshd[233144]: Failed password for root from 61.177.173.18 port 14130 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 16:27:38,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336858.2420645, 'message': 'Dec  6 16:27:37 hqnl0246134 sshd[233146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:27:40,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336860.2453213, 'message': 'Dec  6 16:27:39 hqnl0246134 sshd[233146]: Failed password for root from 61.177.173.48 port 36239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 16:27:40,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336860.2455087, 'message': 'Dec  6 16:27:40 hqnl0246134 sshd[233144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 16:27:42,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336862.2481568, 'message': 'Dec  6 16:27:41 hqnl0246134 sshd[233146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 16:27:42,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336862.2483845, 'message': 'Dec  6 16:27:41 hqnl0246134 sshd[233144]: Failed password for root from 61.177.173.18 port 14130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 16:27:44,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336864.251295, 'message': 'Dec  6 16:27:42 hqnl0246134 sshd[233144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:27:44,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336864.2515423, 'message': 'Dec  6 16:27:43 hqnl0246134 sshd[233146]: Failed password for root from 61.177.173.48 port 36239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:27:44,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336864.2518344, 'message': 'Dec  6 16:27:44 hqnl0246134 sshd[233144]: Failed password for root from 61.177.173.18 port 14130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:27:44,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336864.251723, 'message': 'Dec  6 16:27:44 hqnl0246134 sshd[233146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:27:46,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670336866.2533076, 'message': 'Dec  6 16:27:46 hqnl0246134 sshd[233146]: Failed password for root from 61.177.173.48 port 36239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0653 seconds
WARNING [2022-12-06 16:27:47,286] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:27:47,287] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:28:08,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:28:08,898] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0572 seconds
INFO    [2022-12-06 16:28:18,334] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:28:18,335] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:28:18,342] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:28:18,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 16:28:19,196] defence360agent.files: Updating all files
INFO    [2022-12-06 16:28:19,532] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:19,533] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 16:28:19,825] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:19,826] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 16:28:20,152] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:20,153] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 16:28:20,517] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:20,517] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 16:28:20,518] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 16:28:20,777] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 14:28:20 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E3A8FB8234D36'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 16:28:20,779] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 16:28:20,779] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 16:28:21,280] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:28:21,280] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:28:21,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:28:21,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 16:28:21,352] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:21,352] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 16:28:21,680] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:21,680] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 16:28:22,000] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:22,001] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 16:28:22,396] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:22,397] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 16:28:22,792] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 16:28:22,793] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 16:28:32,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336912.3179336, 'message': 'Dec  6 16:28:31 hqnl0246134 sshd[233218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:28:32,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336912.3181381, 'message': 'Dec  6 16:28:31 hqnl0246134 sshd[233218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:28:34,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336914.3210928, 'message': 'Dec  6 16:28:34 hqnl0246134 sshd[233218]: Failed password for root from 61.177.173.18 port 64943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:28:36,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336916.321784, 'message': 'Dec  6 16:28:36 hqnl0246134 sshd[233218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-06 16:28:38,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336918.323799, 'message': 'Dec  6 16:28:38 hqnl0246134 sshd[233218]: Failed password for root from 61.177.173.18 port 64943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:28:40,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336920.3272002, 'message': 'Dec  6 16:28:39 hqnl0246134 sshd[233218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:28:42,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336922.3298464, 'message': 'Dec  6 16:28:41 hqnl0246134 sshd[233218]: Failed password for root from 61.177.173.18 port 64943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:28:45,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:28:45,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:28:45,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:28:46,009] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 16:28:47,290] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:28:47,291] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:29:02,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336942.3670704, 'message': 'Dec  6 16:29:02 hqnl0246134 sshd[233241]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:29:02,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336942.367636, 'message': 'Dec  6 16:29:02 hqnl0246134 sshd[233241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:29:04,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336944.3662934, 'message': 'Dec  6 16:29:04 hqnl0246134 sshd[233241]: Failed password for root from 61.177.172.108 port 14224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 16:29:06,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336946.3687959, 'message': 'Dec  6 16:29:06 hqnl0246134 sshd[233241]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:29:08,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336948.369525, 'message': 'Dec  6 16:29:08 hqnl0246134 sshd[233241]: Failed password for root from 61.177.172.108 port 14224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 16:29:08,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:29:08,891] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0458 seconds
INFO    [2022-12-06 16:29:10,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336950.3719919, 'message': 'Dec  6 16:29:08 hqnl0246134 sshd[233241]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:29:12,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336952.3736546, 'message': 'Dec  6 16:29:11 hqnl0246134 sshd[233241]: Failed password for root from 61.177.172.108 port 14224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 16:29:16,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336956.3789632, 'message': 'Dec  6 16:29:15 hqnl0246134 sshd[233261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:29:16,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336956.3792298, 'message': 'Dec  6 16:29:15 hqnl0246134 sshd[233261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:29:17,971] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:29:17,972] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:29:17,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:29:17,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 16:29:18,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336958.3806448, 'message': 'Dec  6 16:29:18 hqnl0246134 sshd[233261]: Failed password for root from 61.177.172.108 port 63325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:29:20,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336960.38383, 'message': 'Dec  6 16:29:19 hqnl0246134 sshd[233261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:29:20,559] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:29:20,559] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:29:20,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:29:20,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 16:29:22,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336962.38735, 'message': 'Dec  6 16:29:22 hqnl0246134 sshd[233261]: Failed password for root from 61.177.172.108 port 63325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:29:24,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336964.3901496, 'message': 'Dec  6 16:29:24 hqnl0246134 sshd[233274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 16:29:24,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336964.390621, 'message': 'Dec  6 16:29:24 hqnl0246134 sshd[233261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 16:29:24,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336964.390451, 'message': 'Dec  6 16:29:24 hqnl0246134 sshd[233274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:29:28,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336968.3935523, 'message': 'Dec  6 16:29:26 hqnl0246134 sshd[233274]: Failed password for root from 61.177.173.18 port 57731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:29:28,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336968.3937237, 'message': 'Dec  6 16:29:26 hqnl0246134 sshd[233261]: Failed password for root from 61.177.172.108 port 63325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 16:29:28,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336968.3938367, 'message': 'Dec  6 16:29:28 hqnl0246134 sshd[233274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:29:30,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336970.3961575, 'message': 'Dec  6 16:29:30 hqnl0246134 sshd[233274]: Failed password for root from 61.177.173.18 port 57731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:29:32,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336972.398005, 'message': 'Dec  6 16:29:31 hqnl0246134 sshd[233274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1077 seconds
INFO    [2022-12-06 16:29:32,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336972.398208, 'message': 'Dec  6 16:29:31 hqnl0246134 sshd[233278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1078 seconds
INFO    [2022-12-06 16:29:32,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336972.398322, 'message': 'Dec  6 16:29:31 hqnl0246134 sshd[233278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 16:29:34,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670336974.4206705, 'message': 'Dec  6 16:29:33 hqnl0246134 sshd[233274]: Failed password for root from 61.177.173.18 port 57731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2264 seconds
INFO    [2022-12-06 16:29:36,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336976.4021268, 'message': 'Dec  6 16:29:34 hqnl0246134 sshd[233278]: Failed password for root from 61.177.172.108 port 61561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 16:29:38,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336978.4047482, 'message': 'Dec  6 16:29:36 hqnl0246134 sshd[233278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0671 seconds
INFO    [2022-12-06 16:29:40,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336980.4055457, 'message': 'Dec  6 16:29:39 hqnl0246134 sshd[233278]: Failed password for root from 61.177.172.108 port 61561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0913 seconds
INFO    [2022-12-06 16:29:42,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336982.4079993, 'message': 'Dec  6 16:29:41 hqnl0246134 sshd[233278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 16:29:44,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336984.4105814, 'message': 'Dec  6 16:29:43 hqnl0246134 sshd[233278]: Failed password for root from 61.177.172.108 port 61561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:29:46,468] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:29:46,469] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:29:46,490] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:29:46,510] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0393 seconds
INFO    [2022-12-06 16:29:46,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336986.4716337, 'message': 'Dec  6 16:29:45 hqnl0246134 sshd[233302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 16:29:46,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336986.4725077, 'message': 'Dec  6 16:29:45 hqnl0246134 sshd[233302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 16:29:47,294] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:29:47,295] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:29:48,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336988.4153154, 'message': 'Dec  6 16:29:47 hqnl0246134 sshd[233302]: Failed password for root from 61.177.172.108 port 50615 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 16:29:50,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336990.4179142, 'message': 'Dec  6 16:29:49 hqnl0246134 sshd[233302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:29:52,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336992.4207397, 'message': 'Dec  6 16:29:51 hqnl0246134 sshd[233302]: Failed password for root from 61.177.172.108 port 50615 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:29:54,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336994.423682, 'message': 'Dec  6 16:29:53 hqnl0246134 sshd[233302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:29:56,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670336996.4261363, 'message': 'Dec  6 16:29:55 hqnl0246134 sshd[233302]: Failed password for root from 61.177.172.108 port 50615 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 16:30:08,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:30:08,891] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0388 seconds
INFO    [2022-12-06 16:30:17,929] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:30:17,929] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:30:17,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:30:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 16:30:20,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337020.4688485, 'message': 'Dec  6 16:30:18 hqnl0246134 sshd[233353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 16:30:20,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337020.469151, 'message': 'Dec  6 16:30:18 hqnl0246134 sshd[233353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:30:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:30:20,660] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:30:20,667] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:30:20,678] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 16:30:22,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337022.4706805, 'message': 'Dec  6 16:30:20 hqnl0246134 sshd[233353]: Failed password for root from 61.177.173.18 port 59651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 16:30:24,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337024.4730854, 'message': 'Dec  6 16:30:22 hqnl0246134 sshd[233353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 16:30:24,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337024.4733822, 'message': 'Dec  6 16:30:24 hqnl0246134 sshd[233353]: Failed password for root from 61.177.173.18 port 59651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:30:26,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337026.4759898, 'message': 'Dec  6 16:30:25 hqnl0246134 sshd[233353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:30:28,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337028.4764843, 'message': 'Dec  6 16:30:27 hqnl0246134 sshd[233353]: Failed password for root from 61.177.173.18 port 59651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 16:30:47,298] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:30:47,301] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:30:50,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337050.5040805, 'message': 'Dec  6 16:30:48 hqnl0246134 sshd[233386]: Invalid user william from 46.127.176.19 port 59862', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 16:30:50,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337050.5048232, 'message': 'Dec  6 16:30:49 hqnl0246134 sshd[233386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.127.176.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:30:50,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337050.5050364, 'message': 'Dec  6 16:30:49 hqnl0246134 sshd[233386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.127.176.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 16:30:52,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337052.5051184, 'message': 'Dec  6 16:30:51 hqnl0246134 sshd[233386]: Failed password for invalid user william from 46.127.176.19 port 59862 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:30:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337054.506408, 'message': 'Dec  6 16:30:52 hqnl0246134 sshd[233386]: Disconnected from invalid user william 46.127.176.19 port 59862 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:30:55,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:30:55,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:30:55,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:30:55,612] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-06 16:31:08,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:31:08,894] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-06 16:31:12,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337072.5271823, 'message': 'Dec  6 16:31:11 hqnl0246134 sshd[233413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:31:12,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337072.5274744, 'message': 'Dec  6 16:31:11 hqnl0246134 sshd[233413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:31:14,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337074.5293984, 'message': 'Dec  6 16:31:12 hqnl0246134 sshd[233413]: Failed password for root from 61.177.173.18 port 43557 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:31:14,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337074.5295944, 'message': 'Dec  6 16:31:13 hqnl0246134 sshd[233413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:31:16,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337076.5300176, 'message': 'Dec  6 16:31:15 hqnl0246134 sshd[233413]: Failed password for root from 61.177.173.18 port 43557 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:31:18,052] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:31:18,053] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:31:18,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:31:18,071] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 16:31:18,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337078.5334756, 'message': 'Dec  6 16:31:17 hqnl0246134 sshd[233413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:31:20,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337080.5365317, 'message': 'Dec  6 16:31:19 hqnl0246134 sshd[233413]: Failed password for root from 61.177.173.18 port 43557 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 16:31:20,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:31:20,927] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:31:20,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:31:20,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-06 16:31:47,305] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:31:47,307] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:31:48,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337108.6076033, 'message': 'Dec  6 16:31:47 hqnl0246134 sshd[233461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.104.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 16:31:48,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337108.608399, 'message': 'Dec  6 16:31:47 hqnl0246134 sshd[233461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.104.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:31:50,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337110.6087785, 'message': 'Dec  6 16:31:49 hqnl0246134 sshd[233461]: Failed password for root from 68.183.104.78 port 60676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 16:31:53,344] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 16:32:06,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337126.6368468, 'message': 'Dec  6 16:32:05 hqnl0246134 sshd[233483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 16:32:06,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337126.6374352, 'message': 'Dec  6 16:32:05 hqnl0246134 sshd[233483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 16:32:08,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337128.638678, 'message': 'Dec  6 16:32:07 hqnl0246134 sshd[233483]: Failed password for root from 61.177.173.18 port 45119 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
WARNING [2022-12-06 16:32:08,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:32:08,905] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0469 seconds
INFO    [2022-12-06 16:32:10,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337130.641222, 'message': 'Dec  6 16:32:09 hqnl0246134 sshd[233483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:32:12,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337132.6414742, 'message': 'Dec  6 16:32:12 hqnl0246134 sshd[233483]: Failed password for root from 61.177.173.18 port 45119 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:32:14,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337134.6444638, 'message': 'Dec  6 16:32:14 hqnl0246134 sshd[233483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:32:16,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337136.6459284, 'message': 'Dec  6 16:32:16 hqnl0246134 sshd[233483]: Failed password for root from 61.177.173.18 port 45119 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:32:19,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:32:19,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:32:19,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:32:19,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:32:22,552] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:32:22,553] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:32:22,559] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:32:22,570] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-06 16:32:40,624] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:32:40,696] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:32:40,697] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:32:40,698] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:32:40,698] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:32:40,699] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:32:40,719] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:32:40,748] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0481 seconds
WARNING [2022-12-06 16:32:40,761] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:32:40,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:32:40,787] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0493 seconds
INFO    [2022-12-06 16:32:40,789] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0451 seconds
WARNING [2022-12-06 16:32:47,310] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:32:47,312] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:32:58,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337178.727061, 'message': 'Dec  6 16:32:57 hqnl0246134 sshd[233518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:32:58,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337178.727411, 'message': 'Dec  6 16:32:57 hqnl0246134 sshd[233518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:33:00,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337180.73014, 'message': 'Dec  6 16:32:59 hqnl0246134 sshd[233518]: Failed password for root from 61.177.173.18 port 39475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:33:00,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337180.730342, 'message': 'Dec  6 16:32:59 hqnl0246134 sshd[233518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:33:02,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337182.7332137, 'message': 'Dec  6 16:33:01 hqnl0246134 sshd[233518]: Failed password for root from 61.177.173.18 port 39475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:33:02,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337182.7334166, 'message': 'Dec  6 16:33:02 hqnl0246134 sshd[233518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:33:04,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337184.7340167, 'message': 'Dec  6 16:33:03 hqnl0246134 sshd[233518]: Failed password for root from 61.177.173.18 port 39475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0613 seconds
INFO    [2022-12-06 16:33:07,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:33:07,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:33:07,621] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:33:07,634] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 16:33:08,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:33:08,908] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0465 seconds
INFO    [2022-12-06 16:33:11,934] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:33:11,934] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:33:11,935] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 16:33:17,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:33:17,883] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:33:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:33:17,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 16:33:21,046] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:33:21,047] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:33:21,057] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:33:21,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-06 16:33:47,317] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:33:47,319] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:33:50,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337230.830007, 'message': 'Dec  6 16:33:48 hqnl0246134 sshd[233569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:33:50,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337230.8313522, 'message': 'Dec  6 16:33:49 hqnl0246134 sshd[233569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:33:52,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337232.833692, 'message': 'Dec  6 16:33:51 hqnl0246134 sshd[233569]: Failed password for root from 61.177.173.18 port 31057 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:33:52,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337232.834068, 'message': 'Dec  6 16:33:51 hqnl0246134 sshd[233569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 16:33:54,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337234.8394344, 'message': 'Dec  6 16:33:53 hqnl0246134 sshd[233569]: Failed password for root from 61.177.173.18 port 31057 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:33:56,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337236.8455818, 'message': 'Dec  6 16:33:55 hqnl0246134 sshd[233569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:33:58,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337238.8503158, 'message': 'Dec  6 16:33:57 hqnl0246134 sshd[233569]: Failed password for root from 61.177.173.18 port 31057 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 16:33:58,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337238.8505502, 'message': 'Dec  6 16:33:58 hqnl0246134 sshd[233571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 16:33:58,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337238.850677, 'message': 'Dec  6 16:33:58 hqnl0246134 sshd[233571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:34:00,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337240.854336, 'message': 'Dec  6 16:34:00 hqnl0246134 sshd[233571]: Failed password for root from 61.177.173.52 port 60183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:34:00,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337240.8545055, 'message': 'Dec  6 16:34:00 hqnl0246134 sshd[233571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 16:34:04,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337244.8593552, 'message': 'Dec  6 16:34:03 hqnl0246134 sshd[233571]: Failed password for root from 61.177.173.52 port 60183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:34:06,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337246.8666146, 'message': 'Dec  6 16:34:05 hqnl0246134 sshd[233571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 16:34:06,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337246.8670535, 'message': 'Dec  6 16:34:06 hqnl0246134 sshd[233571]: Failed password for root from 61.177.173.52 port 60183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 16:34:08,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:34:08,897] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-06 16:34:09,869] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:34:09,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:34:09,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:34:09,890] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 16:34:10,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337250.8731666, 'message': 'Dec  6 16:34:09 hqnl0246134 sshd[233590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:34:10,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337250.8733766, 'message': 'Dec  6 16:34:09 hqnl0246134 sshd[233590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:34:12,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337252.877965, 'message': 'Dec  6 16:34:11 hqnl0246134 sshd[233590]: Failed password for root from 61.177.173.52 port 35263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 16:34:14,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337254.8865228, 'message': 'Dec  6 16:34:13 hqnl0246134 sshd[233590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:34:16,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337256.8890584, 'message': 'Dec  6 16:34:15 hqnl0246134 sshd[233590]: Failed password for root from 61.177.173.52 port 35263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 16:34:17,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:34:17,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:34:17,704] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:34:17,717] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 16:34:18,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337258.889962, 'message': 'Dec  6 16:34:17 hqnl0246134 sshd[233590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:34:20,265] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:34:20,265] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:34:20,272] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:34:20,284] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 16:34:20,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337260.8925362, 'message': 'Dec  6 16:34:19 hqnl0246134 sshd[233590]: Failed password for root from 61.177.173.52 port 35263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 16:34:22,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337262.902377, 'message': 'Dec  6 16:34:22 hqnl0246134 sshd[233607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:34:22,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337262.9025667, 'message': 'Dec  6 16:34:22 hqnl0246134 sshd[233607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:34:24,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337264.9060695, 'message': 'Dec  6 16:34:24 hqnl0246134 sshd[233607]: Failed password for root from 61.177.173.52 port 20507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:34:24,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337264.9062986, 'message': 'Dec  6 16:34:24 hqnl0246134 sshd[233607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:34:26,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337266.9089067, 'message': 'Dec  6 16:34:26 hqnl0246134 sshd[233607]: Failed password for root from 61.177.173.52 port 20507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 16:34:28,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337268.9115412, 'message': 'Dec  6 16:34:27 hqnl0246134 sshd[233607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 16:34:30,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670337270.9131198, 'message': 'Dec  6 16:34:29 hqnl0246134 sshd[233607]: Failed password for root from 61.177.173.52 port 20507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:34:40,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337280.9493754, 'message': 'Dec  6 16:34:40 hqnl0246134 sshd[233622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 16:34:40,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337280.9499743, 'message': 'Dec  6 16:34:40 hqnl0246134 sshd[233622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:34:42,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337282.959495, 'message': 'Dec  6 16:34:42 hqnl0246134 sshd[233622]: Failed password for root from 61.177.173.18 port 26411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:34:44,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337284.9706602, 'message': 'Dec  6 16:34:43 hqnl0246134 sshd[233622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 16:34:47,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337286.974398, 'message': 'Dec  6 16:34:45 hqnl0246134 sshd[233622]: Failed password for root from 61.177.173.18 port 26411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 16:34:47,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337286.9746668, 'message': 'Dec  6 16:34:45 hqnl0246134 sshd[233622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
WARNING [2022-12-06 16:34:47,323] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:34:47,324] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:34:48,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337288.9784975, 'message': 'Dec  6 16:34:47 hqnl0246134 sshd[233622]: Failed password for root from 61.177.173.18 port 26411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 16:35:08,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:35:08,915] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0434 seconds
INFO    [2022-12-06 16:35:18,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:35:18,136] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:35:18,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:35:18,155] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 16:35:20,876] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:35:20,877] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:35:20,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:35:20,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 16:35:33,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337333.067788, 'message': 'Dec  6 16:35:32 hqnl0246134 sshd[233682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:35:33,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337333.0684643, 'message': 'Dec  6 16:35:32 hqnl0246134 sshd[233682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:35:35,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337335.0702808, 'message': 'Dec  6 16:35:35 hqnl0246134 sshd[233682]: Failed password for root from 61.177.173.18 port 10665 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 16:35:37,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337337.073815, 'message': 'Dec  6 16:35:36 hqnl0246134 sshd[233682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:35:39,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337339.0779016, 'message': 'Dec  6 16:35:38 hqnl0246134 sshd[233682]: Failed password for root from 61.177.173.18 port 10665 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 16:35:41,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337341.0822325, 'message': 'Dec  6 16:35:41 hqnl0246134 sshd[233682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:35:45,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337345.0890853, 'message': 'Dec  6 16:35:43 hqnl0246134 sshd[233682]: Failed password for root from 61.177.173.18 port 10665 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 16:35:47,327] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:35:47,328] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:35:48,352] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:35:48,353] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:35:48,364] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:35:48,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
WARNING [2022-12-06 16:36:08,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:36:08,906] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0290 seconds
INFO    [2022-12-06 16:36:18,278] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:36:18,278] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:36:18,287] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:36:18,299] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 16:36:21,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:36:21,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:36:21,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:36:21,054] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 16:36:27,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337387.1732516, 'message': 'Dec  6 16:36:27 hqnl0246134 sshd[233755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:36:27,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337387.1735263, 'message': 'Dec  6 16:36:27 hqnl0246134 sshd[233755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:36:31,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337391.1820536, 'message': 'Dec  6 16:36:29 hqnl0246134 sshd[233755]: Failed password for root from 61.177.173.18 port 11795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 16:36:33,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337393.1818836, 'message': 'Dec  6 16:36:31 hqnl0246134 sshd[233755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 16:36:35,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337395.1824956, 'message': 'Dec  6 16:36:33 hqnl0246134 sshd[233755]: Failed password for root from 61.177.173.18 port 11795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 16:36:37,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337397.1839392, 'message': 'Dec  6 16:36:35 hqnl0246134 sshd[233755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:36:39,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337399.1861591, 'message': 'Dec  6 16:36:37 hqnl0246134 sshd[233755]: Failed password for root from 61.177.173.18 port 11795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-06 16:36:47,333] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:36:47,334] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:37:08,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:37:08,920] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-06 16:37:18,219] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:37:18,219] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:37:18,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:37:18,247] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0271 seconds
INFO    [2022-12-06 16:37:19,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337439.2423196, 'message': 'Dec  6 16:37:17 hqnl0246134 sshd[233804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:37:19,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337439.2426343, 'message': 'Dec  6 16:37:17 hqnl0246134 sshd[233804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:37:21,077] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:37:21,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:37:21,085] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:37:21,098] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 16:37:21,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337441.2453415, 'message': 'Dec  6 16:37:19 hqnl0246134 sshd[233804]: Failed password for root from 61.177.173.18 port 50102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:37:21,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337441.2455125, 'message': 'Dec  6 16:37:19 hqnl0246134 sshd[233804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:37:23,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337443.249903, 'message': 'Dec  6 16:37:21 hqnl0246134 sshd[233804]: Failed password for root from 61.177.173.18 port 50102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:37:23,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337443.2501311, 'message': 'Dec  6 16:37:22 hqnl0246134 sshd[233804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 16:37:25,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337445.2958686, 'message': 'Dec  6 16:37:23 hqnl0246134 sshd[233804]: Failed password for root from 61.177.173.18 port 50102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 16:37:27,055] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:37:27,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:37:27,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:37:27,128] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0632 seconds
INFO    [2022-12-06 16:37:29,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337449.2542417, 'message': 'Dec  6 16:37:27 hqnl0246134 sshd[233815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:37:29,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337449.2545006, 'message': 'Dec  6 16:37:27 hqnl0246134 sshd[233815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:37:31,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337451.2586849, 'message': 'Dec  6 16:37:30 hqnl0246134 sshd[233815]: Failed password for root from 61.177.173.51 port 58968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:37:33,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337453.2614436, 'message': 'Dec  6 16:37:31 hqnl0246134 sshd[233815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 16:37:35,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337455.2622225, 'message': 'Dec  6 16:37:33 hqnl0246134 sshd[233815]: Failed password for root from 61.177.173.51 port 58968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 16:37:35,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337455.2626176, 'message': 'Dec  6 16:37:34 hqnl0246134 sshd[233815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:37:37,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337457.2669127, 'message': 'Dec  6 16:37:35 hqnl0246134 sshd[233815]: Failed password for root from 61.177.173.51 port 58968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 16:37:39,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337459.2655864, 'message': 'Dec  6 16:37:38 hqnl0246134 sshd[233832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 16:37:39,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337459.265859, 'message': 'Dec  6 16:37:38 hqnl0246134 sshd[233832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 16:37:41,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337461.2676373, 'message': 'Dec  6 16:37:40 hqnl0246134 sshd[233832]: Failed password for root from 61.177.173.51 port 44934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:37:43,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337463.27052, 'message': 'Dec  6 16:37:42 hqnl0246134 sshd[233832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 16:37:45,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337465.274573, 'message': 'Dec  6 16:37:44 hqnl0246134 sshd[233832]: Failed password for root from 61.177.173.51 port 44934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 16:37:45,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337465.2748926, 'message': 'Dec  6 16:37:44 hqnl0246134 sshd[233832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 16:37:47,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670337467.2771919, 'message': 'Dec  6 16:37:46 hqnl0246134 sshd[233832]: Failed password for root from 61.177.173.51 port 44934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 16:37:47,337] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:37:47,338] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:37:51,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337471.2821012, 'message': 'Dec  6 16:37:50 hqnl0246134 sshd[233835]: Invalid user test from 20.122.7.237 port 54410', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:37:51,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337471.2828562, 'message': 'Dec  6 16:37:50 hqnl0246134 sshd[233835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.122.7.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:37:51,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337471.282965, 'message': 'Dec  6 16:37:50 hqnl0246134 sshd[233835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.122.7.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:37:55,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337475.4133635, 'message': 'Dec  6 16:37:53 hqnl0246134 sshd[233835]: Failed password for invalid user test from 20.122.7.237 port 54410 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:37:57,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337477.2906575, 'message': 'Dec  6 16:37:55 hqnl0246134 sshd[233835]: Disconnected from invalid user test 20.122.7.237 port 54410 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
WARNING [2022-12-06 16:38:08,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:38:08,935] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-06 16:38:11,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337491.3007927, 'message': 'Dec  6 16:38:09 hqnl0246134 sshd[233856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:38:11,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337491.301187, 'message': 'Dec  6 16:38:09 hqnl0246134 sshd[233856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:38:13,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337493.300812, 'message': 'Dec  6 16:38:11 hqnl0246134 sshd[233856]: Failed password for root from 61.177.173.18 port 40112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 16:38:15,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337495.3016691, 'message': 'Dec  6 16:38:13 hqnl0246134 sshd[233856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:38:17,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337497.3023255, 'message': 'Dec  6 16:38:15 hqnl0246134 sshd[233856]: Failed password for root from 61.177.173.18 port 40112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 16:38:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:38:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:38:17,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:38:18,006] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 16:38:19,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337499.3038678, 'message': 'Dec  6 16:38:18 hqnl0246134 sshd[233856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:38:20,703] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:38:20,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:38:20,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:38:20,728] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-06 16:38:21,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337501.3047035, 'message': 'Dec  6 16:38:20 hqnl0246134 sshd[233856]: Failed password for root from 61.177.173.18 port 40112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 16:38:47,342] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:38:47,343] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:39:01,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337541.3420167, 'message': 'Dec  6 16:39:00 hqnl0246134 sshd[233882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 16:39:01,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337541.3427, 'message': 'Dec  6 16:39:00 hqnl0246134 sshd[233882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 16:39:03,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337543.3421316, 'message': 'Dec  6 16:39:02 hqnl0246134 sshd[233882]: Failed password for root from 61.177.173.18 port 25482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 16:39:03,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337543.3424592, 'message': 'Dec  6 16:39:03 hqnl0246134 sshd[233882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 16:39:07,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337547.3452933, 'message': 'Dec  6 16:39:05 hqnl0246134 sshd[233882]: Failed password for root from 61.177.173.18 port 25482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
WARNING [2022-12-06 16:39:08,906] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:39:08,924] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0253 seconds
INFO    [2022-12-06 16:39:09,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337549.3471453, 'message': 'Dec  6 16:39:07 hqnl0246134 sshd[233882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:39:11,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337551.3497734, 'message': 'Dec  6 16:39:09 hqnl0246134 sshd[233882]: Failed password for root from 61.177.173.18 port 25482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1157 seconds
INFO    [2022-12-06 16:39:12,557] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:39:12,558] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:39:12,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:39:12,590] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-06 16:39:17,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:39:17,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:39:17,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:39:17,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 16:39:22,491] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:39:22,492] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:39:22,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:39:22,516] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 16:39:39,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337579.3827834, 'message': 'Dec  6 16:39:38 hqnl0246134 sshd[234058]: Invalid user elastic from 46.127.176.19 port 46700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 16:39:39,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337579.3834672, 'message': 'Dec  6 16:39:38 hqnl0246134 sshd[234058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.127.176.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:39:39,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337579.3836815, 'message': 'Dec  6 16:39:38 hqnl0246134 sshd[234058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.127.176.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:39:41,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337581.3847868, 'message': 'Dec  6 16:39:40 hqnl0246134 sshd[234058]: Failed password for invalid user elastic from 46.127.176.19 port 46700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:39:41,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337581.3849971, 'message': 'Dec  6 16:39:41 hqnl0246134 sshd[234058]: Disconnected from invalid user elastic 46.127.176.19 port 46700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:39:45,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337585.38946, 'message': 'Dec  6 16:39:43 hqnl0246134 sshd[234061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:39:45,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337585.3897676, 'message': 'Dec  6 16:39:43 hqnl0246134 sshd[234061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 16:39:47,345] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:39:47,346] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:39:47,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337587.3895886, 'message': 'Dec  6 16:39:45 hqnl0246134 sshd[234061]: Failed password for root from 61.177.173.35 port 35255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:39:49,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337589.392434, 'message': 'Dec  6 16:39:48 hqnl0246134 sshd[234061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 16:39:51,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337591.3940847, 'message': 'Dec  6 16:39:49 hqnl0246134 sshd[234061]: Failed password for root from 61.177.173.35 port 35255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 16:39:51,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337591.3942933, 'message': 'Dec  6 16:39:50 hqnl0246134 sshd[234065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:39:51,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337591.3946178, 'message': 'Dec  6 16:39:50 hqnl0246134 sshd[234061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 16:39:51,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337591.3944604, 'message': 'Dec  6 16:39:50 hqnl0246134 sshd[234065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 16:39:53,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337593.3976328, 'message': 'Dec  6 16:39:52 hqnl0246134 sshd[234065]: Failed password for root from 61.177.173.18 port 14514 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 16:39:53,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337593.397979, 'message': 'Dec  6 16:39:52 hqnl0246134 sshd[234061]: Failed password for root from 61.177.173.35 port 35255 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 16:39:53,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337593.3995802, 'message': 'Dec  6 16:39:52 hqnl0246134 sshd[234065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:39:55,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337595.3978565, 'message': 'Dec  6 16:39:54 hqnl0246134 sshd[234065]: Failed password for root from 61.177.173.18 port 14514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 16:39:55,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337595.398188, 'message': 'Dec  6 16:39:55 hqnl0246134 sshd[234069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-06 16:39:55,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337595.3980744, 'message': 'Dec  6 16:39:54 hqnl0246134 sshd[234065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 16:39:55,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337595.3983066, 'message': 'Dec  6 16:39:55 hqnl0246134 sshd[234069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 16:39:57,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337597.4004743, 'message': 'Dec  6 16:39:56 hqnl0246134 sshd[234065]: Failed password for root from 61.177.173.18 port 14514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 16:39:59,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337599.4013066, 'message': 'Dec  6 16:39:57 hqnl0246134 sshd[234069]: Failed password for root from 61.177.173.35 port 64838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:40:01,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337601.4048116, 'message': 'Dec  6 16:39:59 hqnl0246134 sshd[234069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0974 seconds
INFO    [2022-12-06 16:40:01,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337601.405059, 'message': 'Dec  6 16:40:01 hqnl0246134 sshd[234069]: Failed password for root from 61.177.173.35 port 64838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 16:40:03,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337603.4088075, 'message': 'Dec  6 16:40:02 hqnl0246134 sshd[234069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:40:05,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337605.4083157, 'message': 'Dec  6 16:40:04 hqnl0246134 sshd[234069]: Failed password for root from 61.177.173.35 port 64838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 16:40:07,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337607.4111333, 'message': 'Dec  6 16:40:05 hqnl0246134 sshd[234116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 16:40:07,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337607.4114919, 'message': 'Dec  6 16:40:05 hqnl0246134 sshd[234116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 16:40:08,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:40:08,944] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-06 16:40:09,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337609.413711, 'message': 'Dec  6 16:40:07 hqnl0246134 sshd[234116]: Failed password for root from 61.177.173.35 port 37638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:40:11,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337611.4177363, 'message': 'Dec  6 16:40:10 hqnl0246134 sshd[234116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 16:40:11,907] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:40:11,974] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:40:11,975] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:40:11,975] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:40:11,975] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:40:11,975] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:40:11,984] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:40:11,999] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0238 seconds
WARNING [2022-12-06 16:40:12,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:40:12,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:40:12,026] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0327 seconds
INFO    [2022-12-06 16:40:12,028] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0309 seconds
INFO    [2022-12-06 16:40:13,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337613.4182773, 'message': 'Dec  6 16:40:12 hqnl0246134 sshd[234116]: Failed password for root from 61.177.173.35 port 37638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 16:40:15,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337615.4206223, 'message': 'Dec  6 16:40:14 hqnl0246134 sshd[234116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 16:40:17,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670337617.422427, 'message': 'Dec  6 16:40:16 hqnl0246134 sshd[234116]: Failed password for root from 61.177.173.35 port 37638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:40:17,969] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:40:17,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:40:17,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:40:17,988] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 16:40:19,417] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:40:19,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:40:19,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:40:19,437] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:40:20,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:40:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:40:20,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:40:20,618] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0382 seconds
INFO    [2022-12-06 16:40:25,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337625.4339993, 'message': 'Dec  6 16:40:24 hqnl0246134 sshd[234153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.122.7.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:40:25,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337625.4343555, 'message': 'Dec  6 16:40:24 hqnl0246134 sshd[234153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.122.7.237  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:40:27,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337627.4372816, 'message': 'Dec  6 16:40:26 hqnl0246134 sshd[234153]: Failed password for root from 20.122.7.237 port 57754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 16:40:37,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337637.4744132, 'message': 'Dec  6 16:40:36 hqnl0246134 sshd[234166]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.104.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1258 seconds
INFO    [2022-12-06 16:40:37,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337637.4748163, 'message': 'Dec  6 16:40:36 hqnl0246134 sshd[234166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.104.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 16:40:39,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337639.4500418, 'message': 'Dec  6 16:40:38 hqnl0246134 sshd[234166]: Failed password for root from 68.183.104.78 port 35150 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 16:40:42,102] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:40:42,103] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:40:42,104] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 16:40:43,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337643.45393, 'message': 'Dec  6 16:40:43 hqnl0246134 sshd[234177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 16:40:43,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337643.4541984, 'message': 'Dec  6 16:40:43 hqnl0246134 sshd[234177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:40:45,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337645.4567704, 'message': 'Dec  6 16:40:45 hqnl0246134 sshd[234177]: Failed password for root from 61.177.173.18 port 13748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 16:40:47,349] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:40:47,350] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:40:47,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337647.4595478, 'message': 'Dec  6 16:40:45 hqnl0246134 sshd[234177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:40:49,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337649.4615629, 'message': 'Dec  6 16:40:47 hqnl0246134 sshd[234177]: Failed password for root from 61.177.173.18 port 13748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 16:40:51,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337651.4638815, 'message': 'Dec  6 16:40:50 hqnl0246134 sshd[234177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 16:40:53,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337653.4659438, 'message': 'Dec  6 16:40:52 hqnl0246134 sshd[234177]: Failed password for root from 61.177.173.18 port 13748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-06 16:41:08,929] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:41:08,957] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0444 seconds
INFO    [2022-12-06 16:41:17,917] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:41:17,918] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:41:17,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:41:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 16:41:20,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:41:20,543] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:41:20,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:41:20,560] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 16:41:37,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337697.5205498, 'message': 'Dec  6 16:41:35 hqnl0246134 sshd[234215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:41:37,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337697.520899, 'message': 'Dec  6 16:41:35 hqnl0246134 sshd[234215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:41:37,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337697.5210702, 'message': 'Dec  6 16:41:37 hqnl0246134 sshd[234215]: Failed password for root from 61.177.173.18 port 54463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 16:41:39,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337699.521528, 'message': 'Dec  6 16:41:37 hqnl0246134 sshd[234215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 16:41:41,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337701.5215406, 'message': 'Dec  6 16:41:40 hqnl0246134 sshd[234215]: Failed password for root from 61.177.173.18 port 54463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:41:43,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337703.5219042, 'message': 'Dec  6 16:41:42 hqnl0246134 sshd[234215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 16:41:45,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337705.5244443, 'message': 'Dec  6 16:41:44 hqnl0246134 sshd[234215]: Failed password for root from 61.177.173.18 port 54463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
WARNING [2022-12-06 16:41:47,352] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:41:47,353] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:41:48,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:41:48,984] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:41:48,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:41:49,018] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0336 seconds
WARNING [2022-12-06 16:41:53,346] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 16:42:08,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:42:08,946] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0293 seconds
INFO    [2022-12-06 16:42:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:42:17,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:42:17,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:42:17,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 16:42:20,367] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:42:20,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:42:20,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:42:20,386] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 16:42:29,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337749.584881, 'message': 'Dec  6 16:42:29 hqnl0246134 sshd[234275]: Invalid user ircd from 46.127.176.19 port 35916', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:42:31,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337751.586801, 'message': 'Dec  6 16:42:29 hqnl0246134 sshd[234275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.127.176.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 16:42:31,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337751.5872483, 'message': 'Dec  6 16:42:30 hqnl0246134 sshd[234273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 16:42:31,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337751.587026, 'message': 'Dec  6 16:42:29 hqnl0246134 sshd[234275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.127.176.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 16:42:31,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337751.5874035, 'message': 'Dec  6 16:42:30 hqnl0246134 sshd[234273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 16:42:31,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337751.5875366, 'message': 'Dec  6 16:42:31 hqnl0246134 sshd[234275]: Failed password for invalid user ircd from 46.127.176.19 port 35916 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 16:42:33,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337753.5903602, 'message': 'Dec  6 16:42:32 hqnl0246134 sshd[234275]: Disconnected from invalid user ircd 46.127.176.19 port 35916 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 16:42:33,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337753.590604, 'message': 'Dec  6 16:42:32 hqnl0246134 sshd[234273]: Failed password for root from 61.177.173.18 port 48929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:42:35,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337755.5926836, 'message': 'Dec  6 16:42:34 hqnl0246134 sshd[234273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:42:37,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337757.5935335, 'message': 'Dec  6 16:42:36 hqnl0246134 sshd[234273]: Failed password for root from 61.177.173.18 port 48929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:42:39,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337759.5963056, 'message': 'Dec  6 16:42:39 hqnl0246134 sshd[234273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 16:42:41,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337761.5980413, 'message': 'Dec  6 16:42:40 hqnl0246134 sshd[234273]: Failed password for root from 61.177.173.18 port 48929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 16:42:47,357] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:42:47,358] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:43:08,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:43:08,953] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0332 seconds
INFO    [2022-12-06 16:43:18,114] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:43:18,115] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:43:18,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:43:18,141] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-06 16:43:20,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:43:20,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:43:20,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:43:21,003] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0313 seconds
INFO    [2022-12-06 16:43:23,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337803.647851, 'message': 'Dec  6 16:43:21 hqnl0246134 sshd[234332]: Invalid user vivek from 20.122.7.237 port 42594', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:43:23,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337803.6483927, 'message': 'Dec  6 16:43:21 hqnl0246134 sshd[234332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.122.7.237 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 16:43:23,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337803.6486063, 'message': 'Dec  6 16:43:21 hqnl0246134 sshd[234332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.122.7.237 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:43:25,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337805.6488235, 'message': 'Dec  6 16:43:23 hqnl0246134 sshd[234332]: Failed password for invalid user vivek from 20.122.7.237 port 42594 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 16:43:25,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337805.6491406, 'message': 'Dec  6 16:43:24 hqnl0246134 sshd[234334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 16:43:25,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.122.7.237', 'timestamp': 1670337805.6490195, 'message': 'Dec  6 16:43:24 hqnl0246134 sshd[234332]: Disconnected from invalid user vivek 20.122.7.237 port 42594 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 16:43:25,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337805.6492488, 'message': 'Dec  6 16:43:24 hqnl0246134 sshd[234334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 16:43:26,714] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:43:26,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:43:26,722] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:43:26,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 16:43:27,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337807.6508622, 'message': 'Dec  6 16:43:25 hqnl0246134 sshd[234334]: Failed password for root from 61.177.173.18 port 37829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 16:43:27,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337807.6526682, 'message': 'Dec  6 16:43:27 hqnl0246134 sshd[234340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 16:43:27,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337807.6510408, 'message': 'Dec  6 16:43:26 hqnl0246134 sshd[234334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:43:27,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337807.6529064, 'message': 'Dec  6 16:43:27 hqnl0246134 sshd[234340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:43:29,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337809.652889, 'message': 'Dec  6 16:43:28 hqnl0246134 sshd[234334]: Failed password for root from 61.177.173.18 port 37829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:43:29,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337809.657432, 'message': 'Dec  6 16:43:28 hqnl0246134 sshd[234334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:43:31,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337811.6581986, 'message': 'Dec  6 16:43:29 hqnl0246134 sshd[234340]: Failed password for root from 61.177.172.114 port 48648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 16:43:31,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337811.658518, 'message': 'Dec  6 16:43:31 hqnl0246134 sshd[234334]: Failed password for root from 61.177.173.18 port 37829 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 16:43:31,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337811.6587224, 'message': 'Dec  6 16:43:31 hqnl0246134 sshd[234340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 16:43:33,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337813.6605017, 'message': 'Dec  6 16:43:33 hqnl0246134 sshd[234340]: Failed password for root from 61.177.172.114 port 48648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:43:35,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337815.6627753, 'message': 'Dec  6 16:43:33 hqnl0246134 sshd[234340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:43:35,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337815.6629796, 'message': 'Dec  6 16:43:35 hqnl0246134 sshd[234340]: Failed password for root from 61.177.172.114 port 48648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:43:37,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337817.6658483, 'message': 'Dec  6 16:43:36 hqnl0246134 sshd[234368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.104.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:43:37,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337817.6660612, 'message': 'Dec  6 16:43:36 hqnl0246134 sshd[234368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.104.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:43:39,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337819.6691198, 'message': 'Dec  6 16:43:38 hqnl0246134 sshd[234370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 16:43:39,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337819.6696172, 'message': 'Dec  6 16:43:38 hqnl0246134 sshd[234368]: Failed password for root from 68.183.104.78 port 48526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 16:43:39,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337819.6694546, 'message': 'Dec  6 16:43:38 hqnl0246134 sshd[234370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 16:43:41,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337821.6718428, 'message': 'Dec  6 16:43:40 hqnl0246134 sshd[234370]: Failed password for root from 61.177.172.114 port 14588 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:43:43,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337823.6756072, 'message': 'Dec  6 16:43:42 hqnl0246134 sshd[234370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:43:45,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337825.678219, 'message': 'Dec  6 16:43:44 hqnl0246134 sshd[234370]: Failed password for root from 61.177.172.114 port 14588 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:43:45,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337825.6784072, 'message': 'Dec  6 16:43:44 hqnl0246134 sshd[234370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-06 16:43:47,362] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:43:47,363] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:43:47,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337827.6833925, 'message': 'Dec  6 16:43:46 hqnl0246134 sshd[234370]: Failed password for root from 61.177.172.114 port 14588 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:43:51,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337831.6945407, 'message': 'Dec  6 16:43:50 hqnl0246134 sshd[234382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:43:51,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337831.6947398, 'message': 'Dec  6 16:43:50 hqnl0246134 sshd[234382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:43:53,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337833.6967607, 'message': 'Dec  6 16:43:52 hqnl0246134 sshd[234382]: Failed password for root from 61.177.172.114 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:43:55,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337835.704993, 'message': 'Dec  6 16:43:54 hqnl0246134 sshd[234382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:43:57,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337837.711561, 'message': 'Dec  6 16:43:56 hqnl0246134 sshd[234382]: Failed password for root from 61.177.172.114 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:43:57,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337837.7117507, 'message': 'Dec  6 16:43:57 hqnl0246134 sshd[234382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:43:59,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337839.714544, 'message': 'Dec  6 16:43:59 hqnl0246134 sshd[234382]: Failed password for root from 61.177.172.114 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:44:01,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337841.7189326, 'message': 'Dec  6 16:44:01 hqnl0246134 sshd[234387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 16:44:01,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337841.719227, 'message': 'Dec  6 16:44:01 hqnl0246134 sshd[234387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 16:44:03,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337843.7221353, 'message': 'Dec  6 16:44:02 hqnl0246134 sshd[234387]: Failed password for root from 61.177.172.114 port 16235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:44:03,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337843.7225246, 'message': 'Dec  6 16:44:03 hqnl0246134 sshd[234387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:44:07,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337847.7340786, 'message': 'Dec  6 16:44:06 hqnl0246134 sshd[234387]: Failed password for root from 61.177.172.114 port 16235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 16:44:08,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:44:08,964] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 16:44:09,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337849.734592, 'message': 'Dec  6 16:44:07 hqnl0246134 sshd[234387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:44:11,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670337851.7367656, 'message': 'Dec  6 16:44:09 hqnl0246134 sshd[234387]: Failed password for root from 61.177.172.114 port 16235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 16:44:17,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337857.7448077, 'message': 'Dec  6 16:44:15 hqnl0246134 sshd[234410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:44:17,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337857.7451243, 'message': 'Dec  6 16:44:15 hqnl0246134 sshd[234410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:44:17,955] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:44:17,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:44:17,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:44:17,976] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 16:44:19,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337859.7483609, 'message': 'Dec  6 16:44:18 hqnl0246134 sshd[234410]: Failed password for root from 61.177.173.18 port 34591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 16:44:20,912] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:44:20,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:44:20,920] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:44:20,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 16:44:21,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337861.7488534, 'message': 'Dec  6 16:44:20 hqnl0246134 sshd[234410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:44:23,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337863.7496786, 'message': 'Dec  6 16:44:21 hqnl0246134 sshd[234410]: Failed password for root from 61.177.173.18 port 34591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-06 16:44:23,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337863.7499034, 'message': 'Dec  6 16:44:22 hqnl0246134 sshd[234410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 16:44:25,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337865.7536056, 'message': 'Dec  6 16:44:24 hqnl0246134 sshd[234410]: Failed password for root from 61.177.173.18 port 34591 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-06 16:44:47,367] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:44:47,368] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:45:08,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:45:08,964] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 16:45:09,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337909.8216145, 'message': 'Dec  6 16:45:08 hqnl0246134 sshd[234468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:45:09,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337909.8219612, 'message': 'Dec  6 16:45:08 hqnl0246134 sshd[234468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:45:11,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337911.8222084, 'message': 'Dec  6 16:45:10 hqnl0246134 sshd[234468]: Failed password for root from 61.177.173.18 port 27815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 16:45:11,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337911.8322926, 'message': 'Dec  6 16:45:11 hqnl0246134 sshd[234468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:45:13,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337913.8280184, 'message': 'Dec  6 16:45:12 hqnl0246134 sshd[234468]: Failed password for root from 61.177.173.18 port 27815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:45:13,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337913.829746, 'message': 'Dec  6 16:45:13 hqnl0246134 sshd[234468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:45:15,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337915.8295648, 'message': 'Dec  6 16:45:15 hqnl0246134 sshd[234468]: Failed password for root from 61.177.173.18 port 27815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 16:45:17,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337917.8303783, 'message': 'Dec  6 16:45:17 hqnl0246134 sshd[234491]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.127.176.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:45:17,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337917.8306742, 'message': 'Dec  6 16:45:17 hqnl0246134 sshd[234491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.127.176.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:45:18,246] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:45:18,247] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:45:18,259] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:45:18,280] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 16:45:19,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.127.176.19', 'timestamp': 1670337919.8328161, 'message': 'Dec  6 16:45:18 hqnl0246134 sshd[234491]: Failed password for root from 46.127.176.19 port 53372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:45:20,363] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:45:20,364] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:45:20,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:45:20,382] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 16:45:20,864] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:45:20,864] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:45:20,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:45:20,881] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
WARNING [2022-12-06 16:45:47,371] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:45:47,372] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:46:00,541] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:46:00,606] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:46:00,606] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:46:00,607] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:46:00,607] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:46:00,607] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:46:00,618] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:46:00,645] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0369 seconds
WARNING [2022-12-06 16:46:00,651] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:46:00,654] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:46:00,673] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0359 seconds
INFO    [2022-12-06 16:46:00,675] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0322 seconds
INFO    [2022-12-06 16:46:01,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337961.8895843, 'message': 'Dec  6 16:46:01 hqnl0246134 sshd[234522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 16:46:01,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337961.8898208, 'message': 'Dec  6 16:46:01 hqnl0246134 sshd[234522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 16:46:03,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337963.889744, 'message': 'Dec  6 16:46:02 hqnl0246134 sshd[234522]: Failed password for root from 61.177.173.18 port 62582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 16:46:03,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337963.8899615, 'message': 'Dec  6 16:46:03 hqnl0246134 sshd[234522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 16:46:05,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337965.8922575, 'message': 'Dec  6 16:46:05 hqnl0246134 sshd[234522]: Failed password for root from 61.177.173.18 port 62582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:46:07,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337967.8938344, 'message': 'Dec  6 16:46:07 hqnl0246134 sshd[234522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 16:46:08,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:46:08,989] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0549 seconds
INFO    [2022-12-06 16:46:09,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670337969.8960676, 'message': 'Dec  6 16:46:09 hqnl0246134 sshd[234522]: Failed password for root from 61.177.173.18 port 62582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-06 16:46:18,021] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:46:18,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:46:18,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:46:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 16:46:20,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:46:20,749] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:46:20,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:46:20,769] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:46:30,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670337989.9225807, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234566]: Invalid user rsync from 189.216.40.170 port 42852', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1452 seconds
INFO    [2022-12-06 16:46:30,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337989.922811, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234570]: Invalid user pubsftp from 68.183.104.78 port 55510', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1461 seconds
INFO    [2022-12-06 16:46:30,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.216.40.170', 'timestamp': 1670337989.9231668, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.216.40.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1532 seconds
INFO    [2022-12-06 16:46:30,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337989.9229565, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.104.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1534 seconds
INFO    [2022-12-06 16:46:30,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.216.40.170', 'timestamp': 1670337989.923304, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.216.40.170 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1119 seconds
INFO    [2022-12-06 16:46:30,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337989.9230642, 'message': 'Dec  6 16:46:29 hqnl0246134 sshd[234570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.104.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1118 seconds
INFO    [2022-12-06 16:46:30,748] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:46:30,749] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:46:30,751] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 16:46:32,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337991.9247282, 'message': 'Dec  6 16:46:31 hqnl0246134 sshd[234570]: Failed password for invalid user pubsftp from 68.183.104.78 port 55510 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1148 seconds
INFO    [2022-12-06 16:46:32,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670337991.925296, 'message': 'Dec  6 16:46:31 hqnl0246134 sshd[234566]: Failed password for invalid user rsync from 189.216.40.170 port 42852 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1149 seconds
INFO    [2022-12-06 16:46:32,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.104.78', 'timestamp': 1670337991.9251168, 'message': 'Dec  6 16:46:31 hqnl0246134 sshd[234570]: Disconnected from invalid user pubsftp 68.183.104.78 port 55510 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-06 16:46:32,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670337991.9255, 'message': 'Dec  6 16:46:31 hqnl0246134 sshd[234566]: Disconnected from invalid user rsync 189.216.40.170 port 42852 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 16:46:34,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:46:34,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:46:34,910] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:46:34,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 16:46:47,377] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:46:47,378] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:46:47,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670338007.9429872, 'message': 'Dec  6 16:46:47 hqnl0246134 sshd[234589]: Invalid user admin from 152.89.196.220 port 49540', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 16:46:49,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670338009.9440963, 'message': 'Dec  6 16:46:48 hqnl0246134 sshd[234589]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 16:46:49,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670338009.944341, 'message': 'Dec  6 16:46:48 hqnl0246134 sshd[234589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:46:50,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670338009.9445002, 'message': 'Dec  6 16:46:49 hqnl0246134 sshd[234589]: Failed password for invalid user admin from 152.89.196.220 port 49540 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:46:50,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670338009.944618, 'message': 'Dec  6 16:46:49 hqnl0246134 sshd[234589]: Disconnected from invalid user admin 152.89.196.220 port 49540 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:46:52,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338011.9465506, 'message': 'Dec  6 16:46:51 hqnl0246134 sshd[234592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-06 16:46:52,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338011.9470472, 'message': 'Dec  6 16:46:51 hqnl0246134 sshd[234591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.152.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 16:46:52,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338011.9468362, 'message': 'Dec  6 16:46:51 hqnl0246134 sshd[234592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 16:46:52,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338011.9472206, 'message': 'Dec  6 16:46:51 hqnl0246134 sshd[234591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.152.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 16:46:53,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338013.9495168, 'message': 'Dec  6 16:46:53 hqnl0246134 sshd[234592]: Failed password for root from 61.177.173.18 port 60490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 16:46:53,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338013.949873, 'message': 'Dec  6 16:46:53 hqnl0246134 sshd[234591]: Failed password for root from 128.199.152.105 port 59184 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 16:46:54,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338013.9500327, 'message': 'Dec  6 16:46:53 hqnl0246134 sshd[234592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:46:55,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338015.9502938, 'message': 'Dec  6 16:46:55 hqnl0246134 sshd[234592]: Failed password for root from 61.177.173.18 port 60490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 16:46:59,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338019.9544613, 'message': 'Dec  6 16:46:58 hqnl0246134 sshd[234592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 16:47:01,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338021.9572163, 'message': 'Dec  6 16:47:00 hqnl0246134 sshd[234592]: Failed password for root from 61.177.173.18 port 60490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
WARNING [2022-12-06 16:47:09,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:47:09,073] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.1217 seconds
INFO    [2022-12-06 16:47:14,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338033.9721699, 'message': 'Dec  6 16:47:13 hqnl0246134 sshd[234628]: Invalid user admin from 123.31.17.98 port 60228', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 16:47:14,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338033.9729931, 'message': 'Dec  6 16:47:13 hqnl0246134 sshd[234628]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.31.17.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:47:14,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338033.974714, 'message': 'Dec  6 16:47:13 hqnl0246134 sshd[234628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.17.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:47:15,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338035.9728599, 'message': 'Dec  6 16:47:15 hqnl0246134 sshd[234628]: Failed password for invalid user admin from 123.31.17.98 port 60228 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:47:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:47:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:47:18,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:47:18,035] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0430 seconds
INFO    [2022-12-06 16:47:18,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338037.9930751, 'message': 'Dec  6 16:47:17 hqnl0246134 sshd[234628]: Disconnected from invalid user admin 123.31.17.98 port 60228 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 16:47:20,741] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:47:20,741] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:47:20,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:47:20,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 16:47:30,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338049.9862175, 'message': 'Dec  6 16:47:28 hqnl0246134 sshd[234646]: Invalid user jimmy from 165.227.68.95 port 41810', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:47:30,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338049.9864457, 'message': 'Dec  6 16:47:28 hqnl0246134 sshd[234646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.68.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:47:30,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338049.9865913, 'message': 'Dec  6 16:47:28 hqnl0246134 sshd[234646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.68.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:47:32,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338051.987608, 'message': 'Dec  6 16:47:31 hqnl0246134 sshd[234646]: Failed password for invalid user jimmy from 165.227.68.95 port 41810 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:47:34,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338053.9895883, 'message': 'Dec  6 16:47:32 hqnl0246134 sshd[234646]: Disconnected from invalid user jimmy 165.227.68.95 port 41810 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:47:35,322] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:47:35,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:47:35,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:47:35,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0319 seconds
INFO    [2022-12-06 16:47:44,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338064.0127885, 'message': 'Dec  6 16:47:43 hqnl0246134 sshd[234663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:47:44,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338064.01318, 'message': 'Dec  6 16:47:43 hqnl0246134 sshd[234663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 16:47:46,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338066.013899, 'message': 'Dec  6 16:47:45 hqnl0246134 sshd[234663]: Failed password for root from 61.177.173.18 port 49176 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 16:47:47,381] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:47:47,382] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:47:48,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338068.0160542, 'message': 'Dec  6 16:47:46 hqnl0246134 sshd[234663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 16:47:50,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338070.0188966, 'message': 'Dec  6 16:47:48 hqnl0246134 sshd[234663]: Failed password for root from 61.177.173.18 port 49176 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:47:52,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338072.0205276, 'message': 'Dec  6 16:47:50 hqnl0246134 sshd[234663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:47:54,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338074.0218027, 'message': 'Dec  6 16:47:52 hqnl0246134 sshd[234663]: Failed password for root from 61.177.173.18 port 49176 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 16:48:06,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670338086.050113, 'message': 'Dec  6 16:48:05 hqnl0246134 sshd[234699]: Invalid user isabella from 140.238.177.83 port 43754', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 16:48:08,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '140.238.177.83', 'timestamp': 1670338088.050681, 'message': 'Dec  6 16:48:06 hqnl0246134 sshd[234699]: pam_imunify(sshd:auth): [IM360_RBL] The IP 140.238.177.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:48:08,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '140.238.177.83', 'timestamp': 1670338088.050869, 'message': 'Dec  6 16:48:06 hqnl0246134 sshd[234699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.238.177.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 16:48:08,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:48:08,987] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-06 16:48:10,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670338090.0514739, 'message': 'Dec  6 16:48:08 hqnl0246134 sshd[234699]: Failed password for invalid user isabella from 140.238.177.83 port 43754 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 16:48:10,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670338090.0519457, 'message': 'Dec  6 16:48:09 hqnl0246134 sshd[234699]: Disconnected from invalid user isabella 140.238.177.83 port 43754 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:48:19,098] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:48:19,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:48:19,110] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:48:19,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-06 16:48:22,126] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:48:22,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:48:22,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:48:22,162] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0339 seconds
INFO    [2022-12-06 16:48:26,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338106.0646656, 'message': 'Dec  6 16:48:26 hqnl0246134 sshd[234727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:48:26,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338106.064943, 'message': 'Dec  6 16:48:26 hqnl0246134 sshd[234727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:48:28,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338108.0668368, 'message': 'Dec  6 16:48:27 hqnl0246134 sshd[234727]: Failed password for root from 61.177.173.46 port 60189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:48:30,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338110.069433, 'message': 'Dec  6 16:48:28 hqnl0246134 sshd[234727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:48:32,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338112.0729716, 'message': 'Dec  6 16:48:30 hqnl0246134 sshd[234727]: Failed password for root from 61.177.173.46 port 60189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 16:48:34,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338114.0739658, 'message': 'Dec  6 16:48:32 hqnl0246134 sshd[234727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 16:48:36,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338116.0795176, 'message': 'Dec  6 16:48:34 hqnl0246134 sshd[234727]: Failed password for root from 61.177.173.46 port 60189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 16:48:38,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338118.0843084, 'message': 'Dec  6 16:48:36 hqnl0246134 sshd[234735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 16:48:38,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338118.0846868, 'message': 'Dec  6 16:48:36 hqnl0246134 sshd[234737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-06 16:48:38,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338118.0845392, 'message': 'Dec  6 16:48:36 hqnl0246134 sshd[234735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 16:48:38,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338118.0848289, 'message': 'Dec  6 16:48:36 hqnl0246134 sshd[234737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 16:48:40,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338120.087253, 'message': 'Dec  6 16:48:38 hqnl0246134 sshd[234735]: Failed password for root from 61.177.173.46 port 31831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 16:48:40,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338120.0875914, 'message': 'Dec  6 16:48:39 hqnl0246134 sshd[234737]: Failed password for root from 61.177.173.18 port 41340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:48:42,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338122.0918505, 'message': 'Dec  6 16:48:40 hqnl0246134 sshd[234735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 16:48:42,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338122.092046, 'message': 'Dec  6 16:48:41 hqnl0246134 sshd[234737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 16:48:44,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338124.0948436, 'message': 'Dec  6 16:48:43 hqnl0246134 sshd[234737]: Failed password for root from 61.177.173.18 port 41340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:48:44,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338124.0950422, 'message': 'Dec  6 16:48:43 hqnl0246134 sshd[234735]: Failed password for root from 61.177.173.46 port 31831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 16:48:46,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338126.0976226, 'message': 'Dec  6 16:48:44 hqnl0246134 sshd[234737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:48:46,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338126.0978668, 'message': 'Dec  6 16:48:45 hqnl0246134 sshd[234735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
WARNING [2022-12-06 16:48:47,385] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:48:47,386] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:48:48,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338128.0981717, 'message': 'Dec  6 16:48:46 hqnl0246134 sshd[234737]: Failed password for root from 61.177.173.18 port 41340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 16:48:48,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670338128.0984247, 'message': 'Dec  6 16:48:47 hqnl0246134 sshd[234735]: Failed password for root from 61.177.173.46 port 31831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
WARNING [2022-12-06 16:49:08,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:49:08,992] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0340 seconds
INFO    [2022-12-06 16:49:12,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338152.1257179, 'message': 'Dec  6 16:49:10 hqnl0246134 sshd[234771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.130.203 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 16:49:12,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338152.1264167, 'message': 'Dec  6 16:49:11 hqnl0246134 sshd[234773]: Invalid user impala from 103.250.11.181 port 38288', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 16:49:12,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338152.1262393, 'message': 'Dec  6 16:49:10 hqnl0246134 sshd[234771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.130.203  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:49:12,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338152.1265457, 'message': 'Dec  6 16:49:11 hqnl0246134 sshd[234773]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:49:12,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338152.1266947, 'message': 'Dec  6 16:49:11 hqnl0246134 sshd[234773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 16:49:14,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338154.1259313, 'message': 'Dec  6 16:49:12 hqnl0246134 sshd[234771]: Failed password for root from 51.15.130.203 port 57824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 16:49:14,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338154.126166, 'message': 'Dec  6 16:49:13 hqnl0246134 sshd[234773]: Failed password for invalid user impala from 103.250.11.181 port 38288 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-06 16:49:16,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338156.1281934, 'message': 'Dec  6 16:49:14 hqnl0246134 sshd[234773]: Disconnected from invalid user impala 103.250.11.181 port 38288 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:49:16,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:49:16,871] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:49:16,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:49:16,890] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 16:49:17,752] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:49:17,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:49:17,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:49:17,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 16:49:20,399] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:49:20,399] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:49:20,407] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:49:20,418] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 16:49:30,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338170.14727, 'message': 'Dec  6 16:49:28 hqnl0246134 sshd[234799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:49:30,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338170.1475246, 'message': 'Dec  6 16:49:28 hqnl0246134 sshd[234799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:49:30,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338170.1476603, 'message': 'Dec  6 16:49:30 hqnl0246134 sshd[234799]: Failed password for root from 61.177.173.18 port 20728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:49:32,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338172.1484673, 'message': 'Dec  6 16:49:30 hqnl0246134 sshd[234799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:49:34,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338174.1498258, 'message': 'Dec  6 16:49:32 hqnl0246134 sshd[234799]: Failed password for root from 61.177.173.18 port 20728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 16:49:36,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338176.156286, 'message': 'Dec  6 16:49:35 hqnl0246134 sshd[234799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 16:49:38,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338178.1594088, 'message': 'Dec  6 16:49:37 hqnl0246134 sshd[234799]: Failed password for root from 61.177.173.18 port 20728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:49:42,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338182.1624303, 'message': 'Dec  6 16:49:40 hqnl0246134 sshd[234813]: Invalid user lucas from 178.128.226.2 port 60499', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 16:49:42,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338182.1627967, 'message': 'Dec  6 16:49:41 hqnl0246134 sshd[234813]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.226.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 16:49:42,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338182.1629424, 'message': 'Dec  6 16:49:41 hqnl0246134 sshd[234813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.226.2 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:49:44,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338184.1648428, 'message': 'Dec  6 16:49:42 hqnl0246134 sshd[234813]: Failed password for invalid user lucas from 178.128.226.2 port 60499 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0654 seconds
INFO    [2022-12-06 16:49:46,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338186.166242, 'message': 'Dec  6 16:49:44 hqnl0246134 sshd[234813]: Disconnected from invalid user lucas 178.128.226.2 port 60499 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0501 seconds
WARNING [2022-12-06 16:49:47,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:49:47,388] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:50:08,986] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:50:09,030] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0629 seconds
INFO    [2022-12-06 16:50:17,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:50:17,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:50:17,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:50:17,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 16:50:20,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338220.212741, 'message': 'Dec  6 16:50:19 hqnl0246134 sshd[234869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 16:50:20,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338220.2130573, 'message': 'Dec  6 16:50:19 hqnl0246134 sshd[234869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 16:50:20,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:50:20,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:50:20,959] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:50:20,970] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 16:50:22,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338222.2139769, 'message': 'Dec  6 16:50:21 hqnl0246134 sshd[234874]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 16:50:22,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338222.2142859, 'message': 'Dec  6 16:50:21 hqnl0246134 sshd[234869]: Failed password for root from 61.177.173.18 port 57685 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 16:50:22,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338222.2141519, 'message': 'Dec  6 16:50:21 hqnl0246134 sshd[234874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:50:24,088] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:50:24,161] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:50:24,162] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:50:24,162] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:50:24,162] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:50:24,163] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:50:24,173] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:50:24,190] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0266 seconds
WARNING [2022-12-06 16:50:24,197] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:50:24,199] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:50:24,220] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0358 seconds
INFO    [2022-12-06 16:50:24,225] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0366 seconds
INFO    [2022-12-06 16:50:24,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338224.2159991, 'message': 'Dec  6 16:50:23 hqnl0246134 sshd[234869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 16:50:24,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338224.2161646, 'message': 'Dec  6 16:50:23 hqnl0246134 sshd[234874]: Failed password for root from 61.177.173.37 port 39395 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 16:50:26,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338226.2186332, 'message': 'Dec  6 16:50:24 hqnl0246134 sshd[234869]: Failed password for root from 61.177.173.18 port 57685 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:50:26,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338226.218887, 'message': 'Dec  6 16:50:25 hqnl0246134 sshd[234874]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 16:50:26,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338226.2190826, 'message': 'Dec  6 16:50:25 hqnl0246134 sshd[234869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:50:28,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338228.4005744, 'message': 'Dec  6 16:50:26 hqnl0246134 sshd[234874]: Failed password for root from 61.177.173.37 port 39395 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 16:50:28,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338228.4008694, 'message': 'Dec  6 16:50:27 hqnl0246134 sshd[234869]: Failed password for root from 61.177.173.18 port 57685 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 16:50:28,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338228.4010282, 'message': 'Dec  6 16:50:27 hqnl0246134 sshd[234874]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:50:30,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338230.2223158, 'message': 'Dec  6 16:50:29 hqnl0246134 sshd[234874]: Failed password for root from 61.177.173.37 port 39395 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 16:50:30,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338230.2226148, 'message': 'Dec  6 16:50:29 hqnl0246134 sshd[234885]: Invalid user alfresco from 51.250.64.79 port 54038', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 16:50:30,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338230.2228098, 'message': 'Dec  6 16:50:30 hqnl0246134 sshd[234885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.64.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:50:30,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338230.222995, 'message': 'Dec  6 16:50:30 hqnl0246134 sshd[234885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.64.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 16:50:30,625] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:50:30,626] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:50:30,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:50:30,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 16:50:32,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338232.2239776, 'message': 'Dec  6 16:50:32 hqnl0246134 sshd[234885]: Failed password for invalid user alfresco from 51.250.64.79 port 54038 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:50:34,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338234.225991, 'message': 'Dec  6 16:50:33 hqnl0246134 sshd[234885]: Disconnected from invalid user alfresco 51.250.64.79 port 54038 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:50:42,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338242.2396224, 'message': 'Dec  6 16:50:41 hqnl0246134 sshd[234903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.60.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 16:50:42,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338242.2400186, 'message': 'Dec  6 16:50:41 hqnl0246134 sshd[234903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.60.127  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:50:44,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338244.241996, 'message': 'Dec  6 16:50:43 hqnl0246134 sshd[234903]: Failed password for root from 43.153.60.127 port 58496 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 16:50:47,392] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:50:47,393] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:50:48,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338248.2463331, 'message': 'Dec  6 16:50:47 hqnl0246134 sshd[234906]: Invalid user git from 49.51.24.192 port 43856', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 16:50:48,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338248.2466445, 'message': 'Dec  6 16:50:47 hqnl0246134 sshd[234906]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.24.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:50:48,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338248.2468507, 'message': 'Dec  6 16:50:47 hqnl0246134 sshd[234906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.24.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 16:50:50,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338250.2482526, 'message': 'Dec  6 16:50:49 hqnl0246134 sshd[234906]: Failed password for invalid user git from 49.51.24.192 port 43856 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 16:50:50,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338250.248591, 'message': 'Dec  6 16:50:49 hqnl0246134 sshd[234906]: Disconnected from invalid user git 49.51.24.192 port 43856 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0556 seconds
INFO    [2022-12-06 16:50:54,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338254.253897, 'message': 'Dec  6 16:50:53 hqnl0246134 sshd[234911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:50:54,293] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:50:54,293] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:50:54,294] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 16:50:54,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338254.2543807, 'message': 'Dec  6 16:50:53 hqnl0246134 sshd[234911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 16:50:56,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338256.257357, 'message': 'Dec  6 16:50:55 hqnl0246134 sshd[234911]: Failed password for root from 61.177.173.37 port 25869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:50:58,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338258.2581296, 'message': 'Dec  6 16:50:56 hqnl0246134 sshd[234911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 16:51:00,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338260.26273, 'message': 'Dec  6 16:50:58 hqnl0246134 sshd[234911]: Failed password for root from 61.177.173.37 port 25869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:51:00,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338260.2629757, 'message': 'Dec  6 16:50:58 hqnl0246134 sshd[234911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:51:02,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338262.2675185, 'message': 'Dec  6 16:51:00 hqnl0246134 sshd[234911]: Failed password for root from 61.177.173.37 port 25869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 16:51:08,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:51:09,008] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-06 16:51:14,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338274.2773094, 'message': 'Dec  6 16:51:12 hqnl0246134 sshd[234931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 16:51:14,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338274.277795, 'message': 'Dec  6 16:51:12 hqnl0246134 sshd[234931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:51:14,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338274.2780135, 'message': 'Dec  6 16:51:14 hqnl0246134 sshd[234931]: Failed password for root from 61.177.173.18 port 53771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:51:16,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338276.2808356, 'message': 'Dec  6 16:51:15 hqnl0246134 sshd[234931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 16:51:16,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338276.2810318, 'message': 'Dec  6 16:51:16 hqnl0246134 sshd[234934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 16:51:16,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338276.2812283, 'message': 'Dec  6 16:51:16 hqnl0246134 sshd[234934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 16:51:17,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:51:17,980] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:51:17,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:51:18,006] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-06 16:51:18,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338278.2832277, 'message': 'Dec  6 16:51:17 hqnl0246134 sshd[234931]: Failed password for root from 61.177.173.18 port 53771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-06 16:51:18,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338278.283541, 'message': 'Dec  6 16:51:17 hqnl0246134 sshd[234934]: Failed password for root from 61.177.173.37 port 56349 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-06 16:51:20,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338280.2860258, 'message': 'Dec  6 16:51:18 hqnl0246134 sshd[234934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 16:51:20,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338280.286247, 'message': 'Dec  6 16:51:19 hqnl0246134 sshd[234931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 16:51:22,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338282.2890525, 'message': 'Dec  6 16:51:20 hqnl0246134 sshd[234934]: Failed password for root from 61.177.173.37 port 56349 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 16:51:22,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338282.2894192, 'message': 'Dec  6 16:51:21 hqnl0246134 sshd[234931]: Failed password for root from 61.177.173.18 port 53771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 16:51:22,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338282.289251, 'message': 'Dec  6 16:51:21 hqnl0246134 sshd[234934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:51:22,708] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:51:22,709] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:51:22,716] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:51:22,732] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 16:51:24,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338284.2928925, 'message': 'Dec  6 16:51:23 hqnl0246134 sshd[234934]: Failed password for root from 61.177.173.37 port 56349 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 16:51:28,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338288.296476, 'message': 'Dec  6 16:51:27 hqnl0246134 sshd[234948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 16:51:28,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338288.2967277, 'message': 'Dec  6 16:51:27 hqnl0246134 sshd[234948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 16:51:30,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338290.2980323, 'message': 'Dec  6 16:51:29 hqnl0246134 sshd[234948]: Failed password for root from 61.177.173.37 port 33205 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:51:32,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338292.30054, 'message': 'Dec  6 16:51:31 hqnl0246134 sshd[234948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:51:34,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338294.3035448, 'message': 'Dec  6 16:51:33 hqnl0246134 sshd[234948]: Failed password for root from 61.177.173.37 port 33205 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:51:34,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338294.3037221, 'message': 'Dec  6 16:51:34 hqnl0246134 sshd[234948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:51:36,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338296.3059878, 'message': 'Dec  6 16:51:36 hqnl0246134 sshd[234948]: Failed password for root from 61.177.173.37 port 33205 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:51:39,138] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:51:39,138] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:51:39,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:51:39,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 16:51:40,093] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 16:51:40,095] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 16:51:40,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338300.3149626, 'message': 'Dec  6 16:51:38 hqnl0246134 sshd[234954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:51:40,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338300.315293, 'message': 'Dec  6 16:51:38 hqnl0246134 sshd[234954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 16:51:40,966] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 16:51:42,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338302.3174098, 'message': 'Dec  6 16:51:40 hqnl0246134 sshd[234954]: Failed password for root from 61.177.173.37 port 43642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 16:51:42,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338302.3177588, 'message': 'Dec  6 16:51:41 hqnl0246134 sshd[234954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:51:44,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338304.3213212, 'message': 'Dec  6 16:51:42 hqnl0246134 sshd[234954]: Failed password for root from 61.177.173.37 port 43642 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 16:51:44,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338304.3225324, 'message': 'Dec  6 16:51:43 hqnl0246134 sshd[234954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:51:46,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670338306.3216798, 'message': 'Dec  6 16:51:45 hqnl0246134 sshd[234954]: Failed password for root from 61.177.173.37 port 43642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 16:51:47,396] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:51:47,397] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:51:48,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338308.326243, 'message': 'Dec  6 16:51:47 hqnl0246134 sshd[235005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:51:48,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338308.3265502, 'message': 'Dec  6 16:51:47 hqnl0246134 sshd[235005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:51:50,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338310.3286884, 'message': 'Dec  6 16:51:48 hqnl0246134 sshd[235005]: Failed password for root from 61.177.173.48 port 58785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:51:50,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338310.3289993, 'message': 'Dec  6 16:51:49 hqnl0246134 sshd[235005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:51:52,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338312.3302095, 'message': 'Dec  6 16:51:51 hqnl0246134 sshd[235005]: Failed password for root from 61.177.173.48 port 58785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 16:51:53,349] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 16:51:54,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338314.3330421, 'message': 'Dec  6 16:51:54 hqnl0246134 sshd[235005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 16:51:56,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338316.3341246, 'message': 'Dec  6 16:51:55 hqnl0246134 sshd[235005]: Failed password for root from 61.177.173.48 port 58785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:51:58,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338318.336185, 'message': 'Dec  6 16:51:56 hqnl0246134 sshd[235018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 16:51:58,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338318.3367503, 'message': 'Dec  6 16:51:57 hqnl0246134 sshd[235020]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 16:51:58,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338318.336583, 'message': 'Dec  6 16:51:56 hqnl0246134 sshd[235018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 16:51:58,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338318.3369179, 'message': 'Dec  6 16:51:57 hqnl0246134 sshd[235020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 16:52:00,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338320.3412626, 'message': 'Dec  6 16:51:58 hqnl0246134 sshd[235018]: Failed password for root from 103.250.11.181 port 38634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:52:00,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338320.3415587, 'message': 'Dec  6 16:51:59 hqnl0246134 sshd[235020]: Failed password for root from 61.177.173.48 port 30127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 16:52:00,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338320.3416882, 'message': 'Dec  6 16:52:00 hqnl0246134 sshd[235020]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:52:02,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338322.3419664, 'message': 'Dec  6 16:52:00 hqnl0246134 sshd[235022]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 16:52:02,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338322.343339, 'message': 'Dec  6 16:52:01 hqnl0246134 sshd[235020]: Failed password for root from 61.177.173.48 port 30127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 16:52:02,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338322.3421934, 'message': 'Dec  6 16:52:00 hqnl0246134 sshd[235022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:52:02,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338322.3434575, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235022]: Failed password for root from 61.177.173.18 port 37889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 16:52:04,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338324.3476999, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235024]: Invalid user jacky from 103.155.86.96 port 38874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-06 16:52:04,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338324.34792, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235020]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0595 seconds
INFO    [2022-12-06 16:52:04,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338324.3484185, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235022]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-06 16:52:04,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338324.3481064, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.155.86.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 16:52:04,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338324.3482888, 'message': 'Dec  6 16:52:02 hqnl0246134 sshd[235024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.86.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 16:52:06,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338326.3502705, 'message': 'Dec  6 16:52:04 hqnl0246134 sshd[235020]: Failed password for root from 61.177.173.48 port 30127 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 16:52:06,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338326.3505394, 'message': 'Dec  6 16:52:04 hqnl0246134 sshd[235024]: Failed password for invalid user jacky from 103.155.86.96 port 38874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 16:52:06,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338326.3506625, 'message': 'Dec  6 16:52:04 hqnl0246134 sshd[235022]: Failed password for root from 61.177.173.18 port 37889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 16:52:06,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338326.3507962, 'message': 'Dec  6 16:52:04 hqnl0246134 sshd[235024]: Disconnected from invalid user jacky 103.155.86.96 port 38874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 16:52:06,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338326.3508983, 'message': 'Dec  6 16:52:04 hqnl0246134 sshd[235022]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 16:52:08,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338328.3522258, 'message': 'Dec  6 16:52:06 hqnl0246134 sshd[235022]: Failed password for root from 61.177.173.18 port 37889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 16:52:08,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338328.3524888, 'message': 'Dec  6 16:52:07 hqnl0246134 sshd[235035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:52:08,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338328.3526053, 'message': 'Dec  6 16:52:07 hqnl0246134 sshd[235035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 16:52:08,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:52:09,032] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0547 seconds
INFO    [2022-12-06 16:52:10,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338330.3569458, 'message': 'Dec  6 16:52:08 hqnl0246134 sshd[235035]: Failed password for root from 61.177.173.48 port 40598 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:52:10,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338330.3572886, 'message': 'Dec  6 16:52:09 hqnl0246134 sshd[235035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:52:12,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338332.3615558, 'message': 'Dec  6 16:52:11 hqnl0246134 sshd[235035]: Failed password for root from 61.177.173.48 port 40598 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 16:52:12,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338332.3617787, 'message': 'Dec  6 16:52:11 hqnl0246134 sshd[235035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:52:14,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670338334.365435, 'message': 'Dec  6 16:52:13 hqnl0246134 sshd[235035]: Failed password for root from 61.177.173.48 port 40598 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 16:52:17,978] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:52:17,979] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:52:17,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:52:18,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 16:52:20,584] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:52:20,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:52:20,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:52:20,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 16:52:36,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338356.4052324, 'message': 'Dec  6 16:52:35 hqnl0246134 sshd[235061]: Invalid user sysadmin from 112.30.163.77 port 58854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 16:52:36,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338356.4054458, 'message': 'Dec  6 16:52:35 hqnl0246134 sshd[235061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.30.163.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:52:36,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338356.4056437, 'message': 'Dec  6 16:52:35 hqnl0246134 sshd[235061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.163.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:52:38,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338358.408613, 'message': 'Dec  6 16:52:37 hqnl0246134 sshd[235061]: Failed password for invalid user sysadmin from 112.30.163.77 port 58854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 16:52:40,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338360.411529, 'message': 'Dec  6 16:52:39 hqnl0246134 sshd[235061]: Disconnected from invalid user sysadmin 112.30.163.77 port 58854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 16:52:41,763] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:52:41,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:52:41,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:52:41,784] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 16:52:44,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338364.4168024, 'message': 'Dec  6 16:52:43 hqnl0246134 sshd[235077]: Invalid user test from 103.250.11.181 port 48656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 16:52:44,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338364.4169874, 'message': 'Dec  6 16:52:43 hqnl0246134 sshd[235077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:52:44,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338364.4171264, 'message': 'Dec  6 16:52:43 hqnl0246134 sshd[235077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:52:46,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338366.4185185, 'message': 'Dec  6 16:52:45 hqnl0246134 sshd[235077]: Failed password for invalid user test from 103.250.11.181 port 48656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:52:46,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338366.4189847, 'message': 'Dec  6 16:52:46 hqnl0246134 sshd[235077]: Disconnected from invalid user test 103.250.11.181 port 48656 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 16:52:47,400] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:52:47,401] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:52:54,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338374.428696, 'message': 'Dec  6 16:52:53 hqnl0246134 sshd[235081]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 16:52:54,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338374.4289694, 'message': 'Dec  6 16:52:53 hqnl0246134 sshd[235081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:52:56,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338376.431516, 'message': 'Dec  6 16:52:55 hqnl0246134 sshd[235081]: Failed password for root from 61.177.173.18 port 35781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 16:52:58,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338378.4361408, 'message': 'Dec  6 16:52:58 hqnl0246134 sshd[235081]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 16:53:02,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338382.4496078, 'message': 'Dec  6 16:53:00 hqnl0246134 sshd[235081]: Failed password for root from 61.177.173.18 port 35781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 16:53:02,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338382.449918, 'message': 'Dec  6 16:53:02 hqnl0246134 sshd[235081]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:53:06,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338386.4589899, 'message': 'Dec  6 16:53:04 hqnl0246134 sshd[235081]: Failed password for root from 61.177.173.18 port 35781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 16:53:08,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:53:09,017] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-06 16:53:18,106] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:53:18,107] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:53:18,117] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:53:18,131] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-06 16:53:20,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:53:20,971] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:53:20,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:53:20,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 16:53:30,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338410.4956746, 'message': 'Dec  6 16:53:28 hqnl0246134 sshd[235117]: Invalid user leo from 103.250.11.181 port 58674', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:53:30,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338410.4960215, 'message': 'Dec  6 16:53:28 hqnl0246134 sshd[235117]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:53:30,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338410.4962993, 'message': 'Dec  6 16:53:28 hqnl0246134 sshd[235117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:53:32,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338412.4974873, 'message': 'Dec  6 16:53:30 hqnl0246134 sshd[235117]: Failed password for invalid user leo from 103.250.11.181 port 58674 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 16:53:34,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670338414.5011523, 'message': 'Dec  6 16:53:32 hqnl0246134 sshd[235117]: Disconnected from invalid user leo 103.250.11.181 port 58674 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:53:42,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338422.5137384, 'message': 'Dec  6 16:53:42 hqnl0246134 sshd[235129]: Invalid user icinga from 185.216.116.113 port 58660', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 16:53:42,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338422.516984, 'message': 'Dec  6 16:53:42 hqnl0246134 sshd[235129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.216.116.113 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:53:42,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338422.5171373, 'message': 'Dec  6 16:53:42 hqnl0246134 sshd[235129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.116.113 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:53:44,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338424.5164616, 'message': 'Dec  6 16:53:44 hqnl0246134 sshd[235129]: Failed password for invalid user icinga from 185.216.116.113 port 58660 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:53:46,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338426.5176225, 'message': 'Dec  6 16:53:45 hqnl0246134 sshd[235132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-06 16:53:46,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338426.529328, 'message': 'Dec  6 16:53:46 hqnl0246134 sshd[235129]: Disconnected from invalid user icinga 185.216.116.113 port 58660 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0728 seconds
INFO    [2022-12-06 16:53:46,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338426.5291207, 'message': 'Dec  6 16:53:45 hqnl0246134 sshd[235132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0583 seconds
WARNING [2022-12-06 16:53:47,403] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:53:47,403] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:53:48,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338428.5214968, 'message': 'Dec  6 16:53:47 hqnl0246134 sshd[235132]: Failed password for root from 61.177.173.18 port 21759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:53:48,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338428.521711, 'message': 'Dec  6 16:53:47 hqnl0246134 sshd[235132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 16:53:50,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338430.5245202, 'message': 'Dec  6 16:53:50 hqnl0246134 sshd[235132]: Failed password for root from 61.177.173.18 port 21759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:53:52,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338432.5272949, 'message': 'Dec  6 16:53:52 hqnl0246134 sshd[235132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 16:53:56,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338436.5335946, 'message': 'Dec  6 16:53:54 hqnl0246134 sshd[235132]: Failed password for root from 61.177.173.18 port 21759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 16:53:59,493] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:53:59,493] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:53:59,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:53:59,513] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 16:54:08,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:54:09,028] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0412 seconds
INFO    [2022-12-06 16:54:12,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338452.54797, 'message': 'Dec  6 16:54:10 hqnl0246134 sshd[235155]: Invalid user fs from 187.243.248.114 port 38610', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 16:54:12,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338452.5486958, 'message': 'Dec  6 16:54:10 hqnl0246134 sshd[235155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.243.248.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 16:54:12,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338452.5507808, 'message': 'Dec  6 16:54:10 hqnl0246134 sshd[235155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:54:14,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338454.5485542, 'message': 'Dec  6 16:54:13 hqnl0246134 sshd[235155]: Failed password for invalid user fs from 187.243.248.114 port 38610 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0615 seconds
INFO    [2022-12-06 16:54:16,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338456.549672, 'message': 'Dec  6 16:54:15 hqnl0246134 sshd[235155]: Disconnected from invalid user fs 187.243.248.114 port 38610 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:54:18,511] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:54:18,511] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:54:18,519] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:54:18,531] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 16:54:21,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:54:21,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:54:21,166] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:54:21,181] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-06 16:54:24,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338464.559405, 'message': 'Dec  6 16:54:23 hqnl0246134 sshd[235177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.64.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:54:24,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338464.5596304, 'message': 'Dec  6 16:54:23 hqnl0246134 sshd[235177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.64.79  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 16:54:26,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338466.5617657, 'message': 'Dec  6 16:54:26 hqnl0246134 sshd[235177]: Failed password for root from 51.250.64.79 port 47918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 16:54:36,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338476.5780294, 'message': 'Dec  6 16:54:36 hqnl0246134 sshd[235181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 16:54:36,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338476.578312, 'message': 'Dec  6 16:54:36 hqnl0246134 sshd[235181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 16:54:38,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338478.5832012, 'message': 'Dec  6 16:54:38 hqnl0246134 sshd[235181]: Failed password for root from 61.177.173.18 port 61572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:54:40,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338480.5862985, 'message': 'Dec  6 16:54:38 hqnl0246134 sshd[235181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 16:54:42,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338482.5894282, 'message': 'Dec  6 16:54:40 hqnl0246134 sshd[235181]: Failed password for root from 61.177.173.18 port 61572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 16:54:44,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338484.5943482, 'message': 'Dec  6 16:54:43 hqnl0246134 sshd[235181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:54:46,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338486.598153, 'message': 'Dec  6 16:54:44 hqnl0246134 sshd[235181]: Failed password for root from 61.177.173.18 port 61572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-06 16:54:47,411] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:54:47,412] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:54:52,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338492.6025786, 'message': 'Dec  6 16:54:51 hqnl0246134 sshd[235199]: Invalid user ubuntu from 138.2.152.212 port 58276', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:54:52,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338492.6027875, 'message': 'Dec  6 16:54:52 hqnl0246134 sshd[235199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.2.152.212 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 16:54:52,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338492.6029606, 'message': 'Dec  6 16:54:52 hqnl0246134 sshd[235199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.152.212 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 16:54:54,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338494.6047027, 'message': 'Dec  6 16:54:54 hqnl0246134 sshd[235199]: Failed password for invalid user ubuntu from 138.2.152.212 port 58276 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 16:54:56,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338496.6109343, 'message': 'Dec  6 16:54:56 hqnl0246134 sshd[235199]: Disconnected from invalid user ubuntu 138.2.152.212 port 58276 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:55:02,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.170.55.217', 'timestamp': 1670338502.6222737, 'message': 'Dec  6 16:55:02 hqnl0246134 sshd[235201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.170.55.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 16:55:02,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.170.55.217', 'timestamp': 1670338502.6229846, 'message': 'Dec  6 16:55:02 hqnl0246134 sshd[235201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.55.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 16:55:04,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.170.55.217', 'timestamp': 1670338504.6246812, 'message': 'Dec  6 16:55:04 hqnl0246134 sshd[235201]: Failed password for root from 103.170.55.217 port 1492 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 16:55:08,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338508.6284761, 'message': 'Dec  6 16:55:07 hqnl0246134 sshd[235225]: Invalid user user3 from 51.250.86.95 port 44690', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:55:08,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338508.6287546, 'message': 'Dec  6 16:55:07 hqnl0246134 sshd[235225]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.86.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:55:08,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338508.6288998, 'message': 'Dec  6 16:55:07 hqnl0246134 sshd[235225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.86.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 16:55:08,948] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:55:08,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:55:08,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:55:08,967] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 16:55:08,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:55:09,030] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0405 seconds
INFO    [2022-12-06 16:55:10,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338510.6706944, 'message': 'Dec  6 16:55:08 hqnl0246134 sshd[235225]: Failed password for invalid user user3 from 51.250.86.95 port 44690 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0929 seconds
INFO    [2022-12-06 16:55:10,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338510.671391, 'message': 'Dec  6 16:55:09 hqnl0246134 sshd[235225]: Disconnected from invalid user user3 51.250.86.95 port 44690 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:55:17,906] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:55:17,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:55:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:55:17,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 16:55:18,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338518.6421564, 'message': 'Dec  6 16:55:18 hqnl0246134 sshd[235256]: Invalid user jboss from 51.250.64.79 port 59784', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:55:18,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338518.642376, 'message': 'Dec  6 16:55:18 hqnl0246134 sshd[235256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.64.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 16:55:18,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338518.6425042, 'message': 'Dec  6 16:55:18 hqnl0246134 sshd[235256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.64.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 16:55:20,456] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:55:20,457] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:55:20,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:55:20,485] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-06 16:55:20,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338520.645149, 'message': 'Dec  6 16:55:19 hqnl0246134 sshd[235249]: Invalid user ju from 112.30.163.77 port 59612', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 16:55:20,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338520.6455941, 'message': 'Dec  6 16:55:19 hqnl0246134 sshd[235256]: Failed password for invalid user jboss from 51.250.64.79 port 59784 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 16:55:20,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338520.645374, 'message': 'Dec  6 16:55:19 hqnl0246134 sshd[235249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.30.163.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:55:20,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338520.6456964, 'message': 'Dec  6 16:55:20 hqnl0246134 sshd[235256]: Disconnected from invalid user jboss 51.250.64.79 port 59784 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 16:55:20,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338520.6454897, 'message': 'Dec  6 16:55:19 hqnl0246134 sshd[235249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.163.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:55:20,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338520.646072, 'message': 'Dec  6 16:55:20 hqnl0246134 sshd[235249]: Failed password for invalid user ju from 112.30.163.77 port 59612 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 16:55:22,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338522.6486392, 'message': 'Dec  6 16:55:21 hqnl0246134 sshd[235249]: Disconnected from invalid user ju 112.30.163.77 port 59612 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 16:55:32,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338532.6716936, 'message': 'Dec  6 16:55:32 hqnl0246134 sshd[235265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:55:32,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338532.671999, 'message': 'Dec  6 16:55:32 hqnl0246134 sshd[235265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:55:34,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338534.6751785, 'message': 'Dec  6 16:55:34 hqnl0246134 sshd[235265]: Failed password for root from 61.177.173.18 port 58796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 16:55:36,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338536.6788633, 'message': 'Dec  6 16:55:36 hqnl0246134 sshd[235265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 16:55:38,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338538.6838202, 'message': 'Dec  6 16:55:38 hqnl0246134 sshd[235265]: Failed password for root from 61.177.173.18 port 58796 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 16:55:40,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338540.6866486, 'message': 'Dec  6 16:55:39 hqnl0246134 sshd[235265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 16:55:42,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338542.691595, 'message': 'Dec  6 16:55:41 hqnl0246134 sshd[235265]: Failed password for root from 61.177.173.18 port 58796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-06 16:55:47,416] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:55:47,417] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 16:56:09,003] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:56:09,030] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-06 16:56:12,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338572.7490292, 'message': 'Dec  6 16:56:11 hqnl0246134 sshd[235314]: Invalid user root01 from 165.227.68.95 port 50918', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 16:56:12,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338572.7498684, 'message': 'Dec  6 16:56:11 hqnl0246134 sshd[235321]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.64.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 16:56:12,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338572.7495584, 'message': 'Dec  6 16:56:11 hqnl0246134 sshd[235314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.68.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 16:56:12,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338572.7499995, 'message': 'Dec  6 16:56:11 hqnl0246134 sshd[235321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.64.79  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:56:12,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338572.7497432, 'message': 'Dec  6 16:56:11 hqnl0246134 sshd[235314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.68.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:56:14,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338574.7507284, 'message': 'Dec  6 16:56:13 hqnl0246134 sshd[235314]: Failed password for invalid user root01 from 165.227.68.95 port 50918 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 16:56:14,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.64.79', 'timestamp': 1670338574.7509127, 'message': 'Dec  6 16:56:13 hqnl0246134 sshd[235321]: Failed password for root from 51.250.64.79 port 43388 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 16:56:16,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338576.7533646, 'message': 'Dec  6 16:56:15 hqnl0246134 sshd[235314]: Disconnected from invalid user root01 165.227.68.95 port 50918 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 16:56:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:56:17,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 16:56:17,972] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:56:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:56:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:56:17,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:56:18,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1137 seconds
INFO    [2022-12-06 16:56:18,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 16:56:20,705] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:56:20,705] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:56:20,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:56:20,726] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 16:56:20,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338580.756382, 'message': 'Dec  6 16:56:20 hqnl0246134 sshd[235340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:56:22,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338582.759783, 'message': 'Dec  6 16:56:20 hqnl0246134 sshd[235340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 16:56:24,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338584.7631834, 'message': 'Dec  6 16:56:23 hqnl0246134 sshd[235340]: Failed password for root from 61.177.173.18 port 42358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:56:26,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338586.7655716, 'message': 'Dec  6 16:56:25 hqnl0246134 sshd[235340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:56:28,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338588.7677295, 'message': 'Dec  6 16:56:27 hqnl0246134 sshd[235340]: Failed password for root from 61.177.173.18 port 42358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:56:30,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338590.769433, 'message': 'Dec  6 16:56:29 hqnl0246134 sshd[235340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0579 seconds
INFO    [2022-12-06 16:56:32,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338592.7711635, 'message': 'Dec  6 16:56:31 hqnl0246134 sshd[235340]: Failed password for root from 61.177.173.18 port 42358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 16:56:35,911] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 16:56:35,988] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 16:56:35,989] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 16:56:35,989] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 16:56:35,989] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 16:56:35,989] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 16:56:35,998] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 16:56:36,019] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0286 seconds
WARNING [2022-12-06 16:56:36,026] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 16:56:36,031] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:56:36,051] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0413 seconds
INFO    [2022-12-06 16:56:36,053] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0377 seconds
INFO    [2022-12-06 16:56:46,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338606.7918007, 'message': 'Dec  6 16:56:45 hqnl0246134 sshd[235362]: Invalid user noc from 49.51.24.192 port 40038', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 16:56:46,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338606.79256, 'message': 'Dec  6 16:56:45 hqnl0246134 sshd[235362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.24.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:56:46,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338606.792775, 'message': 'Dec  6 16:56:45 hqnl0246134 sshd[235362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.24.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 16:56:47,420] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:56:47,421] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:56:48,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338608.7945545, 'message': 'Dec  6 16:56:47 hqnl0246134 sshd[235362]: Failed password for invalid user noc from 49.51.24.192 port 40038 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:56:48,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338608.7947948, 'message': 'Dec  6 16:56:48 hqnl0246134 sshd[235362]: Disconnected from invalid user noc 49.51.24.192 port 40038 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 16:56:52,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338612.7991946, 'message': 'Dec  6 16:56:51 hqnl0246134 sshd[235365]: Invalid user administrador from 192.99.59.56 port 56620', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 16:56:52,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338612.7995155, 'message': 'Dec  6 16:56:51 hqnl0246134 sshd[235365]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.99.59.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 16:56:52,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338612.7996905, 'message': 'Dec  6 16:56:51 hqnl0246134 sshd[235365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.59.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 16:56:52,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338612.7998626, 'message': 'Dec  6 16:56:52 hqnl0246134 sshd[235365]: Failed password for invalid user administrador from 192.99.59.56 port 56620 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:56:54,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338614.8001645, 'message': 'Dec  6 16:56:53 hqnl0246134 sshd[235365]: Disconnected from invalid user administrador 192.99.59.56 port 56620 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 16:57:04,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338624.8107376, 'message': 'Dec  6 16:57:04 hqnl0246134 sshd[235388]: Invalid user kuku from 51.15.130.203 port 45246', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 16:57:04,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338624.8116415, 'message': 'Dec  6 16:57:04 hqnl0246134 sshd[235388]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.130.203 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 16:57:04,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338624.8117702, 'message': 'Dec  6 16:57:04 hqnl0246134 sshd[235388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.130.203 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 16:57:06,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338626.8142488, 'message': 'Dec  6 16:57:06 hqnl0246134 sshd[235388]: Failed password for invalid user kuku from 51.15.130.203 port 45246 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 16:57:06,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338626.8146348, 'message': 'Dec  6 16:57:06 hqnl0246134 sshd[235388]: Disconnected from invalid user kuku 51.15.130.203 port 45246 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 16:57:09,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:57:09,037] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0374 seconds
INFO    [2022-12-06 16:57:12,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338632.8230858, 'message': 'Dec  6 16:57:11 hqnl0246134 sshd[235390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 16:57:12,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338632.8235075, 'message': 'Dec  6 16:57:11 hqnl0246134 sshd[235390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:57:14,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338634.8277624, 'message': 'Dec  6 16:57:13 hqnl0246134 sshd[235390]: Failed password for root from 61.177.173.18 port 27484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 16:57:14,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338634.8280313, 'message': 'Dec  6 16:57:14 hqnl0246134 sshd[235390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 16:57:16,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338636.8282125, 'message': 'Dec  6 16:57:16 hqnl0246134 sshd[235390]: Failed password for root from 61.177.173.18 port 27484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 16:57:18,066] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:57:18,066] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 16:57:18,070] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 16:57:18,070] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 16:57:18,071] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 16:57:18,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:57:18,091] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 16:57:18,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338638.829626, 'message': 'Dec  6 16:57:18 hqnl0246134 sshd[235390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:57:20,941] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:57:20,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:57:20,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:57:20,976] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0334 seconds
INFO    [2022-12-06 16:57:20,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338640.943632, 'message': 'Dec  6 16:57:20 hqnl0246134 sshd[235390]: Failed password for root from 61.177.173.18 port 27484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 16:57:24,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338644.8349617, 'message': 'Dec  6 16:57:24 hqnl0246134 sshd[235419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.216.40.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 16:57:24,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338644.835166, 'message': 'Dec  6 16:57:24 hqnl0246134 sshd[235419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.216.40.170  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 16:57:25,812] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:57:25,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:57:25,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:57:25,861] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0392 seconds
INFO    [2022-12-06 16:57:26,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338646.8357577, 'message': 'Dec  6 16:57:26 hqnl0246134 sshd[235418]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.30.163.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 16:57:26,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338646.8359435, 'message': 'Dec  6 16:57:26 hqnl0246134 sshd[235418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.163.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 16:57:28,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338648.8369243, 'message': 'Dec  6 16:57:26 hqnl0246134 sshd[235419]: Failed password for root from 189.216.40.170 port 52016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 16:57:28,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338648.8372054, 'message': 'Dec  6 16:57:28 hqnl0246134 sshd[235418]: Failed password for root from 112.30.163.77 port 56684 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
WARNING [2022-12-06 16:57:47,423] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:57:47,425] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:57:58,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338678.8776422, 'message': 'Dec  6 16:57:57 hqnl0246134 sshd[235445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 16:57:58,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338678.878649, 'message': 'Dec  6 16:57:57 hqnl0246134 sshd[235445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 16:58:00,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338680.8780556, 'message': 'Dec  6 16:57:58 hqnl0246134 sshd[235445]: Failed password for root from 61.177.172.114 port 16818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 16:58:00,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338680.878296, 'message': 'Dec  6 16:57:59 hqnl0246134 sshd[235448]: Invalid user test from 103.155.86.96 port 60524', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 16:58:00,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338680.8787756, 'message': 'Dec  6 16:57:59 hqnl0246134 sshd[235445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 16:58:00,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338680.8784952, 'message': 'Dec  6 16:57:59 hqnl0246134 sshd[235448]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.155.86.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 16:58:00,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338680.8786244, 'message': 'Dec  6 16:57:59 hqnl0246134 sshd[235448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.86.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 16:58:02,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338682.8810701, 'message': 'Dec  6 16:58:01 hqnl0246134 sshd[235448]: Failed password for invalid user test from 103.155.86.96 port 60524 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-06 16:58:02,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338682.8812528, 'message': 'Dec  6 16:58:01 hqnl0246134 sshd[235445]: Failed password for root from 61.177.172.114 port 16818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-06 16:58:02,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338682.8816843, 'message': 'Dec  6 16:58:02 hqnl0246134 sshd[235454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 16:58:02,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338682.8814332, 'message': 'Dec  6 16:58:01 hqnl0246134 sshd[235448]: Disconnected from invalid user test 103.155.86.96 port 60524 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 16:58:02,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338682.8815653, 'message': 'Dec  6 16:58:01 hqnl0246134 sshd[235445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 16:58:02,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338682.8818014, 'message': 'Dec  6 16:58:02 hqnl0246134 sshd[235454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 16:58:04,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338684.8881392, 'message': 'Dec  6 16:58:04 hqnl0246134 sshd[235445]: Failed password for root from 61.177.172.114 port 16818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 16:58:04,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338684.8884952, 'message': 'Dec  6 16:58:04 hqnl0246134 sshd[235454]: Failed password for root from 61.177.173.18 port 10004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-06 16:58:06,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338686.889795, 'message': 'Dec  6 16:58:05 hqnl0246134 sshd[235468]: Invalid user appadmin from 138.2.152.212 port 46094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 16:58:06,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338686.8910308, 'message': 'Dec  6 16:58:06 hqnl0246134 sshd[235454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 16:58:06,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338686.8907516, 'message': 'Dec  6 16:58:05 hqnl0246134 sshd[235468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.2.152.212 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 16:58:06,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338686.8908854, 'message': 'Dec  6 16:58:05 hqnl0246134 sshd[235468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.152.212 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 16:58:08,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338688.8965137, 'message': 'Dec  6 16:58:07 hqnl0246134 sshd[235468]: Failed password for invalid user appadmin from 138.2.152.212 port 46094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:58:08,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338688.8967834, 'message': 'Dec  6 16:58:08 hqnl0246134 sshd[235468]: Disconnected from invalid user appadmin 138.2.152.212 port 46094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 16:58:09,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:58:09,044] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-06 16:58:10,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338690.8992152, 'message': 'Dec  6 16:58:09 hqnl0246134 sshd[235454]: Failed password for root from 61.177.173.18 port 10004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 16:58:10,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338690.8994212, 'message': 'Dec  6 16:58:09 hqnl0246134 sshd[235471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 16:58:10,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338690.8995893, 'message': 'Dec  6 16:58:09 hqnl0246134 sshd[235471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 16:58:12,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338692.9025922, 'message': 'Dec  6 16:58:11 hqnl0246134 sshd[235471]: Failed password for root from 61.177.172.114 port 40495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0714 seconds
INFO    [2022-12-06 16:58:12,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338692.903307, 'message': 'Dec  6 16:58:11 hqnl0246134 sshd[235454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0711 seconds
INFO    [2022-12-06 16:58:13,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338692.9036207, 'message': 'Dec  6 16:58:12 hqnl0246134 sshd[235471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:58:13,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338692.9039528, 'message': 'Dec  6 16:58:12 hqnl0246134 sshd[235454]: Failed password for root from 61.177.173.18 port 10004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 16:58:14,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338694.9075794, 'message': 'Dec  6 16:58:13 hqnl0246134 sshd[235471]: Failed password for root from 61.177.172.114 port 40495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:58:14,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338694.907801, 'message': 'Dec  6 16:58:14 hqnl0246134 sshd[235471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 16:58:16,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338696.9104397, 'message': 'Dec  6 16:58:16 hqnl0246134 sshd[235471]: Failed password for root from 61.177.172.114 port 40495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 16:58:18,414] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:58:18,414] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:58:18,422] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:58:18,433] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 16:58:18,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338698.9121358, 'message': 'Dec  6 16:58:18 hqnl0246134 sshd[235488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 16:58:18,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338698.912463, 'message': 'Dec  6 16:58:18 hqnl0246134 sshd[235488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 16:58:21,242] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:58:21,242] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:58:21,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:58:21,267] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 16:58:22,796] defence360agent.files: Updating all files
INFO    [2022-12-06 16:58:22,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338702.9162176, 'message': 'Dec  6 16:58:20 hqnl0246134 sshd[235488]: Failed password for root from 61.177.172.114 port 64910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 16:58:23,132] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:23,132] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 16:58:23,486] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:23,486] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 16:58:23,807] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:23,808] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 16:58:24,098] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:24,099] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 16:58:24,099] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 16:58:24,412] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 14:58:24 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E3C33A9353FB6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 16:58:24,414] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 16:58:24,415] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 16:58:24,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338704.9206512, 'message': 'Dec  6 16:58:23 hqnl0246134 sshd[235488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:58:24,945] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:24,945] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 16:58:24,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338704.9208393, 'message': 'Dec  6 16:58:24 hqnl0246134 sshd[235488]: Failed password for root from 61.177.172.114 port 64910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 16:58:25,266] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:25,266] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 16:58:25,593] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:25,594] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 16:58:26,066] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:26,066] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 16:58:26,528] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 16:58:26,529] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 16:58:26,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338706.921747, 'message': 'Dec  6 16:58:25 hqnl0246134 sshd[235488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 16:58:28,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338708.9244218, 'message': 'Dec  6 16:58:27 hqnl0246134 sshd[235488]: Failed password for root from 61.177.172.114 port 64910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 16:58:32,292] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:58:32,292] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:58:32,303] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:58:32,316] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 16:58:32,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338712.9294286, 'message': 'Dec  6 16:58:32 hqnl0246134 sshd[235500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 16:58:32,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338712.9297035, 'message': 'Dec  6 16:58:32 hqnl0246134 sshd[235500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 16:58:36,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338716.9331224, 'message': 'Dec  6 16:58:35 hqnl0246134 sshd[235500]: Failed password for root from 61.177.172.114 port 59810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 16:58:36,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338716.9334922, 'message': 'Dec  6 16:58:35 hqnl0246134 sshd[235505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.68.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 16:58:36,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338716.9336724, 'message': 'Dec  6 16:58:35 hqnl0246134 sshd[235505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.68.95  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 16:58:38,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338718.934198, 'message': 'Dec  6 16:58:37 hqnl0246134 sshd[235500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-06 16:58:38,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338718.9344869, 'message': 'Dec  6 16:58:37 hqnl0246134 sshd[235505]: Failed password for root from 165.227.68.95 port 32974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-06 16:58:38,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338718.9347286, 'message': 'Dec  6 16:58:37 hqnl0246134 sshd[235508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.86.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 16:58:39,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338718.9349194, 'message': 'Dec  6 16:58:37 hqnl0246134 sshd[235508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.86.95  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:58:40,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338720.9389522, 'message': 'Dec  6 16:58:39 hqnl0246134 sshd[235500]: Failed password for root from 61.177.172.114 port 59810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 16:58:40,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338720.9393108, 'message': 'Dec  6 16:58:39 hqnl0246134 sshd[235508]: Failed password for root from 51.250.86.95 port 40394 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 16:58:42,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338722.9421344, 'message': 'Dec  6 16:58:41 hqnl0246134 sshd[235500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 16:58:44,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670338724.9423335, 'message': 'Dec  6 16:58:43 hqnl0246134 sshd[235500]: Failed password for root from 61.177.172.114 port 59810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 16:58:47,430] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:58:47,431] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:58:56,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338736.955631, 'message': 'Dec  6 16:58:56 hqnl0246134 sshd[235523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 16:58:57,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338736.9562275, 'message': 'Dec  6 16:58:56 hqnl0246134 sshd[235523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:58:58,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338738.9563348, 'message': 'Dec  6 16:58:58 hqnl0246134 sshd[235523]: Failed password for root from 61.177.173.18 port 58717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 16:59:00,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338740.9578123, 'message': 'Dec  6 16:59:00 hqnl0246134 sshd[235523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:59:02,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338742.960527, 'message': 'Dec  6 16:59:02 hqnl0246134 sshd[235523]: Failed password for root from 61.177.173.18 port 58717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 16:59:04,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338744.9631522, 'message': 'Dec  6 16:59:04 hqnl0246134 sshd[235523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 16:59:06,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338746.9659545, 'message': 'Dec  6 16:59:06 hqnl0246134 sshd[235523]: Failed password for root from 61.177.173.18 port 58717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-06 16:59:09,020] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:59:09,046] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-06 16:59:17,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670338756.9767275, 'message': 'Dec  6 16:59:16 hqnl0246134 sshd[235550]: Invalid user go from 13.70.39.68 port 45014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 16:59:18,098] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:59:18,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:59:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:59:18,121] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 16:59:19,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.70.39.68', 'timestamp': 1670338758.9780896, 'message': 'Dec  6 16:59:17 hqnl0246134 sshd[235550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.70.39.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0720 seconds
INFO    [2022-12-06 16:59:19,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338758.9785337, 'message': 'Dec  6 16:59:18 hqnl0246134 sshd[235556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.243.248.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0721 seconds
INFO    [2022-12-06 16:59:19,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.70.39.68', 'timestamp': 1670338758.9783442, 'message': 'Dec  6 16:59:17 hqnl0246134 sshd[235550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.39.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:59:19,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338758.9786487, 'message': 'Dec  6 16:59:18 hqnl0246134 sshd[235556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 16:59:19,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670338758.9787574, 'message': 'Dec  6 16:59:18 hqnl0246134 sshd[235550]: Failed password for invalid user go from 13.70.39.68 port 45014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 16:59:21,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670338760.980067, 'message': 'Dec  6 16:59:20 hqnl0246134 sshd[235550]: Disconnected from invalid user go 13.70.39.68 port 45014 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-06 16:59:21,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338760.9812617, 'message': 'Dec  6 16:59:20 hqnl0246134 sshd[235556]: Failed password for root from 187.243.248.114 port 41202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 16:59:21,149] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:59:21,149] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:59:21,156] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:59:21,170] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 16:59:23,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338762.9833274, 'message': 'Dec  6 16:59:22 hqnl0246134 sshd[235563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.226.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1423 seconds
INFO    [2022-12-06 16:59:23,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338762.9843688, 'message': 'Dec  6 16:59:22 hqnl0246134 sshd[235563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.226.2  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 16:59:25,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338764.9847565, 'message': 'Dec  6 16:59:24 hqnl0246134 sshd[235563]: Failed password for root from 178.128.226.2 port 57495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:59:33,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338772.9898136, 'message': 'Dec  6 16:59:31 hqnl0246134 sshd[235568]: Invalid user andrei from 49.51.24.192 port 57926', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 16:59:33,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338772.9904015, 'message': 'Dec  6 16:59:31 hqnl0246134 sshd[235568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.24.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 16:59:33,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338772.9905598, 'message': 'Dec  6 16:59:31 hqnl0246134 sshd[235568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.24.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 16:59:35,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338774.9902132, 'message': 'Dec  6 16:59:33 hqnl0246134 sshd[235568]: Failed password for invalid user andrei from 49.51.24.192 port 57926 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 16:59:37,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338776.9909856, 'message': 'Dec  6 16:59:35 hqnl0246134 sshd[235568]: Disconnected from invalid user andrei 49.51.24.192 port 57926 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0770 seconds
INFO    [2022-12-06 16:59:37,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338776.9913836, 'message': 'Dec  6 16:59:36 hqnl0246134 sshd[235570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0769 seconds
INFO    [2022-12-06 16:59:37,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338776.9916267, 'message': 'Dec  6 16:59:36 hqnl0246134 sshd[235570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 16:59:38,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 16:59:38,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 16:59:38,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 16:59:38,325] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 16:59:39,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338778.9914768, 'message': 'Dec  6 16:59:38 hqnl0246134 sshd[235570]: Failed password for root from 61.177.173.50 port 44949 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 16:59:41,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338780.9944632, 'message': 'Dec  6 16:59:40 hqnl0246134 sshd[235570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 16:59:43,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338782.9965174, 'message': 'Dec  6 16:59:41 hqnl0246134 sshd[235570]: Failed password for root from 61.177.173.50 port 44949 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 16:59:43,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338782.9968588, 'message': 'Dec  6 16:59:42 hqnl0246134 sshd[235586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.130.203 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 16:59:43,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338782.9971867, 'message': 'Dec  6 16:59:42 hqnl0246134 sshd[235570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 16:59:43,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338782.9970667, 'message': 'Dec  6 16:59:42 hqnl0246134 sshd[235586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.130.203  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 16:59:45,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338784.999208, 'message': 'Dec  6 16:59:43 hqnl0246134 sshd[235586]: Failed password for root from 51.15.130.203 port 34918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 16:59:45,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338784.9995174, 'message': 'Dec  6 16:59:44 hqnl0246134 sshd[235570]: Failed password for root from 61.177.173.50 port 44949 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 16:59:47,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338787.0008273, 'message': 'Dec  6 16:59:45 hqnl0246134 sshd[235589]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 16:59:47,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338787.0012252, 'message': 'Dec  6 16:59:45 hqnl0246134 sshd[235589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 16:59:47,434] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 16:59:47,435] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 16:59:49,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338789.0031917, 'message': 'Dec  6 16:59:47 hqnl0246134 sshd[235589]: Failed password for root from 61.177.173.18 port 36571 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-06 16:59:49,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338789.0034103, 'message': 'Dec  6 16:59:47 hqnl0246134 sshd[235591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 16:59:49,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338789.003562, 'message': 'Dec  6 16:59:47 hqnl0246134 sshd[235591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 16:59:51,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338791.005377, 'message': 'Dec  6 16:59:49 hqnl0246134 sshd[235589]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 16:59:51,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338791.005592, 'message': 'Dec  6 16:59:49 hqnl0246134 sshd[235591]: Failed password for root from 61.177.173.50 port 25113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 16:59:51,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670338791.0063186, 'message': 'Dec  6 16:59:49 hqnl0246134 sshd[235594]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 16:59:51,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338791.0065389, 'message': 'Dec  6 16:59:49 hqnl0246134 sshd[235591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 16:59:51,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670338791.0064363, 'message': 'Dec  6 16:59:49 hqnl0246134 sshd[235594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 16:59:53,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338793.0061383, 'message': 'Dec  6 16:59:51 hqnl0246134 sshd[235589]: Failed password for root from 61.177.173.18 port 36571 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 16:59:53,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.80.61', 'timestamp': 1670338793.0063727, 'message': 'Dec  6 16:59:52 hqnl0246134 sshd[235594]: Failed password for root from 139.59.80.61 port 54850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 16:59:53,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338793.0065646, 'message': 'Dec  6 16:59:52 hqnl0246134 sshd[235591]: Failed password for root from 61.177.173.50 port 25113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 16:59:55,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338795.0073378, 'message': 'Dec  6 16:59:53 hqnl0246134 sshd[235589]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 16:59:55,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338795.0075364, 'message': 'Dec  6 16:59:54 hqnl0246134 sshd[235591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 16:59:57,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338797.0179455, 'message': 'Dec  6 16:59:55 hqnl0246134 sshd[235589]: Failed password for root from 61.177.173.18 port 36571 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 16:59:57,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670338797.0183496, 'message': 'Dec  6 16:59:56 hqnl0246134 sshd[235591]: Failed password for root from 61.177.173.50 port 25113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 17:00:02,952] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:00:03,036] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:00:03,037] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:00:03,037] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:00:03,037] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:00:03,049] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:00:03,089] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:00:03,129] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0787 seconds
WARNING [2022-12-06 17:00:03,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:00:03,155] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:00:03,206] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0931 seconds
INFO    [2022-12-06 17:00:03,208] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0910 seconds
INFO    [2022-12-06 17:00:05,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338805.0209916, 'message': 'Dec  6 17:00:03 hqnl0246134 sshd[235648]: Invalid user sysadmin from 185.216.116.113 port 46530', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:00:05,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338805.0211878, 'message': 'Dec  6 17:00:03 hqnl0246134 sshd[235648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.216.116.113 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 17:00:05,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338805.021304, 'message': 'Dec  6 17:00:03 hqnl0246134 sshd[235648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.116.113 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:00:05,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338805.0214107, 'message': 'Dec  6 17:00:04 hqnl0246134 sshd[235648]: Failed password for invalid user sysadmin from 185.216.116.113 port 46530 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 17:00:07,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338807.023836, 'message': 'Dec  6 17:00:05 hqnl0246134 sshd[235648]: Disconnected from invalid user sysadmin 185.216.116.113 port 46530 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 17:00:07,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338807.0241566, 'message': 'Dec  6 17:00:06 hqnl0246134 sshd[235656]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.152.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 17:00:07,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338807.0246024, 'message': 'Dec  6 17:00:06 hqnl0246134 sshd[235656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.152.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
WARNING [2022-12-06 17:00:09,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:00:09,081] defence360agent.internals.the_sink: SensorIncidentList(<30 item(s)>) processed in 0.0662 seconds
INFO    [2022-12-06 17:00:09,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.152.105', 'timestamp': 1670338809.025484, 'message': 'Dec  6 17:00:08 hqnl0246134 sshd[235656]: Failed password for root from 128.199.152.105 port 38466 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0597 seconds
INFO    [2022-12-06 17:00:13,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.106.117', 'timestamp': 1670338813.0309517, 'message': 'Dec  6 17:00:11 hqnl0246134 sshd[235663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.106.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 17:00:13,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.106.117', 'timestamp': 1670338813.0313125, 'message': 'Dec  6 17:00:11 hqnl0246134 sshd[235663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.106.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 17:00:15,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.122.106.117', 'timestamp': 1670338815.032982, 'message': 'Dec  6 17:00:13 hqnl0246134 sshd[235663]: Failed password for root from 134.122.106.117 port 57546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:00:17,993] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:00:17,993] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:00:18,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:00:18,014] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 17:00:20,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:00:20,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:00:20,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:00:20,825] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 17:00:25,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338825.0396316, 'message': 'Dec  6 17:00:25 hqnl0246134 sshd[235691]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.216.40.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:00:25,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338825.0398462, 'message': 'Dec  6 17:00:25 hqnl0246134 sshd[235691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.216.40.170  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:00:29,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.216.40.170', 'timestamp': 1670338829.0403094, 'message': 'Dec  6 17:00:27 hqnl0246134 sshd[235691]: Failed password for root from 189.216.40.170 port 40562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:00:34,974] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:00:34,975] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:00:34,977] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 17:00:39,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338839.048608, 'message': 'Dec  6 17:00:37 hqnl0246134 sshd[235704]: Invalid user oracle from 123.31.17.98 port 41898', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 17:00:39,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338839.049379, 'message': 'Dec  6 17:00:38 hqnl0246134 sshd[235706]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 17:00:39,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338839.0489802, 'message': 'Dec  6 17:00:37 hqnl0246134 sshd[235704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.31.17.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 17:00:39,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338839.0495977, 'message': 'Dec  6 17:00:38 hqnl0246134 sshd[235706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:00:39,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338839.0492005, 'message': 'Dec  6 17:00:37 hqnl0246134 sshd[235704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.17.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 17:00:41,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338841.0496697, 'message': 'Dec  6 17:00:39 hqnl0246134 sshd[235704]: Failed password for invalid user oracle from 123.31.17.98 port 41898 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 17:00:41,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338841.049966, 'message': 'Dec  6 17:00:40 hqnl0246134 sshd[235706]: Failed password for root from 61.177.173.18 port 29467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 17:00:41,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338841.0501142, 'message': 'Dec  6 17:00:40 hqnl0246134 sshd[235706]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:00:43,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670338843.0535066, 'message': 'Dec  6 17:00:41 hqnl0246134 sshd[235704]: Disconnected from invalid user oracle 123.31.17.98 port 41898 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 17:00:43,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338843.0539129, 'message': 'Dec  6 17:00:42 hqnl0246134 sshd[235706]: Failed password for root from 61.177.173.18 port 29467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 17:00:43,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338843.0540473, 'message': 'Dec  6 17:00:43 hqnl0246134 sshd[235706]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:00:47,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338847.0578885, 'message': 'Dec  6 17:00:45 hqnl0246134 sshd[235706]: Failed password for root from 61.177.173.18 port 29467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 17:00:47,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338847.0581741, 'message': 'Dec  6 17:00:46 hqnl0246134 sshd[235719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.2.152.212 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 17:00:47,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338847.058333, 'message': 'Dec  6 17:00:46 hqnl0246134 sshd[235719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.152.212  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-06 17:00:47,438] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:00:47,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:00:49,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.2.152.212', 'timestamp': 1670338849.0578837, 'message': 'Dec  6 17:00:48 hqnl0246134 sshd[235719]: Failed password for root from 138.2.152.212 port 34716 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:00:51,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:00:51,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:00:51,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:00:51,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 17:00:53,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338853.0664032, 'message': 'Dec  6 17:00:52 hqnl0246134 sshd[235728]: Invalid user cubrid from 103.155.86.96 port 49538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:00:53,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338853.0668633, 'message': 'Dec  6 17:00:52 hqnl0246134 sshd[235728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.155.86.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:00:53,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338853.0669708, 'message': 'Dec  6 17:00:52 hqnl0246134 sshd[235728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.86.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:00:55,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338855.0702133, 'message': 'Dec  6 17:00:54 hqnl0246134 sshd[235732]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.30.163.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 17:00:55,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338855.0706007, 'message': 'Dec  6 17:00:54 hqnl0246134 sshd[235728]: Failed password for invalid user cubrid from 103.155.86.96 port 49538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 17:00:55,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338855.070424, 'message': 'Dec  6 17:00:54 hqnl0246134 sshd[235732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.163.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 17:00:57,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670338857.072802, 'message': 'Dec  6 17:00:55 hqnl0246134 sshd[235728]: Disconnected from invalid user cubrid 103.155.86.96 port 49538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:00:57,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.30.163.77', 'timestamp': 1670338857.0730467, 'message': 'Dec  6 17:00:56 hqnl0246134 sshd[235732]: Failed password for root from 112.30.163.77 port 53762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:01:07,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338867.0900981, 'message': 'Dec  6 17:01:06 hqnl0246134 sshd[235744]: Invalid user dave from 165.227.68.95 port 43634', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 17:01:07,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338867.0903418, 'message': 'Dec  6 17:01:06 hqnl0246134 sshd[235744]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.68.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:01:07,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338867.090505, 'message': 'Dec  6 17:01:06 hqnl0246134 sshd[235744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.68.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 17:01:09,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:01:09,073] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0521 seconds
INFO    [2022-12-06 17:01:09,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338869.093022, 'message': 'Dec  6 17:01:07 hqnl0246134 sshd[235744]: Failed password for invalid user dave from 165.227.68.95 port 43634 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:01:09,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.68.95', 'timestamp': 1670338869.0931933, 'message': 'Dec  6 17:01:08 hqnl0246134 sshd[235744]: Disconnected from invalid user dave 165.227.68.95 port 43634 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:01:11,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338871.096423, 'message': 'Dec  6 17:01:10 hqnl0246134 sshd[235747]: Invalid user test from 43.153.60.127 port 60162', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 17:01:13,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338873.1007063, 'message': 'Dec  6 17:01:11 hqnl0246134 sshd[235747]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.60.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 17:01:13,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338873.1010754, 'message': 'Dec  6 17:01:11 hqnl0246134 sshd[235747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.60.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 17:01:15,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338875.1022758, 'message': 'Dec  6 17:01:13 hqnl0246134 sshd[235747]: Failed password for invalid user test from 43.153.60.127 port 60162 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 17:01:17,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670338877.10452, 'message': 'Dec  6 17:01:15 hqnl0246134 sshd[235747]: Disconnected from invalid user test 43.153.60.127 port 60162 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:01:18,082] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:01:18,083] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:01:18,090] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:01:18,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 17:01:20,829] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:01:20,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:01:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:01:20,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 17:01:27,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338887.118695, 'message': 'Dec  6 17:01:25 hqnl0246134 sshd[235768]: Invalid user xm from 51.250.86.95 port 57036', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:01:27,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338887.1189954, 'message': 'Dec  6 17:01:25 hqnl0246134 sshd[235768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.86.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 17:01:27,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338887.1191216, 'message': 'Dec  6 17:01:25 hqnl0246134 sshd[235768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.86.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:01:29,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338889.129289, 'message': 'Dec  6 17:01:28 hqnl0246134 sshd[235768]: Failed password for invalid user xm from 51.250.86.95 port 57036 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 17:01:29,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338889.1305757, 'message': 'Dec  6 17:01:28 hqnl0246134 sshd[235770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 17:01:29,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670338889.1296122, 'message': 'Dec  6 17:01:28 hqnl0246134 sshd[235768]: Disconnected from invalid user xm 51.250.86.95 port 57036 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 17:01:29,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338889.130688, 'message': 'Dec  6 17:01:28 hqnl0246134 sshd[235770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 17:01:31,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338891.1330857, 'message': 'Dec  6 17:01:30 hqnl0246134 sshd[235770]: Failed password for root from 61.177.173.18 port 60648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:01:33,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338893.1395679, 'message': 'Dec  6 17:01:32 hqnl0246134 sshd[235770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 17:01:35,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338895.1438527, 'message': 'Dec  6 17:01:33 hqnl0246134 sshd[235776]: Invalid user maria from 192.99.59.56 port 36238', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 17:01:35,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670338895.1449306, 'message': 'Dec  6 17:01:34 hqnl0246134 sshd[235778]: Invalid user lzh from 201.236.186.32 port 55780', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-06 17:01:35,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338895.1451452, 'message': 'Dec  6 17:01:34 hqnl0246134 sshd[235770]: Failed password for root from 61.177.173.18 port 60648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 17:01:35,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338895.144379, 'message': 'Dec  6 17:01:33 hqnl0246134 sshd[235776]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.99.59.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 17:01:35,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.236.186.32', 'timestamp': 1670338895.1453505, 'message': 'Dec  6 17:01:34 hqnl0246134 sshd[235778]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.236.186.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 17:01:35,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338895.1447434, 'message': 'Dec  6 17:01:33 hqnl0246134 sshd[235776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.59.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 17:01:35,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.236.186.32', 'timestamp': 1670338895.1455476, 'message': 'Dec  6 17:01:34 hqnl0246134 sshd[235778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 17:01:35,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338895.1457357, 'message': 'Dec  6 17:01:35 hqnl0246134 sshd[235776]: Failed password for invalid user maria from 192.99.59.56 port 36238 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:01:37,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670338897.146145, 'message': 'Dec  6 17:01:36 hqnl0246134 sshd[235778]: Failed password for invalid user lzh from 201.236.186.32 port 55780 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-06 17:01:37,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.99.59.56', 'timestamp': 1670338897.146483, 'message': 'Dec  6 17:01:36 hqnl0246134 sshd[235776]: Disconnected from invalid user maria 192.99.59.56 port 36238 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-06 17:01:37,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338897.1466143, 'message': 'Dec  6 17:01:37 hqnl0246134 sshd[235770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0501 seconds
INFO    [2022-12-06 17:01:39,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670338899.1496587, 'message': 'Dec  6 17:01:37 hqnl0246134 sshd[235778]: Disconnected from invalid user lzh 201.236.186.32 port 55780 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 17:01:41,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338901.1505141, 'message': 'Dec  6 17:01:39 hqnl0246134 sshd[235770]: Failed password for root from 61.177.173.18 port 60648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 17:01:47,441] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:01:47,443] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:01:53,352] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 17:01:55,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338915.1688666, 'message': 'Dec  6 17:01:53 hqnl0246134 sshd[235793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.226.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 17:01:55,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338915.1694028, 'message': 'Dec  6 17:01:53 hqnl0246134 sshd[235793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.226.2  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:01:57,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.226.2', 'timestamp': 1670338917.171684, 'message': 'Dec  6 17:01:55 hqnl0246134 sshd[235793]: Failed password for root from 178.128.226.2 port 47218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 17:02:00,433] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:02:00,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:02:00,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:02:00,452] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-06 17:02:09,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:02:09,615] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.5917 seconds
INFO    [2022-12-06 17:02:13,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338933.2012298, 'message': 'Dec  6 17:02:12 hqnl0246134 sshd[235816]: Invalid user web from 187.243.248.114 port 47748', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 17:02:13,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338933.2016232, 'message': 'Dec  6 17:02:12 hqnl0246134 sshd[235816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.243.248.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 17:02:13,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338933.2017899, 'message': 'Dec  6 17:02:12 hqnl0246134 sshd[235816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:02:15,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338935.2015152, 'message': 'Dec  6 17:02:14 hqnl0246134 sshd[235816]: Failed password for invalid user web from 187.243.248.114 port 47748 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:02:17,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.243.248.114', 'timestamp': 1670338937.205031, 'message': 'Dec  6 17:02:16 hqnl0246134 sshd[235816]: Disconnected from invalid user web 187.243.248.114 port 47748 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 17:02:18,086] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:02:18,087] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:02:18,097] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:02:18,111] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 17:02:20,756] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:02:20,756] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:02:20,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:02:20,775] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:02:21,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338941.2077165, 'message': 'Dec  6 17:02:20 hqnl0246134 sshd[235834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:02:21,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338941.2079067, 'message': 'Dec  6 17:02:20 hqnl0246134 sshd[235834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:02:23,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338943.2100532, 'message': 'Dec  6 17:02:22 hqnl0246134 sshd[235834]: Failed password for root from 61.177.173.18 port 43596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 17:02:23,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338943.212978, 'message': 'Dec  6 17:02:23 hqnl0246134 sshd[235834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 17:02:27,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338947.2158678, 'message': 'Dec  6 17:02:25 hqnl0246134 sshd[235834]: Failed password for root from 61.177.173.18 port 43596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 17:02:27,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338947.2161298, 'message': 'Dec  6 17:02:26 hqnl0246134 sshd[235841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.130.203 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:02:27,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338947.2163343, 'message': 'Dec  6 17:02:26 hqnl0246134 sshd[235841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.130.203  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:02:29,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338949.2177744, 'message': 'Dec  6 17:02:27 hqnl0246134 sshd[235834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 17:02:29,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.15.130.203', 'timestamp': 1670338949.2181542, 'message': 'Dec  6 17:02:28 hqnl0246134 sshd[235841]: Failed password for root from 51.15.130.203 port 52834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 17:02:31,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338951.21908, 'message': 'Dec  6 17:02:29 hqnl0246134 sshd[235834]: Failed password for root from 61.177.173.18 port 43596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 17:02:47,445] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:02:47,447] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:02:55,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338975.251086, 'message': 'Dec  6 17:02:54 hqnl0246134 sshd[235857]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.216.116.113 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 17:02:55,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338975.251838, 'message': 'Dec  6 17:02:54 hqnl0246134 sshd[235857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.116.113  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:02:57,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.216.116.113', 'timestamp': 1670338977.2527366, 'message': 'Dec  6 17:02:56 hqnl0246134 sshd[235857]: Failed password for root from 185.216.116.113 port 58722 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 17:03:09,036] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:03:09,066] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-06 17:03:13,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338993.2739906, 'message': 'Dec  6 17:03:12 hqnl0246134 sshd[235871]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 17:03:13,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338993.2743707, 'message': 'Dec  6 17:03:12 hqnl0246134 sshd[235871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:03:17,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338997.2767196, 'message': 'Dec  6 17:03:15 hqnl0246134 sshd[235871]: Failed password for root from 61.177.173.18 port 34156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 17:03:17,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338997.2770522, 'message': 'Dec  6 17:03:17 hqnl0246134 sshd[235871]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 17:03:18,330] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:03:18,331] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:03:18,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:03:18,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 17:03:19,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338999.2821808, 'message': 'Dec  6 17:03:17 hqnl0246134 sshd[235883]: Invalid user svnuser from 49.51.24.192 port 47654', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0560 seconds
INFO    [2022-12-06 17:03:19,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670338999.2854211, 'message': 'Dec  6 17:03:18 hqnl0246134 sshd[235871]: Failed password for root from 61.177.173.18 port 34156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 17:03:19,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338999.2827313, 'message': 'Dec  6 17:03:17 hqnl0246134 sshd[235883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.24.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:03:19,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.24.192', 'timestamp': 1670338999.285157, 'message': 'Dec  6 17:03:17 hqnl0246134 sshd[235883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.24.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 17:03:21,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:03:21,054] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:03:21,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:03:21,072] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 17:03:21,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339001.2832348, 'message': 'Dec  6 17:03:19 hqnl0246134 sshd[235871]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 17:03:21,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670339001.2835162, 'message': 'Dec  6 17:03:19 hqnl0246134 sshd[235883]: Failed password for invalid user svnuser from 49.51.24.192 port 47654 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 17:03:21,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339001.2836838, 'message': 'Dec  6 17:03:20 hqnl0246134 sshd[235871]: Failed password for root from 61.177.173.18 port 34156 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 17:03:21,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670339001.283819, 'message': 'Dec  6 17:03:21 hqnl0246134 sshd[235883]: Disconnected from invalid user svnuser 49.51.24.192 port 47654 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 17:03:23,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339003.2849083, 'message': 'Dec  6 17:03:22 hqnl0246134 sshd[235894]: Invalid user student from 128.199.152.105 port 53602', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 17:03:23,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339003.285253, 'message': 'Dec  6 17:03:22 hqnl0246134 sshd[235894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.152.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:03:23,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339003.285374, 'message': 'Dec  6 17:03:22 hqnl0246134 sshd[235894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.152.105 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:03:23,719] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:03:23,719] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:03:23,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:03:23,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:03:25,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339005.2862048, 'message': 'Dec  6 17:03:24 hqnl0246134 sshd[235894]: Failed password for invalid user student from 128.199.152.105 port 53602 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:03:25,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339005.2888513, 'message': 'Dec  6 17:03:24 hqnl0246134 sshd[235894]: Disconnected from invalid user student 128.199.152.105 port 53602 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:03:27,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670339007.2867115, 'message': 'Dec  6 17:03:26 hqnl0246134 sshd[235923]: Invalid user mcserver from 138.2.152.212 port 34210', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 17:03:27,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.2.152.212', 'timestamp': 1670339007.286992, 'message': 'Dec  6 17:03:26 hqnl0246134 sshd[235923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.2.152.212 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:03:27,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.2.152.212', 'timestamp': 1670339007.2871315, 'message': 'Dec  6 17:03:26 hqnl0246134 sshd[235923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.152.212 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:03:29,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670339009.289841, 'message': 'Dec  6 17:03:28 hqnl0246134 sshd[235923]: Failed password for invalid user mcserver from 138.2.152.212 port 34210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 17:03:31,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670339011.2901537, 'message': 'Dec  6 17:03:30 hqnl0246134 sshd[235925]: Invalid user ftptest from 189.216.40.170 port 57326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 17:03:31,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.2.152.212', 'timestamp': 1670339011.2905936, 'message': 'Dec  6 17:03:30 hqnl0246134 sshd[235923]: Disconnected from invalid user mcserver 138.2.152.212 port 34210 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 17:03:31,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.216.40.170', 'timestamp': 1670339011.2903266, 'message': 'Dec  6 17:03:30 hqnl0246134 sshd[235925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.216.40.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:03:31,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.216.40.170', 'timestamp': 1670339011.290438, 'message': 'Dec  6 17:03:30 hqnl0246134 sshd[235925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.216.40.170 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:03:33,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670339013.2927825, 'message': 'Dec  6 17:03:31 hqnl0246134 sshd[235925]: Failed password for invalid user ftptest from 189.216.40.170 port 57326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:03:35,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.216.40.170', 'timestamp': 1670339015.2947543, 'message': 'Dec  6 17:03:33 hqnl0246134 sshd[235925]: Disconnected from invalid user ftptest 189.216.40.170 port 57326 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-06 17:03:35,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339015.2950637, 'message': 'Dec  6 17:03:35 hqnl0246134 sshd[235928]: Invalid user yan from 101.226.253.162 port 35347', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-06 17:03:37,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339017.2955458, 'message': 'Dec  6 17:03:35 hqnl0246134 sshd[235928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:03:39,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339019.2977362, 'message': 'Dec  6 17:03:37 hqnl0246134 sshd[235928]: Failed password for invalid user yan from 101.226.253.162 port 35347 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:03:41,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339021.3002138, 'message': 'Dec  6 17:03:40 hqnl0246134 sshd[235928]: Disconnected from invalid user yan 101.226.253.162 port 35347 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 17:03:41,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339021.3003857, 'message': 'Dec  6 17:03:41 hqnl0246134 sshd[235933]: Invalid user alfresco from 134.122.106.117 port 57806', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 17:03:41,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339021.3005736, 'message': 'Dec  6 17:03:41 hqnl0246134 sshd[235933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.106.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:03:41,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339021.3006794, 'message': 'Dec  6 17:03:41 hqnl0246134 sshd[235933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.106.117 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:03:43,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339023.302083, 'message': 'Dec  6 17:03:42 hqnl0246134 sshd[235933]: Failed password for invalid user alfresco from 134.122.106.117 port 57806 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 17:03:43,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339023.3024247, 'message': 'Dec  6 17:03:42 hqnl0246134 sshd[235933]: Disconnected from invalid user alfresco 134.122.106.117 port 57806 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 17:03:47,451] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:03:47,453] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:03:49,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670339029.3089998, 'message': 'Dec  6 17:03:48 hqnl0246134 sshd[235945]: Invalid user adminuser from 103.155.86.96 port 38550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 17:03:49,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339029.3094606, 'message': 'Dec  6 17:03:48 hqnl0246134 sshd[235947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 17:03:49,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.155.86.96', 'timestamp': 1670339029.3092387, 'message': 'Dec  6 17:03:48 hqnl0246134 sshd[235945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.155.86.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 17:03:49,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339029.309627, 'message': 'Dec  6 17:03:48 hqnl0246134 sshd[235947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 17:03:49,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.155.86.96', 'timestamp': 1670339029.309354, 'message': 'Dec  6 17:03:48 hqnl0246134 sshd[235945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.86.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:03:51,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670339031.3122747, 'message': 'Dec  6 17:03:50 hqnl0246134 sshd[235945]: Failed password for invalid user adminuser from 103.155.86.96 port 38550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 17:03:51,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339031.3125298, 'message': 'Dec  6 17:03:50 hqnl0246134 sshd[235947]: Failed password for root from 61.177.173.36 port 30507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 17:03:53,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.155.86.96', 'timestamp': 1670339033.3147643, 'message': 'Dec  6 17:03:51 hqnl0246134 sshd[235945]: Disconnected from invalid user adminuser 103.155.86.96 port 38550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 17:03:53,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339033.3170943, 'message': 'Dec  6 17:03:52 hqnl0246134 sshd[235947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 17:03:55,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339035.317133, 'message': 'Dec  6 17:03:54 hqnl0246134 sshd[235947]: Failed password for root from 61.177.173.36 port 30507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:03:55,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339035.3210132, 'message': 'Dec  6 17:03:55 hqnl0246134 sshd[235947]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 17:03:57,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339037.3189318, 'message': 'Dec  6 17:03:56 hqnl0246134 sshd[235950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.60.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 17:03:57,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339037.3192348, 'message': 'Dec  6 17:03:56 hqnl0246134 sshd[235950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.60.127  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:03:59,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339039.3197885, 'message': 'Dec  6 17:03:57 hqnl0246134 sshd[235947]: Failed password for root from 61.177.173.36 port 30507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 17:03:59,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339039.320007, 'message': 'Dec  6 17:03:58 hqnl0246134 sshd[235950]: Failed password for root from 43.153.60.127 port 44422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 17:04:01,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339041.3919406, 'message': 'Dec  6 17:04:01 hqnl0246134 sshd[235953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:04:01,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339041.3921182, 'message': 'Dec  6 17:04:01 hqnl0246134 sshd[235953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:04:03,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339043.3239913, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235953]: Failed password for root from 61.177.173.36 port 23975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 17:04:05,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339045.3263412, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 17:04:05,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339045.3265615, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-06 17:04:05,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339045.32686, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235964]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.70.39.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 17:04:05,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339045.3267312, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0642 seconds
INFO    [2022-12-06 17:04:05,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339045.3271096, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.99.59.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0647 seconds
INFO    [2022-12-06 17:04:05,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339045.3269792, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.39.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0646 seconds
INFO    [2022-12-06 17:04:05,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339045.3273716, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235953]: Failed password for root from 61.177.173.36 port 23975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-06 17:04:05,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339045.3272514, 'message': 'Dec  6 17:04:03 hqnl0246134 sshd[235966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.59.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 17:04:05,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339045.327513, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235962]: Failed password for root from 61.177.173.18 port 19468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 17:04:05,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339045.3276336, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235964]: Failed password for root from 13.70.39.68 port 54574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 17:04:07,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339047.3294313, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235966]: Failed password for root from 192.99.59.56 port 49450 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0647 seconds
INFO    [2022-12-06 17:04:07,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339047.3296802, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-06 17:04:07,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339047.3298318, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0655 seconds
INFO    [2022-12-06 17:04:07,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339047.3299565, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235968]: Invalid user sami from 123.31.17.98 port 57072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0654 seconds
INFO    [2022-12-06 17:04:07,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670339047.3303604, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235971]: Invalid user ali from 178.128.226.2 port 36937', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:04:07,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339047.3300931, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.31.17.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:04:07,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.226.2', 'timestamp': 1670339047.3304634, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.226.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 17:04:07,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339047.3302538, 'message': 'Dec  6 17:04:05 hqnl0246134 sshd[235968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.17.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 17:04:07,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339047.3306875, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235953]: Failed password for root from 61.177.173.36 port 23975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 17:04:07,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.226.2', 'timestamp': 1670339047.3305843, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.226.2 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 17:04:09,051] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:04:09,108] defence360agent.internals.the_sink: SensorIncidentList(<42 item(s)>) processed in 0.0775 seconds
INFO    [2022-12-06 17:04:09,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339049.331261, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235962]: Failed password for root from 61.177.173.18 port 19468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 17:04:09,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339049.3315465, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235968]: Failed password for invalid user sami from 123.31.17.98 port 57072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 17:04:09,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339049.331891, 'message': 'Dec  6 17:04:08 hqnl0246134 sshd[235962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 17:04:09,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339049.3317325, 'message': 'Dec  6 17:04:07 hqnl0246134 sshd[235968]: Disconnected from invalid user sami 123.31.17.98 port 57072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 17:04:11,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670339051.3327708, 'message': 'Dec  6 17:04:09 hqnl0246134 sshd[235971]: Failed password for invalid user ali from 178.128.226.2 port 36937 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 17:04:11,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339051.333232, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235962]: Failed password for root from 61.177.173.18 port 19468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-06 17:04:11,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670339051.3333437, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235978]: Invalid user ken from 51.250.86.95 port 45448', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 17:04:11,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.226.2', 'timestamp': 1670339051.3330696, 'message': 'Dec  6 17:04:09 hqnl0246134 sshd[235971]: Disconnected from invalid user ali 178.128.226.2 port 36937 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 17:04:11,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.86.95', 'timestamp': 1670339051.3340106, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.86.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 17:04:11,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339051.3342214, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235974]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 17:04:11,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.86.95', 'timestamp': 1670339051.3341177, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.86.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 17:04:11,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339051.3344455, 'message': 'Dec  6 17:04:10 hqnl0246134 sshd[235974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 17:04:13,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670339053.3386705, 'message': 'Dec  6 17:04:11 hqnl0246134 sshd[235978]: Failed password for invalid user ken from 51.250.86.95 port 45448 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 17:04:13,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339053.3392189, 'message': 'Dec  6 17:04:12 hqnl0246134 sshd[235974]: Failed password for root from 61.177.173.36 port 45158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 17:04:13,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.86.95', 'timestamp': 1670339053.3390725, 'message': 'Dec  6 17:04:11 hqnl0246134 sshd[235978]: Disconnected from invalid user ken 51.250.86.95 port 45448 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:04:13,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339053.340659, 'message': 'Dec  6 17:04:12 hqnl0246134 sshd[235974]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:04:15,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339055.3418531, 'message': 'Dec  6 17:04:14 hqnl0246134 sshd[235974]: Failed password for root from 61.177.173.36 port 45158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:04:15,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339055.3421338, 'message': 'Dec  6 17:04:15 hqnl0246134 sshd[235974]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:04:17,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339057.3451328, 'message': 'Dec  6 17:04:16 hqnl0246134 sshd[235989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 17:04:17,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670339057.3456564, 'message': 'Dec  6 17:04:16 hqnl0246134 sshd[235974]: Failed password for root from 61.177.173.36 port 45158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 17:04:17,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339057.3454475, 'message': 'Dec  6 17:04:16 hqnl0246134 sshd[235989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 17:04:17,987] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:04:17,988] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:04:17,997] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:04:18,008] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 17:04:19,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339059.3468485, 'message': 'Dec  6 17:04:17 hqnl0246134 sshd[235989]: Failed password for root from 139.59.80.61 port 55744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 17:04:21,047] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:04:21,048] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:04:21,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:04:21,072] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 17:04:23,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339063.354859, 'message': 'Dec  6 17:04:21 hqnl0246134 sshd[235998]: Invalid user sachin from 103.170.55.217 port 1481', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:04:23,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339063.3554537, 'message': 'Dec  6 17:04:21 hqnl0246134 sshd[235998]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.170.55.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:04:23,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339063.3556457, 'message': 'Dec  6 17:04:21 hqnl0246134 sshd[235998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.55.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:04:23,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339063.3558168, 'message': 'Dec  6 17:04:22 hqnl0246134 sshd[235998]: Failed password for invalid user sachin from 103.170.55.217 port 1481 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 17:04:25,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339065.3575253, 'message': 'Dec  6 17:04:23 hqnl0246134 sshd[235998]: Disconnected from invalid user sachin 103.170.55.217 port 1481 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 17:04:26,366] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:04:26,367] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:04:26,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:04:26,404] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0358 seconds
WARNING [2022-12-06 17:04:47,457] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:04:47,459] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:04:53,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339093.411445, 'message': 'Dec  6 17:04:52 hqnl0246134 sshd[236019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 17:04:53,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339093.4125743, 'message': 'Dec  6 17:04:52 hqnl0246134 sshd[236019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 17:04:55,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339095.412533, 'message': 'Dec  6 17:04:53 hqnl0246134 sshd[236019]: Failed password for root from 61.177.173.18 port 54199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 17:04:55,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339095.4127474, 'message': 'Dec  6 17:04:54 hqnl0246134 sshd[236019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:04:57,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339097.4172623, 'message': 'Dec  6 17:04:56 hqnl0246134 sshd[236019]: Failed password for root from 61.177.173.18 port 54199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:04:57,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339097.4174566, 'message': 'Dec  6 17:04:56 hqnl0246134 sshd[236019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:04:59,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339099.4210505, 'message': 'Dec  6 17:04:59 hqnl0246134 sshd[236019]: Failed password for root from 61.177.173.18 port 54199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:05:01,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.243.248.114', 'timestamp': 1670339101.4229717, 'message': 'Dec  6 17:05:01 hqnl0246134 sshd[236027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.243.248.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 17:05:01,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.243.248.114', 'timestamp': 1670339101.4236395, 'message': 'Dec  6 17:05:01 hqnl0246134 sshd[236027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.3418 seconds
INFO    [2022-12-06 17:05:05,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.243.248.114', 'timestamp': 1670339105.428475, 'message': 'Dec  6 17:05:03 hqnl0246134 sshd[236027]: Failed password for root from 187.243.248.114 port 49880 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 17:05:09,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:05:09,074] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0395 seconds
INFO    [2022-12-06 17:05:17,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:05:17,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:05:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:05:17,951] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 17:05:20,520] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:05:20,521] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:05:20,528] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:05:20,540] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:05:35,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.216.116.113', 'timestamp': 1670339135.5029647, 'message': 'Dec  6 17:05:35 hqnl0246134 sshd[236086]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.216.116.113 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:05:35,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.216.116.113', 'timestamp': 1670339135.503436, 'message': 'Dec  6 17:05:35 hqnl0246134 sshd[236086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.116.113  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:05:37,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.216.116.113', 'timestamp': 1670339137.506671, 'message': 'Dec  6 17:05:37 hqnl0246134 sshd[236086]: Failed password for root from 185.216.116.113 port 42692 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 17:05:43,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339143.5228543, 'message': 'Dec  6 17:05:41 hqnl0246134 sshd[236089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 17:05:43,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339143.5232208, 'message': 'Dec  6 17:05:41 hqnl0246134 sshd[236089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 17:05:45,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339145.5249357, 'message': 'Dec  6 17:05:43 hqnl0246134 sshd[236089]: Failed password for root from 61.177.173.18 port 30557 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0631 seconds
INFO    [2022-12-06 17:05:45,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339145.5252607, 'message': 'Dec  6 17:05:44 hqnl0246134 sshd[236089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0411 seconds
WARNING [2022-12-06 17:05:47,468] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:05:47,469] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:05:47,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339147.5305989, 'message': 'Dec  6 17:05:46 hqnl0246134 sshd[236089]: Failed password for root from 61.177.173.18 port 30557 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:05:47,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339147.5308557, 'message': 'Dec  6 17:05:46 hqnl0246134 sshd[236089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:05:49,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339149.5346813, 'message': 'Dec  6 17:05:47 hqnl0246134 sshd[236089]: Failed password for root from 61.177.173.18 port 30557 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-06 17:06:09,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:06:09,094] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0570 seconds
INFO    [2022-12-06 17:06:19,314] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:06:19,315] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:06:19,327] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:06:19,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-06 17:06:21,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339181.576329, 'message': 'Dec  6 17:06:19 hqnl0246134 sshd[236151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.152.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 17:06:21,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339181.576691, 'message': 'Dec  6 17:06:19 hqnl0246134 sshd[236151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.152.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:06:22,197] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:06:22,198] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:06:22,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:06:22,219] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 17:06:23,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339183.5780752, 'message': 'Dec  6 17:06:21 hqnl0246134 sshd[236158]: Invalid user jboss from 134.122.106.117 port 58022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 17:06:23,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.152.105', 'timestamp': 1670339183.578577, 'message': 'Dec  6 17:06:21 hqnl0246134 sshd[236151]: Failed password for root from 128.199.152.105 port 40504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 17:06:23,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339183.578304, 'message': 'Dec  6 17:06:21 hqnl0246134 sshd[236158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.106.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:06:23,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339183.5784187, 'message': 'Dec  6 17:06:21 hqnl0246134 sshd[236158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.106.117 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:06:24,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:06:24,945] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:06:24,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:06:24,964] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:06:25,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339185.580161, 'message': 'Dec  6 17:06:24 hqnl0246134 sshd[236158]: Failed password for invalid user jboss from 134.122.106.117 port 58022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:06:27,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339187.5822616, 'message': 'Dec  6 17:06:26 hqnl0246134 sshd[236158]: Disconnected from invalid user jboss 134.122.106.117 port 58022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:06:28,979] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:06:29,052] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:06:29,053] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:06:29,053] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:06:29,053] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:06:29,053] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:06:29,065] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:06:29,083] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0293 seconds
WARNING [2022-12-06 17:06:29,090] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:06:29,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:06:29,110] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-06 17:06:29,111] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0303 seconds
INFO    [2022-12-06 17:06:33,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339193.59576, 'message': 'Dec  6 17:06:31 hqnl0246134 sshd[236168]: Invalid user user from 43.153.60.127 port 53300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 17:06:33,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339193.5962791, 'message': 'Dec  6 17:06:33 hqnl0246134 sshd[236170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 17:06:33,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339193.5959864, 'message': 'Dec  6 17:06:31 hqnl0246134 sshd[236168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.60.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 17:06:33,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339193.5963924, 'message': 'Dec  6 17:06:33 hqnl0246134 sshd[236170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 17:06:33,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339193.5961418, 'message': 'Dec  6 17:06:31 hqnl0246134 sshd[236168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.60.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 17:06:35,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339195.598276, 'message': 'Dec  6 17:06:34 hqnl0246134 sshd[236168]: Failed password for invalid user user from 43.153.60.127 port 53300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:06:37,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.60.127', 'timestamp': 1670339197.604487, 'message': 'Dec  6 17:06:36 hqnl0246134 sshd[236168]: Disconnected from invalid user user 43.153.60.127 port 53300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 17:06:37,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339197.6046944, 'message': 'Dec  6 17:06:36 hqnl0246134 sshd[236170]: Failed password for root from 61.177.173.18 port 18723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 17:06:39,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339199.6074896, 'message': 'Dec  6 17:06:37 hqnl0246134 sshd[236170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:06:41,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339201.6098487, 'message': 'Dec  6 17:06:40 hqnl0246134 sshd[236170]: Failed password for root from 61.177.173.18 port 18723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:06:43,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339203.6147215, 'message': 'Dec  6 17:06:42 hqnl0246134 sshd[236170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:06:45,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339205.617294, 'message': 'Dec  6 17:06:43 hqnl0246134 sshd[236170]: Failed password for root from 61.177.173.18 port 18723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 17:06:47,478] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:06:47,479] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:06:53,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339213.625782, 'message': 'Dec  6 17:06:51 hqnl0246134 sshd[236184]: pam_imunify(sshd:auth): [IM360_RBL] The IP 140.238.177.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 17:06:53,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339213.6259828, 'message': 'Dec  6 17:06:51 hqnl0246134 sshd[236184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.238.177.83  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:06:55,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339215.6282587, 'message': 'Dec  6 17:06:54 hqnl0246134 sshd[236184]: Failed password for root from 140.238.177.83 port 51202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 17:06:59,180] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:06:59,181] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:06:59,182] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-06 17:07:09,049] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:07:09,075] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0341 seconds
INFO    [2022-12-06 17:07:17,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:07:17,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:07:17,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:07:17,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 17:07:20,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:07:20,831] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:07:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:07:20,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 17:07:27,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339247.6836298, 'message': 'Dec  6 17:07:25 hqnl0246134 sshd[236231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 17:07:27,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339247.684005, 'message': 'Dec  6 17:07:25 hqnl0246134 sshd[236231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:07:29,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339249.6839619, 'message': 'Dec  6 17:07:27 hqnl0246134 sshd[236231]: Failed password for root from 61.177.173.18 port 62710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 17:07:29,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339249.6843302, 'message': 'Dec  6 17:07:28 hqnl0246134 sshd[236234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.99.59.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 17:07:29,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339249.6846006, 'message': 'Dec  6 17:07:29 hqnl0246134 sshd[236235]: Invalid user wasadmin from 123.31.17.98 port 44000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 17:07:29,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339249.6842177, 'message': 'Dec  6 17:07:28 hqnl0246134 sshd[236231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 17:07:29,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339249.6844816, 'message': 'Dec  6 17:07:28 hqnl0246134 sshd[236234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.59.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 17:07:29,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339249.6847162, 'message': 'Dec  6 17:07:29 hqnl0246134 sshd[236235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.31.17.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 17:07:29,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339249.6848173, 'message': 'Dec  6 17:07:29 hqnl0246134 sshd[236235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.17.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 17:07:31,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339251.6869843, 'message': 'Dec  6 17:07:30 hqnl0246134 sshd[236231]: Failed password for root from 61.177.173.18 port 62710 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-06 17:07:31,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.99.59.56', 'timestamp': 1670339251.6875787, 'message': 'Dec  6 17:07:30 hqnl0246134 sshd[236234]: Failed password for root from 192.99.59.56 port 34514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 17:07:31,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339251.6877353, 'message': 'Dec  6 17:07:31 hqnl0246134 sshd[236235]: Failed password for invalid user wasadmin from 123.31.17.98 port 44000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-06 17:07:31,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339251.687343, 'message': 'Dec  6 17:07:30 hqnl0246134 sshd[236231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:07:33,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.31.17.98', 'timestamp': 1670339253.6899605, 'message': 'Dec  6 17:07:32 hqnl0246134 sshd[236235]: Disconnected from invalid user wasadmin 123.31.17.98 port 44000 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 17:07:33,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339253.6901946, 'message': 'Dec  6 17:07:32 hqnl0246134 sshd[236231]: Failed password for root from 61.177.173.18 port 62710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 17:07:34,733] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:07:34,733] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:07:34,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:07:34,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 17:07:39,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339259.7116416, 'message': 'Dec  6 17:07:38 hqnl0246134 sshd[236269]: Invalid user victor from 13.70.39.68 port 43856', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 17:07:39,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339259.7122698, 'message': 'Dec  6 17:07:38 hqnl0246134 sshd[236269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.70.39.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:07:39,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339259.7126005, 'message': 'Dec  6 17:07:38 hqnl0246134 sshd[236269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.39.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:07:41,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339261.714357, 'message': 'Dec  6 17:07:41 hqnl0246134 sshd[236269]: Failed password for invalid user victor from 13.70.39.68 port 43856 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:07:43,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339263.718188, 'message': 'Dec  6 17:07:43 hqnl0246134 sshd[236269]: Disconnected from invalid user victor 13.70.39.68 port 43856 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
WARNING [2022-12-06 17:07:47,481] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:07:47,482] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:07:47,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339267.7227416, 'message': 'Dec  6 17:07:46 hqnl0246134 sshd[236282]: Invalid user test from 139.59.80.61 port 44994', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:07:47,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339267.723275, 'message': 'Dec  6 17:07:46 hqnl0246134 sshd[236282]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:07:47,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339267.7233944, 'message': 'Dec  6 17:07:46 hqnl0246134 sshd[236282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 17:07:49,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339269.7256255, 'message': 'Dec  6 17:07:48 hqnl0246134 sshd[236282]: Failed password for invalid user test from 139.59.80.61 port 44994 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:07:49,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339269.7258234, 'message': 'Dec  6 17:07:49 hqnl0246134 sshd[236282]: Disconnected from invalid user test 139.59.80.61 port 44994 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:08:03,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339283.7627103, 'message': 'Dec  6 17:08:02 hqnl0246134 sshd[236292]: Invalid user deamon from 103.170.55.217 port 2089', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:08:03,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339283.7629356, 'message': 'Dec  6 17:08:03 hqnl0246134 sshd[236292]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.170.55.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:08:03,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339283.7630692, 'message': 'Dec  6 17:08:03 hqnl0246134 sshd[236292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.55.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:08:07,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339287.7749112, 'message': 'Dec  6 17:08:05 hqnl0246134 sshd[236292]: Failed password for invalid user deamon from 103.170.55.217 port 2089 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:08:07,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339287.7750962, 'message': 'Dec  6 17:08:07 hqnl0246134 sshd[236292]: Disconnected from invalid user deamon 103.170.55.217 port 2089 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 17:08:09,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:08:09,090] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0416 seconds
INFO    [2022-12-06 17:08:17,920] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:08:17,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:08:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:08:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0526 seconds
INFO    [2022-12-06 17:08:19,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339299.8008175, 'message': 'Dec  6 17:08:18 hqnl0246134 sshd[236307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0636 seconds
INFO    [2022-12-06 17:08:19,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339299.801045, 'message': 'Dec  6 17:08:18 hqnl0246134 sshd[236307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 17:08:20,689] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:08:20,690] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:08:20,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:08:20,710] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 17:08:21,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339301.8019962, 'message': 'Dec  6 17:08:20 hqnl0246134 sshd[236307]: Failed password for root from 61.177.173.18 port 49340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:08:23,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339303.8039346, 'message': 'Dec  6 17:08:22 hqnl0246134 sshd[236307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:08:25,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339305.8078275, 'message': 'Dec  6 17:08:23 hqnl0246134 sshd[236307]: Failed password for root from 61.177.173.18 port 49340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:08:25,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339305.8080845, 'message': 'Dec  6 17:08:24 hqnl0246134 sshd[236307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:08:27,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339307.811305, 'message': 'Dec  6 17:08:26 hqnl0246134 sshd[236307]: Failed password for root from 61.177.173.18 port 49340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 17:08:47,485] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:08:47,486] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:08:47,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339327.8449843, 'message': 'Dec  6 17:08:46 hqnl0246134 sshd[236332]: Invalid user anaconda from 140.238.177.83 port 41414', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 17:08:47,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339327.8462143, 'message': 'Dec  6 17:08:46 hqnl0246134 sshd[236332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 140.238.177.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 17:08:47,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339327.8465261, 'message': 'Dec  6 17:08:46 hqnl0246134 sshd[236332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.238.177.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:08:49,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339329.8467073, 'message': 'Dec  6 17:08:48 hqnl0246134 sshd[236332]: Failed password for invalid user anaconda from 140.238.177.83 port 41414 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:08:49,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339329.8468964, 'message': 'Dec  6 17:08:48 hqnl0246134 sshd[236332]: Disconnected from invalid user anaconda 140.238.177.83 port 41414 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:08:51,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:08:51,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:08:51,431] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:08:51,444] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 17:09:07,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339347.8980181, 'message': 'Dec  6 17:09:07 hqnl0246134 sshd[236471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.106.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:09:07,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339347.8982968, 'message': 'Dec  6 17:09:07 hqnl0246134 sshd[236471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.106.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 17:09:09,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:09:09,096] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0442 seconds
INFO    [2022-12-06 17:09:09,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.122.106.117', 'timestamp': 1670339349.9005685, 'message': 'Dec  6 17:09:09 hqnl0246134 sshd[236471]: Failed password for root from 134.122.106.117 port 58234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 17:09:09,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339349.9008439, 'message': 'Dec  6 17:09:09 hqnl0246134 sshd[236474]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 17:09:09,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339349.901032, 'message': 'Dec  6 17:09:09 hqnl0246134 sshd[236474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:09:11,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339351.9049342, 'message': 'Dec  6 17:09:11 hqnl0246134 sshd[236474]: Failed password for root from 61.177.173.18 port 28136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 17:09:11,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339351.9052374, 'message': 'Dec  6 17:09:11 hqnl0246134 sshd[236474]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 17:09:13,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339353.908651, 'message': 'Dec  6 17:09:13 hqnl0246134 sshd[236474]: Failed password for root from 61.177.173.18 port 28136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 17:09:17,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339357.9145303, 'message': 'Dec  6 17:09:15 hqnl0246134 sshd[236474]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 17:09:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:09:18,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:09:18,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:09:18,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:09:19,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339359.9167051, 'message': 'Dec  6 17:09:18 hqnl0246134 sshd[236474]: Failed password for root from 61.177.173.18 port 28136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:09:20,790] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:09:20,790] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:09:20,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:09:20,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-06 17:09:47,490] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:09:47,491] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:10:02,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339401.9931228, 'message': 'Dec  6 17:10:01 hqnl0246134 sshd[236515]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 17:10:02,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339401.994333, 'message': 'Dec  6 17:10:01 hqnl0246134 sshd[236515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 17:10:04,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339403.9949496, 'message': 'Dec  6 17:10:03 hqnl0246134 sshd[236515]: Failed password for root from 61.177.173.18 port 11738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:10:04,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339403.9951468, 'message': 'Dec  6 17:10:03 hqnl0246134 sshd[236515]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:10:06,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339405.9979858, 'message': 'Dec  6 17:10:05 hqnl0246134 sshd[236515]: Failed password for root from 61.177.173.18 port 11738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:10:06,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339405.9981775, 'message': 'Dec  6 17:10:05 hqnl0246134 sshd[236515]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:10:08,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339408.0010946, 'message': 'Dec  6 17:10:07 hqnl0246134 sshd[236515]: Failed password for root from 61.177.173.18 port 11738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 17:10:09,062] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:10:09,083] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0280 seconds
INFO    [2022-12-06 17:10:10,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339410.0119529, 'message': 'Dec  6 17:10:08 hqnl0246134 sshd[236542]: Invalid user minecraft from 101.226.253.162 port 5172', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:10:10,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339410.0121326, 'message': 'Dec  6 17:10:08 hqnl0246134 sshd[236542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:10:10,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339410.0125985, 'message': 'Dec  6 17:10:08 hqnl0246134 sshd[236542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 17:10:12,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339412.0145297, 'message': 'Dec  6 17:10:10 hqnl0246134 sshd[236542]: Failed password for invalid user minecraft from 101.226.253.162 port 5172 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 17:10:14,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339414.0181396, 'message': 'Dec  6 17:10:12 hqnl0246134 sshd[236542]: Disconnected from invalid user minecraft 101.226.253.162 port 5172 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-06 17:10:15,027] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:10:15,027] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:10:15,035] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:10:15,049] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 17:10:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:10:17,885] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:10:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:10:17,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 17:10:18,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339418.0207114, 'message': 'Dec  6 17:10:17 hqnl0246134 sshd[236563]: Invalid user x from 140.238.177.83 port 59846', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 17:10:18,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339418.0209162, 'message': 'Dec  6 17:10:17 hqnl0246134 sshd[236563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 140.238.177.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 17:10:18,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339418.0210912, 'message': 'Dec  6 17:10:17 hqnl0246134 sshd[236563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.238.177.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 17:10:20,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339420.02894, 'message': 'Dec  6 17:10:18 hqnl0246134 sshd[236563]: Failed password for invalid user x from 140.238.177.83 port 59846 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:10:22,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '140.238.177.83', 'timestamp': 1670339422.0301044, 'message': 'Dec  6 17:10:20 hqnl0246134 sshd[236563]: Disconnected from invalid user x 140.238.177.83 port 59846 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 17:10:22,726] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:10:22,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:10:22,733] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:10:22,744] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 17:10:26,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339426.0340433, 'message': 'Dec  6 17:10:25 hqnl0246134 sshd[236579]: Invalid user ts3server from 201.236.186.32 port 59791', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 17:10:26,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339426.0342574, 'message': 'Dec  6 17:10:25 hqnl0246134 sshd[236579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.236.186.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 17:10:26,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339426.034386, 'message': 'Dec  6 17:10:25 hqnl0246134 sshd[236579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 17:10:28,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339428.038629, 'message': 'Dec  6 17:10:27 hqnl0246134 sshd[236579]: Failed password for invalid user ts3server from 201.236.186.32 port 59791 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:10:30,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339430.0469222, 'message': 'Dec  6 17:10:29 hqnl0246134 sshd[236579]: Disconnected from invalid user ts3server 201.236.186.32 port 59791 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:10:42,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339442.0711577, 'message': 'Dec  6 17:10:41 hqnl0246134 sshd[236586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:10:42,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339442.0714824, 'message': 'Dec  6 17:10:41 hqnl0246134 sshd[236586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:10:44,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339444.0770774, 'message': 'Dec  6 17:10:43 hqnl0246134 sshd[236586]: Failed password for root from 61.177.173.51 port 48135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1016 seconds
INFO    [2022-12-06 17:10:44,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339444.077569, 'message': 'Dec  6 17:10:43 hqnl0246134 sshd[236586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 17:10:46,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339446.0791895, 'message': 'Dec  6 17:10:45 hqnl0246134 sshd[236586]: Failed password for root from 61.177.173.51 port 48135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 17:10:46,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339446.0796697, 'message': 'Dec  6 17:10:45 hqnl0246134 sshd[236586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 17:10:47,498] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:10:47,499] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:10:48,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339448.0833297, 'message': 'Dec  6 17:10:47 hqnl0246134 sshd[236586]: Failed password for root from 61.177.173.51 port 48135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:10:52,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339452.090948, 'message': 'Dec  6 17:10:50 hqnl0246134 sshd[236598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 17:10:52,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339452.091331, 'message': 'Dec  6 17:10:51 hqnl0246134 sshd[236600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 17:10:52,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339452.0912008, 'message': 'Dec  6 17:10:50 hqnl0246134 sshd[236598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 17:10:52,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339452.0914536, 'message': 'Dec  6 17:10:51 hqnl0246134 sshd[236600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 17:10:54,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339454.0952728, 'message': 'Dec  6 17:10:52 hqnl0246134 sshd[236598]: Failed password for root from 61.177.173.51 port 60448 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 17:10:54,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339454.09565, 'message': 'Dec  6 17:10:53 hqnl0246134 sshd[236602]: Invalid user rick from 13.70.39.68 port 33096', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 17:10:54,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339454.0955026, 'message': 'Dec  6 17:10:53 hqnl0246134 sshd[236598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 17:10:54,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339454.0961912, 'message': 'Dec  6 17:10:53 hqnl0246134 sshd[236600]: Failed password for root from 61.177.173.18 port 53695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 17:10:54,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339454.0958583, 'message': 'Dec  6 17:10:53 hqnl0246134 sshd[236602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.70.39.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 17:10:54,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339454.096028, 'message': 'Dec  6 17:10:53 hqnl0246134 sshd[236602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.39.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 17:10:56,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339456.0983055, 'message': 'Dec  6 17:10:54 hqnl0246134 sshd[236598]: Failed password for root from 61.177.173.51 port 60448 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 17:10:56,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339456.0986445, 'message': 'Dec  6 17:10:55 hqnl0246134 sshd[236602]: Failed password for invalid user rick from 13.70.39.68 port 33096 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-06 17:10:56,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339456.098828, 'message': 'Dec  6 17:10:55 hqnl0246134 sshd[236600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 17:10:56,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339456.0989861, 'message': 'Dec  6 17:10:56 hqnl0246134 sshd[236598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 17:10:58,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.70.39.68', 'timestamp': 1670339458.100723, 'message': 'Dec  6 17:10:56 hqnl0246134 sshd[236602]: Disconnected from invalid user rick 13.70.39.68 port 33096 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0651 seconds
INFO    [2022-12-06 17:10:58,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339458.1010435, 'message': 'Dec  6 17:10:57 hqnl0246134 sshd[236600]: Failed password for root from 61.177.173.18 port 53695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0653 seconds
INFO    [2022-12-06 17:11:00,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339460.10344, 'message': 'Dec  6 17:10:58 hqnl0246134 sshd[236600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 17:11:00,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670339460.1038299, 'message': 'Dec  6 17:10:58 hqnl0246134 sshd[236598]: Failed password for root from 61.177.173.51 port 60448 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 17:11:00,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339460.1039984, 'message': 'Dec  6 17:11:00 hqnl0246134 sshd[236600]: Failed password for root from 61.177.173.18 port 53695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 17:11:04,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339464.1099403, 'message': 'Dec  6 17:11:02 hqnl0246134 sshd[236616]: Invalid user user from 139.59.80.61 port 34242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 17:11:04,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339464.1102307, 'message': 'Dec  6 17:11:02 hqnl0246134 sshd[236616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:11:04,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339464.1103864, 'message': 'Dec  6 17:11:02 hqnl0246134 sshd[236616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:11:06,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339466.1130018, 'message': 'Dec  6 17:11:04 hqnl0246134 sshd[236616]: Failed password for invalid user user from 139.59.80.61 port 34242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:11:08,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670339468.1193535, 'message': 'Dec  6 17:11:06 hqnl0246134 sshd[236616]: Disconnected from invalid user user 139.59.80.61 port 34242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 17:11:09,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:11:09,097] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-06 17:11:19,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:11:19,876] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:11:19,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:11:19,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-06 17:11:22,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:11:22,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:11:22,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:11:22,899] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 17:11:38,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339498.1594465, 'message': 'Dec  6 17:11:37 hqnl0246134 sshd[236643]: Invalid user marketing from 103.170.55.217 port 2705', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 17:11:38,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339498.159882, 'message': 'Dec  6 17:11:37 hqnl0246134 sshd[236643]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.170.55.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 17:11:38,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339498.1600301, 'message': 'Dec  6 17:11:37 hqnl0246134 sshd[236643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.55.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:11:40,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339500.1600797, 'message': 'Dec  6 17:11:39 hqnl0246134 sshd[236643]: Failed password for invalid user marketing from 103.170.55.217 port 2705 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:11:42,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.170.55.217', 'timestamp': 1670339502.1629577, 'message': 'Dec  6 17:11:40 hqnl0246134 sshd[236643]: Disconnected from invalid user marketing 103.170.55.217 port 2705 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:11:42,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:11:42,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:11:42,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:11:42,853] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 17:11:44,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339504.166123, 'message': 'Dec  6 17:11:42 hqnl0246134 sshd[236648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 17:11:44,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339504.166449, 'message': 'Dec  6 17:11:42 hqnl0246134 sshd[236648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:11:46,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339506.1692524, 'message': 'Dec  6 17:11:44 hqnl0246134 sshd[236648]: Failed password for root from 61.177.173.18 port 41797 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-06 17:11:46,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339506.170586, 'message': 'Dec  6 17:11:45 hqnl0246134 sshd[236648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 17:11:47,503] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:11:47,504] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:11:48,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339508.1726456, 'message': 'Dec  6 17:11:47 hqnl0246134 sshd[236648]: Failed password for root from 61.177.173.18 port 41797 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:11:50,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339510.1757276, 'message': 'Dec  6 17:11:49 hqnl0246134 sshd[236648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 17:11:52,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339512.177397, 'message': 'Dec  6 17:11:51 hqnl0246134 sshd[236648]: Failed password for root from 61.177.173.18 port 41797 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 17:11:53,356] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 17:12:09,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:12:09,102] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 17:12:12,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339532.1910818, 'message': 'Dec  6 17:12:11 hqnl0246134 sshd[236705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0615 seconds
INFO    [2022-12-06 17:12:12,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339532.1914465, 'message': 'Dec  6 17:12:11 hqnl0246134 sshd[236705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0773 seconds
INFO    [2022-12-06 17:12:14,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339534.1906228, 'message': 'Dec  6 17:12:13 hqnl0246134 sshd[236705]: Failed password for root from 61.177.172.124 port 46297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:12:14,890] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:12:14,955] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:12:14,956] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:12:14,956] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:12:14,957] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:12:14,957] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:12:14,974] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:12:14,992] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0336 seconds
WARNING [2022-12-06 17:12:14,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:12:15,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:12:15,026] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0399 seconds
INFO    [2022-12-06 17:12:15,028] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0390 seconds
INFO    [2022-12-06 17:12:16,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339536.1934805, 'message': 'Dec  6 17:12:16 hqnl0246134 sshd[236705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 17:12:18,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339538.1966958, 'message': 'Dec  6 17:12:17 hqnl0246134 sshd[236705]: Failed password for root from 61.177.172.124 port 46297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 17:12:19,223] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:12:19,223] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:12:19,233] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:12:19,245] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 17:12:20,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339540.1994338, 'message': 'Dec  6 17:12:18 hqnl0246134 sshd[236705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:12:21,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:12:21,989] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:12:21,997] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:12:22,009] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:12:22,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339542.2004223, 'message': 'Dec  6 17:12:20 hqnl0246134 sshd[236705]: Failed password for root from 61.177.172.124 port 46297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 17:12:34,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339554.2147017, 'message': 'Dec  6 17:12:33 hqnl0246134 sshd[236734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 17:12:34,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339554.2152567, 'message': 'Dec  6 17:12:34 hqnl0246134 sshd[236736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 17:12:34,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339554.2151086, 'message': 'Dec  6 17:12:33 hqnl0246134 sshd[236734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 17:12:34,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339554.215381, 'message': 'Dec  6 17:12:34 hqnl0246134 sshd[236736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 17:12:36,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339556.2166717, 'message': 'Dec  6 17:12:34 hqnl0246134 sshd[236734]: Failed password for root from 61.177.173.18 port 28091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:12:36,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339556.217061, 'message': 'Dec  6 17:12:35 hqnl0246134 sshd[236736]: Failed password for root from 61.177.172.124 port 41078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 17:12:36,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339556.2169452, 'message': 'Dec  6 17:12:35 hqnl0246134 sshd[236734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:12:38,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339558.2183256, 'message': 'Dec  6 17:12:36 hqnl0246134 sshd[236736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 17:12:38,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339558.2186956, 'message': 'Dec  6 17:12:37 hqnl0246134 sshd[236734]: Failed password for root from 61.177.173.18 port 28091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 17:12:40,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339560.2206638, 'message': 'Dec  6 17:12:38 hqnl0246134 sshd[236736]: Failed password for root from 61.177.172.124 port 41078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 17:12:40,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339560.221024, 'message': 'Dec  6 17:12:40 hqnl0246134 sshd[236734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 17:12:40,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339560.220899, 'message': 'Dec  6 17:12:38 hqnl0246134 sshd[236736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:12:42,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670339562.2223268, 'message': 'Dec  6 17:12:41 hqnl0246134 sshd[236736]: Failed password for root from 61.177.172.124 port 41078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 17:12:42,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339562.2226155, 'message': 'Dec  6 17:12:41 hqnl0246134 sshd[236734]: Failed password for root from 61.177.173.18 port 28091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:12:45,083] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:12:45,084] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:12:45,085] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 17:12:47,506] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:12:47,507] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:13:02,091] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 17:13:02,102] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:13:02,115] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0228 seconds
INFO    [2022-12-06 17:13:06,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670339586.2498624, 'message': 'Dec  6 17:13:05 hqnl0246134 sshd[236770]: Invalid user slave from 84.255.249.179 port 32870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 17:13:06,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.255.249.179', 'timestamp': 1670339586.250213, 'message': 'Dec  6 17:13:05 hqnl0246134 sshd[236770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.255.249.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:13:06,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.255.249.179', 'timestamp': 1670339586.2504578, 'message': 'Dec  6 17:13:05 hqnl0246134 sshd[236770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.249.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:13:08,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670339588.2526534, 'message': 'Dec  6 17:13:07 hqnl0246134 sshd[236770]: Failed password for invalid user slave from 84.255.249.179 port 32870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 17:13:09,080] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:13:09,105] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0371 seconds
INFO    [2022-12-06 17:13:10,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670339590.2567663, 'message': 'Dec  6 17:13:09 hqnl0246134 sshd[236770]: Disconnected from invalid user slave 84.255.249.179 port 32870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:13:11,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:13:11,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:13:11,959] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:13:11,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 17:13:17,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:13:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:13:17,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:13:17,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 17:13:20,616] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:13:20,617] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:13:20,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:13:20,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 17:13:26,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339606.2810163, 'message': 'Dec  6 17:13:24 hqnl0246134 sshd[236798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:13:26,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339606.281341, 'message': 'Dec  6 17:13:24 hqnl0246134 sshd[236798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 17:13:28,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339608.2815812, 'message': 'Dec  6 17:13:26 hqnl0246134 sshd[236798]: Failed password for root from 61.177.173.18 port 57608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 17:13:30,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339610.2820666, 'message': 'Dec  6 17:13:28 hqnl0246134 sshd[236798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 17:13:30,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339610.28233, 'message': 'Dec  6 17:13:30 hqnl0246134 sshd[236798]: Failed password for root from 61.177.173.18 port 57608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 17:13:32,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339612.2857454, 'message': 'Dec  6 17:13:30 hqnl0246134 sshd[236798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:13:34,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339614.291331, 'message': 'Dec  6 17:13:32 hqnl0246134 sshd[236798]: Failed password for root from 61.177.173.18 port 57608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 17:13:34,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339614.2916913, 'message': 'Dec  6 17:13:33 hqnl0246134 sshd[236807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 17:13:34,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339614.2919211, 'message': 'Dec  6 17:13:33 hqnl0246134 sshd[236807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:13:38,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339618.2946024, 'message': 'Dec  6 17:13:36 hqnl0246134 sshd[236807]: Failed password for root from 101.226.253.162 port 35678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-06 17:13:47,514] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:13:47,516] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:14:09,082] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:14:09,108] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-06 17:14:18,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:14:18,068] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:14:18,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:14:18,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 17:14:20,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339660.3488412, 'message': 'Dec  6 17:14:18 hqnl0246134 sshd[236846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:14:20,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339660.3490524, 'message': 'Dec  6 17:14:18 hqnl0246134 sshd[236846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:14:20,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:14:20,790] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:14:20,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:14:20,824] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-06 17:14:22,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339662.3505027, 'message': 'Dec  6 17:14:20 hqnl0246134 sshd[236846]: Failed password for root from 61.177.173.18 port 53334 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 17:14:24,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339664.352428, 'message': 'Dec  6 17:14:22 hqnl0246134 sshd[236846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 17:14:26,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339666.3550801, 'message': 'Dec  6 17:14:24 hqnl0246134 sshd[236846]: Failed password for root from 61.177.173.18 port 53334 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 17:14:26,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339666.3552897, 'message': 'Dec  6 17:14:25 hqnl0246134 sshd[236846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 17:14:28,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339668.3594947, 'message': 'Dec  6 17:14:27 hqnl0246134 sshd[236846]: Failed password for root from 61.177.173.18 port 53334 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
WARNING [2022-12-06 17:14:47,519] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:14:47,521] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:15:09,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:15:09,130] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0529 seconds
INFO    [2022-12-06 17:15:10,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339710.4176311, 'message': 'Dec  6 17:15:10 hqnl0246134 sshd[236901]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:15:10,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339710.4178684, 'message': 'Dec  6 17:15:10 hqnl0246134 sshd[236901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:15:12,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339712.4257035, 'message': 'Dec  6 17:15:11 hqnl0246134 sshd[236901]: Failed password for root from 61.177.173.18 port 34710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:15:14,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339714.4282644, 'message': 'Dec  6 17:15:12 hqnl0246134 sshd[236901]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 17:15:14,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339714.4285297, 'message': 'Dec  6 17:15:14 hqnl0246134 sshd[236901]: Failed password for root from 61.177.173.18 port 34710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:15:16,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339716.4303744, 'message': 'Dec  6 17:15:14 hqnl0246134 sshd[236901]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 17:15:17,817] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:15:17,817] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:15:17,825] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:15:17,836] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 17:15:18,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339718.4336486, 'message': 'Dec  6 17:15:17 hqnl0246134 sshd[236901]: Failed password for root from 61.177.173.18 port 34710 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:15:20,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:15:20,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:15:20,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:15:20,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 17:15:21,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:15:21,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:15:21,761] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:15:21,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 17:15:47,526] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:15:47,527] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:15:56,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:15:56,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:15:56,946] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:15:56,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-06 17:16:04,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339764.503193, 'message': 'Dec  6 17:16:02 hqnl0246134 sshd[237006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:16:04,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339764.503459, 'message': 'Dec  6 17:16:02 hqnl0246134 sshd[237006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:16:06,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339766.5048616, 'message': 'Dec  6 17:16:05 hqnl0246134 sshd[237006]: Failed password for root from 61.177.173.18 port 28174 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:16:08,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339768.5058093, 'message': 'Dec  6 17:16:07 hqnl0246134 sshd[237006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 17:16:09,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:16:09,109] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-06 17:16:10,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339770.5078223, 'message': 'Dec  6 17:16:09 hqnl0246134 sshd[237006]: Failed password for root from 61.177.173.18 port 28174 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:16:10,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339770.508013, 'message': 'Dec  6 17:16:10 hqnl0246134 sshd[237006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 17:16:12,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339772.51107, 'message': 'Dec  6 17:16:11 hqnl0246134 sshd[237006]: Failed password for root from 61.177.173.18 port 28174 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:16:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:16:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:16:17,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:16:17,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 17:16:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:16:20,660] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:16:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:16:20,679] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:16:22,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339782.524948, 'message': 'Dec  6 17:16:22 hqnl0246134 sshd[237037]: Invalid user paula from 201.236.186.32 port 55138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 17:16:24,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339784.5266902, 'message': 'Dec  6 17:16:22 hqnl0246134 sshd[237037]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.236.186.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 17:16:24,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339784.5273163, 'message': 'Dec  6 17:16:22 hqnl0246134 sshd[237037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 17:16:24,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339784.5277355, 'message': 'Dec  6 17:16:23 hqnl0246134 sshd[237037]: Failed password for invalid user paula from 201.236.186.32 port 55138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 17:16:24,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670339784.5281012, 'message': 'Dec  6 17:16:24 hqnl0246134 sshd[237037]: Disconnected from invalid user paula 201.236.186.32 port 55138 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:16:26,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:16:26,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:16:26,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:16:26,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 17:16:47,530] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:16:47,531] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:16:54,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339814.5736449, 'message': 'Dec  6 17:16:54 hqnl0246134 sshd[237057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 17:16:54,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339814.5743058, 'message': 'Dec  6 17:16:54 hqnl0246134 sshd[237057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:16:56,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339816.577458, 'message': 'Dec  6 17:16:56 hqnl0246134 sshd[237057]: Failed password for root from 61.177.173.18 port 60705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:16:58,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339818.580957, 'message': 'Dec  6 17:16:56 hqnl0246134 sshd[237057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 17:17:00,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339820.5840063, 'message': 'Dec  6 17:16:58 hqnl0246134 sshd[237057]: Failed password for root from 61.177.173.18 port 60705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:17:00,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339820.5843673, 'message': 'Dec  6 17:16:59 hqnl0246134 sshd[237057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:17:00,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339820.5845335, 'message': 'Dec  6 17:17:00 hqnl0246134 sshd[237057]: Failed password for root from 61.177.173.18 port 60705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:17:04,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339824.5886524, 'message': 'Dec  6 17:17:02 hqnl0246134 sshd[237079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:17:04,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339824.5889163, 'message': 'Dec  6 17:17:02 hqnl0246134 sshd[237079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:17:06,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '101.226.253.162', 'timestamp': 1670339826.5933862, 'message': 'Dec  6 17:17:04 hqnl0246134 sshd[237079]: Failed password for root from 101.226.253.162 port 18173 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 17:17:09,090] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:17:09,127] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0438 seconds
INFO    [2022-12-06 17:17:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:17:17,887] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:17:17,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:17:17,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 17:17:21,255] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:17:21,255] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:17:21,263] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:17:21,274] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:17:46,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339866.6470075, 'message': 'Dec  6 17:17:45 hqnl0246134 sshd[237123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 17:17:46,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339866.6476274, 'message': 'Dec  6 17:17:45 hqnl0246134 sshd[237123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 17:17:47,538] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:17:47,539] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:17:48,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339868.6511135, 'message': 'Dec  6 17:17:47 hqnl0246134 sshd[237123]: Failed password for root from 61.177.173.18 port 52637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:17:50,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339870.653926, 'message': 'Dec  6 17:17:49 hqnl0246134 sshd[237123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 17:17:52,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339872.6544492, 'message': 'Dec  6 17:17:51 hqnl0246134 sshd[237123]: Failed password for root from 61.177.173.18 port 52637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:17:52,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339872.654723, 'message': 'Dec  6 17:17:51 hqnl0246134 sshd[237123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:17:54,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339874.655595, 'message': 'Dec  6 17:17:53 hqnl0246134 sshd[237123]: Failed password for root from 61.177.173.18 port 52637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-06 17:18:09,094] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:18:09,114] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0277 seconds
INFO    [2022-12-06 17:18:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:18:18,040] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:18:18,048] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:18:18,060] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 17:18:20,761] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:18:20,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:18:20,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:18:20,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-06 17:18:34,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339914.6848488, 'message': 'Dec  6 17:18:34 hqnl0246134 sshd[237170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 17:18:34,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339914.6851037, 'message': 'Dec  6 17:18:34 hqnl0246134 sshd[237170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:18:36,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339916.685711, 'message': 'Dec  6 17:18:36 hqnl0246134 sshd[237170]: Failed password for root from 61.177.173.18 port 33067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:18:38,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339918.6864383, 'message': 'Dec  6 17:18:38 hqnl0246134 sshd[237170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 17:18:40,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339920.68861, 'message': 'Dec  6 17:18:40 hqnl0246134 sshd[237170]: Failed password for root from 61.177.173.18 port 33067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:18:42,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339922.6898315, 'message': 'Dec  6 17:18:40 hqnl0246134 sshd[237170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 17:18:44,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339924.6919115, 'message': 'Dec  6 17:18:43 hqnl0246134 sshd[237170]: Failed password for root from 61.177.173.18 port 33067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 17:18:47,544] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:18:47,545] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:18:47,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:18:47,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:18:47,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:18:47,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-06 17:18:48,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670339928.6970437, 'message': 'Dec  6 17:18:48 hqnl0246134 sshd[237186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 17:18:48,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670339928.7019322, 'message': 'Dec  6 17:18:48 hqnl0246134 sshd[237186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 17:18:50,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.60.80.58', 'timestamp': 1670339930.6994133, 'message': 'Dec  6 17:18:50 hqnl0246134 sshd[237186]: Failed password for root from 212.60.80.58 port 56113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 17:19:09,097] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:19:09,120] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-06 17:19:17,942] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:19:17,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:19:17,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:19:17,967] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 17:19:20,663] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:19:20,664] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:19:20,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:19:20,695] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
INFO    [2022-12-06 17:19:26,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339966.7351398, 'message': 'Dec  6 17:19:25 hqnl0246134 sshd[237219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:19:26,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339966.7354813, 'message': 'Dec  6 17:19:26 hqnl0246134 sshd[237219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:19:28,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339968.7370112, 'message': 'Dec  6 17:19:28 hqnl0246134 sshd[237219]: Failed password for root from 61.177.173.18 port 18103 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:19:30,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339970.7378929, 'message': 'Dec  6 17:19:30 hqnl0246134 sshd[237219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 17:19:32,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339972.741538, 'message': 'Dec  6 17:19:32 hqnl0246134 sshd[237219]: Failed password for root from 61.177.173.18 port 18103 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:19:33,843] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:19:33,919] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:19:33,919] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:19:33,920] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:19:33,920] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:19:33,921] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:19:33,935] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:19:33,961] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0397 seconds
WARNING [2022-12-06 17:19:33,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:19:33,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:19:33,995] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0424 seconds
INFO    [2022-12-06 17:19:33,996] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0385 seconds
INFO    [2022-12-06 17:19:34,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339974.8339186, 'message': 'Dec  6 17:19:34 hqnl0246134 sshd[237219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:19:38,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670339978.7455802, 'message': 'Dec  6 17:19:37 hqnl0246134 sshd[237219]: Failed password for root from 61.177.173.18 port 18103 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
WARNING [2022-12-06 17:19:47,548] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:19:47,550] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:20:05,054] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:20:05,056] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:20:05,057] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 17:20:09,102] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:20:09,126] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-06 17:20:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:20:17,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:20:17,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:20:17,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 17:20:18,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340018.7843113, 'message': 'Dec  6 17:20:17 hqnl0246134 sshd[237293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 17:20:18,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340018.7845888, 'message': 'Dec  6 17:20:17 hqnl0246134 sshd[237293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:20:20,636] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:20:20,637] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:20:20,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:20:20,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 17:20:20,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340020.7842178, 'message': 'Dec  6 17:20:19 hqnl0246134 sshd[237293]: Failed password for root from 61.177.173.18 port 49876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:20:20,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340020.784408, 'message': 'Dec  6 17:20:19 hqnl0246134 sshd[237293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:20:22,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340022.7861855, 'message': 'Dec  6 17:20:22 hqnl0246134 sshd[237293]: Failed password for root from 61.177.173.18 port 49876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:20:24,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340024.788687, 'message': 'Dec  6 17:20:24 hqnl0246134 sshd[237293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 17:20:26,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340026.7929637, 'message': 'Dec  6 17:20:26 hqnl0246134 sshd[237293]: Failed password for root from 61.177.173.18 port 49876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 17:20:31,038] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:20:31,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:20:31,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:20:31,060] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 17:20:47,557] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:20:47,558] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:20:58,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670340058.8350532, 'message': 'Dec  6 17:20:57 hqnl0246134 sshd[237331]: Invalid user ubnt from 152.89.196.220 port 17210', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 17:20:58,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670340058.8356328, 'message': 'Dec  6 17:20:57 hqnl0246134 sshd[237331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:20:58,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670340058.8358786, 'message': 'Dec  6 17:20:57 hqnl0246134 sshd[237331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:21:00,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670340060.8362734, 'message': 'Dec  6 17:21:00 hqnl0246134 sshd[237331]: Failed password for invalid user ubnt from 152.89.196.220 port 17210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 17:21:02,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670340062.8384762, 'message': 'Dec  6 17:21:02 hqnl0246134 sshd[237331]: Disconnected from invalid user ubnt 152.89.196.220 port 17210 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 17:21:09,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:21:09,148] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0478 seconds
INFO    [2022-12-06 17:21:14,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340074.8705437, 'message': 'Dec  6 17:21:13 hqnl0246134 sshd[237345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:21:14,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340074.8708518, 'message': 'Dec  6 17:21:13 hqnl0246134 sshd[237345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:21:16,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340076.8728738, 'message': 'Dec  6 17:21:15 hqnl0246134 sshd[237345]: Failed password for root from 61.177.173.18 port 32816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 17:21:16,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340076.873494, 'message': 'Dec  6 17:21:15 hqnl0246134 sshd[237345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 17:21:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:21:17,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:21:17,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:21:17,986] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 17:21:18,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340078.8743563, 'message': 'Dec  6 17:21:17 hqnl0246134 sshd[237345]: Failed password for root from 61.177.173.18 port 32816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 17:21:18,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340078.8746521, 'message': 'Dec  6 17:21:18 hqnl0246134 sshd[237345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 17:21:20,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:21:20,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:21:20,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:21:20,842] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0359 seconds
INFO    [2022-12-06 17:21:20,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340080.877031, 'message': 'Dec  6 17:21:20 hqnl0246134 sshd[237345]: Failed password for root from 61.177.173.18 port 32816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
WARNING [2022-12-06 17:21:47,565] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:21:47,566] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:21:53,359] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 17:21:58,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340118.9266262, 'message': 'Dec  6 17:21:58 hqnl0246134 sshd[237390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 17:21:58,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340118.9270964, 'message': 'Dec  6 17:21:58 hqnl0246134 sshd[237390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:22:00,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340120.9258964, 'message': 'Dec  6 17:22:00 hqnl0246134 sshd[237390]: Failed password for root from 61.177.173.46 port 27753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:22:02,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340122.9289865, 'message': 'Dec  6 17:22:02 hqnl0246134 sshd[237390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 17:22:02,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340122.9293022, 'message': 'Dec  6 17:22:02 hqnl0246134 sshd[237394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0556 seconds
INFO    [2022-12-06 17:22:03,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340122.9294796, 'message': 'Dec  6 17:22:02 hqnl0246134 sshd[237394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 17:22:04,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340124.9327137, 'message': 'Dec  6 17:22:03 hqnl0246134 sshd[237390]: Failed password for root from 61.177.173.46 port 27753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 17:22:04,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340124.9329312, 'message': 'Dec  6 17:22:04 hqnl0246134 sshd[237394]: Failed password for root from 61.177.173.18 port 17914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 17:22:06,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340126.936114, 'message': 'Dec  6 17:22:05 hqnl0246134 sshd[237394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:22:06,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340126.9365864, 'message': 'Dec  6 17:22:05 hqnl0246134 sshd[237390]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 17:22:06,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340126.9367285, 'message': 'Dec  6 17:22:06 hqnl0246134 sshd[237394]: Failed password for root from 61.177.173.18 port 17914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:22:06,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340126.9368353, 'message': 'Dec  6 17:22:06 hqnl0246134 sshd[237390]: Failed password for root from 61.177.173.46 port 27753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 17:22:08,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340128.941094, 'message': 'Dec  6 17:22:07 hqnl0246134 sshd[237394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 17:22:09,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:22:09,141] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0362 seconds
INFO    [2022-12-06 17:22:10,025] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:22:10,025] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:22:10,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:22:10,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 17:22:10,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340130.9421208, 'message': 'Dec  6 17:22:09 hqnl0246134 sshd[237408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 17:22:10,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340130.9426663, 'message': 'Dec  6 17:22:10 hqnl0246134 sshd[237394]: Failed password for root from 61.177.173.18 port 17914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 17:22:11,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340130.9425066, 'message': 'Dec  6 17:22:09 hqnl0246134 sshd[237408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:22:12,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340132.9503093, 'message': 'Dec  6 17:22:11 hqnl0246134 sshd[237408]: Failed password for root from 61.177.173.46 port 15145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:22:12,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340132.9506936, 'message': 'Dec  6 17:22:11 hqnl0246134 sshd[237408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:22:14,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340134.9530728, 'message': 'Dec  6 17:22:12 hqnl0246134 sshd[237408]: Failed password for root from 61.177.173.46 port 15145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:22:14,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340134.953384, 'message': 'Dec  6 17:22:13 hqnl0246134 sshd[237408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:22:17,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670340136.9550548, 'message': 'Dec  6 17:22:15 hqnl0246134 sshd[237408]: Failed password for root from 61.177.173.46 port 15145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-06 17:22:17,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340136.9555593, 'message': 'Dec  6 17:22:16 hqnl0246134 sshd[237415]: Invalid user ohit@123 from 201.236.186.32 port 50482', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 17:22:17,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340136.955819, 'message': 'Dec  6 17:22:16 hqnl0246134 sshd[237415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.236.186.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 17:22:17,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340136.9560008, 'message': 'Dec  6 17:22:16 hqnl0246134 sshd[237415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:22:18,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:22:18,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:22:18,101] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:22:18,113] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 17:22:19,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340138.9567604, 'message': 'Dec  6 17:22:18 hqnl0246134 sshd[237415]: Failed password for invalid user ohit@123 from 201.236.186.32 port 50482 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 17:22:20,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340140.9577396, 'message': 'Dec  6 17:22:19 hqnl0246134 sshd[237415]: Disconnected from invalid user ohit@123 201.236.186.32 port 50482 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 17:22:21,404] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:22:21,404] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:22:21,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:22:21,424] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 17:22:47,571] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:22:47,572] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:22:55,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340174.9991565, 'message': 'Dec  6 17:22:53 hqnl0246134 sshd[237450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 17:22:55,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340174.999607, 'message': 'Dec  6 17:22:53 hqnl0246134 sshd[237450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:22:55,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340174.999771, 'message': 'Dec  6 17:22:54 hqnl0246134 sshd[237450]: Failed password for root from 61.177.173.18 port 57153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:22:57,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340176.9986093, 'message': 'Dec  6 17:22:55 hqnl0246134 sshd[237450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 17:22:57,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340176.9989967, 'message': 'Dec  6 17:22:56 hqnl0246134 sshd[237450]: Failed password for root from 61.177.173.18 port 57153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:22:59,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340178.9998477, 'message': 'Dec  6 17:22:57 hqnl0246134 sshd[237450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 17:23:01,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340181.0017333, 'message': 'Dec  6 17:22:59 hqnl0246134 sshd[237450]: Failed password for root from 61.177.173.18 port 57153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 17:23:09,140] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:23:09,231] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1233 seconds
INFO    [2022-12-06 17:23:18,066] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:23:18,067] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:23:18,081] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:23:18,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
INFO    [2022-12-06 17:23:20,765] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:23:20,765] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:23:20,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:23:20,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 17:23:45,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340225.0687206, 'message': 'Dec  6 17:23:43 hqnl0246134 sshd[237490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 17:23:45,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340225.0690382, 'message': 'Dec  6 17:23:43 hqnl0246134 sshd[237490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:23:47,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340227.073029, 'message': 'Dec  6 17:23:45 hqnl0246134 sshd[237490]: Failed password for root from 61.177.173.18 port 43521 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 17:23:47,577] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:23:47,578] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:23:49,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340229.0761213, 'message': 'Dec  6 17:23:47 hqnl0246134 sshd[237490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 17:23:51,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340231.0801446, 'message': 'Dec  6 17:23:49 hqnl0246134 sshd[237490]: Failed password for root from 61.177.173.18 port 43521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 17:23:51,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340231.0804837, 'message': 'Dec  6 17:23:49 hqnl0246134 sshd[237490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 17:23:53,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340233.083102, 'message': 'Dec  6 17:23:51 hqnl0246134 sshd[237490]: Failed password for root from 61.177.173.18 port 43521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:23:54,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:23:54,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:23:54,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:23:54,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 17:24:05,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340245.1098204, 'message': 'Dec  6 17:24:05 hqnl0246134 sshd[237541]: Invalid user andy from 212.60.80.58 port 35916', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 17:24:05,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340245.1103146, 'message': 'Dec  6 17:24:05 hqnl0246134 sshd[237541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:24:05,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340245.1104586, 'message': 'Dec  6 17:24:05 hqnl0246134 sshd[237541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 17:24:07,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340247.1134522, 'message': 'Dec  6 17:24:06 hqnl0246134 sshd[237541]: Failed password for invalid user andy from 212.60.80.58 port 35916 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:24:07,465] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:24:07,525] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:24:07,526] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:24:07,526] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:24:07,526] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:24:07,526] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:24:07,536] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:24:07,552] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0248 seconds
WARNING [2022-12-06 17:24:07,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:24:07,560] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:24:07,577] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0308 seconds
INFO    [2022-12-06 17:24:07,578] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0288 seconds
WARNING [2022-12-06 17:24:09,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:24:09,171] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0600 seconds
INFO    [2022-12-06 17:24:09,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340249.117292, 'message': 'Dec  6 17:24:07 hqnl0246134 sshd[237541]: Disconnected from invalid user andy 212.60.80.58 port 35916 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-06 17:24:17,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:24:17,906] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:24:17,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:24:17,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 17:24:20,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:24:20,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:24:20,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:24:20,616] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 17:24:21,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670340261.1568255, 'message': 'Dec  6 17:24:20 hqnl0246134 sshd[237546]: Invalid user ts from 201.249.89.102 port 39480', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:24:21,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.249.89.102', 'timestamp': 1670340261.1570501, 'message': 'Dec  6 17:24:21 hqnl0246134 sshd[237546]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.249.89.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:24:21,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.249.89.102', 'timestamp': 1670340261.1574545, 'message': 'Dec  6 17:24:21 hqnl0246134 sshd[237546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.89.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:24:23,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670340263.1628492, 'message': 'Dec  6 17:24:22 hqnl0246134 sshd[237546]: Failed password for invalid user ts from 201.249.89.102 port 39480 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:24:25,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670340265.1639485, 'message': 'Dec  6 17:24:23 hqnl0246134 sshd[237546]: Disconnected from invalid user ts 201.249.89.102 port 39480 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:24:37,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340277.1901383, 'message': 'Dec  6 17:24:35 hqnl0246134 sshd[237572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 17:24:37,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340277.1904838, 'message': 'Dec  6 17:24:35 hqnl0246134 sshd[237572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:24:37,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340277.1909542, 'message': 'Dec  6 17:24:36 hqnl0246134 sshd[237572]: Failed password for root from 61.177.173.18 port 30071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:24:39,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340279.1931062, 'message': 'Dec  6 17:24:37 hqnl0246134 sshd[237572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:24:41,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340281.1981168, 'message': 'Dec  6 17:24:39 hqnl0246134 sshd[237572]: Failed password for root from 61.177.173.18 port 30071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:24:41,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340281.1984856, 'message': 'Dec  6 17:24:39 hqnl0246134 sshd[237572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:24:42,840] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:24:42,841] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:24:42,841] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 17:24:43,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340283.2016714, 'message': 'Dec  6 17:24:41 hqnl0246134 sshd[237572]: Failed password for root from 61.177.173.18 port 30071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 17:24:47,581] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:24:47,582] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:25:09,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:25:09,150] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0332 seconds
INFO    [2022-12-06 17:25:18,273] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:25:18,274] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:25:18,284] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:25:18,300] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-06 17:25:21,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:25:21,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:25:21,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:25:21,058] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 17:25:27,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340327.2795622, 'message': 'Dec  6 17:25:26 hqnl0246134 sshd[237635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:25:27,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340327.2801096, 'message': 'Dec  6 17:25:26 hqnl0246134 sshd[237635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:25:29,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340329.2813861, 'message': 'Dec  6 17:25:28 hqnl0246134 sshd[237635]: Failed password for root from 61.177.173.18 port 16097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:25:29,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340329.285576, 'message': 'Dec  6 17:25:29 hqnl0246134 sshd[237635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:25:31,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340331.2846057, 'message': 'Dec  6 17:25:30 hqnl0246134 sshd[237635]: Failed password for root from 61.177.173.18 port 16097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:25:33,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340333.287938, 'message': 'Dec  6 17:25:31 hqnl0246134 sshd[237635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:25:35,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340335.2902095, 'message': 'Dec  6 17:25:33 hqnl0246134 sshd[237635]: Failed password for root from 61.177.173.18 port 16097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:25:36,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:25:36,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:25:36,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:25:36,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 17:25:47,587] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:25:47,588] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:26:09,134] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:26:09,156] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-06 17:26:17,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340377.3467324, 'message': 'Dec  6 17:26:16 hqnl0246134 sshd[237666]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:26:17,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340377.3471735, 'message': 'Dec  6 17:26:16 hqnl0246134 sshd[237666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:26:17,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:26:17,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:26:17,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:26:17,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 17:26:19,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340379.3503902, 'message': 'Dec  6 17:26:18 hqnl0246134 sshd[237666]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 17:26:20,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:26:20,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:26:20,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:26:20,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 17:26:21,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340381.3520079, 'message': 'Dec  6 17:26:20 hqnl0246134 sshd[237666]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:26:23,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340383.3564808, 'message': 'Dec  6 17:26:22 hqnl0246134 sshd[237666]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 17:26:23,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340383.3568642, 'message': 'Dec  6 17:26:23 hqnl0246134 sshd[237666]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 17:26:25,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340385.360429, 'message': 'Dec  6 17:26:25 hqnl0246134 sshd[237666]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 17:26:33,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340393.379101, 'message': 'Dec  6 17:26:32 hqnl0246134 sshd[237690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:26:33,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340393.379395, 'message': 'Dec  6 17:26:32 hqnl0246134 sshd[237690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:26:35,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340395.3822205, 'message': 'Dec  6 17:26:34 hqnl0246134 sshd[237690]: Failed password for root from 61.177.172.19 port 26134 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 17:26:35,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340395.3825903, 'message': 'Dec  6 17:26:34 hqnl0246134 sshd[237690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 17:26:37,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340397.385884, 'message': 'Dec  6 17:26:37 hqnl0246134 sshd[237690]: Failed password for root from 61.177.172.19 port 26134 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:26:39,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340399.3903143, 'message': 'Dec  6 17:26:39 hqnl0246134 sshd[237690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 17:26:41,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340401.3931088, 'message': 'Dec  6 17:26:41 hqnl0246134 sshd[237690]: Failed password for root from 61.177.172.19 port 26134 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 17:26:43,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340403.3945365, 'message': 'Dec  6 17:26:42 hqnl0246134 sshd[237694]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:26:43,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340403.3947678, 'message': 'Dec  6 17:26:42 hqnl0246134 sshd[237694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:26:44,159] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:26:44,159] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:26:44,167] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:26:44,179] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 17:26:45,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340405.3973103, 'message': 'Dec  6 17:26:44 hqnl0246134 sshd[237694]: Failed password for root from 61.177.172.19 port 11078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 17:26:45,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340405.3976438, 'message': 'Dec  6 17:26:45 hqnl0246134 sshd[237694]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 17:26:47,592] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:26:47,593] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:26:49,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340409.4021335, 'message': 'Dec  6 17:26:47 hqnl0246134 sshd[237694]: Failed password for root from 61.177.172.19 port 11078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 17:26:51,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340411.4061644, 'message': 'Dec  6 17:26:49 hqnl0246134 sshd[237694]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:26:53,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340413.4111812, 'message': 'Dec  6 17:26:51 hqnl0246134 sshd[237694]: Failed password for root from 61.177.172.19 port 11078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:26:55,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340415.4156702, 'message': 'Dec  6 17:26:53 hqnl0246134 sshd[237710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 17:26:55,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340415.4160845, 'message': 'Dec  6 17:26:53 hqnl0246134 sshd[237710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 17:26:55,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340415.4162145, 'message': 'Dec  6 17:26:55 hqnl0246134 sshd[237710]: Failed password for root from 61.177.172.19 port 34265 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:26:57,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340417.4180548, 'message': 'Dec  6 17:26:56 hqnl0246134 sshd[237710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:26:59,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340419.4215055, 'message': 'Dec  6 17:26:58 hqnl0246134 sshd[237710]: Failed password for root from 61.177.172.19 port 34265 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:27:01,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340421.4242837, 'message': 'Dec  6 17:27:00 hqnl0246134 sshd[237710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:27:03,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340423.4274163, 'message': 'Dec  6 17:27:02 hqnl0246134 sshd[237710]: Failed password for root from 61.177.172.19 port 34265 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:27:05,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340425.4306104, 'message': 'Dec  6 17:27:04 hqnl0246134 sshd[237728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:27:05,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340425.4307878, 'message': 'Dec  6 17:27:04 hqnl0246134 sshd[237728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:27:07,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340427.4363024, 'message': 'Dec  6 17:27:06 hqnl0246134 sshd[237728]: Failed password for root from 61.177.172.19 port 61276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 17:27:09,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:27:09,158] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0265 seconds
INFO    [2022-12-06 17:27:09,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340429.4418194, 'message': 'Dec  6 17:27:07 hqnl0246134 sshd[237730]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 17:27:09,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340429.4423308, 'message': 'Dec  6 17:27:08 hqnl0246134 sshd[237728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 17:27:09,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340429.4421332, 'message': 'Dec  6 17:27:07 hqnl0246134 sshd[237730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:27:11,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340431.4446988, 'message': 'Dec  6 17:27:09 hqnl0246134 sshd[237730]: Failed password for root from 61.177.173.18 port 34376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 17:27:11,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340431.4450395, 'message': 'Dec  6 17:27:11 hqnl0246134 sshd[237728]: Failed password for root from 61.177.172.19 port 61276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 17:27:11,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340431.4449031, 'message': 'Dec  6 17:27:09 hqnl0246134 sshd[237730]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:27:13,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340433.4484248, 'message': 'Dec  6 17:27:12 hqnl0246134 sshd[237730]: Failed password for root from 61.177.173.18 port 34376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 17:27:13,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340433.4486396, 'message': 'Dec  6 17:27:12 hqnl0246134 sshd[237732]: Invalid user user from 212.60.80.58 port 58637', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 17:27:13,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340433.4490108, 'message': 'Dec  6 17:27:13 hqnl0246134 sshd[237728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 17:27:13,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340433.448802, 'message': 'Dec  6 17:27:12 hqnl0246134 sshd[237732]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:27:13,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340433.448908, 'message': 'Dec  6 17:27:12 hqnl0246134 sshd[237732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:27:15,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340435.4512534, 'message': 'Dec  6 17:27:13 hqnl0246134 sshd[237732]: Failed password for invalid user user from 212.60.80.58 port 58637 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 17:27:15,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340435.4515536, 'message': 'Dec  6 17:27:14 hqnl0246134 sshd[237730]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 17:27:15,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670340435.4516764, 'message': 'Dec  6 17:27:15 hqnl0246134 sshd[237728]: Failed password for root from 61.177.172.19 port 61276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 17:27:15,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340435.4514382, 'message': 'Dec  6 17:27:14 hqnl0246134 sshd[237732]: Disconnected from invalid user user 212.60.80.58 port 58637 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:27:17,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340437.4556978, 'message': 'Dec  6 17:27:16 hqnl0246134 sshd[237730]: Failed password for root from 61.177.173.18 port 34376 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 17:27:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:27:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:27:17,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:27:18,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 17:27:20,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:27:20,674] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:27:20,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:27:20,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 17:27:47,597] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:27:47,599] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:27:51,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340471.5234315, 'message': 'Dec  6 17:27:50 hqnl0246134 sshd[237790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 17:27:51,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340471.5241804, 'message': 'Dec  6 17:27:50 hqnl0246134 sshd[237790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:27:53,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340473.5239637, 'message': 'Dec  6 17:27:52 hqnl0246134 sshd[237790]: Failed password for root from 61.177.173.47 port 48690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:27:53,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340473.5241752, 'message': 'Dec  6 17:27:53 hqnl0246134 sshd[237790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 17:27:55,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340475.5278146, 'message': 'Dec  6 17:27:54 hqnl0246134 sshd[237790]: Failed password for root from 61.177.173.47 port 48690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:27:55,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340475.528065, 'message': 'Dec  6 17:27:55 hqnl0246134 sshd[237790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:27:57,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340477.529902, 'message': 'Dec  6 17:27:57 hqnl0246134 sshd[237792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 17:27:57,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340477.530208, 'message': 'Dec  6 17:27:57 hqnl0246134 sshd[237792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:27:59,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340479.5320044, 'message': 'Dec  6 17:27:57 hqnl0246134 sshd[237790]: Failed password for root from 61.177.173.47 port 48690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 17:28:01,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340481.5355146, 'message': 'Dec  6 17:27:59 hqnl0246134 sshd[237792]: Failed password for root from 61.177.173.18 port 11760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:28:02,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:28:02,679] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:28:02,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:28:02,706] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0253 seconds
INFO    [2022-12-06 17:28:03,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340483.5367794, 'message': 'Dec  6 17:28:01 hqnl0246134 sshd[237792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 17:28:03,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340483.5370584, 'message': 'Dec  6 17:28:02 hqnl0246134 sshd[237796]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 17:28:03,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340483.5372384, 'message': 'Dec  6 17:28:02 hqnl0246134 sshd[237796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:28:05,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340485.5392938, 'message': 'Dec  6 17:28:03 hqnl0246134 sshd[237792]: Failed password for root from 61.177.173.18 port 11760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 17:28:05,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340485.53958, 'message': 'Dec  6 17:28:03 hqnl0246134 sshd[237796]: Failed password for root from 61.177.173.47 port 20048 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 17:28:05,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340485.5399354, 'message': 'Dec  6 17:28:04 hqnl0246134 sshd[237792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 17:28:05,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340485.5397534, 'message': 'Dec  6 17:28:04 hqnl0246134 sshd[237796]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 17:28:07,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340487.5425057, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237812]: Invalid user eoffice from 201.236.186.32 port 45828', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 17:28:07,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340487.5427241, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237796]: Failed password for root from 61.177.173.47 port 20048 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 17:28:07,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340487.5428345, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237792]: Failed password for root from 61.177.173.18 port 11760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 17:28:07,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340487.542942, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237812]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.236.186.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:28:07,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340487.5432017, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237796]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:28:07,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340487.5430474, 'message': 'Dec  6 17:28:06 hqnl0246134 sshd[237812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 17:28:09,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:28:09,170] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-06 17:28:09,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340489.5451033, 'message': 'Dec  6 17:28:08 hqnl0246134 sshd[237812]: Failed password for invalid user eoffice from 201.236.186.32 port 45828 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:28:09,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340489.545437, 'message': 'Dec  6 17:28:08 hqnl0246134 sshd[237796]: Failed password for root from 61.177.173.47 port 20048 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 17:28:09,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.236.186.32', 'timestamp': 1670340489.5452957, 'message': 'Dec  6 17:28:08 hqnl0246134 sshd[237812]: Disconnected from invalid user eoffice 201.236.186.32 port 45828 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:28:11,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340491.5475614, 'message': 'Dec  6 17:28:10 hqnl0246134 sshd[237814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:28:11,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340491.5478644, 'message': 'Dec  6 17:28:10 hqnl0246134 sshd[237814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 17:28:13,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340493.5496528, 'message': 'Dec  6 17:28:13 hqnl0246134 sshd[237814]: Failed password for root from 61.177.173.47 port 37289 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 17:28:15,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340495.5513802, 'message': 'Dec  6 17:28:15 hqnl0246134 sshd[237814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-06 17:28:17,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340497.5537543, 'message': 'Dec  6 17:28:17 hqnl0246134 sshd[237814]: Failed password for root from 61.177.173.47 port 37289 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 17:28:19,199] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:28:19,200] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:28:19,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:28:19,312] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0924 seconds
INFO    [2022-12-06 17:28:19,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340499.555332, 'message': 'Dec  6 17:28:19 hqnl0246134 sshd[237814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 17:28:22,198] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:28:22,198] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:28:22,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:28:22,219] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 17:28:23,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670340503.558089, 'message': 'Dec  6 17:28:21 hqnl0246134 sshd[237814]: Failed password for root from 61.177.173.47 port 37289 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:28:26,531] defence360agent.files: Updating all files
INFO    [2022-12-06 17:28:26,813] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:26,814] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 17:28:27,101] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:27,101] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 17:28:27,463] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:27,464] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 17:28:27,790] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:27,790] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 17:28:27,791] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 17:28:28,115] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 15:28:28 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E3DD79E433226'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 17:28:28,117] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 17:28:28,118] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 17:28:28,650] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:28,651] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 17:28:28,972] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:28,973] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 17:28:29,290] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:29,291] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 17:28:29,748] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:29,748] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 17:28:30,162] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 17:28:30,163] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 17:28:47,601] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:28:47,602] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:28:49,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340529.6159956, 'message': 'Dec  6 17:28:49 hqnl0246134 sshd[237843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 17:28:49,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340529.616742, 'message': 'Dec  6 17:28:49 hqnl0246134 sshd[237843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:28:51,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340531.6249628, 'message': 'Dec  6 17:28:50 hqnl0246134 sshd[237843]: Failed password for root from 61.177.173.18 port 55797 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:28:51,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340531.6251905, 'message': 'Dec  6 17:28:51 hqnl0246134 sshd[237843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:28:53,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340533.6341796, 'message': 'Dec  6 17:28:53 hqnl0246134 sshd[237843]: Failed password for root from 61.177.173.18 port 55797 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:28:55,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340535.6375654, 'message': 'Dec  6 17:28:53 hqnl0246134 sshd[237843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:28:55,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340535.6378155, 'message': 'Dec  6 17:28:55 hqnl0246134 sshd[237843]: Failed password for root from 61.177.173.18 port 55797 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 17:29:09,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:29:09,168] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-06 17:29:13,895] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:29:13,969] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:29:13,970] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:29:13,970] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:29:13,970] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:29:13,971] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:29:13,980] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:29:13,997] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0256 seconds
WARNING [2022-12-06 17:29:14,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:29:14,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:29:14,024] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0328 seconds
INFO    [2022-12-06 17:29:14,025] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0307 seconds
INFO    [2022-12-06 17:29:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:29:17,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:29:18,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:29:18,023] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0319 seconds
INFO    [2022-12-06 17:29:22,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:29:22,769] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:29:22,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:29:22,792] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 17:29:41,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340581.7089858, 'message': 'Dec  6 17:29:39 hqnl0246134 sshd[237890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 17:29:41,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340581.7094016, 'message': 'Dec  6 17:29:39 hqnl0246134 sshd[237890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:29:41,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340581.7096562, 'message': 'Dec  6 17:29:41 hqnl0246134 sshd[237890]: Failed password for root from 61.177.173.18 port 33243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:29:43,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340583.7093575, 'message': 'Dec  6 17:29:42 hqnl0246134 sshd[237890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 17:29:44,105] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:29:44,106] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:29:44,106] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 17:29:45,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340585.7131107, 'message': 'Dec  6 17:29:44 hqnl0246134 sshd[237890]: Failed password for root from 61.177.173.18 port 33243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 17:29:45,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340585.7135463, 'message': 'Dec  6 17:29:44 hqnl0246134 sshd[237890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 17:29:47,610] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:29:47,611] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:29:47,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340587.7164345, 'message': 'Dec  6 17:29:47 hqnl0246134 sshd[237890]: Failed password for root from 61.177.173.18 port 33243 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:29:51,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:29:51,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:29:51,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:29:51,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-06 17:30:09,154] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:30:09,188] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-06 17:30:15,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340615.7690353, 'message': 'Dec  6 17:30:15 hqnl0246134 sshd[237936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 212.60.80.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 17:30:15,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340615.7693715, 'message': 'Dec  6 17:30:15 hqnl0246134 sshd[237936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 17:30:17,975] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:30:17,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:30:17,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:30:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 17:30:19,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.60.80.58', 'timestamp': 1670340619.7747874, 'message': 'Dec  6 17:30:17 hqnl0246134 sshd[237936]: Failed password for root from 212.60.80.58 port 54448 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1407 seconds
INFO    [2022-12-06 17:30:20,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:30:20,947] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:30:20,954] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:30:20,965] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 17:30:27,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340627.7936997, 'message': 'Dec  6 17:30:27 hqnl0246134 sshd[237960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:30:27,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340627.7940028, 'message': 'Dec  6 17:30:27 hqnl0246134 sshd[237960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:30:29,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340629.7997966, 'message': 'Dec  6 17:30:29 hqnl0246134 sshd[237960]: Failed password for root from 61.177.173.18 port 14707 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:30:31,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340631.8059368, 'message': 'Dec  6 17:30:31 hqnl0246134 sshd[237960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:30:33,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340633.8127203, 'message': 'Dec  6 17:30:33 hqnl0246134 sshd[237960]: Failed password for root from 61.177.173.18 port 14707 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:30:35,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340635.8195832, 'message': 'Dec  6 17:30:33 hqnl0246134 sshd[237960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:30:35,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340635.8198557, 'message': 'Dec  6 17:30:35 hqnl0246134 sshd[237960]: Failed password for root from 61.177.173.18 port 14707 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 17:30:47,628] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:30:47,630] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:31:09,170] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:31:09,199] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0402 seconds
INFO    [2022-12-06 17:31:18,097] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:31:18,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:31:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:31:18,126] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 17:31:19,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340679.92637, 'message': 'Dec  6 17:31:19 hqnl0246134 sshd[237990]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 17:31:20,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340679.9267707, 'message': 'Dec  6 17:31:19 hqnl0246134 sshd[237990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 17:31:21,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:31:21,495] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:31:21,514] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:31:21,533] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0271 seconds
INFO    [2022-12-06 17:31:21,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340681.9261591, 'message': 'Dec  6 17:31:21 hqnl0246134 sshd[237990]: Failed password for root from 61.177.173.18 port 60430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 17:31:21,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340681.92643, 'message': 'Dec  6 17:31:21 hqnl0246134 sshd[237990]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:31:25,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340685.9332168, 'message': 'Dec  6 17:31:24 hqnl0246134 sshd[237990]: Failed password for root from 61.177.173.18 port 60430 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 17:31:27,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340687.9338899, 'message': 'Dec  6 17:31:26 hqnl0246134 sshd[237990]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 17:31:29,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340689.937369, 'message': 'Dec  6 17:31:27 hqnl0246134 sshd[237990]: Failed password for root from 61.177.173.18 port 60430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 17:31:31,122] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:31:31,122] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:31:31,130] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:31:31,142] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
WARNING [2022-12-06 17:31:47,639] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:31:47,641] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:31:53,362] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 17:32:09,182] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:32:09,218] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0551 seconds
INFO    [2022-12-06 17:32:12,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340731.997267, 'message': 'Dec  6 17:32:10 hqnl0246134 sshd[238074]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 17:32:12,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340731.9976466, 'message': 'Dec  6 17:32:10 hqnl0246134 sshd[238074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:32:14,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340733.9976985, 'message': 'Dec  6 17:32:13 hqnl0246134 sshd[238074]: Failed password for root from 61.177.173.18 port 41294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 17:32:16,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340735.9999526, 'message': 'Dec  6 17:32:15 hqnl0246134 sshd[238074]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:32:18,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:32:18,136] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 17:32:18,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340738.0013323, 'message': 'Dec  6 17:32:17 hqnl0246134 sshd[238074]: Failed password for root from 61.177.173.18 port 41294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1452 seconds
WARNING [2022-12-06 17:32:18,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:32:18,161] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 17:32:20,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340740.0045574, 'message': 'Dec  6 17:32:19 hqnl0246134 sshd[238074]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 17:32:21,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:32:21,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:32:21,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:32:21,097] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
INFO    [2022-12-06 17:32:22,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340742.0063503, 'message': 'Dec  6 17:32:21 hqnl0246134 sshd[238074]: Failed password for root from 61.177.173.18 port 41294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 17:32:47,643] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:32:47,645] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:33:04,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340784.0558727, 'message': 'Dec  6 17:33:02 hqnl0246134 sshd[238124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 17:33:04,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340784.0567825, 'message': 'Dec  6 17:33:02 hqnl0246134 sshd[238124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 17:33:06,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340786.0557225, 'message': 'Dec  6 17:33:05 hqnl0246134 sshd[238124]: Failed password for root from 61.177.173.18 port 19912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 17:33:08,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340788.1347528, 'message': 'Dec  6 17:33:07 hqnl0246134 sshd[238124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 17:33:09,178] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:33:09,209] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0413 seconds
INFO    [2022-12-06 17:33:10,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340790.0612476, 'message': 'Dec  6 17:33:09 hqnl0246134 sshd[238124]: Failed password for root from 61.177.173.18 port 19912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:33:12,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340792.065046, 'message': 'Dec  6 17:33:11 hqnl0246134 sshd[238126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 17:33:12,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340792.0654154, 'message': 'Dec  6 17:33:12 hqnl0246134 sshd[238124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 17:33:12,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340792.0652692, 'message': 'Dec  6 17:33:11 hqnl0246134 sshd[238126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:33:16,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340796.0699556, 'message': 'Dec  6 17:33:14 hqnl0246134 sshd[238124]: Failed password for root from 61.177.173.18 port 19912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 17:33:16,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340796.0702999, 'message': 'Dec  6 17:33:14 hqnl0246134 sshd[238126]: Failed password for root from 61.177.173.53 port 38182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 17:33:16,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340796.0705523, 'message': 'Dec  6 17:33:15 hqnl0246134 sshd[238126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 17:33:18,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:33:18,111] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:33:18,122] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:33:18,147] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0349 seconds
INFO    [2022-12-06 17:33:18,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340798.1131988, 'message': 'Dec  6 17:33:17 hqnl0246134 sshd[238126]: Failed password for root from 61.177.173.53 port 38182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 17:33:19,047] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:33:19,047] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:33:19,054] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:33:19,067] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 17:33:20,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340800.075155, 'message': 'Dec  6 17:33:18 hqnl0246134 sshd[238126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:33:20,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340800.0754714, 'message': 'Dec  6 17:33:19 hqnl0246134 sshd[238126]: Failed password for root from 61.177.173.53 port 38182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:33:20,916] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:33:20,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:33:20,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:33:20,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 17:33:24,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340804.0818563, 'message': 'Dec  6 17:33:23 hqnl0246134 sshd[238153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:33:24,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340804.0821116, 'message': 'Dec  6 17:33:23 hqnl0246134 sshd[238153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:33:28,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340808.0896595, 'message': 'Dec  6 17:33:26 hqnl0246134 sshd[238153]: Failed password for root from 61.177.173.53 port 47909 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 17:33:30,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340810.0929036, 'message': 'Dec  6 17:33:28 hqnl0246134 sshd[238153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:33:32,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340812.1028376, 'message': 'Dec  6 17:33:30 hqnl0246134 sshd[238153]: Failed password for root from 61.177.173.53 port 47909 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:33:34,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340814.1123726, 'message': 'Dec  6 17:33:32 hqnl0246134 sshd[238153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:33:36,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670340816.116794, 'message': 'Dec  6 17:33:34 hqnl0246134 sshd[238153]: Failed password for root from 61.177.173.53 port 47909 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-06 17:33:47,649] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:33:47,650] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:33:56,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340836.1418915, 'message': 'Dec  6 17:33:54 hqnl0246134 sshd[238172]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 17:33:56,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340836.1425393, 'message': 'Dec  6 17:33:54 hqnl0246134 sshd[238172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:33:58,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340838.1423538, 'message': 'Dec  6 17:33:56 hqnl0246134 sshd[238172]: Failed password for root from 61.177.173.18 port 54741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 17:33:58,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340838.1427855, 'message': 'Dec  6 17:33:56 hqnl0246134 sshd[238172]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:34:00,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340840.1442742, 'message': 'Dec  6 17:33:58 hqnl0246134 sshd[238172]: Failed password for root from 61.177.173.18 port 54741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:34:00,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340840.144569, 'message': 'Dec  6 17:33:58 hqnl0246134 sshd[238172]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:34:02,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340842.1459892, 'message': 'Dec  6 17:34:01 hqnl0246134 sshd[238172]: Failed password for root from 61.177.173.18 port 54741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
WARNING [2022-12-06 17:34:09,182] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:34:09,208] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 17:34:17,876] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:34:17,877] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:34:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:34:17,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:34:20,582] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:34:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:34:20,590] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:34:20,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 17:34:46,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340886.210741, 'message': 'Dec  6 17:34:45 hqnl0246134 sshd[238212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:34:46,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340886.210998, 'message': 'Dec  6 17:34:45 hqnl0246134 sshd[238212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0259 seconds
WARNING [2022-12-06 17:34:47,652] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:34:47,653] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:34:48,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340888.2127626, 'message': 'Dec  6 17:34:47 hqnl0246134 sshd[238212]: Failed password for root from 61.177.173.18 port 40535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:34:50,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340890.2176754, 'message': 'Dec  6 17:34:49 hqnl0246134 sshd[238212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 17:34:52,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340892.2205892, 'message': 'Dec  6 17:34:51 hqnl0246134 sshd[238212]: Failed password for root from 61.177.173.18 port 40535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:34:52,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340892.2210116, 'message': 'Dec  6 17:34:52 hqnl0246134 sshd[238212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 17:34:54,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340894.2219493, 'message': 'Dec  6 17:34:54 hqnl0246134 sshd[238212]: Failed password for root from 61.177.173.18 port 40535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 17:34:57,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:34:57,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:34:57,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:34:57,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 17:35:09,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:35:09,207] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-06 17:35:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:35:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:35:17,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:35:17,923] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 17:35:20,540] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:35:20,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:35:20,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:35:20,561] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 17:35:34,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340934.2946846, 'message': 'Dec  6 17:35:33 hqnl0246134 sshd[238286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:35:34,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340934.2949991, 'message': 'Dec  6 17:35:33 hqnl0246134 sshd[238286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:35:36,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340936.2994986, 'message': 'Dec  6 17:35:35 hqnl0246134 sshd[238286]: Failed password for root from 61.177.173.18 port 11631 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 17:35:38,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340938.3004541, 'message': 'Dec  6 17:35:37 hqnl0246134 sshd[238286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:35:40,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340940.3022494, 'message': 'Dec  6 17:35:39 hqnl0246134 sshd[238286]: Failed password for root from 61.177.173.18 port 11631 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:35:40,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340940.302496, 'message': 'Dec  6 17:35:40 hqnl0246134 sshd[238286]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 17:35:42,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340942.304961, 'message': 'Dec  6 17:35:41 hqnl0246134 sshd[238286]: Failed password for root from 61.177.173.18 port 11631 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 17:35:47,656] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:35:47,658] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:36:09,192] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:36:09,224] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0431 seconds
INFO    [2022-12-06 17:36:15,220] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:36:15,286] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:36:15,287] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:36:15,287] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:36:15,287] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:36:15,288] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:36:15,298] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:36:15,319] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0304 seconds
WARNING [2022-12-06 17:36:15,329] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:36:15,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:36:15,357] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0459 seconds
INFO    [2022-12-06 17:36:15,358] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0427 seconds
INFO    [2022-12-06 17:36:16,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670340976.3554766, 'message': 'Dec  6 17:36:15 hqnl0246134 sshd[238339]: Invalid user support from 51.250.70.0 port 54094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:36:16,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.70.0', 'timestamp': 1670340976.3558018, 'message': 'Dec  6 17:36:16 hqnl0246134 sshd[238339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.70.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:36:16,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.70.0', 'timestamp': 1670340976.3559873, 'message': 'Dec  6 17:36:16 hqnl0246134 sshd[238339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.70.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 17:36:17,992] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:36:17,992] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:36:17,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:36:18,011] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 17:36:18,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670340978.3553696, 'message': 'Dec  6 17:36:18 hqnl0246134 sshd[238339]: Failed password for invalid user support from 51.250.70.0 port 54094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 17:36:20,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670340980.3575869, 'message': 'Dec  6 17:36:19 hqnl0246134 sshd[238339]: Disconnected from invalid user support 51.250.70.0 port 54094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 17:36:21,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:36:21,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:36:21,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:36:21,105] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-06 17:36:22,126] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:36:22,126] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:36:22,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:36:22,186] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0497 seconds
INFO    [2022-12-06 17:36:26,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340986.361928, 'message': 'Dec  6 17:36:24 hqnl0246134 sshd[238365]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 17:36:26,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340986.3638017, 'message': 'Dec  6 17:36:24 hqnl0246134 sshd[238365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:36:26,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340986.3639338, 'message': 'Dec  6 17:36:26 hqnl0246134 sshd[238365]: Failed password for root from 61.177.173.18 port 57796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 17:36:28,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340988.3645468, 'message': 'Dec  6 17:36:26 hqnl0246134 sshd[238365]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0750 seconds
INFO    [2022-12-06 17:36:30,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340990.370989, 'message': 'Dec  6 17:36:28 hqnl0246134 sshd[238365]: Failed password for root from 61.177.173.18 port 57796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 17:36:30,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340990.371255, 'message': 'Dec  6 17:36:29 hqnl0246134 sshd[238365]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:36:32,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670340992.3780978, 'message': 'Dec  6 17:36:31 hqnl0246134 sshd[238365]: Failed password for root from 61.177.173.18 port 57796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:36:45,413] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:36:45,413] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:36:45,414] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 17:36:47,661] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:36:47,662] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:37:02,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341022.4393177, 'message': 'Dec  6 17:37:01 hqnl0246134 sshd[238392]: Invalid user henry from 206.189.87.115 port 41370', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 17:37:02,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341022.4400275, 'message': 'Dec  6 17:37:01 hqnl0246134 sshd[238392]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.87.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:37:02,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341022.4401948, 'message': 'Dec  6 17:37:01 hqnl0246134 sshd[238392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:37:04,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341024.4446297, 'message': 'Dec  6 17:37:03 hqnl0246134 sshd[238392]: Failed password for invalid user henry from 206.189.87.115 port 41370 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:37:06,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341026.4466627, 'message': 'Dec  6 17:37:04 hqnl0246134 sshd[238392]: Disconnected from invalid user henry 206.189.87.115 port 41370 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 17:37:09,193] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:37:09,235] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0510 seconds
INFO    [2022-12-06 17:37:14,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341034.4580433, 'message': 'Dec  6 17:37:14 hqnl0246134 sshd[238402]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:37:14,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341034.4583585, 'message': 'Dec  6 17:37:14 hqnl0246134 sshd[238402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:37:16,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341036.4599395, 'message': 'Dec  6 17:37:16 hqnl0246134 sshd[238402]: Failed password for root from 61.177.173.18 port 34440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 17:37:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:37:17,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:37:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:37:17,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 17:37:20,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341040.473066, 'message': 'Dec  6 17:37:18 hqnl0246134 sshd[238402]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:37:20,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:37:20,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 17:37:20,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341040.4736104, 'message': 'Dec  6 17:37:20 hqnl0246134 sshd[238402]: Failed password for root from 61.177.173.18 port 34440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0910 seconds
WARNING [2022-12-06 17:37:20,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:37:20,614] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 17:37:22,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341042.4672973, 'message': 'Dec  6 17:37:20 hqnl0246134 sshd[238402]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:37:24,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341044.4699194, 'message': 'Dec  6 17:37:22 hqnl0246134 sshd[238402]: Failed password for root from 61.177.173.18 port 34440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 17:37:47,666] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:37:47,667] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:38:06,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341086.5351012, 'message': 'Dec  6 17:38:04 hqnl0246134 sshd[238442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 17:38:06,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341086.535742, 'message': 'Dec  6 17:38:04 hqnl0246134 sshd[238442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:38:08,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341088.536434, 'message': 'Dec  6 17:38:07 hqnl0246134 sshd[238442]: Failed password for root from 61.177.173.18 port 15680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 17:38:09,209] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:38:09,232] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0305 seconds
INFO    [2022-12-06 17:38:10,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341090.539899, 'message': 'Dec  6 17:38:09 hqnl0246134 sshd[238442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:38:12,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341092.5427365, 'message': 'Dec  6 17:38:11 hqnl0246134 sshd[238442]: Failed password for root from 61.177.173.18 port 15680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:38:14,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341094.5457253, 'message': 'Dec  6 17:38:13 hqnl0246134 sshd[238442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:38:16,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341096.548597, 'message': 'Dec  6 17:38:15 hqnl0246134 sshd[238442]: Failed password for root from 61.177.173.18 port 15680 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 17:38:18,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:38:18,346] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:38:18,362] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:38:18,377] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0303 seconds
INFO    [2022-12-06 17:38:18,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:38:18,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:38:18,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:38:18,911] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:38:21,081] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:38:21,082] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:38:21,090] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:38:21,102] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 17:38:22,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341102.5558, 'message': 'Dec  6 17:38:22 hqnl0246134 sshd[238446]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.249.89.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 17:38:22,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341102.5561948, 'message': 'Dec  6 17:38:22 hqnl0246134 sshd[238446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.89.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:38:24,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341104.5578268, 'message': 'Dec  6 17:38:24 hqnl0246134 sshd[238446]: Failed password for root from 201.249.89.102 port 59958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-06 17:38:47,671] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:38:47,672] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:38:56,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341136.6025267, 'message': 'Dec  6 17:38:55 hqnl0246134 sshd[238492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 17:38:56,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341136.6029043, 'message': 'Dec  6 17:38:55 hqnl0246134 sshd[238492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:38:58,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341138.609462, 'message': 'Dec  6 17:38:57 hqnl0246134 sshd[238492]: Failed password for root from 61.177.173.18 port 51723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:38:58,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341138.609694, 'message': 'Dec  6 17:38:57 hqnl0246134 sshd[238492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:39:00,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341140.6181464, 'message': 'Dec  6 17:38:59 hqnl0246134 sshd[238492]: Failed password for root from 61.177.173.18 port 51723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:39:00,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341140.6183329, 'message': 'Dec  6 17:38:59 hqnl0246134 sshd[238492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:39:02,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341142.6288185, 'message': 'Dec  6 17:39:01 hqnl0246134 sshd[238492]: Failed password for root from 61.177.173.18 port 51723 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0332 seconds
WARNING [2022-12-06 17:39:09,219] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:39:09,251] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0442 seconds
INFO    [2022-12-06 17:39:17,890] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:39:17,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:39:17,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:39:17,914] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 17:39:20,555] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:39:20,555] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:39:20,564] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:39:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 17:39:34,475] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:39:34,547] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:39:34,548] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:39:34,548] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:39:34,548] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:39:34,549] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:39:34,563] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:39:34,581] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0312 seconds
WARNING [2022-12-06 17:39:34,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:39:34,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:39:34,610] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0349 seconds
INFO    [2022-12-06 17:39:34,611] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0325 seconds
INFO    [2022-12-06 17:39:42,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341182.6932142, 'message': 'Dec  6 17:39:40 hqnl0246134 sshd[238704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:39:42,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341182.6935923, 'message': 'Dec  6 17:39:40 hqnl0246134 sshd[238704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:39:44,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341184.6944432, 'message': 'Dec  6 17:39:43 hqnl0246134 sshd[238704]: Failed password for root from 61.177.173.39 port 12006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:39:46,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341186.696555, 'message': 'Dec  6 17:39:45 hqnl0246134 sshd[238704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 17:39:47,674] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:39:47,675] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:39:48,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341188.6991315, 'message': 'Dec  6 17:39:46 hqnl0246134 sshd[238704]: Failed password for root from 61.177.173.39 port 12006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-06 17:39:48,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341188.6994896, 'message': 'Dec  6 17:39:47 hqnl0246134 sshd[238707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0600 seconds
INFO    [2022-12-06 17:39:48,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341188.6993513, 'message': 'Dec  6 17:39:47 hqnl0246134 sshd[238704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 17:39:48,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341188.6996722, 'message': 'Dec  6 17:39:47 hqnl0246134 sshd[238707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 17:39:50,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341190.7024307, 'message': 'Dec  6 17:39:49 hqnl0246134 sshd[238704]: Failed password for root from 61.177.173.39 port 12006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 17:39:50,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341190.7026505, 'message': 'Dec  6 17:39:49 hqnl0246134 sshd[238707]: Failed password for root from 61.177.173.18 port 41933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 17:39:52,008] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:39:52,009] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:39:52,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:39:52,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0341 seconds
INFO    [2022-12-06 17:39:52,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341192.7050176, 'message': 'Dec  6 17:39:50 hqnl0246134 sshd[238707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:39:52,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341192.7052963, 'message': 'Dec  6 17:39:51 hqnl0246134 sshd[238711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 17:39:52,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341192.705493, 'message': 'Dec  6 17:39:51 hqnl0246134 sshd[238711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:39:54,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341194.706999, 'message': 'Dec  6 17:39:52 hqnl0246134 sshd[238707]: Failed password for root from 61.177.173.18 port 41933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 17:39:54,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341194.7071853, 'message': 'Dec  6 17:39:53 hqnl0246134 sshd[238711]: Failed password for root from 61.177.173.39 port 37233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:39:54,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341194.7072985, 'message': 'Dec  6 17:39:53 hqnl0246134 sshd[238711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:39:56,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341196.709603, 'message': 'Dec  6 17:39:55 hqnl0246134 sshd[238707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 17:39:56,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341196.7098322, 'message': 'Dec  6 17:39:55 hqnl0246134 sshd[238711]: Failed password for root from 61.177.173.39 port 37233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 17:39:56,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341196.7099757, 'message': 'Dec  6 17:39:56 hqnl0246134 sshd[238711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:39:58,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341198.7120023, 'message': 'Dec  6 17:39:57 hqnl0246134 sshd[238707]: Failed password for root from 61.177.173.18 port 41933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 17:39:58,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341198.7123513, 'message': 'Dec  6 17:39:58 hqnl0246134 sshd[238711]: Failed password for root from 61.177.173.39 port 37233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 17:40:02,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341202.717534, 'message': 'Dec  6 17:40:01 hqnl0246134 sshd[238728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 17:40:02,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341202.7177782, 'message': 'Dec  6 17:40:01 hqnl0246134 sshd[238728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 17:40:04,675] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:40:04,675] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:40:04,676] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 17:40:04,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341204.7190154, 'message': 'Dec  6 17:40:04 hqnl0246134 sshd[238728]: Failed password for root from 61.177.173.39 port 63532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:40:06,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341206.7197182, 'message': 'Dec  6 17:40:06 hqnl0246134 sshd[238728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 17:40:09,225] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:40:09,263] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0524 seconds
INFO    [2022-12-06 17:40:10,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341210.7251866, 'message': 'Dec  6 17:40:09 hqnl0246134 sshd[238728]: Failed password for root from 61.177.173.39 port 63532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:40:17,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:40:17,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:40:17,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:40:17,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0328 seconds
INFO    [2022-12-06 17:40:18,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341218.734048, 'message': 'Dec  6 17:40:17 hqnl0246134 sshd[238728]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 17:40:20,476] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:40:20,476] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:40:20,483] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:40:20,495] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:40:20,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341220.7362316, 'message': 'Dec  6 17:40:19 hqnl0246134 sshd[238728]: Failed password for root from 61.177.173.39 port 63532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 17:40:36,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341236.7564032, 'message': 'Dec  6 17:40:36 hqnl0246134 sshd[238804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 17:40:36,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341236.7568793, 'message': 'Dec  6 17:40:36 hqnl0246134 sshd[238804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:40:38,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341238.7574992, 'message': 'Dec  6 17:40:38 hqnl0246134 sshd[238808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 17:40:38,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341238.7578793, 'message': 'Dec  6 17:40:38 hqnl0246134 sshd[238804]: Failed password for root from 61.177.173.18 port 64572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 17:40:38,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341238.7577534, 'message': 'Dec  6 17:40:38 hqnl0246134 sshd[238808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:40:40,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341240.7606657, 'message': 'Dec  6 17:40:40 hqnl0246134 sshd[238804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:40:42,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341242.7640707, 'message': 'Dec  6 17:40:40 hqnl0246134 sshd[238808]: Failed password for root from 61.177.172.19 port 29120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 17:40:42,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341242.764527, 'message': 'Dec  6 17:40:42 hqnl0246134 sshd[238804]: Failed password for root from 61.177.173.18 port 64572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 17:40:42,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341242.764333, 'message': 'Dec  6 17:40:42 hqnl0246134 sshd[238808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:40:44,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341244.766439, 'message': 'Dec  6 17:40:42 hqnl0246134 sshd[238804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 17:40:44,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341244.766643, 'message': 'Dec  6 17:40:44 hqnl0246134 sshd[238808]: Failed password for root from 61.177.172.19 port 29120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 17:40:46,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341246.7695966, 'message': 'Dec  6 17:40:45 hqnl0246134 sshd[238804]: Failed password for root from 61.177.173.18 port 64572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 17:40:46,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341246.769921, 'message': 'Dec  6 17:40:46 hqnl0246134 sshd[238808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0438 seconds
WARNING [2022-12-06 17:40:47,678] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:40:47,679] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:40:48,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341248.7703543, 'message': 'Dec  6 17:40:48 hqnl0246134 sshd[238808]: Failed password for root from 61.177.172.19 port 29120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:40:50,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341250.7727203, 'message': 'Dec  6 17:40:50 hqnl0246134 sshd[238815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 17:40:50,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341250.7729363, 'message': 'Dec  6 17:40:50 hqnl0246134 sshd[238815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:40:54,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341254.7790618, 'message': 'Dec  6 17:40:53 hqnl0246134 sshd[238815]: Failed password for root from 61.177.172.19 port 63455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 17:40:56,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341256.781525, 'message': 'Dec  6 17:40:55 hqnl0246134 sshd[238815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 17:40:56,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.121.146.133', 'timestamp': 1670341256.7817385, 'message': 'Dec  6 17:40:56 hqnl0246134 sshd[238827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.121.146.133 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 17:40:56,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.121.146.133', 'timestamp': 1670341256.7819026, 'message': 'Dec  6 17:40:56 hqnl0246134 sshd[238827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.121.146.133  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:40:58,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341258.7820265, 'message': 'Dec  6 17:40:56 hqnl0246134 sshd[238815]: Failed password for root from 61.177.172.19 port 63455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 17:40:58,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.121.146.133', 'timestamp': 1670341258.7823277, 'message': 'Dec  6 17:40:58 hqnl0246134 sshd[238827]: Failed password for root from 163.121.146.133 port 36912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 17:40:58,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341258.7822187, 'message': 'Dec  6 17:40:57 hqnl0246134 sshd[238815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:41:00,794] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:41:00,794] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:41:00,805] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:41:00,824] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0285 seconds
INFO    [2022-12-06 17:41:00,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341260.7961586, 'message': 'Dec  6 17:40:58 hqnl0246134 sshd[238815]: Failed password for root from 61.177.172.19 port 63455 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 17:41:02,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341262.7861125, 'message': 'Dec  6 17:41:02 hqnl0246134 sshd[238834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 17:41:02,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341262.786308, 'message': 'Dec  6 17:41:02 hqnl0246134 sshd[238834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 17:41:06,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341266.7929626, 'message': 'Dec  6 17:41:04 hqnl0246134 sshd[238834]: Failed password for root from 61.177.172.19 port 33929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:41:06,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341266.7931826, 'message': 'Dec  6 17:41:06 hqnl0246134 sshd[238834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:41:08,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341268.7944524, 'message': 'Dec  6 17:41:08 hqnl0246134 sshd[238834]: Failed password for root from 61.177.172.19 port 33929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 17:41:09,228] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:41:09,257] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0426 seconds
INFO    [2022-12-06 17:41:10,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341270.7973983, 'message': 'Dec  6 17:41:09 hqnl0246134 sshd[238834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:41:10,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341270.7977123, 'message': 'Dec  6 17:41:10 hqnl0246134 sshd[238834]: Failed password for root from 61.177.172.19 port 33929 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:41:14,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341274.8030474, 'message': 'Dec  6 17:41:12 hqnl0246134 sshd[238863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:41:14,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341274.8033557, 'message': 'Dec  6 17:41:12 hqnl0246134 sshd[238863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 17:41:16,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341276.8054554, 'message': 'Dec  6 17:41:15 hqnl0246134 sshd[238863]: Failed password for root from 61.177.172.19 port 63642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:41:17,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:41:17,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:41:17,794] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:41:17,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 17:41:18,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341278.8081813, 'message': 'Dec  6 17:41:17 hqnl0246134 sshd[238863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:41:20,232] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:41:20,232] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:41:20,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:41:20,259] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 17:41:20,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341280.811755, 'message': 'Dec  6 17:41:19 hqnl0246134 sshd[238863]: Failed password for root from 61.177.172.19 port 63642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 17:41:20,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341280.8121727, 'message': 'Dec  6 17:41:19 hqnl0246134 sshd[238863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:41:22,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670341282.814029, 'message': 'Dec  6 17:41:21 hqnl0246134 sshd[238863]: Failed password for root from 61.177.172.19 port 63642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 17:41:28,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341288.8208594, 'message': 'Dec  6 17:41:27 hqnl0246134 sshd[238886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 17:41:28,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341288.8211129, 'message': 'Dec  6 17:41:27 hqnl0246134 sshd[238886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:41:28,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341288.821281, 'message': 'Dec  6 17:41:28 hqnl0246134 sshd[238886]: Failed password for root from 61.177.173.18 port 57274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 17:41:30,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341290.8221178, 'message': 'Dec  6 17:41:29 hqnl0246134 sshd[238886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 17:41:30,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341290.8223834, 'message': 'Dec  6 17:41:30 hqnl0246134 sshd[238888]: Invalid user ryan from 190.58.130.230 port 49209', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 17:41:30,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341290.8225937, 'message': 'Dec  6 17:41:30 hqnl0246134 sshd[238886]: Failed password for root from 61.177.173.18 port 57274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:41:32,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341292.8232453, 'message': 'Dec  6 17:41:30 hqnl0246134 sshd[238888]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.58.130.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0596 seconds
INFO    [2022-12-06 17:41:32,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341292.8239367, 'message': 'Dec  6 17:41:31 hqnl0246134 sshd[238886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-06 17:41:32,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341292.8237214, 'message': 'Dec  6 17:41:30 hqnl0246134 sshd[238888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.58.130.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 17:41:32,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341292.8241897, 'message': 'Dec  6 17:41:32 hqnl0246134 sshd[238888]: Failed password for invalid user ryan from 190.58.130.230 port 49209 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:41:34,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341294.8255289, 'message': 'Dec  6 17:41:33 hqnl0246134 sshd[238888]: Disconnected from invalid user ryan 190.58.130.230 port 49209 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 17:41:34,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341294.8258696, 'message': 'Dec  6 17:41:34 hqnl0246134 sshd[238886]: Failed password for root from 61.177.173.18 port 57274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0470 seconds
WARNING [2022-12-06 17:41:47,684] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:41:47,685] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:41:48,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670341308.8469756, 'message': 'Dec  6 17:41:48 hqnl0246134 sshd[238894]: Invalid user li from 139.59.18.217 port 33786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 17:41:48,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.18.217', 'timestamp': 1670341308.8474169, 'message': 'Dec  6 17:41:48 hqnl0246134 sshd[238894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.18.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 17:41:48,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.18.217', 'timestamp': 1670341308.84762, 'message': 'Dec  6 17:41:48 hqnl0246134 sshd[238894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.18.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 17:41:50,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670341310.8495154, 'message': 'Dec  6 17:41:50 hqnl0246134 sshd[238894]: Failed password for invalid user li from 139.59.18.217 port 33786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:41:52,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670341312.8505795, 'message': 'Dec  6 17:41:50 hqnl0246134 sshd[238894]: Disconnected from invalid user li 139.59.18.217 port 33786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
WARNING [2022-12-06 17:41:53,365] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 17:42:09,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:42:09,282] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0631 seconds
INFO    [2022-12-06 17:42:16,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341336.911137, 'message': 'Dec  6 17:42:15 hqnl0246134 sshd[238925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 17:42:16,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341336.911675, 'message': 'Dec  6 17:42:15 hqnl0246134 sshd[238925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 17:42:18,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:42:18,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:42:18,082] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:42:18,093] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 17:42:18,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341338.915696, 'message': 'Dec  6 17:42:17 hqnl0246134 sshd[238925]: Failed password for root from 61.177.173.18 port 33378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 17:42:18,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341338.9160154, 'message': 'Dec  6 17:42:17 hqnl0246134 sshd[238925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:42:20,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:42:20,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:42:20,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:42:20,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 17:42:20,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341340.9181533, 'message': 'Dec  6 17:42:19 hqnl0246134 sshd[238925]: Failed password for root from 61.177.173.18 port 33378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 17:42:20,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341340.918492, 'message': 'Dec  6 17:42:20 hqnl0246134 sshd[238925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:42:22,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341342.924024, 'message': 'Dec  6 17:42:22 hqnl0246134 sshd[238925]: Failed password for root from 61.177.173.18 port 33378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 17:42:26,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:42:26,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:42:26,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:42:26,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
WARNING [2022-12-06 17:42:47,688] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:42:47,690] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:43:07,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341387.0035841, 'message': 'Dec  6 17:43:06 hqnl0246134 sshd[239007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 17:43:07,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341387.004123, 'message': 'Dec  6 17:43:06 hqnl0246134 sshd[239007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:43:09,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341389.0064056, 'message': 'Dec  6 17:43:08 hqnl0246134 sshd[239007]: Failed password for root from 61.177.173.18 port 17964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 17:43:09,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341389.0067766, 'message': 'Dec  6 17:43:08 hqnl0246134 sshd[239007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
WARNING [2022-12-06 17:43:09,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:43:09,260] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-06 17:43:13,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341393.0213737, 'message': 'Dec  6 17:43:11 hqnl0246134 sshd[239007]: Failed password for root from 61.177.173.18 port 17964 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 17:43:15,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341395.0277646, 'message': 'Dec  6 17:43:13 hqnl0246134 sshd[239007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:43:17,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341397.0318286, 'message': 'Dec  6 17:43:15 hqnl0246134 sshd[239007]: Failed password for root from 61.177.173.18 port 17964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:43:17,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:43:17,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:43:17,970] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:43:17,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 17:43:20,567] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:43:20,568] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:43:20,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:43:20,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:43:23,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341403.0455391, 'message': 'Dec  6 17:43:22 hqnl0246134 sshd[239070]: Invalid user speedtest from 161.35.175.231 port 56936', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 17:43:23,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341403.0461307, 'message': 'Dec  6 17:43:22 hqnl0246134 sshd[239070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.175.231 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 17:43:23,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341403.0464697, 'message': 'Dec  6 17:43:22 hqnl0246134 sshd[239070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.175.231 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 17:43:25,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341405.045999, 'message': 'Dec  6 17:43:24 hqnl0246134 sshd[239070]: Failed password for invalid user speedtest from 161.35.175.231 port 56936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:43:25,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341405.0462663, 'message': 'Dec  6 17:43:24 hqnl0246134 sshd[239070]: Disconnected from invalid user speedtest 161.35.175.231 port 56936 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:43:26,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:43:26,920] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:43:26,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:43:26,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 17:43:47,693] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:43:47,694] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:43:51,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341431.1185508, 'message': 'Dec  6 17:43:49 hqnl0246134 sshd[239083]: Invalid user test3 from 103.146.203.217 port 48584', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 17:43:51,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341431.1189268, 'message': 'Dec  6 17:43:49 hqnl0246134 sshd[239083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.146.203.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 17:43:51,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341431.1190863, 'message': 'Dec  6 17:43:49 hqnl0246134 sshd[239083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:43:53,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341433.1214752, 'message': 'Dec  6 17:43:51 hqnl0246134 sshd[239083]: Failed password for invalid user test3 from 103.146.203.217 port 48584 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 17:43:53,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341433.1218092, 'message': 'Dec  6 17:43:52 hqnl0246134 sshd[239083]: Disconnected from invalid user test3 103.146.203.217 port 48584 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:43:59,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341439.135293, 'message': 'Dec  6 17:43:57 hqnl0246134 sshd[239100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 17:43:59,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341439.1357033, 'message': 'Dec  6 17:43:57 hqnl0246134 sshd[239100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 17:43:59,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341439.1359222, 'message': 'Dec  6 17:43:59 hqnl0246134 sshd[239100]: Failed password for root from 61.177.173.18 port 53535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:44:03,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341443.1376758, 'message': 'Dec  6 17:44:01 hqnl0246134 sshd[239100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 17:44:05,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341445.1506047, 'message': 'Dec  6 17:44:03 hqnl0246134 sshd[239100]: Failed password for root from 61.177.173.18 port 53535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 17:44:07,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341447.1532633, 'message': 'Dec  6 17:44:05 hqnl0246134 sshd[239100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:44:09,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341449.1583223, 'message': 'Dec  6 17:44:07 hqnl0246134 sshd[239100]: Failed password for root from 61.177.173.18 port 53535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:44:09,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341449.1586142, 'message': 'Dec  6 17:44:08 hqnl0246134 sshd[239110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 17:44:09,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341449.1588483, 'message': 'Dec  6 17:44:08 hqnl0246134 sshd[239110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 17:44:09,233] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:44:09,266] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-06 17:44:11,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341451.1583571, 'message': 'Dec  6 17:44:10 hqnl0246134 sshd[239110]: Failed password for root from 61.177.173.49 port 16263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:44:13,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341453.1605637, 'message': 'Dec  6 17:44:13 hqnl0246134 sshd[239110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 17:44:17,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341457.1717193, 'message': 'Dec  6 17:44:15 hqnl0246134 sshd[239110]: Failed password for root from 61.177.173.49 port 16263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 17:44:17,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:44:17,985] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:44:17,995] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:44:18,007] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 17:44:19,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341459.1776228, 'message': 'Dec  6 17:44:17 hqnl0246134 sshd[239110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 17:44:20,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:44:20,676] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:44:20,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:44:20,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 17:44:21,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341461.1811674, 'message': 'Dec  6 17:44:19 hqnl0246134 sshd[239110]: Failed password for root from 61.177.173.49 port 16263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:44:23,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341463.1882246, 'message': 'Dec  6 17:44:21 hqnl0246134 sshd[239123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:44:23,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341463.1887066, 'message': 'Dec  6 17:44:21 hqnl0246134 sshd[239123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:44:23,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341463.1888647, 'message': 'Dec  6 17:44:23 hqnl0246134 sshd[239123]: Failed password for root from 61.177.173.49 port 23093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 17:44:25,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341465.1906128, 'message': 'Dec  6 17:44:23 hqnl0246134 sshd[239123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:44:27,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341467.1944106, 'message': 'Dec  6 17:44:25 hqnl0246134 sshd[239123]: Failed password for root from 61.177.173.49 port 23093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 17:44:27,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341467.194685, 'message': 'Dec  6 17:44:25 hqnl0246134 sshd[239123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:44:29,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670341469.1968133, 'message': 'Dec  6 17:44:28 hqnl0246134 sshd[239123]: Failed password for root from 61.177.173.49 port 23093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:44:47,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341487.219407, 'message': 'Dec  6 17:44:46 hqnl0246134 sshd[239140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:44:47,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341487.219683, 'message': 'Dec  6 17:44:46 hqnl0246134 sshd[239140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 17:44:47,697] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:44:47,698] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:44:49,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341489.2216046, 'message': 'Dec  6 17:44:48 hqnl0246134 sshd[239140]: Failed password for root from 61.177.173.18 port 29299 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:44:49,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341489.2217803, 'message': 'Dec  6 17:44:48 hqnl0246134 sshd[239140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:44:51,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341491.2219374, 'message': 'Dec  6 17:44:51 hqnl0246134 sshd[239140]: Failed password for root from 61.177.173.18 port 29299 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:44:55,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341495.2261078, 'message': 'Dec  6 17:44:53 hqnl0246134 sshd[239140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 17:44:55,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341495.2264683, 'message': 'Dec  6 17:44:55 hqnl0246134 sshd[239140]: Failed password for root from 61.177.173.18 port 29299 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:44:58,817] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:44:58,818] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:44:58,825] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:44:58,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
WARNING [2022-12-06 17:45:09,238] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:45:09,259] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0290 seconds
INFO    [2022-12-06 17:45:17,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.132.72', 'timestamp': 1670341517.2571936, 'message': 'Dec  6 17:45:15 hqnl0246134 sshd[239188]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.132.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:45:17,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.132.72', 'timestamp': 1670341517.25738, 'message': 'Dec  6 17:45:15 hqnl0246134 sshd[239188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:45:17,871] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:45:17,872] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:45:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:45:17,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-06 17:45:19,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.132.72', 'timestamp': 1670341519.257873, 'message': 'Dec  6 17:45:17 hqnl0246134 sshd[239188]: Failed password for root from 68.183.132.72 port 44384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:45:20,399] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:45:20,400] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:45:20,408] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:45:20,419] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:45:39,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341539.2905312, 'message': 'Dec  6 17:45:37 hqnl0246134 sshd[239213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 17:45:39,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341539.2930086, 'message': 'Dec  6 17:45:37 hqnl0246134 sshd[239213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:45:39,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341539.2931314, 'message': 'Dec  6 17:45:39 hqnl0246134 sshd[239213]: Failed password for root from 61.177.173.18 port 15437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:45:41,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341541.2934825, 'message': 'Dec  6 17:45:39 hqnl0246134 sshd[239213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:45:43,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341543.299653, 'message': 'Dec  6 17:45:41 hqnl0246134 sshd[239213]: Failed password for root from 61.177.173.18 port 15437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 17:45:45,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341545.3015711, 'message': 'Dec  6 17:45:44 hqnl0246134 sshd[239213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:45:47,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341547.304863, 'message': 'Dec  6 17:45:46 hqnl0246134 sshd[239213]: Failed password for root from 61.177.173.18 port 15437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
WARNING [2022-12-06 17:45:47,701] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:45:47,701] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:45:57,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.6.108.33', 'timestamp': 1670341557.3156784, 'message': 'Dec  6 17:45:56 hqnl0246134 sshd[239228]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.6.108.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 17:45:57,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.6.108.33', 'timestamp': 1670341557.3162408, 'message': 'Dec  6 17:45:56 hqnl0246134 sshd[239228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.108.33  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:45:59,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.6.108.33', 'timestamp': 1670341559.316261, 'message': 'Dec  6 17:45:58 hqnl0246134 sshd[239228]: Failed password for root from 45.6.108.33 port 51780 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:46:03,528] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:46:03,529] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:46:03,537] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:46:03,549] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 17:46:04,942] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:46:05,009] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:46:05,010] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:46:05,010] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:46:05,010] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:46:05,010] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:46:05,025] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:46:05,048] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0369 seconds
WARNING [2022-12-06 17:46:05,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:46:05,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:46:05,086] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0451 seconds
INFO    [2022-12-06 17:46:05,088] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0443 seconds
WARNING [2022-12-06 17:46:09,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:46:09,295] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0623 seconds
INFO    [2022-12-06 17:46:17,959] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:46:17,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:46:17,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:46:17,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:46:21,249] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:46:21,250] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:46:21,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:46:21,268] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 17:46:31,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341591.341472, 'message': 'Dec  6 17:46:29 hqnl0246134 sshd[239268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 17:46:31,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341591.3420494, 'message': 'Dec  6 17:46:29 hqnl0246134 sshd[239268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 17:46:33,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341593.3425257, 'message': 'Dec  6 17:46:31 hqnl0246134 sshd[239268]: Failed password for root from 61.177.173.18 port 48740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 17:46:33,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341593.3428004, 'message': 'Dec  6 17:46:31 hqnl0246134 sshd[239268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:46:35,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341595.344515, 'message': 'Dec  6 17:46:33 hqnl0246134 sshd[239268]: Failed password for root from 61.177.173.18 port 48740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:46:35,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341595.3446999, 'message': 'Dec  6 17:46:34 hqnl0246134 sshd[239268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:46:36,287] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:46:36,288] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:46:36,289] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 17:46:37,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341597.347524, 'message': 'Dec  6 17:46:35 hqnl0246134 sshd[239268]: Failed password for root from 61.177.173.18 port 48740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:46:41,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341601.35263, 'message': 'Dec  6 17:46:40 hqnl0246134 sshd[239271]: Invalid user csgoserver from 103.146.203.217 port 55216', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:46:41,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341601.3528173, 'message': 'Dec  6 17:46:40 hqnl0246134 sshd[239271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.146.203.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 17:46:41,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341601.3529553, 'message': 'Dec  6 17:46:40 hqnl0246134 sshd[239271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 17:46:43,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341603.3543372, 'message': 'Dec  6 17:46:42 hqnl0246134 sshd[239271]: Failed password for invalid user csgoserver from 103.146.203.217 port 55216 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 17:46:45,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341605.3571613, 'message': 'Dec  6 17:46:44 hqnl0246134 sshd[239271]: Disconnected from invalid user csgoserver 103.146.203.217 port 55216 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 17:46:47,705] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:46:47,706] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:47:09,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:47:09,279] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0416 seconds
INFO    [2022-12-06 17:47:17,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:47:17,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:47:17,910] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:47:17,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 17:47:20,597] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:47:20,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:47:20,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:47:20,617] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 17:47:23,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341643.419783, 'message': 'Dec  6 17:47:22 hqnl0246134 sshd[239314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 17:47:23,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341643.4201572, 'message': 'Dec  6 17:47:22 hqnl0246134 sshd[239314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:47:25,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341645.4217062, 'message': 'Dec  6 17:47:24 hqnl0246134 sshd[239314]: Failed password for root from 61.177.173.18 port 35352 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 17:47:27,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341647.431405, 'message': 'Dec  6 17:47:26 hqnl0246134 sshd[239314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 17:47:29,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341649.4339583, 'message': 'Dec  6 17:47:28 hqnl0246134 sshd[239314]: Failed password for root from 61.177.173.18 port 35352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:47:31,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341651.4364023, 'message': 'Dec  6 17:47:30 hqnl0246134 sshd[239314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:47:33,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341653.4395094, 'message': 'Dec  6 17:47:32 hqnl0246134 sshd[239314]: Failed password for root from 61.177.173.18 port 35352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-06 17:47:47,711] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:47:47,713] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:48:09,256] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:48:09,282] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-06 17:48:11,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341691.5313225, 'message': 'Dec  6 17:48:10 hqnl0246134 sshd[239373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 17:48:11,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341691.5316494, 'message': 'Dec  6 17:48:10 hqnl0246134 sshd[239373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 17:48:13,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341693.5322938, 'message': 'Dec  6 17:48:11 hqnl0246134 sshd[239373]: Failed password for root from 61.177.173.18 port 14604 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 17:48:13,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341693.5325, 'message': 'Dec  6 17:48:13 hqnl0246134 sshd[239373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:48:15,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341695.533696, 'message': 'Dec  6 17:48:15 hqnl0246134 sshd[239373]: Failed password for root from 61.177.173.18 port 14604 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:48:17,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341697.5376275, 'message': 'Dec  6 17:48:17 hqnl0246134 sshd[239373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:48:18,122] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:48:18,122] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:48:18,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:48:18,149] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-06 17:48:19,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341699.541247, 'message': 'Dec  6 17:48:18 hqnl0246134 sshd[239373]: Failed password for root from 61.177.173.18 port 14604 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:48:21,179] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:48:21,179] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:48:21,187] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:48:21,199] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 17:48:22,388] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:48:22,388] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:48:22,396] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:48:22,407] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:48:43,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341723.5755851, 'message': 'Dec  6 17:48:43 hqnl0246134 sshd[239404]: Invalid user guest from 201.249.89.102 port 49194', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 17:48:43,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341723.5759752, 'message': 'Dec  6 17:48:43 hqnl0246134 sshd[239404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.249.89.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:48:43,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341723.576651, 'message': 'Dec  6 17:48:43 hqnl0246134 sshd[239404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.89.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:48:45,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341725.577347, 'message': 'Dec  6 17:48:44 hqnl0246134 sshd[239406]: Invalid user adm from 161.35.175.231 port 43404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 17:48:45,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341725.5783415, 'message': 'Dec  6 17:48:45 hqnl0246134 sshd[239404]: Failed password for invalid user guest from 201.249.89.102 port 49194 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 17:48:45,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341725.578044, 'message': 'Dec  6 17:48:44 hqnl0246134 sshd[239406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.175.231 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:48:45,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341725.578226, 'message': 'Dec  6 17:48:44 hqnl0246134 sshd[239406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.175.231 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:48:47,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341727.5785058, 'message': 'Dec  6 17:48:46 hqnl0246134 sshd[239406]: Failed password for invalid user adm from 161.35.175.231 port 43404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-06 17:48:47,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.249.89.102', 'timestamp': 1670341727.5787864, 'message': 'Dec  6 17:48:46 hqnl0246134 sshd[239404]: Disconnected from invalid user guest 201.249.89.102 port 49194 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0561 seconds
WARNING [2022-12-06 17:48:47,714] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:48:47,715] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:48:49,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341729.5806565, 'message': 'Dec  6 17:48:47 hqnl0246134 sshd[239406]: Disconnected from invalid user adm 161.35.175.231 port 43404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 17:48:51,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341731.5822127, 'message': 'Dec  6 17:48:51 hqnl0246134 sshd[239410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.146.203.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 17:48:51,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341731.5825078, 'message': 'Dec  6 17:48:51 hqnl0246134 sshd[239410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 17:48:55,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341735.5863395, 'message': 'Dec  6 17:48:53 hqnl0246134 sshd[239410]: Failed password for root from 103.146.203.217 port 55922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 17:48:55,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341735.5867844, 'message': 'Dec  6 17:48:53 hqnl0246134 sshd[239412]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.70.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 17:48:55,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341735.5869503, 'message': 'Dec  6 17:48:53 hqnl0246134 sshd[239412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.70.0  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:48:55,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341735.587065, 'message': 'Dec  6 17:48:55 hqnl0246134 sshd[239412]: Failed password for root from 51.250.70.0 port 53582 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:49:01,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341741.5937762, 'message': 'Dec  6 17:49:00 hqnl0246134 sshd[239424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 17:49:01,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341741.5943089, 'message': 'Dec  6 17:49:00 hqnl0246134 sshd[239424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 17:49:03,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341743.596767, 'message': 'Dec  6 17:49:01 hqnl0246134 sshd[239424]: Failed password for root from 61.177.173.18 port 45101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:49:03,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341743.5970483, 'message': 'Dec  6 17:49:02 hqnl0246134 sshd[239424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:49:05,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341745.5983133, 'message': 'Dec  6 17:49:04 hqnl0246134 sshd[239424]: Failed password for root from 61.177.173.18 port 45101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:49:05,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341745.5985255, 'message': 'Dec  6 17:49:04 hqnl0246134 sshd[239424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 17:49:07,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341747.601667, 'message': 'Dec  6 17:49:06 hqnl0246134 sshd[239424]: Failed password for root from 61.177.173.18 port 45101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 17:49:09,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:49:09,284] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-06 17:49:18,220] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:49:18,221] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:49:18,231] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:49:18,250] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0281 seconds
INFO    [2022-12-06 17:49:20,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:49:20,821] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:49:20,828] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:49:20,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
WARNING [2022-12-06 17:49:47,719] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:49:47,720] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:49:51,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341791.6694477, 'message': 'Dec  6 17:49:49 hqnl0246134 sshd[239461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 17:49:51,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341791.6700308, 'message': 'Dec  6 17:49:49 hqnl0246134 sshd[239461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:49:53,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341793.6709967, 'message': 'Dec  6 17:49:51 hqnl0246134 sshd[239461]: Failed password for root from 61.177.173.18 port 28537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 17:49:53,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341793.6717079, 'message': 'Dec  6 17:49:53 hqnl0246134 sshd[239461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:49:55,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341795.6739123, 'message': 'Dec  6 17:49:54 hqnl0246134 sshd[239461]: Failed password for root from 61.177.173.18 port 28537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:49:55,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341795.6741853, 'message': 'Dec  6 17:49:55 hqnl0246134 sshd[239461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:49:59,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341799.6783738, 'message': 'Dec  6 17:49:57 hqnl0246134 sshd[239461]: Failed password for root from 61.177.173.18 port 28537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 17:50:03,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:50:03,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:50:03,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:50:03,829] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0611 seconds
INFO    [2022-12-06 17:50:05,634] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:50:05,706] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:50:05,707] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:50:05,707] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:50:05,707] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:50:05,707] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:50:05,717] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:50:05,733] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0249 seconds
WARNING [2022-12-06 17:50:05,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:50:05,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:50:05,759] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0320 seconds
INFO    [2022-12-06 17:50:05,761] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0300 seconds
WARNING [2022-12-06 17:50:09,261] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:50:09,292] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0386 seconds
INFO    [2022-12-06 17:50:15,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341815.704559, 'message': 'Dec  6 17:50:14 hqnl0246134 sshd[239510]: Invalid user wayne from 206.189.87.115 port 37938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:50:15,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341815.7047908, 'message': 'Dec  6 17:50:14 hqnl0246134 sshd[239510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.87.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:50:15,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341815.7049313, 'message': 'Dec  6 17:50:14 hqnl0246134 sshd[239510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:50:17,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:50:17,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 17:50:17,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341817.7121232, 'message': 'Dec  6 17:50:16 hqnl0246134 sshd[239510]: Failed password for invalid user wayne from 206.189.87.115 port 37938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0977 seconds
WARNING [2022-12-06 17:50:17,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:50:17,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-06 17:50:19,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670341819.715406, 'message': 'Dec  6 17:50:18 hqnl0246134 sshd[239510]: Disconnected from invalid user wayne 206.189.87.115 port 37938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:50:20,454] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:50:20,455] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:50:20,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:50:20,483] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-06 17:50:36,524] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:50:36,525] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:50:36,526] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 17:50:41,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341841.7929733, 'message': 'Dec  6 17:50:40 hqnl0246134 sshd[239541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 17:50:41,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341841.793433, 'message': 'Dec  6 17:50:40 hqnl0246134 sshd[239541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:50:41,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341841.7935798, 'message': 'Dec  6 17:50:41 hqnl0246134 sshd[239541]: Failed password for root from 61.177.173.18 port 13605 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:50:43,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341843.7541814, 'message': 'Dec  6 17:50:42 hqnl0246134 sshd[239541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:50:45,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341845.7579374, 'message': 'Dec  6 17:50:44 hqnl0246134 sshd[239541]: Failed password for root from 61.177.173.18 port 13605 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 17:50:47,724] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:50:47,725] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:50:47,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341847.76004, 'message': 'Dec  6 17:50:46 hqnl0246134 sshd[239541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 17:50:49,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341849.7637165, 'message': 'Dec  6 17:50:48 hqnl0246134 sshd[239541]: Failed password for root from 61.177.173.18 port 13605 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 17:50:55,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341855.7758904, 'message': 'Dec  6 17:50:54 hqnl0246134 sshd[239570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.146.203.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:50:55,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341855.7763236, 'message': 'Dec  6 17:50:54 hqnl0246134 sshd[239570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:50:57,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.146.203.217', 'timestamp': 1670341857.7799075, 'message': 'Dec  6 17:50:57 hqnl0246134 sshd[239570]: Failed password for root from 103.146.203.217 port 56630 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-06 17:51:09,266] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:51:09,314] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0569 seconds
INFO    [2022-12-06 17:51:15,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341875.8190248, 'message': 'Dec  6 17:51:15 hqnl0246134 sshd[239595]: Invalid user tf2server from 161.35.175.231 port 58308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:51:15,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341875.8193321, 'message': 'Dec  6 17:51:15 hqnl0246134 sshd[239595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.175.231 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:51:15,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341875.8195033, 'message': 'Dec  6 17:51:15 hqnl0246134 sshd[239595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.175.231 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:51:18,070] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:51:18,070] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:51:18,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:51:18,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 17:51:19,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341879.8223078, 'message': 'Dec  6 17:51:17 hqnl0246134 sshd[239595]: Failed password for invalid user tf2server from 161.35.175.231 port 58308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:51:19,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.175.231', 'timestamp': 1670341879.8225582, 'message': 'Dec  6 17:51:19 hqnl0246134 sshd[239595]: Disconnected from invalid user tf2server 161.35.175.231 port 58308 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:51:21,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:51:21,716] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:51:21,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:51:21,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 17:51:21,808] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:51:21,808] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:51:21,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:51:21,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 17:51:29,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670341889.8347437, 'message': 'Dec  6 17:51:29 hqnl0246134 sshd[239624]: Invalid user francois from 68.183.238.182 port 36170', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 17:51:29,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.238.182', 'timestamp': 1670341889.8351116, 'message': 'Dec  6 17:51:29 hqnl0246134 sshd[239624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.238.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 17:51:29,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.238.182', 'timestamp': 1670341889.8353252, 'message': 'Dec  6 17:51:29 hqnl0246134 sshd[239624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.238.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:51:31,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341891.8367817, 'message': 'Dec  6 17:51:30 hqnl0246134 sshd[239627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 17:51:31,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670341891.8371952, 'message': 'Dec  6 17:51:31 hqnl0246134 sshd[239624]: Failed password for invalid user francois from 68.183.238.182 port 36170 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 17:51:31,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341891.8370523, 'message': 'Dec  6 17:51:30 hqnl0246134 sshd[239627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:51:33,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341893.8386042, 'message': 'Dec  6 17:51:31 hqnl0246134 sshd[239627]: Failed password for root from 61.177.173.18 port 48766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 17:51:33,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670341893.8388343, 'message': 'Dec  6 17:51:32 hqnl0246134 sshd[239624]: Disconnected from invalid user francois 68.183.238.182 port 36170 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 17:51:33,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341893.8389456, 'message': 'Dec  6 17:51:32 hqnl0246134 sshd[239627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 17:51:35,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341895.8406665, 'message': 'Dec  6 17:51:34 hqnl0246134 sshd[239627]: Failed password for root from 61.177.173.18 port 48766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 17:51:37,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341897.841987, 'message': 'Dec  6 17:51:36 hqnl0246134 sshd[239627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:51:39,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341899.8447845, 'message': 'Dec  6 17:51:38 hqnl0246134 sshd[239635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.70.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 17:51:39,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341899.8451896, 'message': 'Dec  6 17:51:39 hqnl0246134 sshd[239627]: Failed password for root from 61.177.173.18 port 48766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 17:51:39,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341899.8450737, 'message': 'Dec  6 17:51:38 hqnl0246134 sshd[239635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.70.0  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:51:40,096] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 17:51:40,098] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 17:51:40,989] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 17:51:41,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.70.0', 'timestamp': 1670341901.8485236, 'message': 'Dec  6 17:51:41 hqnl0246134 sshd[239635]: Failed password for root from 51.250.70.0 port 44810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1399 seconds
WARNING [2022-12-06 17:51:47,729] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:51:47,730] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 17:51:53,366] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 17:51:59,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341919.8718352, 'message': 'Dec  6 17:51:58 hqnl0246134 sshd[239669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 17:51:59,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341919.8727376, 'message': 'Dec  6 17:51:58 hqnl0246134 sshd[239669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 17:52:01,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341921.8743699, 'message': 'Dec  6 17:52:00 hqnl0246134 sshd[239669]: Failed password for root from 61.177.173.39 port 46464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 17:52:03,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341923.8769405, 'message': 'Dec  6 17:52:02 hqnl0246134 sshd[239669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:52:05,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341925.879397, 'message': 'Dec  6 17:52:05 hqnl0246134 sshd[239669]: Failed password for root from 61.177.173.39 port 46464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 17:52:07,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341927.882972, 'message': 'Dec  6 17:52:07 hqnl0246134 sshd[239669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
WARNING [2022-12-06 17:52:09,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:52:09,295] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 17:52:09,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341929.8850958, 'message': 'Dec  6 17:52:09 hqnl0246134 sshd[239669]: Failed password for root from 61.177.173.39 port 46464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 17:52:13,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341933.9016397, 'message': 'Dec  6 17:52:13 hqnl0246134 sshd[239686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 17:52:13,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341933.9049547, 'message': 'Dec  6 17:52:13 hqnl0246134 sshd[239686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 17:52:15,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341935.9016457, 'message': 'Dec  6 17:52:15 hqnl0246134 sshd[239686]: Failed password for root from 61.177.173.39 port 55650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0952 seconds
INFO    [2022-12-06 17:52:16,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341935.905231, 'message': 'Dec  6 17:52:15 hqnl0246134 sshd[239686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 17:52:17,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341937.9021215, 'message': 'Dec  6 17:52:17 hqnl0246134 sshd[239686]: Failed password for root from 61.177.173.39 port 55650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:52:18,617] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:52:18,618] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:52:18,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:52:18,640] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 17:52:19,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341939.9044368, 'message': 'Dec  6 17:52:19 hqnl0246134 sshd[239686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:52:21,454] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:52:21,454] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:52:21,462] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:52:21,473] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 17:52:21,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341941.908712, 'message': 'Dec  6 17:52:20 hqnl0246134 sshd[239696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 17:52:21,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341941.9098737, 'message': 'Dec  6 17:52:21 hqnl0246134 sshd[239686]: Failed password for root from 61.177.173.39 port 55650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:52:21,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341941.9096358, 'message': 'Dec  6 17:52:20 hqnl0246134 sshd[239696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:52:24,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341943.948476, 'message': 'Dec  6 17:52:22 hqnl0246134 sshd[239696]: Failed password for root from 61.177.173.18 port 32750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0695 seconds
INFO    [2022-12-06 17:52:25,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341945.917851, 'message': 'Dec  6 17:52:24 hqnl0246134 sshd[239696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 17:52:25,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341945.918175, 'message': 'Dec  6 17:52:25 hqnl0246134 sshd[239710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 17:52:25,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341945.9183662, 'message': 'Dec  6 17:52:25 hqnl0246134 sshd[239710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:52:27,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341947.9245746, 'message': 'Dec  6 17:52:26 hqnl0246134 sshd[239696]: Failed password for root from 61.177.173.18 port 32750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 17:52:27,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341947.9249113, 'message': 'Dec  6 17:52:27 hqnl0246134 sshd[239710]: Failed password for root from 61.177.173.39 port 46068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 17:52:27,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341947.9247801, 'message': 'Dec  6 17:52:27 hqnl0246134 sshd[239696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:52:29,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341949.9261482, 'message': 'Dec  6 17:52:29 hqnl0246134 sshd[239696]: Failed password for root from 61.177.173.18 port 32750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 17:52:29,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341949.9264672, 'message': 'Dec  6 17:52:29 hqnl0246134 sshd[239710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 17:52:33,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341953.9300752, 'message': 'Dec  6 17:52:32 hqnl0246134 sshd[239710]: Failed password for root from 61.177.173.39 port 46068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:52:35,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341955.9346046, 'message': 'Dec  6 17:52:34 hqnl0246134 sshd[239710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:52:37,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670341957.9370954, 'message': 'Dec  6 17:52:36 hqnl0246134 sshd[239710]: Failed password for root from 61.177.173.39 port 46068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 17:52:39,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:52:39,612] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:52:39,621] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:52:39,640] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
WARNING [2022-12-06 17:52:47,734] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:52:47,735] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:53:01,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670341981.9718218, 'message': 'Dec  6 17:53:01 hqnl0246134 sshd[239735]: Invalid user crystal from 103.176.79.163 port 49094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 17:53:02,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.176.79.163', 'timestamp': 1670341981.9725013, 'message': 'Dec  6 17:53:01 hqnl0246134 sshd[239735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.176.79.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:53:02,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.176.79.163', 'timestamp': 1670341981.9727468, 'message': 'Dec  6 17:53:01 hqnl0246134 sshd[239735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:53:04,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670341983.9742386, 'message': 'Dec  6 17:53:03 hqnl0246134 sshd[239735]: Failed password for invalid user crystal from 103.176.79.163 port 49094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 17:53:05,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670341985.976965, 'message': 'Dec  6 17:53:04 hqnl0246134 sshd[239735]: Disconnected from invalid user crystal 103.176.79.163 port 49094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 17:53:09,280] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:53:09,315] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0480 seconds
INFO    [2022-12-06 17:53:12,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341991.9886212, 'message': 'Dec  6 17:53:10 hqnl0246134 sshd[239745]: Invalid user ips from 190.58.130.230 port 60425', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:53:12,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341991.9888737, 'message': 'Dec  6 17:53:10 hqnl0246134 sshd[239745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.58.130.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:53:12,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341991.9890451, 'message': 'Dec  6 17:53:10 hqnl0246134 sshd[239745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.58.130.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 17:53:14,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341993.9931343, 'message': 'Dec  6 17:53:12 hqnl0246134 sshd[239747]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 17:53:14,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341993.9935262, 'message': 'Dec  6 17:53:12 hqnl0246134 sshd[239745]: Failed password for invalid user ips from 190.58.130.230 port 60425 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 17:53:14,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341993.993395, 'message': 'Dec  6 17:53:12 hqnl0246134 sshd[239747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:53:14,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341993.9936473, 'message': 'Dec  6 17:53:13 hqnl0246134 sshd[239747]: Failed password for root from 61.177.173.18 port 20546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:53:15,548] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:53:15,624] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:53:15,624] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:53:15,625] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:53:15,625] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:53:15,625] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:53:15,638] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:53:15,662] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0357 seconds
WARNING [2022-12-06 17:53:15,673] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:53:15,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:53:15,706] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0526 seconds
INFO    [2022-12-06 17:53:15,708] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0498 seconds
INFO    [2022-12-06 17:53:16,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670341995.9960809, 'message': 'Dec  6 17:53:14 hqnl0246134 sshd[239745]: Disconnected from invalid user ips 190.58.130.230 port 60425 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 17:53:16,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341995.996284, 'message': 'Dec  6 17:53:14 hqnl0246134 sshd[239747]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 17:53:17,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:53:17,989] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:53:17,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:53:18,017] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0274 seconds
INFO    [2022-12-06 17:53:18,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341997.997723, 'message': 'Dec  6 17:53:16 hqnl0246134 sshd[239747]: Failed password for root from 61.177.173.18 port 20546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 17:53:18,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670341997.9978716, 'message': 'Dec  6 17:53:17 hqnl0246134 sshd[239747]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:53:20,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342000.0012252, 'message': 'Dec  6 17:53:19 hqnl0246134 sshd[239747]: Failed password for root from 61.177.173.18 port 20546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 17:53:20,817] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:53:20,817] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:53:20,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:53:20,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0353 seconds
INFO    [2022-12-06 17:53:30,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342010.0193055, 'message': 'Dec  6 17:53:28 hqnl0246134 sshd[239772]: Invalid user jason from 206.189.87.115 port 54580', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 17:53:30,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342010.0198405, 'message': 'Dec  6 17:53:28 hqnl0246134 sshd[239772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.87.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:53:30,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342010.020077, 'message': 'Dec  6 17:53:28 hqnl0246134 sshd[239772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:53:32,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342012.0247965, 'message': 'Dec  6 17:53:30 hqnl0246134 sshd[239772]: Failed password for invalid user jason from 206.189.87.115 port 54580 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 17:53:32,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342012.0250914, 'message': 'Dec  6 17:53:31 hqnl0246134 sshd[239772]: Disconnected from invalid user jason 206.189.87.115 port 54580 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 17:53:47,737] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:53:47,738] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:53:50,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.175.231', 'timestamp': 1670342030.0597, 'message': 'Dec  6 17:53:48 hqnl0246134 sshd[239785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.175.231 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:53:50,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.175.231', 'timestamp': 1670342030.0600438, 'message': 'Dec  6 17:53:48 hqnl0246134 sshd[239785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.175.231  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 17:53:50,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.175.231', 'timestamp': 1670342030.0602236, 'message': 'Dec  6 17:53:49 hqnl0246134 sshd[239785]: Failed password for root from 161.35.175.231 port 45006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 17:53:51,615] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:53:51,615] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:53:51,616] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 17:53:52,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:53:52,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:53:52,564] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:53:52,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 17:54:02,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342042.078426, 'message': 'Dec  6 17:54:00 hqnl0246134 sshd[239803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 17:54:02,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342042.0788925, 'message': 'Dec  6 17:54:00 hqnl0246134 sshd[239803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:54:02,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342042.0790796, 'message': 'Dec  6 17:54:01 hqnl0246134 sshd[239803]: Failed password for root from 61.177.173.18 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:54:04,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342044.0804343, 'message': 'Dec  6 17:54:02 hqnl0246134 sshd[239803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:54:06,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342046.082674, 'message': 'Dec  6 17:54:04 hqnl0246134 sshd[239803]: Failed password for root from 61.177.173.18 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 17:54:08,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342048.0851924, 'message': 'Dec  6 17:54:06 hqnl0246134 sshd[239803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 17:54:09,279] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:54:09,305] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-06 17:54:10,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342050.0892048, 'message': 'Dec  6 17:54:08 hqnl0246134 sshd[239803]: Failed password for root from 61.177.173.18 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 17:54:17,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:54:17,980] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:54:17,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:54:18,000] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 17:54:20,577] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:54:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:54:20,584] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:54:20,595] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 17:54:28,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670342068.1261418, 'message': 'Dec  6 17:54:26 hqnl0246134 sshd[239836]: Invalid user downloader from 51.250.70.0 port 60112', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 17:54:28,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.70.0', 'timestamp': 1670342068.1268983, 'message': 'Dec  6 17:54:26 hqnl0246134 sshd[239836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.70.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:54:28,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.70.0', 'timestamp': 1670342068.1271734, 'message': 'Dec  6 17:54:26 hqnl0246134 sshd[239836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.70.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:54:30,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670342070.127302, 'message': 'Dec  6 17:54:28 hqnl0246134 sshd[239836]: Failed password for invalid user downloader from 51.250.70.0 port 60112 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:54:30,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.70.0', 'timestamp': 1670342070.127621, 'message': 'Dec  6 17:54:29 hqnl0246134 sshd[239836]: Disconnected from invalid user downloader 51.250.70.0 port 60112 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 17:54:47,742] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:54:47,744] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:54:52,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342092.1486115, 'message': 'Dec  6 17:54:50 hqnl0246134 sshd[239843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 17:54:52,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342092.1490462, 'message': 'Dec  6 17:54:50 hqnl0246134 sshd[239843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:54:54,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342094.1489055, 'message': 'Dec  6 17:54:52 hqnl0246134 sshd[239843]: Failed password for root from 61.177.173.18 port 20409 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:54:56,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342096.1522408, 'message': 'Dec  6 17:54:54 hqnl0246134 sshd[239843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 17:54:58,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342098.1542523, 'message': 'Dec  6 17:54:56 hqnl0246134 sshd[239843]: Failed password for root from 61.177.173.18 port 20409 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.1050 seconds
INFO    [2022-12-06 17:54:58,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342098.1547155, 'message': 'Dec  6 17:54:57 hqnl0246134 sshd[239857]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1176 seconds
INFO    [2022-12-06 17:54:58,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342098.1545382, 'message': 'Dec  6 17:54:56 hqnl0246134 sshd[239843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 17:54:58,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342098.154894, 'message': 'Dec  6 17:54:57 hqnl0246134 sshd[239857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 17:55:00,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342100.158842, 'message': 'Dec  6 17:54:58 hqnl0246134 sshd[239843]: Failed password for root from 61.177.173.18 port 20409 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 17:55:00,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342100.1590157, 'message': 'Dec  6 17:54:59 hqnl0246134 sshd[239857]: Failed password for root from 61.177.172.19 port 46660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 17:55:02,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342102.164868, 'message': 'Dec  6 17:55:01 hqnl0246134 sshd[239857]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0651 seconds
INFO    [2022-12-06 17:55:02,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342102.1651247, 'message': 'Dec  6 17:55:01 hqnl0246134 sshd[239881]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.6.108.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0655 seconds
INFO    [2022-12-06 17:55:02,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342102.165379, 'message': 'Dec  6 17:55:01 hqnl0246134 sshd[239881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.108.33  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:55:04,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342104.1656754, 'message': 'Dec  6 17:55:03 hqnl0246134 sshd[239857]: Failed password for root from 61.177.172.19 port 46660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:55:06,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342106.170707, 'message': 'Dec  6 17:55:04 hqnl0246134 sshd[239881]: Failed password for root from 45.6.108.33 port 56634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 17:55:06,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342106.1708798, 'message': 'Dec  6 17:55:05 hqnl0246134 sshd[239857]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 17:55:08,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342108.1744313, 'message': 'Dec  6 17:55:07 hqnl0246134 sshd[239857]: Failed password for root from 61.177.172.19 port 46660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 17:55:09,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:55:09,310] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0332 seconds
INFO    [2022-12-06 17:55:10,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342110.1763618, 'message': 'Dec  6 17:55:10 hqnl0246134 sshd[239908]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:55:10,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342110.1766062, 'message': 'Dec  6 17:55:10 hqnl0246134 sshd[239908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:55:12,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342112.1807272, 'message': 'Dec  6 17:55:11 hqnl0246134 sshd[239908]: Failed password for root from 61.177.172.19 port 44276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 17:55:14,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342114.1857998, 'message': 'Dec  6 17:55:12 hqnl0246134 sshd[239908]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 17:55:16,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342116.185851, 'message': 'Dec  6 17:55:14 hqnl0246134 sshd[239908]: Failed password for root from 61.177.172.19 port 44276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:55:17,867] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:55:17,868] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:55:17,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:55:17,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 17:55:18,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342118.1888566, 'message': 'Dec  6 17:55:16 hqnl0246134 sshd[239908]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 17:55:18,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342118.1890662, 'message': 'Dec  6 17:55:18 hqnl0246134 sshd[239908]: Failed password for root from 61.177.172.19 port 44276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 17:55:21,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:55:21,918] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:55:21,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:55:21,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 17:55:22,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342122.1953773, 'message': 'Dec  6 17:55:21 hqnl0246134 sshd[239926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 17:55:22,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342122.1956217, 'message': 'Dec  6 17:55:21 hqnl0246134 sshd[239926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 17:55:22,585] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:55:22,586] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:55:22,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:55:22,619] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
INFO    [2022-12-06 17:55:24,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342124.1963935, 'message': 'Dec  6 17:55:23 hqnl0246134 sshd[239931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 17:55:24,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342124.1967666, 'message': 'Dec  6 17:55:23 hqnl0246134 sshd[239926]: Failed password for root from 61.177.172.19 port 28852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 17:55:24,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342124.1966517, 'message': 'Dec  6 17:55:23 hqnl0246134 sshd[239931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 17:55:24,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342124.1968732, 'message': 'Dec  6 17:55:23 hqnl0246134 sshd[239926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:55:26,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342126.1988862, 'message': 'Dec  6 17:55:24 hqnl0246134 sshd[239931]: Failed password for root from 61.177.173.46 port 51642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 17:55:26,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342126.1992931, 'message': 'Dec  6 17:55:25 hqnl0246134 sshd[239926]: Failed password for root from 61.177.172.19 port 28852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 17:55:26,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342126.199503, 'message': 'Dec  6 17:55:25 hqnl0246134 sshd[239931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:55:28,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342128.203018, 'message': 'Dec  6 17:55:26 hqnl0246134 sshd[239926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 17:55:28,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342128.203284, 'message': 'Dec  6 17:55:27 hqnl0246134 sshd[239931]: Failed password for root from 61.177.173.46 port 51642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 17:55:30,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342130.2052276, 'message': 'Dec  6 17:55:28 hqnl0246134 sshd[239926]: Failed password for root from 61.177.172.19 port 28852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0905 seconds
INFO    [2022-12-06 17:55:30,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342130.2054696, 'message': 'Dec  6 17:55:29 hqnl0246134 sshd[239931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0911 seconds
INFO    [2022-12-06 17:55:32,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342132.2078514, 'message': 'Dec  6 17:55:31 hqnl0246134 sshd[239931]: Failed password for root from 61.177.173.46 port 51642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 17:55:32,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342132.2081797, 'message': 'Dec  6 17:55:32 hqnl0246134 sshd[239946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 17:55:32,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342132.2083719, 'message': 'Dec  6 17:55:32 hqnl0246134 sshd[239946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:55:34,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342134.2126038, 'message': 'Dec  6 17:55:33 hqnl0246134 sshd[239948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 17:55:34,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342134.2131221, 'message': 'Dec  6 17:55:33 hqnl0246134 sshd[239946]: Failed password for root from 61.177.172.19 port 16304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 17:55:34,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342134.2129278, 'message': 'Dec  6 17:55:33 hqnl0246134 sshd[239948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:55:36,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342136.2165735, 'message': 'Dec  6 17:55:34 hqnl0246134 sshd[239946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 17:55:36,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342136.217002, 'message': 'Dec  6 17:55:35 hqnl0246134 sshd[239948]: Failed password for root from 61.177.173.46 port 34584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 17:55:36,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342136.21745, 'message': 'Dec  6 17:55:35 hqnl0246134 sshd[239946]: Failed password for root from 61.177.172.19 port 16304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 17:55:36,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342136.217223, 'message': 'Dec  6 17:55:35 hqnl0246134 sshd[239948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:55:38,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342138.2181294, 'message': 'Dec  6 17:55:36 hqnl0246134 sshd[239946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 17:55:38,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342138.2183669, 'message': 'Dec  6 17:55:37 hqnl0246134 sshd[239950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 17:55:38,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342138.218664, 'message': 'Dec  6 17:55:37 hqnl0246134 sshd[239948]: Failed password for root from 61.177.173.46 port 34584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 17:55:38,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342138.2185297, 'message': 'Dec  6 17:55:37 hqnl0246134 sshd[239950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 17:55:38,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342138.2187676, 'message': 'Dec  6 17:55:38 hqnl0246134 sshd[239948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 17:55:40,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670342140.2221344, 'message': 'Dec  6 17:55:38 hqnl0246134 sshd[239946]: Failed password for root from 61.177.172.19 port 16304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 17:55:40,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342140.222321, 'message': 'Dec  6 17:55:39 hqnl0246134 sshd[239950]: Failed password for root from 61.177.173.18 port 59062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 17:55:42,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670342142.225745, 'message': 'Dec  6 17:55:40 hqnl0246134 sshd[239948]: Failed password for root from 61.177.173.46 port 34584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 17:55:42,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670342142.2259781, 'message': 'Dec  6 17:55:40 hqnl0246134 sshd[239952]: Invalid user vision from 49.51.24.192 port 39042', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 17:55:42,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342142.226381, 'message': 'Dec  6 17:55:41 hqnl0246134 sshd[239950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 17:55:42,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.24.192', 'timestamp': 1670342142.226095, 'message': 'Dec  6 17:55:40 hqnl0246134 sshd[239952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.24.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:55:42,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.24.192', 'timestamp': 1670342142.2262537, 'message': 'Dec  6 17:55:40 hqnl0246134 sshd[239952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.24.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 17:55:42,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670342142.2265396, 'message': 'Dec  6 17:55:41 hqnl0246134 sshd[239952]: Failed password for invalid user vision from 49.51.24.192 port 39042 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0158 seconds
INFO    [2022-12-06 17:55:44,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.24.192', 'timestamp': 1670342144.22608, 'message': 'Dec  6 17:55:43 hqnl0246134 sshd[239952]: Disconnected from invalid user vision 49.51.24.192 port 39042 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-06 17:55:44,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342144.2262774, 'message': 'Dec  6 17:55:43 hqnl0246134 sshd[239950]: Failed password for root from 61.177.173.18 port 59062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0549 seconds
INFO    [2022-12-06 17:55:44,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342144.2264373, 'message': 'Dec  6 17:55:44 hqnl0246134 sshd[239950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 17:55:46,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342146.2258608, 'message': 'Dec  6 17:55:45 hqnl0246134 sshd[239950]: Failed password for root from 61.177.173.18 port 59062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 17:55:47,749] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:55:47,750] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:55:54,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342154.2349963, 'message': 'Dec  6 17:55:52 hqnl0246134 sshd[239959]: Invalid user centos from 148.153.110.76 port 41272', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 17:55:54,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342154.2357948, 'message': 'Dec  6 17:55:54 hqnl0246134 sshd[239961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.0.200.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 17:55:54,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342154.2353423, 'message': 'Dec  6 17:55:52 hqnl0246134 sshd[239959]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.153.110.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 17:55:54,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342154.2359307, 'message': 'Dec  6 17:55:54 hqnl0246134 sshd[239961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 17:55:54,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342154.2355034, 'message': 'Dec  6 17:55:52 hqnl0246134 sshd[239959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:55:54,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342154.235665, 'message': 'Dec  6 17:55:53 hqnl0246134 sshd[239959]: Failed password for invalid user centos from 148.153.110.76 port 41272 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 17:55:56,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342156.2379327, 'message': 'Dec  6 17:55:55 hqnl0246134 sshd[239959]: Disconnected from invalid user centos 148.153.110.76 port 41272 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 17:55:56,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342156.238328, 'message': 'Dec  6 17:55:56 hqnl0246134 sshd[239961]: Failed password for root from 107.0.200.227 port 40954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 17:56:09,299] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:56:09,350] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0670 seconds
INFO    [2022-12-06 17:56:18,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:56:18,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:56:18,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:56:18,785] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 17:56:21,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:56:21,384] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:56:21,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:56:21,410] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 17:56:26,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342186.2799997, 'message': 'Dec  6 17:56:26 hqnl0246134 sshd[239990]: Invalid user steam from 190.58.130.230 port 55269', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 17:56:26,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342186.2805142, 'message': 'Dec  6 17:56:26 hqnl0246134 sshd[239990]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.58.130.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 17:56:26,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342186.2807152, 'message': 'Dec  6 17:56:26 hqnl0246134 sshd[239990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.58.130.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 17:56:28,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342188.282489, 'message': 'Dec  6 17:56:26 hqnl0246134 sshd[239999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:56:28,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342188.2828643, 'message': 'Dec  6 17:56:26 hqnl0246134 sshd[239999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 17:56:30,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342190.2898505, 'message': 'Dec  6 17:56:28 hqnl0246134 sshd[239990]: Failed password for invalid user steam from 190.58.130.230 port 55269 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0630 seconds
INFO    [2022-12-06 17:56:30,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342190.2902775, 'message': 'Dec  6 17:56:28 hqnl0246134 sshd[240003]: Invalid user hacker from 103.176.79.163 port 38568', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0632 seconds
INFO    [2022-12-06 17:56:30,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342190.29097, 'message': 'Dec  6 17:56:29 hqnl0246134 sshd[239999]: Failed password for root from 61.177.173.18 port 43256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0620 seconds
INFO    [2022-12-06 17:56:30,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342190.2905009, 'message': 'Dec  6 17:56:28 hqnl0246134 sshd[240003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.176.79.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 17:56:30,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342190.2911685, 'message': 'Dec  6 17:56:29 hqnl0246134 sshd[240005]: Invalid user nitin from 206.189.87.115 port 42980', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 17:56:30,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342190.2907372, 'message': 'Dec  6 17:56:28 hqnl0246134 sshd[240003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-06 17:56:30,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342190.2913492, 'message': 'Dec  6 17:56:29 hqnl0246134 sshd[240005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.87.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 17:56:30,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342190.2917445, 'message': 'Dec  6 17:56:30 hqnl0246134 sshd[239990]: Disconnected from invalid user steam 190.58.130.230 port 55269 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-06 17:56:30,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342190.2915623, 'message': 'Dec  6 17:56:29 hqnl0246134 sshd[240005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:56:32,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342192.2920864, 'message': 'Dec  6 17:56:30 hqnl0246134 sshd[240003]: Failed password for invalid user hacker from 103.176.79.163 port 38568 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-06 17:56:32,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342192.2926993, 'message': 'Dec  6 17:56:30 hqnl0246134 sshd[240005]: Failed password for invalid user nitin from 206.189.87.115 port 42980 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-06 17:56:32,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342192.2929337, 'message': 'Dec  6 17:56:31 hqnl0246134 sshd[239999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0624 seconds
INFO    [2022-12-06 17:56:32,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342192.293545, 'message': 'Dec  6 17:56:31 hqnl0246134 sshd[240003]: Disconnected from invalid user hacker 103.176.79.163 port 38568 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 17:56:32,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342192.2932057, 'message': 'Dec  6 17:56:31 hqnl0246134 sshd[240005]: Disconnected from invalid user nitin 206.189.87.115 port 42980 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 17:56:32,669] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:56:32,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:56:32,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:56:32,693] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 17:56:34,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342194.3008606, 'message': 'Dec  6 17:56:33 hqnl0246134 sshd[239999]: Failed password for root from 61.177.173.18 port 43256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 17:56:35,767] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 17:56:35,845] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 17:56:35,845] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 17:56:35,846] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 17:56:35,846] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 17:56:35,846] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 17:56:35,859] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 17:56:35,886] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0387 seconds
WARNING [2022-12-06 17:56:35,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 17:56:35,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:56:35,929] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0528 seconds
INFO    [2022-12-06 17:56:35,931] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0496 seconds
INFO    [2022-12-06 17:56:36,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342196.295027, 'message': 'Dec  6 17:56:35 hqnl0246134 sshd[239999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:56:38,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342198.2976253, 'message': 'Dec  6 17:56:37 hqnl0246134 sshd[239999]: Failed password for root from 61.177.173.18 port 43256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 17:56:47,752] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:56:47,753] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:56:54,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342214.3226202, 'message': 'Dec  6 17:56:52 hqnl0246134 sshd[240019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 17:56:54,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342214.3249915, 'message': 'Dec  6 17:56:52 hqnl0246134 sshd[240019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 17:56:54,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342214.325132, 'message': 'Dec  6 17:56:53 hqnl0246134 sshd[240019]: Failed password for root from 61.177.172.90 port 17623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 17:56:56,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342216.3251, 'message': 'Dec  6 17:56:54 hqnl0246134 sshd[240019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 17:56:58,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342218.3258421, 'message': 'Dec  6 17:56:56 hqnl0246134 sshd[240019]: Failed password for root from 61.177.172.90 port 17623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 17:57:00,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342220.328494, 'message': 'Dec  6 17:56:58 hqnl0246134 sshd[240019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:57:02,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342222.330422, 'message': 'Dec  6 17:57:00 hqnl0246134 sshd[240019]: Failed password for root from 61.177.172.90 port 17623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 17:57:04,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670342224.3330812, 'message': 'Dec  6 17:57:02 hqnl0246134 sshd[240049]: Invalid user array from 152.89.196.220 port 28870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 17:57:04,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342224.3409472, 'message': 'Dec  6 17:57:03 hqnl0246134 sshd[240044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 17:57:04,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670342224.3332634, 'message': 'Dec  6 17:57:02 hqnl0246134 sshd[240049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 17:57:04,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342224.3411, 'message': 'Dec  6 17:57:03 hqnl0246134 sshd[240044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 17:57:04,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670342224.3408122, 'message': 'Dec  6 17:57:02 hqnl0246134 sshd[240049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 17:57:06,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670342226.3363044, 'message': 'Dec  6 17:57:05 hqnl0246134 sshd[240049]: Failed password for invalid user array from 152.89.196.220 port 28870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 17:57:06,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342226.3365135, 'message': 'Dec  6 17:57:05 hqnl0246134 sshd[240044]: Failed password for root from 61.177.172.90 port 40082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 17:57:08,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670342228.339462, 'message': 'Dec  6 17:57:07 hqnl0246134 sshd[240049]: Disconnected from invalid user array 152.89.196.220 port 28870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 17:57:08,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342228.340302, 'message': 'Dec  6 17:57:07 hqnl0246134 sshd[240044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
WARNING [2022-12-06 17:57:09,301] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:57:09,346] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0573 seconds
INFO    [2022-12-06 17:57:10,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342230.3421288, 'message': 'Dec  6 17:57:09 hqnl0246134 sshd[240044]: Failed password for root from 61.177.172.90 port 40082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 17:57:10,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342230.3423133, 'message': 'Dec  6 17:57:09 hqnl0246134 sshd[240044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:57:12,202] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 17:57:12,203] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 17:57:12,204] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 17:57:12,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342232.3453476, 'message': 'Dec  6 17:57:11 hqnl0246134 sshd[240044]: Failed password for root from 61.177.172.90 port 40082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 17:57:16,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342236.3519528, 'message': 'Dec  6 17:57:14 hqnl0246134 sshd[240054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 17:57:16,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342236.3522716, 'message': 'Dec  6 17:57:14 hqnl0246134 sshd[240054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 17:57:17,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:57:17,989] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:57:17,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:57:18,011] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 17:57:18,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342238.3542595, 'message': 'Dec  6 17:57:16 hqnl0246134 sshd[240054]: Failed password for root from 61.177.173.18 port 18494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 17:57:20,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342240.3570004, 'message': 'Dec  6 17:57:18 hqnl0246134 sshd[240054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 17:57:20,688] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:57:20,688] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:57:20,696] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:57:20,710] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 17:57:22,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342242.360036, 'message': 'Dec  6 17:57:21 hqnl0246134 sshd[240054]: Failed password for root from 61.177.173.18 port 18494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 17:57:24,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342244.3631763, 'message': 'Dec  6 17:57:23 hqnl0246134 sshd[240054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 17:57:24,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342244.3635533, 'message': 'Dec  6 17:57:23 hqnl0246134 sshd[240066]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.18.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 17:57:24,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342244.3638604, 'message': 'Dec  6 17:57:23 hqnl0246134 sshd[240067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 17:57:24,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342244.36372, 'message': 'Dec  6 17:57:23 hqnl0246134 sshd[240066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.18.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 17:57:24,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342244.364029, 'message': 'Dec  6 17:57:23 hqnl0246134 sshd[240067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0550 seconds
INFO    [2022-12-06 17:57:26,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342246.3651931, 'message': 'Dec  6 17:57:24 hqnl0246134 sshd[240054]: Failed password for root from 61.177.173.18 port 18494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 17:57:26,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342246.365521, 'message': 'Dec  6 17:57:24 hqnl0246134 sshd[240066]: Failed password for root from 139.59.18.217 port 51550 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 17:57:26,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342246.3656795, 'message': 'Dec  6 17:57:25 hqnl0246134 sshd[240067]: Failed password for root from 61.177.172.90 port 20851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-06 17:57:26,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342246.3657985, 'message': 'Dec  6 17:57:26 hqnl0246134 sshd[240067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 17:57:28,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342248.365635, 'message': 'Dec  6 17:57:28 hqnl0246134 sshd[240067]: Failed password for root from 61.177.172.90 port 20851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 17:57:32,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342252.3729105, 'message': 'Dec  6 17:57:30 hqnl0246134 sshd[240067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:57:32,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342252.3732078, 'message': 'Dec  6 17:57:32 hqnl0246134 sshd[240067]: Failed password for root from 61.177.172.90 port 20851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:57:34,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342254.374279, 'message': 'Dec  6 17:57:33 hqnl0246134 sshd[240085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.132.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 17:57:34,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342254.3746886, 'message': 'Dec  6 17:57:33 hqnl0246134 sshd[240085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 17:57:35,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:57:35,488] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:57:35,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:57:35,522] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
INFO    [2022-12-06 17:57:36,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342256.3786519, 'message': 'Dec  6 17:57:34 hqnl0246134 sshd[240089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 17:57:36,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342256.3808024, 'message': 'Dec  6 17:57:35 hqnl0246134 sshd[240085]: Failed password for root from 68.183.132.72 port 52192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 17:57:36,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342256.3788443, 'message': 'Dec  6 17:57:34 hqnl0246134 sshd[240089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:57:36,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342256.3809352, 'message': 'Dec  6 17:57:36 hqnl0246134 sshd[240089]: Failed password for root from 61.177.172.90 port 41144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:57:38,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342258.3816206, 'message': 'Dec  6 17:57:36 hqnl0246134 sshd[240089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 17:57:40,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342260.3842301, 'message': 'Dec  6 17:57:39 hqnl0246134 sshd[240089]: Failed password for root from 61.177.172.90 port 41144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:57:42,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342262.386986, 'message': 'Dec  6 17:57:41 hqnl0246134 sshd[240089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 17:57:44,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670342264.3890696, 'message': 'Dec  6 17:57:43 hqnl0246134 sshd[240089]: Failed password for root from 61.177.172.90 port 41144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 17:57:47,758] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:57:47,759] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:57:56,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342276.4060633, 'message': 'Dec  6 17:57:55 hqnl0246134 sshd[240098]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.238.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 17:57:56,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342276.4066498, 'message': 'Dec  6 17:57:55 hqnl0246134 sshd[240098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.238.182  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 17:57:58,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342278.4082046, 'message': 'Dec  6 17:57:57 hqnl0246134 sshd[240098]: Failed password for root from 68.183.238.182 port 53144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:58:04,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342284.416944, 'message': 'Dec  6 17:58:03 hqnl0246134 sshd[240120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 17:58:04,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342284.4172428, 'message': 'Dec  6 17:58:03 hqnl0246134 sshd[240120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 17:58:08,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342288.4227173, 'message': 'Dec  6 17:58:06 hqnl0246134 sshd[240120]: Failed password for root from 61.177.173.18 port 53869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 17:58:08,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342288.423008, 'message': 'Dec  6 17:58:08 hqnl0246134 sshd[240120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-06 17:58:09,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:58:09,331] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 17:58:10,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342290.4231193, 'message': 'Dec  6 17:58:10 hqnl0246134 sshd[240120]: Failed password for root from 61.177.173.18 port 53869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:58:12,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342292.425669, 'message': 'Dec  6 17:58:10 hqnl0246134 sshd[240120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 17:58:14,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342294.4285192, 'message': 'Dec  6 17:58:12 hqnl0246134 sshd[240120]: Failed password for root from 61.177.173.18 port 53869 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 17:58:18,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:58:18,004] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:58:18,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:58:18,023] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 17:58:20,782] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:58:20,782] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:58:20,790] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:58:20,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 17:58:26,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670342306.4408598, 'message': 'Dec  6 17:58:25 hqnl0246134 sshd[240122]: Invalid user debian from 102.219.33.178 port 38636', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 17:58:26,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.219.33.178', 'timestamp': 1670342306.441189, 'message': 'Dec  6 17:58:25 hqnl0246134 sshd[240122]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.219.33.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 17:58:26,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.219.33.178', 'timestamp': 1670342306.4413438, 'message': 'Dec  6 17:58:25 hqnl0246134 sshd[240122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.219.33.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 17:58:28,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670342308.4432943, 'message': 'Dec  6 17:58:27 hqnl0246134 sshd[240122]: Failed password for invalid user debian from 102.219.33.178 port 38636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 17:58:30,164] defence360agent.files: Updating all files
INFO    [2022-12-06 17:58:30,507] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:30,507] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 17:58:30,882] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:30,883] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 17:58:31,154] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:31,154] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 17:58:31,425] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:31,426] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 17:58:31,426] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 17:58:31,742] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 15:58:31 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E3F7B8EC548E4'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 17:58:31,744] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 17:58:31,744] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 17:58:32,296] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:32,296] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 17:58:32,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670342312.4489772, 'message': 'Dec  6 17:58:31 hqnl0246134 sshd[240122]: Disconnected from invalid user debian 102.219.33.178 port 38636 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:58:32,563] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:32,564] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 17:58:32,880] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:32,881] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 17:58:33,288] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:33,289] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 17:58:33,761] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 17:58:33,763] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 17:58:38,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342318.4544952, 'message': 'Dec  6 17:58:36 hqnl0246134 sshd[240171]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.6.108.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 17:58:38,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342318.4549668, 'message': 'Dec  6 17:58:36 hqnl0246134 sshd[240171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.108.33  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 17:58:40,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342320.4574997, 'message': 'Dec  6 17:58:38 hqnl0246134 sshd[240171]: Failed password for root from 45.6.108.33 port 55626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 17:58:43,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:58:43,743] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:58:43,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:58:43,770] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0253 seconds
WARNING [2022-12-06 17:58:47,762] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:58:47,763] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:58:58,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342338.489393, 'message': 'Dec  6 17:58:56 hqnl0246134 sshd[240182]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 17:58:58,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342338.489967, 'message': 'Dec  6 17:58:56 hqnl0246134 sshd[240182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 17:59:00,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342340.4899657, 'message': 'Dec  6 17:58:59 hqnl0246134 sshd[240182]: Failed password for root from 61.177.173.18 port 37207 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 17:59:02,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342342.4932275, 'message': 'Dec  6 17:59:01 hqnl0246134 sshd[240182]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 17:59:04,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342344.4966772, 'message': 'Dec  6 17:59:03 hqnl0246134 sshd[240182]: Failed password for root from 61.177.173.18 port 37207 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 17:59:06,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342346.4996367, 'message': 'Dec  6 17:59:05 hqnl0246134 sshd[240182]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 17:59:08,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342348.5027432, 'message': 'Dec  6 17:59:07 hqnl0246134 sshd[240182]: Failed password for root from 61.177.173.18 port 37207 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 17:59:09,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:59:09,337] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 17:59:19,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:59:19,287] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:59:19,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:59:19,308] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 17:59:22,146] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 17:59:22,146] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 17:59:22,154] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 17:59:22,165] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 17:59:28,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.249.89.102', 'timestamp': 1670342368.533771, 'message': 'Dec  6 17:59:26 hqnl0246134 sshd[240246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.249.89.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 17:59:28,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.249.89.102', 'timestamp': 1670342368.5343826, 'message': 'Dec  6 17:59:26 hqnl0246134 sshd[240246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.89.102  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 17:59:30,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.249.89.102', 'timestamp': 1670342370.5355465, 'message': 'Dec  6 17:59:28 hqnl0246134 sshd[240246]: Failed password for mysql from 201.249.89.102 port 38596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 17:59:38,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342378.5500138, 'message': 'Dec  6 17:59:36 hqnl0246134 sshd[240264]: Invalid user admin from 206.189.87.115 port 59628', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 17:59:38,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342378.5503561, 'message': 'Dec  6 17:59:36 hqnl0246134 sshd[240264]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.87.115 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 17:59:38,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342378.5505927, 'message': 'Dec  6 17:59:36 hqnl0246134 sshd[240264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-06 17:59:40,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342380.5526657, 'message': 'Dec  6 17:59:38 hqnl0246134 sshd[240264]: Failed password for invalid user admin from 206.189.87.115 port 59628 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 17:59:42,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.87.115', 'timestamp': 1670342382.556692, 'message': 'Dec  6 17:59:40 hqnl0246134 sshd[240264]: Disconnected from invalid user admin 206.189.87.115 port 59628 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 17:59:46,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342386.5638106, 'message': 'Dec  6 17:59:45 hqnl0246134 sshd[240269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 17:59:46,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342386.5640886, 'message': 'Dec  6 17:59:45 hqnl0246134 sshd[240269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 17:59:47,766] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 17:59:47,767] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 17:59:48,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342388.5662525, 'message': 'Dec  6 17:59:47 hqnl0246134 sshd[240269]: Failed password for root from 61.177.173.18 port 16807 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:59:50,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342390.5699127, 'message': 'Dec  6 17:59:49 hqnl0246134 sshd[240269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-06 17:59:50,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342390.5701985, 'message': 'Dec  6 17:59:50 hqnl0246134 sshd[240272]: Invalid user mohammad from 68.183.132.72 port 35922', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 17:59:50,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342390.5703633, 'message': 'Dec  6 17:59:50 hqnl0246134 sshd[240272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.132.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 17:59:50,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342390.5705955, 'message': 'Dec  6 17:59:50 hqnl0246134 sshd[240272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 17:59:52,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342392.5726604, 'message': 'Dec  6 17:59:51 hqnl0246134 sshd[240269]: Failed password for root from 61.177.173.18 port 16807 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 17:59:52,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342392.57285, 'message': 'Dec  6 17:59:51 hqnl0246134 sshd[240272]: Failed password for invalid user mohammad from 68.183.132.72 port 35922 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 17:59:52,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342392.5729656, 'message': 'Dec  6 17:59:52 hqnl0246134 sshd[240269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 17:59:54,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342394.5771282, 'message': 'Dec  6 17:59:52 hqnl0246134 sshd[240275]: Invalid user argo from 190.58.130.230 port 50127', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 17:59:54,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342394.578816, 'message': 'Dec  6 17:59:53 hqnl0246134 sshd[240272]: Disconnected from invalid user mohammad 68.183.132.72 port 35922 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 17:59:54,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342394.579006, 'message': 'Dec  6 17:59:54 hqnl0246134 sshd[240269]: Failed password for root from 61.177.173.18 port 16807 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 17:59:54,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342394.578427, 'message': 'Dec  6 17:59:53 hqnl0246134 sshd[240275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.58.130.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 17:59:54,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342394.5786505, 'message': 'Dec  6 17:59:53 hqnl0246134 sshd[240275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.58.130.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 17:59:56,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342396.5786192, 'message': 'Dec  6 17:59:54 hqnl0246134 sshd[240275]: Failed password for invalid user argo from 190.58.130.230 port 50127 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 17:59:56,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342396.5791714, 'message': 'Dec  6 17:59:56 hqnl0246134 sshd[240277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.176.79.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 17:59:56,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.58.130.230', 'timestamp': 1670342396.5790224, 'message': 'Dec  6 17:59:55 hqnl0246134 sshd[240275]: Disconnected from invalid user argo 190.58.130.230 port 50127 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 17:59:56,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342396.5793138, 'message': 'Dec  6 17:59:56 hqnl0246134 sshd[240277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.163  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:00:00,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342400.5901756, 'message': 'Dec  6 17:59:58 hqnl0246134 sshd[240277]: Failed password for mysql from 103.176.79.163 port 56184 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 18:00:09,320] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:00:09,347] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-06 18:00:17,727] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:00:17,728] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:00:17,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:00:17,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-06 18:00:20,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:00:20,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:00:20,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:00:20,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 18:00:36,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342436.6483512, 'message': 'Dec  6 18:00:34 hqnl0246134 sshd[240363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 18:00:36,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342436.6491377, 'message': 'Dec  6 18:00:34 hqnl0246134 sshd[240363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:00:38,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342438.6465294, 'message': 'Dec  6 18:00:36 hqnl0246134 sshd[240363]: Failed password for root from 61.177.173.18 port 49350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 18:00:38,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342438.6467907, 'message': 'Dec  6 18:00:37 hqnl0246134 sshd[240363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:00:40,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342440.64769, 'message': 'Dec  6 18:00:38 hqnl0246134 sshd[240363]: Failed password for root from 61.177.173.18 port 49350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:00:40,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342440.6479495, 'message': 'Dec  6 18:00:39 hqnl0246134 sshd[240363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:00:42,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342442.6499956, 'message': 'Dec  6 18:00:41 hqnl0246134 sshd[240363]: Failed password for root from 61.177.173.18 port 49350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 18:00:44,258] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:00:44,258] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:00:44,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:00:44,282] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 18:00:44,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342444.6509702, 'message': 'Dec  6 18:00:43 hqnl0246134 sshd[240366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:00:44,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342444.6512027, 'message': 'Dec  6 18:00:43 hqnl0246134 sshd[240366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:00:46,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342446.654016, 'message': 'Dec  6 18:00:45 hqnl0246134 sshd[240366]: Failed password for root from 220.80.223.144 port 45304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0361 seconds
WARNING [2022-12-06 18:00:47,771] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:00:47,772] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:01:09,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:01:09,369] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0559 seconds
INFO    [2022-12-06 18:01:18,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342478.699633, 'message': 'Dec  6 18:01:17 hqnl0246134 sshd[240408]: Invalid user test from 68.183.238.182 port 49724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 18:01:18,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342478.6999645, 'message': 'Dec  6 18:01:17 hqnl0246134 sshd[240408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.238.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:01:18,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342478.7001734, 'message': 'Dec  6 18:01:17 hqnl0246134 sshd[240408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.238.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:01:19,422] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:01:19,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:01:19,433] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:01:19,454] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0312 seconds
INFO    [2022-12-06 18:01:20,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342480.6990013, 'message': 'Dec  6 18:01:19 hqnl0246134 sshd[240408]: Failed password for invalid user test from 68.183.238.182 port 49724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 18:01:20,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342480.6991947, 'message': 'Dec  6 18:01:20 hqnl0246134 sshd[240408]: Disconnected from invalid user test 68.183.238.182 port 49724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 18:01:22,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342482.699391, 'message': 'Dec  6 18:01:21 hqnl0246134 sshd[240418]: Invalid user omar from 139.59.18.217 port 56314', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 18:01:22,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342482.6996088, 'message': 'Dec  6 18:01:21 hqnl0246134 sshd[240418]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.18.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 18:01:22,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342482.6997192, 'message': 'Dec  6 18:01:21 hqnl0246134 sshd[240418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.18.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0842 seconds
INFO    [2022-12-06 18:01:24,179] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:01:24,181] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:01:24,194] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:01:24,215] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0336 seconds
INFO    [2022-12-06 18:01:24,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342484.701995, 'message': 'Dec  6 18:01:23 hqnl0246134 sshd[240418]: Failed password for invalid user omar from 139.59.18.217 port 56314 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:01:24,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342484.7021804, 'message': 'Dec  6 18:01:23 hqnl0246134 sshd[240418]: Disconnected from invalid user omar 139.59.18.217 port 56314 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:01:26,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342486.7057726, 'message': 'Dec  6 18:01:25 hqnl0246134 sshd[240424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 18:01:26,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342486.706566, 'message': 'Dec  6 18:01:25 hqnl0246134 sshd[240424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:01:26,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342486.706854, 'message': 'Dec  6 18:01:26 hqnl0246134 sshd[240424]: Failed password for root from 61.177.173.18 port 31872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:01:28,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342488.7059011, 'message': 'Dec  6 18:01:27 hqnl0246134 sshd[240424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-06 18:01:30,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342490.7077193, 'message': 'Dec  6 18:01:29 hqnl0246134 sshd[240424]: Failed password for root from 61.177.173.18 port 31872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:01:32,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342492.7094371, 'message': 'Dec  6 18:01:31 hqnl0246134 sshd[240424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 18:01:34,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342494.7126615, 'message': 'Dec  6 18:01:33 hqnl0246134 sshd[240424]: Failed password for root from 61.177.173.18 port 31872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 18:01:47,775] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:01:47,776] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:01:53,369] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 18:02:02,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342522.740368, 'message': 'Dec  6 18:02:01 hqnl0246134 sshd[240462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.132.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 18:02:02,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342522.7410452, 'message': 'Dec  6 18:02:01 hqnl0246134 sshd[240462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:02:04,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.132.72', 'timestamp': 1670342524.736035, 'message': 'Dec  6 18:02:03 hqnl0246134 sshd[240462]: Failed password for root from 68.183.132.72 port 48190 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:02:08,877] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:02:08,877] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:02:08,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:02:08,898] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-06 18:02:09,323] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:02:09,345] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0288 seconds
INFO    [2022-12-06 18:02:14,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342534.7456574, 'message': 'Dec  6 18:02:14 hqnl0246134 sshd[240473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:02:14,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342534.7458882, 'message': 'Dec  6 18:02:14 hqnl0246134 sshd[240473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:02:16,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342536.746515, 'message': 'Dec  6 18:02:16 hqnl0246134 sshd[240473]: Failed password for root from 61.177.173.18 port 11706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 18:02:17,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:02:17,856] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:02:17,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:02:17,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 18:02:20,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342540.7537594, 'message': 'Dec  6 18:02:18 hqnl0246134 sshd[240473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 18:02:20,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342540.7543058, 'message': 'Dec  6 18:02:20 hqnl0246134 sshd[240473]: Failed password for root from 61.177.173.18 port 11706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:02:20,881] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:02:20,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:02:20,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:02:20,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 18:02:22,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342542.7526133, 'message': 'Dec  6 18:02:21 hqnl0246134 sshd[240473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 18:02:24,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342544.7542756, 'message': 'Dec  6 18:02:23 hqnl0246134 sshd[240473]: Failed password for root from 61.177.173.18 port 11706 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:02:32,145] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:02:32,214] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:02:32,215] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:02:32,215] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:02:32,215] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:02:32,216] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:02:32,230] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:02:32,256] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0395 seconds
WARNING [2022-12-06 18:02:32,263] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:02:32,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:02:32,282] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0343 seconds
INFO    [2022-12-06 18:02:32,284] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0305 seconds
INFO    [2022-12-06 18:02:36,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.51.103.26', 'timestamp': 1670342556.7691946, 'message': 'Dec  6 18:02:36 hqnl0246134 sshd[240519]: Invalid user test from 202.51.103.26 port 48744', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:02:36,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.51.103.26', 'timestamp': 1670342556.7695644, 'message': 'Dec  6 18:02:36 hqnl0246134 sshd[240519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.51.103.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:02:36,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.51.103.26', 'timestamp': 1670342556.7697272, 'message': 'Dec  6 18:02:36 hqnl0246134 sshd[240519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.51.103.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:02:38,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.51.103.26', 'timestamp': 1670342558.770011, 'message': 'Dec  6 18:02:38 hqnl0246134 sshd[240519]: Failed password for invalid user test from 202.51.103.26 port 48744 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 18:02:38,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342558.7702398, 'message': 'Dec  6 18:02:38 hqnl0246134 sshd[240522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.6.108.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:02:38,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342558.7703557, 'message': 'Dec  6 18:02:38 hqnl0246134 sshd[240522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.108.33  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:02:42,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.6.108.33', 'timestamp': 1670342562.7754555, 'message': 'Dec  6 18:02:40 hqnl0246134 sshd[240522]: Failed password for root from 45.6.108.33 port 40790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 18:02:46,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.163.202.132', 'timestamp': 1670342566.7811575, 'message': 'Dec  6 18:02:45 hqnl0246134 sshd[240525]: Invalid user test from 103.163.202.132 port 60081', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:02:46,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.163.202.132', 'timestamp': 1670342566.7813718, 'message': 'Dec  6 18:02:45 hqnl0246134 sshd[240525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.163.202.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:02:46,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.163.202.132', 'timestamp': 1670342566.7815573, 'message': 'Dec  6 18:02:45 hqnl0246134 sshd[240525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.202.132 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 18:02:47,782] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:02:47,783] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:02:48,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.163.202.132', 'timestamp': 1670342568.7833352, 'message': 'Dec  6 18:02:47 hqnl0246134 sshd[240525]: Failed password for invalid user test from 103.163.202.132 port 60081 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:03:02,356] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:03:02,357] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:03:02,358] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 18:03:06,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342586.806578, 'message': 'Dec  6 18:03:05 hqnl0246134 sshd[240549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:03:06,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342586.807106, 'message': 'Dec  6 18:03:05 hqnl0246134 sshd[240549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:03:08,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342588.8063273, 'message': 'Dec  6 18:03:07 hqnl0246134 sshd[240549]: Failed password for root from 61.177.173.18 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:03:08,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342588.806593, 'message': 'Dec  6 18:03:07 hqnl0246134 sshd[240549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 18:03:09,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:03:09,884] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.5635 seconds
INFO    [2022-12-06 18:03:10,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342590.808808, 'message': 'Dec  6 18:03:10 hqnl0246134 sshd[240549]: Failed password for root from 61.177.173.18 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 18:03:10,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342590.809013, 'message': 'Dec  6 18:03:10 hqnl0246134 sshd[240551]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.176.79.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 18:03:10,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342590.8091426, 'message': 'Dec  6 18:03:10 hqnl0246134 sshd[240551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.163  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:03:12,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.176.79.163', 'timestamp': 1670342592.8120286, 'message': 'Dec  6 18:03:12 hqnl0246134 sshd[240551]: Failed password for root from 103.176.79.163 port 45568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 18:03:14,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342594.8140569, 'message': 'Dec  6 18:03:12 hqnl0246134 sshd[240549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:03:14,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342594.8142967, 'message': 'Dec  6 18:03:14 hqnl0246134 sshd[240549]: Failed password for root from 61.177.173.18 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:03:18,208] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:03:18,209] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:03:18,217] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:03:18,231] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 18:03:20,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342600.8203216, 'message': 'Dec  6 18:03:19 hqnl0246134 sshd[240563]: Invalid user romeo from 107.0.200.227 port 54506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:03:20,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342600.820595, 'message': 'Dec  6 18:03:19 hqnl0246134 sshd[240563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.0.200.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:03:20,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342600.82071, 'message': 'Dec  6 18:03:19 hqnl0246134 sshd[240563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:03:21,131] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:03:21,132] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:03:21,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:03:21,150] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 18:03:22,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342602.823254, 'message': 'Dec  6 18:03:22 hqnl0246134 sshd[240563]: Failed password for invalid user romeo from 107.0.200.227 port 54506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 18:03:24,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342604.825973, 'message': 'Dec  6 18:03:23 hqnl0246134 sshd[240563]: Disconnected from invalid user romeo 107.0.200.227 port 54506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:03:38,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342618.838262, 'message': 'Dec  6 18:03:37 hqnl0246134 sshd[240581]: Invalid user musikbot from 123.30.249.87 port 54432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 18:03:38,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342618.8389945, 'message': 'Dec  6 18:03:37 hqnl0246134 sshd[240581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:03:38,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342618.839218, 'message': 'Dec  6 18:03:37 hqnl0246134 sshd[240581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:03:40,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342620.8384366, 'message': 'Dec  6 18:03:39 hqnl0246134 sshd[240581]: Failed password for invalid user musikbot from 123.30.249.87 port 54432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 18:03:40,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342620.8386288, 'message': 'Dec  6 18:03:40 hqnl0246134 sshd[240581]: Disconnected from invalid user musikbot 123.30.249.87 port 54432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-06 18:03:43,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:03:43,101] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:03:43,109] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:03:43,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 18:03:46,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342626.8404431, 'message': 'Dec  6 18:03:45 hqnl0246134 sshd[240596]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.153.110.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 18:03:46,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342626.8406925, 'message': 'Dec  6 18:03:45 hqnl0246134 sshd[240596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-06 18:03:47,786] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:03:47,787] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:03:48,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342628.8419251, 'message': 'Dec  6 18:03:47 hqnl0246134 sshd[240596]: Failed password for root from 148.153.110.76 port 59992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:03:50,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342630.8431172, 'message': 'Dec  6 18:03:48 hqnl0246134 sshd[240599]: Invalid user lee from 139.59.18.217 port 32814', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:03:50,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342630.8433125, 'message': 'Dec  6 18:03:48 hqnl0246134 sshd[240599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.18.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:03:50,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342630.8434818, 'message': 'Dec  6 18:03:48 hqnl0246134 sshd[240599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.18.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:03:50,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342630.8435931, 'message': 'Dec  6 18:03:50 hqnl0246134 sshd[240599]: Failed password for invalid user lee from 139.59.18.217 port 32814 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:03:52,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.18.217', 'timestamp': 1670342632.845559, 'message': 'Dec  6 18:03:50 hqnl0246134 sshd[240599]: Disconnected from invalid user lee 139.59.18.217 port 32814 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:03:56,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342636.8502977, 'message': 'Dec  6 18:03:55 hqnl0246134 sshd[240601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 18:03:56,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342636.8506649, 'message': 'Dec  6 18:03:55 hqnl0246134 sshd[240601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:03:58,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342638.8524513, 'message': 'Dec  6 18:03:57 hqnl0246134 sshd[240601]: Failed password for root from 61.177.173.18 port 19745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:03:58,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342638.8526456, 'message': 'Dec  6 18:03:58 hqnl0246134 sshd[240601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:04:00,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342640.853662, 'message': 'Dec  6 18:04:00 hqnl0246134 sshd[240601]: Failed password for root from 61.177.173.18 port 19745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:04:02,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342642.8571632, 'message': 'Dec  6 18:04:02 hqnl0246134 sshd[240601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:04:06,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342646.862918, 'message': 'Dec  6 18:04:05 hqnl0246134 sshd[240601]: Failed password for root from 61.177.173.18 port 19745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
WARNING [2022-12-06 18:04:09,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:04:09,392] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0666 seconds
INFO    [2022-12-06 18:04:18,235] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:04:18,236] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:04:18,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:04:18,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 18:04:23,162] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:04:23,162] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:04:23,172] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:04:23,186] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-06 18:04:28,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342668.8882952, 'message': 'Dec  6 18:04:27 hqnl0246134 sshd[240639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.238.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 18:04:28,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342668.8897226, 'message': 'Dec  6 18:04:27 hqnl0246134 sshd[240639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.238.182  user=ftp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 18:04:30,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.238.182', 'timestamp': 1670342670.8883634, 'message': 'Dec  6 18:04:29 hqnl0246134 sshd[240639]: Failed password for ftp from 68.183.238.182 port 43638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:04:46,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342686.903745, 'message': 'Dec  6 18:04:45 hqnl0246134 sshd[240653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-06 18:04:46,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342686.9042587, 'message': 'Dec  6 18:04:46 hqnl0246134 sshd[240655]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.110.44 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 18:04:47,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342686.9040375, 'message': 'Dec  6 18:04:45 hqnl0246134 sshd[240653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-06 18:04:47,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342686.9045095, 'message': 'Dec  6 18:04:46 hqnl0246134 sshd[240655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.110.44  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0484 seconds
WARNING [2022-12-06 18:04:47,791] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:04:47,791] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:04:48,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342688.9035296, 'message': 'Dec  6 18:04:47 hqnl0246134 sshd[240653]: Failed password for root from 61.177.173.18 port 46506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 18:04:48,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342688.9037635, 'message': 'Dec  6 18:04:48 hqnl0246134 sshd[240655]: Failed password for root from 43.153.110.44 port 57344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 18:04:50,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342690.905983, 'message': 'Dec  6 18:04:49 hqnl0246134 sshd[240653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:04:52,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342692.907073, 'message': 'Dec  6 18:04:51 hqnl0246134 sshd[240653]: Failed password for root from 61.177.173.18 port 46506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:04:52,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342692.907264, 'message': 'Dec  6 18:04:51 hqnl0246134 sshd[240653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:04:54,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342694.9097598, 'message': 'Dec  6 18:04:54 hqnl0246134 sshd[240653]: Failed password for root from 61.177.173.18 port 46506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 18:04:55,116] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:04:55,117] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:04:55,125] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:04:55,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 18:05:00,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670342700.917812, 'message': 'Dec  6 18:05:00 hqnl0246134 sshd[240677]: Invalid user user01 from 202.110.197.126 port 54296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:05:00,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.110.197.126', 'timestamp': 1670342700.9186647, 'message': 'Dec  6 18:05:00 hqnl0246134 sshd[240677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.110.197.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:05:00,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.110.197.126', 'timestamp': 1670342700.918906, 'message': 'Dec  6 18:05:00 hqnl0246134 sshd[240677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.110.197.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:05:02,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670342702.9200544, 'message': 'Dec  6 18:05:02 hqnl0246134 sshd[240677]: Failed password for invalid user user01 from 202.110.197.126 port 54296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 18:05:02,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670342702.9205146, 'message': 'Dec  6 18:05:02 hqnl0246134 sshd[240677]: Disconnected from invalid user user01 202.110.197.126 port 54296 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-06 18:05:09,340] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:05:09,369] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0400 seconds
INFO    [2022-12-06 18:05:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:05:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:05:17,825] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:05:17,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 18:05:20,667] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:05:20,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:05:20,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:05:20,687] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 18:05:20,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670342720.9350631, 'message': 'Dec  6 18:05:19 hqnl0246134 sshd[240717]: Invalid user paulo from 14.161.12.119 port 43030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:05:20,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.12.119', 'timestamp': 1670342720.9353337, 'message': 'Dec  6 18:05:19 hqnl0246134 sshd[240717]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.12.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:05:20,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.12.119', 'timestamp': 1670342720.935487, 'message': 'Dec  6 18:05:19 hqnl0246134 sshd[240717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.12.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:05:22,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670342722.935636, 'message': 'Dec  6 18:05:21 hqnl0246134 sshd[240717]: Failed password for invalid user paulo from 14.161.12.119 port 43030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:05:22,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670342722.9358292, 'message': 'Dec  6 18:05:22 hqnl0246134 sshd[240717]: Disconnected from invalid user paulo 14.161.12.119 port 43030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:05:30,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670342730.9425046, 'message': 'Dec  6 18:05:30 hqnl0246134 sshd[240736]: Invalid user db2inst1 from 122.164.86.17 port 12340', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 18:05:30,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.164.86.17', 'timestamp': 1670342730.9428477, 'message': 'Dec  6 18:05:30 hqnl0246134 sshd[240736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.164.86.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 18:05:31,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.164.86.17', 'timestamp': 1670342730.9430156, 'message': 'Dec  6 18:05:30 hqnl0246134 sshd[240736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.164.86.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:05:32,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670342732.9468977, 'message': 'Dec  6 18:05:32 hqnl0246134 sshd[240736]: Failed password for invalid user db2inst1 from 122.164.86.17 port 12340 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:05:32,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670342732.947128, 'message': 'Dec  6 18:05:32 hqnl0246134 sshd[240736]: Disconnected from invalid user db2inst1 122.164.86.17 port 12340 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:05:36,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342736.9565456, 'message': 'Dec  6 18:05:35 hqnl0246134 sshd[240743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 18:05:37,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342736.9568667, 'message': 'Dec  6 18:05:35 hqnl0246134 sshd[240743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 18:05:38,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342738.9611325, 'message': 'Dec  6 18:05:37 hqnl0246134 sshd[240743]: Failed password for root from 61.177.173.18 port 20562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:05:38,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342738.9613166, 'message': 'Dec  6 18:05:37 hqnl0246134 sshd[240743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:05:40,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342740.9711015, 'message': 'Dec  6 18:05:39 hqnl0246134 sshd[240743]: Failed password for root from 61.177.173.18 port 20562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:05:42,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342742.9626262, 'message': 'Dec  6 18:05:42 hqnl0246134 sshd[240743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 18:05:45,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342745.0133157, 'message': 'Dec  6 18:05:43 hqnl0246134 sshd[240743]: Failed password for root from 61.177.173.18 port 20562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 18:05:47,794] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:05:47,795] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:06:03,085] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:06:03,153] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:06:03,154] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:06:03,155] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:06:03,155] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:06:03,155] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:06:03,169] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:06:03,186] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0292 seconds
WARNING [2022-12-06 18:06:03,193] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:06:03,195] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:06:03,212] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-06 18:06:03,214] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0302 seconds
INFO    [2022-12-06 18:06:05,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342764.9828982, 'message': 'Dec  6 18:06:03 hqnl0246134 sshd[240765]: Invalid user sysadm from 163.121.146.133 port 37884', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:06:05,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342764.983163, 'message': 'Dec  6 18:06:04 hqnl0246134 sshd[240765]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.121.146.133 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 18:06:05,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342764.9833038, 'message': 'Dec  6 18:06:04 hqnl0246134 sshd[240765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.121.146.133 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:06:07,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670342766.983179, 'message': 'Dec  6 18:06:06 hqnl0246134 sshd[240768]: Invalid user account from 96.43.99.83 port 46874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:06:07,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342766.9838629, 'message': 'Dec  6 18:06:06 hqnl0246134 sshd[240765]: Failed password for invalid user sysadm from 163.121.146.133 port 37884 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:06:07,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670342766.983488, 'message': 'Dec  6 18:06:06 hqnl0246134 sshd[240768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:06:07,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670342766.9836283, 'message': 'Dec  6 18:06:06 hqnl0246134 sshd[240768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:06:09,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342768.9839034, 'message': 'Dec  6 18:06:07 hqnl0246134 sshd[240765]: Disconnected from invalid user sysadm 163.121.146.133 port 37884 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0645 seconds
INFO    [2022-12-06 18:06:09,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670342768.9843647, 'message': 'Dec  6 18:06:08 hqnl0246134 sshd[240768]: Failed password for invalid user account from 96.43.99.83 port 46874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0645 seconds
INFO    [2022-12-06 18:06:09,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670342768.9845629, 'message': 'Dec  6 18:06:08 hqnl0246134 sshd[240768]: Disconnected from invalid user account 96.43.99.83 port 46874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0705 seconds
WARNING [2022-12-06 18:06:09,350] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:06:09,414] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0811 seconds
INFO    [2022-12-06 18:06:11,456] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:06:11,457] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:06:11,471] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:06:11,483] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 18:06:15,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342775.093875, 'message': 'Dec  6 18:06:13 hqnl0246134 sshd[240781]: Invalid user username from 107.0.200.227 port 43216', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:06:15,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342775.0941029, 'message': 'Dec  6 18:06:14 hqnl0246134 sshd[240781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.0.200.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:06:15,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342775.094222, 'message': 'Dec  6 18:06:14 hqnl0246134 sshd[240781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:06:17,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342776.9906228, 'message': 'Dec  6 18:06:16 hqnl0246134 sshd[240781]: Failed password for invalid user username from 107.0.200.227 port 43216 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:06:17,719] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:06:17,719] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:06:17,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:06:17,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
INFO    [2022-12-06 18:06:19,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342778.9922926, 'message': 'Dec  6 18:06:18 hqnl0246134 sshd[240781]: Disconnected from invalid user username 107.0.200.227 port 43216 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:06:20,348] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:06:20,349] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:06:20,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:06:20,367] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 18:06:27,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342787.000357, 'message': 'Dec  6 18:06:25 hqnl0246134 sshd[240793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:06:27,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342787.0005689, 'message': 'Dec  6 18:06:25 hqnl0246134 sshd[240793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:06:29,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342789.0033984, 'message': 'Dec  6 18:06:27 hqnl0246134 sshd[240793]: Failed password for root from 61.177.173.18 port 56403 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 18:06:29,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342789.0041194, 'message': 'Dec  6 18:06:27 hqnl0246134 sshd[240793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:06:31,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342791.0053957, 'message': 'Dec  6 18:06:29 hqnl0246134 sshd[240805]: Invalid user coder from 148.153.110.76 port 49832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 18:06:31,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342791.0060124, 'message': 'Dec  6 18:06:30 hqnl0246134 sshd[240793]: Failed password for root from 61.177.173.18 port 56403 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 18:06:31,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342791.0056605, 'message': 'Dec  6 18:06:29 hqnl0246134 sshd[240805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.153.110.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:06:31,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342791.0058088, 'message': 'Dec  6 18:06:29 hqnl0246134 sshd[240805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:06:31,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342791.0061607, 'message': 'Dec  6 18:06:30 hqnl0246134 sshd[240805]: Failed password for invalid user coder from 148.153.110.76 port 49832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:06:33,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342793.0082784, 'message': 'Dec  6 18:06:31 hqnl0246134 sshd[240807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 18:06:33,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342793.0086753, 'message': 'Dec  6 18:06:31 hqnl0246134 sshd[240805]: Disconnected from invalid user coder 148.153.110.76 port 49832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 18:06:33,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342793.00878, 'message': 'Dec  6 18:06:32 hqnl0246134 sshd[240793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 18:06:33,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342793.0085282, 'message': 'Dec  6 18:06:31 hqnl0246134 sshd[240807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:06:35,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342795.011409, 'message': 'Dec  6 18:06:33 hqnl0246134 sshd[240807]: Failed password for root from 61.177.173.39 port 13072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:06:35,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342795.01164, 'message': 'Dec  6 18:06:34 hqnl0246134 sshd[240793]: Failed password for root from 61.177.173.18 port 56403 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 18:06:36,391] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:06:36,391] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:06:36,393] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 18:06:37,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342797.0135055, 'message': 'Dec  6 18:06:35 hqnl0246134 sshd[240832]: Invalid user p from 163.121.146.133 port 45406', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0648 seconds
INFO    [2022-12-06 18:06:37,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342797.0142264, 'message': 'Dec  6 18:06:35 hqnl0246134 sshd[240807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0669 seconds
INFO    [2022-12-06 18:06:37,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342797.0137117, 'message': 'Dec  6 18:06:35 hqnl0246134 sshd[240832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.121.146.133 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-06 18:06:37,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342797.0138288, 'message': 'Dec  6 18:06:35 hqnl0246134 sshd[240832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.121.146.133 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-06 18:06:39,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342799.0171084, 'message': 'Dec  6 18:06:37 hqnl0246134 sshd[240832]: Failed password for invalid user p from 163.121.146.133 port 45406 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 18:06:39,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342799.0173087, 'message': 'Dec  6 18:06:37 hqnl0246134 sshd[240807]: Failed password for root from 61.177.173.39 port 13072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 18:06:39,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342799.0182252, 'message': 'Dec  6 18:06:38 hqnl0246134 sshd[240832]: Disconnected from invalid user p 163.121.146.133 port 45406 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 18:06:39,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342799.0181046, 'message': 'Dec  6 18:06:37 hqnl0246134 sshd[240807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 18:06:41,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342801.0201519, 'message': 'Dec  6 18:06:39 hqnl0246134 sshd[240807]: Failed password for root from 61.177.173.39 port 13072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 18:06:43,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342803.0221376, 'message': 'Dec  6 18:06:42 hqnl0246134 sshd[240838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 18:06:43,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342803.0224938, 'message': 'Dec  6 18:06:42 hqnl0246134 sshd[240838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:06:45,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342805.024651, 'message': 'Dec  6 18:06:43 hqnl0246134 sshd[240838]: Failed password for root from 61.177.173.39 port 35497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:06:45,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342805.0249617, 'message': 'Dec  6 18:06:44 hqnl0246134 sshd[240838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1510 seconds
INFO    [2022-12-06 18:06:47,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342807.026073, 'message': 'Dec  6 18:06:46 hqnl0246134 sshd[240838]: Failed password for root from 61.177.173.39 port 35497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 18:06:47,797] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:06:47,798] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:06:51,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342811.0298371, 'message': 'Dec  6 18:06:49 hqnl0246134 sshd[240838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:06:51,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342811.0300195, 'message': 'Dec  6 18:06:50 hqnl0246134 sshd[240838]: Failed password for root from 61.177.173.39 port 35497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:06:53,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342813.0335903, 'message': 'Dec  6 18:06:52 hqnl0246134 sshd[240841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:06:53,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342813.0337968, 'message': 'Dec  6 18:06:52 hqnl0246134 sshd[240841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:06:55,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342815.054236, 'message': 'Dec  6 18:06:54 hqnl0246134 sshd[240841]: Failed password for root from 61.177.173.39 port 12647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-06 18:06:57,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342817.0402193, 'message': 'Dec  6 18:06:55 hqnl0246134 sshd[240841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 18:06:59,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342819.0424204, 'message': 'Dec  6 18:06:57 hqnl0246134 sshd[240841]: Failed password for root from 61.177.173.39 port 12647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:07:01,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342821.0457804, 'message': 'Dec  6 18:06:59 hqnl0246134 sshd[240841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 18:07:03,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670342823.0466251, 'message': 'Dec  6 18:07:01 hqnl0246134 sshd[240841]: Failed password for root from 61.177.173.39 port 12647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 18:07:05,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342825.048661, 'message': 'Dec  6 18:07:04 hqnl0246134 sshd[240870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.121.146.133 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 18:07:05,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342825.0490568, 'message': 'Dec  6 18:07:04 hqnl0246134 sshd[240870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.121.146.133  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:07:07,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.121.146.133', 'timestamp': 1670342827.0496256, 'message': 'Dec  6 18:07:06 hqnl0246134 sshd[240870]: Failed password for root from 163.121.146.133 port 53786 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 18:07:09,348] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:07:09,382] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0445 seconds
INFO    [2022-12-06 18:07:11,481] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:07:11,482] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:07:11,489] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:07:11,500] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 18:07:15,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342835.0550468, 'message': 'Dec  6 18:07:14 hqnl0246134 sshd[240879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:07:15,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342835.0553536, 'message': 'Dec  6 18:07:14 hqnl0246134 sshd[240879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 18:07:17,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342837.0555944, 'message': 'Dec  6 18:07:16 hqnl0246134 sshd[240879]: Failed password for root from 61.177.173.18 port 34829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-06 18:07:18,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:07:18,710] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:07:18,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:07:18,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0579 seconds
INFO    [2022-12-06 18:07:19,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342839.0573483, 'message': 'Dec  6 18:07:17 hqnl0246134 sshd[240879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 18:07:19,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342839.0575514, 'message': 'Dec  6 18:07:18 hqnl0246134 sshd[240879]: Failed password for root from 61.177.173.18 port 34829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 18:07:21,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342841.0593297, 'message': 'Dec  6 18:07:19 hqnl0246134 sshd[240879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:07:21,499] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:07:21,499] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:07:21,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:07:21,520] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 18:07:23,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342843.0620418, 'message': 'Dec  6 18:07:21 hqnl0246134 sshd[240879]: Failed password for root from 61.177.173.18 port 34829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:07:37,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342857.0823824, 'message': 'Dec  6 18:07:35 hqnl0246134 sshd[240903]: Invalid user user1 from 123.30.249.87 port 46724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:07:37,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342857.0831194, 'message': 'Dec  6 18:07:35 hqnl0246134 sshd[240905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:07:37,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342857.082815, 'message': 'Dec  6 18:07:35 hqnl0246134 sshd[240903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 18:07:37,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342857.0832725, 'message': 'Dec  6 18:07:35 hqnl0246134 sshd[240905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 18:07:37,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342857.0829816, 'message': 'Dec  6 18:07:35 hqnl0246134 sshd[240903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:07:39,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342859.09021, 'message': 'Dec  6 18:07:37 hqnl0246134 sshd[240903]: Failed password for invalid user user1 from 123.30.249.87 port 46724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-06 18:07:39,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.72.25', 'timestamp': 1670342859.0904484, 'message': 'Dec  6 18:07:37 hqnl0246134 sshd[240910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.72.25  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 18:07:39,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670342859.0905905, 'message': 'Dec  6 18:07:37 hqnl0246134 sshd[240905]: Failed password for root from 220.80.223.144 port 50096 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 18:07:39,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670342859.090724, 'message': 'Dec  6 18:07:37 hqnl0246134 sshd[240903]: Disconnected from invalid user user1 123.30.249.87 port 46724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:07:41,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.72.25', 'timestamp': 1670342861.092797, 'message': 'Dec  6 18:07:39 hqnl0246134 sshd[240910]: Failed password for root from 43.153.72.25 port 56392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-06 18:07:47,801] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:07:47,802] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:08:03,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342883.1202488, 'message': 'Dec  6 18:08:01 hqnl0246134 sshd[240924]: Invalid user cloud from 43.153.110.44 port 56142', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-06 18:08:03,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342883.121358, 'message': 'Dec  6 18:08:02 hqnl0246134 sshd[240934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 18:08:03,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342883.1208522, 'message': 'Dec  6 18:08:01 hqnl0246134 sshd[240924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.110.44 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:08:03,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342883.1215134, 'message': 'Dec  6 18:08:02 hqnl0246134 sshd[240934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 18:08:03,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342883.121083, 'message': 'Dec  6 18:08:01 hqnl0246134 sshd[240924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.110.44 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:08:03,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342883.1212244, 'message': 'Dec  6 18:08:02 hqnl0246134 sshd[240924]: Failed password for invalid user cloud from 43.153.110.44 port 56142 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:08:05,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342885.1216393, 'message': 'Dec  6 18:08:03 hqnl0246134 sshd[240924]: Disconnected from invalid user cloud 43.153.110.44 port 56142 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:08:05,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342885.121875, 'message': 'Dec  6 18:08:04 hqnl0246134 sshd[240934]: Failed password for root from 61.177.173.18 port 15343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:08:07,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342887.121872, 'message': 'Dec  6 18:08:05 hqnl0246134 sshd[240934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 18:08:07,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342887.1289523, 'message': 'Dec  6 18:08:06 hqnl0246134 sshd[240934]: Failed password for root from 61.177.173.18 port 15343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:08:09,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342889.1238601, 'message': 'Dec  6 18:08:07 hqnl0246134 sshd[240934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 18:08:09,376] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:08:09,454] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.1111 seconds
INFO    [2022-12-06 18:08:11,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342891.1261654, 'message': 'Dec  6 18:08:09 hqnl0246134 sshd[240934]: Failed password for root from 61.177.173.18 port 15343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:08:17,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:08:17,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:08:17,887] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:08:17,898] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 18:08:20,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:08:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:08:20,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:08:20,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 18:08:35,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670342915.157437, 'message': 'Dec  6 18:08:34 hqnl0246134 sshd[240962]: Invalid user albert123 from 161.35.24.244 port 37724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 18:08:35,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.24.244', 'timestamp': 1670342915.158022, 'message': 'Dec  6 18:08:34 hqnl0246134 sshd[240962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 18:08:37,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670342917.1639009, 'message': 'Dec  6 18:08:36 hqnl0246134 sshd[240962]: Failed password for invalid user albert123 from 161.35.24.244 port 37724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 18:08:39,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.93.51.98', 'timestamp': 1670342919.1670322, 'message': 'Dec  6 18:08:37 hqnl0246134 sshd[240964]: Invalid user rahul from 177.93.51.98 port 60388', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 18:08:39,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670342919.1675403, 'message': 'Dec  6 18:08:38 hqnl0246134 sshd[240962]: Disconnected from invalid user albert123 161.35.24.244 port 37724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 18:08:39,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.93.51.98', 'timestamp': 1670342919.1672235, 'message': 'Dec  6 18:08:38 hqnl0246134 sshd[240964]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.93.51.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:08:39,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.93.51.98', 'timestamp': 1670342919.1673653, 'message': 'Dec  6 18:08:38 hqnl0246134 sshd[240964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.93.51.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:08:40,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:08:40,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:08:40,719] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:08:40,730] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 18:08:41,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.93.51.98', 'timestamp': 1670342921.1744802, 'message': 'Dec  6 18:08:39 hqnl0246134 sshd[240964]: Failed password for invalid user rahul from 177.93.51.98 port 60388 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:08:41,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.93.51.98', 'timestamp': 1670342921.1747699, 'message': 'Dec  6 18:08:40 hqnl0246134 sshd[240964]: Disconnected from invalid user rahul 177.93.51.98 port 60388 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:08:47,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670342927.186665, 'message': 'Dec  6 18:08:45 hqnl0246134 sshd[240973]: Invalid user openbravo from 178.33.182.8 port 57196', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:08:47,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.33.182.8', 'timestamp': 1670342927.1868775, 'message': 'Dec  6 18:08:45 hqnl0246134 sshd[240973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.33.182.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:08:47,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.33.182.8', 'timestamp': 1670342927.187007, 'message': 'Dec  6 18:08:45 hqnl0246134 sshd[240973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.182.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 18:08:47,805] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:08:47,805] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:08:49,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670342929.187249, 'message': 'Dec  6 18:08:47 hqnl0246134 sshd[240973]: Failed password for invalid user openbravo from 178.33.182.8 port 57196 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:08:49,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670342929.1875625, 'message': 'Dec  6 18:08:48 hqnl0246134 sshd[240973]: Disconnected from invalid user openbravo 178.33.182.8 port 57196 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:08:51,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342931.188034, 'message': 'Dec  6 18:08:50 hqnl0246134 sshd[240975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:08:51,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342931.1884646, 'message': 'Dec  6 18:08:50 hqnl0246134 sshd[240977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.110.44 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 18:08:51,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342931.1883287, 'message': 'Dec  6 18:08:50 hqnl0246134 sshd[240975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 18:08:51,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342931.188586, 'message': 'Dec  6 18:08:50 hqnl0246134 sshd[240977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.110.44  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 18:08:53,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342933.189793, 'message': 'Dec  6 18:08:52 hqnl0246134 sshd[240975]: Failed password for root from 61.177.173.18 port 44332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 18:08:53,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342933.1900136, 'message': 'Dec  6 18:08:52 hqnl0246134 sshd[240977]: Failed password for root from 43.153.110.44 port 59302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 18:08:53,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342933.1901495, 'message': 'Dec  6 18:08:53 hqnl0246134 sshd[240979]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.0.200.227 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-06 18:08:53,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342933.1902719, 'message': 'Dec  6 18:08:53 hqnl0246134 sshd[240979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:08:55,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342935.193007, 'message': 'Dec  6 18:08:54 hqnl0246134 sshd[240975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 18:08:55,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.0.200.227', 'timestamp': 1670342935.1932518, 'message': 'Dec  6 18:08:55 hqnl0246134 sshd[240979]: Failed password for root from 107.0.200.227 port 60146 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 18:08:57,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342937.19713, 'message': 'Dec  6 18:08:56 hqnl0246134 sshd[240975]: Failed password for root from 61.177.173.18 port 44332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:08:57,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342937.1973867, 'message': 'Dec  6 18:08:56 hqnl0246134 sshd[240975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:08:59,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342939.2000108, 'message': 'Dec  6 18:08:58 hqnl0246134 sshd[240975]: Failed password for root from 61.177.173.18 port 44332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 18:09:03,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342943.207168, 'message': 'Dec  6 18:09:01 hqnl0246134 sshd[240998]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.153.110.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 18:09:03,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342943.2076612, 'message': 'Dec  6 18:09:01 hqnl0246134 sshd[240998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:09:05,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '148.153.110.76', 'timestamp': 1670342945.208987, 'message': 'Dec  6 18:09:03 hqnl0246134 sshd[240998]: Failed password for root from 148.153.110.76 port 39620 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 18:09:09,357] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:09:09,386] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0394 seconds
INFO    [2022-12-06 18:09:17,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:09:17,800] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:09:17,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:09:17,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 18:09:20,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:09:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:09:20,488] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:09:20,499] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 18:09:41,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342981.2625542, 'message': 'Dec  6 18:09:39 hqnl0246134 sshd[241148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:09:41,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342981.262941, 'message': 'Dec  6 18:09:39 hqnl0246134 sshd[241148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:09:43,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342983.265319, 'message': 'Dec  6 18:09:41 hqnl0246134 sshd[241148]: Failed password for root from 61.177.173.18 port 28364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:09:45,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342985.2672226, 'message': 'Dec  6 18:09:44 hqnl0246134 sshd[241148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:09:45,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342985.2674222, 'message': 'Dec  6 18:09:44 hqnl0246134 sshd[241150]: Invalid user oracle from 43.153.110.44 port 53562', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:09:45,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342985.2676213, 'message': 'Dec  6 18:09:44 hqnl0246134 sshd[241150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.110.44 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:09:45,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342985.2677648, 'message': 'Dec  6 18:09:44 hqnl0246134 sshd[241150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.110.44 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:09:47,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342987.270667, 'message': 'Dec  6 18:09:46 hqnl0246134 sshd[241148]: Failed password for root from 61.177.173.18 port 28364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 18:09:47,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342987.2708533, 'message': 'Dec  6 18:09:46 hqnl0246134 sshd[241150]: Failed password for invalid user oracle from 43.153.110.44 port 53562 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
WARNING [2022-12-06 18:09:47,809] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:09:47,809] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:09:49,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.110.44', 'timestamp': 1670342989.2750463, 'message': 'Dec  6 18:09:48 hqnl0246134 sshd[241150]: Disconnected from invalid user oracle 43.153.110.44 port 53562 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:09:49,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342989.2752562, 'message': 'Dec  6 18:09:48 hqnl0246134 sshd[241148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 18:09:51,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:09:51,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:09:51,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:09:51,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 18:09:51,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670342991.2764437, 'message': 'Dec  6 18:09:50 hqnl0246134 sshd[241148]: Failed password for root from 61.177.173.18 port 28364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 18:10:05,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343005.296018, 'message': 'Dec  6 18:10:04 hqnl0246134 sshd[241185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.154.12.139 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 18:10:05,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343005.296624, 'message': 'Dec  6 18:10:04 hqnl0246134 sshd[241185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.154.12.139  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:10:07,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343007.298599, 'message': 'Dec  6 18:10:06 hqnl0246134 sshd[241185]: Failed password for root from 45.154.12.139 port 56274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 18:10:09,359] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:10:09,382] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-06 18:10:17,890] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:10:17,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:10:17,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:10:17,913] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 18:10:20,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:10:20,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:10:20,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:10:20,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 18:10:27,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343027.3224385, 'message': 'Dec  6 18:10:27 hqnl0246134 sshd[241210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:10:27,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343027.3227375, 'message': 'Dec  6 18:10:27 hqnl0246134 sshd[241210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:10:29,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343029.3274755, 'message': 'Dec  6 18:10:28 hqnl0246134 sshd[241210]: Failed password for root from 61.177.173.18 port 52719 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 18:10:31,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343031.3259451, 'message': 'Dec  6 18:10:29 hqnl0246134 sshd[241210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 18:10:33,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343033.3282852, 'message': 'Dec  6 18:10:31 hqnl0246134 sshd[241210]: Failed password for root from 61.177.173.18 port 52719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:10:35,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343035.3297563, 'message': 'Dec  6 18:10:33 hqnl0246134 sshd[241210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:10:37,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343037.3332536, 'message': 'Dec  6 18:10:35 hqnl0246134 sshd[241244]: Invalid user virtual from 220.80.223.144 port 42420', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 18:10:37,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343037.3339415, 'message': 'Dec  6 18:10:36 hqnl0246134 sshd[241210]: Failed password for root from 61.177.173.18 port 52719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-06 18:10:37,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343037.3335323, 'message': 'Dec  6 18:10:35 hqnl0246134 sshd[241244]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:10:37,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343037.3337703, 'message': 'Dec  6 18:10:35 hqnl0246134 sshd[241244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 18:10:37,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343037.3340976, 'message': 'Dec  6 18:10:37 hqnl0246134 sshd[241244]: Failed password for invalid user virtual from 220.80.223.144 port 42420 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:10:39,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343039.335242, 'message': 'Dec  6 18:10:38 hqnl0246134 sshd[241244]: Disconnected from invalid user virtual 220.80.223.144 port 42420 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 18:10:47,815] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:10:47,816] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:11:05,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343065.3673851, 'message': 'Dec  6 18:11:04 hqnl0246134 sshd[241267]: Invalid user sk from 123.30.249.87 port 34550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 18:11:05,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343065.36801, 'message': 'Dec  6 18:11:04 hqnl0246134 sshd[241267]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0519 seconds
INFO    [2022-12-06 18:11:05,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343065.368248, 'message': 'Dec  6 18:11:04 hqnl0246134 sshd[241267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0417 seconds
WARNING [2022-12-06 18:11:09,365] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:11:09,399] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0428 seconds
INFO    [2022-12-06 18:11:09,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343069.369604, 'message': 'Dec  6 18:11:07 hqnl0246134 sshd[241267]: Failed password for invalid user sk from 123.30.249.87 port 34550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 18:11:11,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343071.3736017, 'message': 'Dec  6 18:11:09 hqnl0246134 sshd[241267]: Disconnected from invalid user sk 123.30.249.87 port 34550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 18:11:12,486] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:11:12,486] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:11:12,494] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:11:12,506] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 18:11:19,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343079.3832335, 'message': 'Dec  6 18:11:18 hqnl0246134 sshd[241285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 18:11:19,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343079.3835742, 'message': 'Dec  6 18:11:18 hqnl0246134 sshd[241285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:11:19,959] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:11:19,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:11:19,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:11:19,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 18:11:21,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343081.3850105, 'message': 'Dec  6 18:11:20 hqnl0246134 sshd[241285]: Failed password for root from 61.177.173.18 port 38041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 18:11:21,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343081.3851905, 'message': 'Dec  6 18:11:21 hqnl0246134 sshd[241285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:11:22,772] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:11:22,773] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:11:22,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:11:22,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 18:11:23,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343083.3871546, 'message': 'Dec  6 18:11:23 hqnl0246134 sshd[241285]: Failed password for root from 61.177.173.18 port 38041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:11:25,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343085.391048, 'message': 'Dec  6 18:11:23 hqnl0246134 sshd[241285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:11:27,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343087.393764, 'message': 'Dec  6 18:11:25 hqnl0246134 sshd[241285]: Failed password for root from 61.177.173.18 port 38041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 18:11:27,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343087.3939636, 'message': 'Dec  6 18:11:25 hqnl0246134 sshd[241298]: Invalid user t3rr0r from 178.128.88.244 port 57258', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 18:11:27,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343087.3941126, 'message': 'Dec  6 18:11:25 hqnl0246134 sshd[241298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.88.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:11:27,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343087.3942213, 'message': 'Dec  6 18:11:25 hqnl0246134 sshd[241298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.88.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:11:29,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343089.3992422, 'message': 'Dec  6 18:11:27 hqnl0246134 sshd[241298]: Failed password for invalid user t3rr0r from 178.128.88.244 port 57258 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 18:11:29,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343089.3996208, 'message': 'Dec  6 18:11:28 hqnl0246134 sshd[241298]: Disconnected from invalid user t3rr0r 178.128.88.244 port 57258 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 18:11:47,819] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:11:47,820] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:11:53,379] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 18:12:09,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:12:09,403] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0420 seconds
INFO    [2022-12-06 18:12:09,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343129.4452279, 'message': 'Dec  6 18:12:08 hqnl0246134 sshd[241343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:12:09,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343129.4457023, 'message': 'Dec  6 18:12:08 hqnl0246134 sshd[241343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 18:12:11,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343131.4464312, 'message': 'Dec  6 18:12:10 hqnl0246134 sshd[241343]: Failed password for root from 61.177.173.18 port 10231 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 18:12:11,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343131.4468627, 'message': 'Dec  6 18:12:10 hqnl0246134 sshd[241343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:12:15,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343135.451455, 'message': 'Dec  6 18:12:13 hqnl0246134 sshd[241343]: Failed password for root from 61.177.173.18 port 10231 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 18:12:15,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343135.4519653, 'message': 'Dec  6 18:12:15 hqnl0246134 sshd[241343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 18:12:17,899] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:12:17,900] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:12:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:12:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 18:12:19,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343139.453497, 'message': 'Dec  6 18:12:17 hqnl0246134 sshd[241343]: Failed password for root from 61.177.173.18 port 10231 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:12:20,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:12:20,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:12:20,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:12:20,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 18:12:35,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343155.4826608, 'message': 'Dec  6 18:12:34 hqnl0246134 sshd[241372]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.27.236.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:12:35,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343155.4832644, 'message': 'Dec  6 18:12:34 hqnl0246134 sshd[241372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.236.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:12:37,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343157.486215, 'message': 'Dec  6 18:12:36 hqnl0246134 sshd[241372]: Failed password for root from 103.27.236.73 port 53226 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:12:41,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:12:41,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:12:41,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:12:41,350] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-06 18:12:47,823] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:12:47,823] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:12:53,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343173.5113702, 'message': 'Dec  6 18:12:52 hqnl0246134 sshd[241382]: Invalid user oracle from 96.43.99.83 port 33576', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:12:53,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343173.5125015, 'message': 'Dec  6 18:12:52 hqnl0246134 sshd[241382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:12:53,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343173.51265, 'message': 'Dec  6 18:12:52 hqnl0246134 sshd[241382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:12:55,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343175.5150852, 'message': 'Dec  6 18:12:54 hqnl0246134 sshd[241382]: Failed password for invalid user oracle from 96.43.99.83 port 33576 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:12:57,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343177.5179713, 'message': 'Dec  6 18:12:56 hqnl0246134 sshd[241382]: Disconnected from invalid user oracle 96.43.99.83 port 33576 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:12:59,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343179.5197678, 'message': 'Dec  6 18:12:58 hqnl0246134 sshd[241386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 18:12:59,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343179.520161, 'message': 'Dec  6 18:12:58 hqnl0246134 sshd[241386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:13:01,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343181.524896, 'message': 'Dec  6 18:13:00 hqnl0246134 sshd[241386]: Failed password for root from 61.177.173.18 port 45218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:13:02,344] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 18:13:02,351] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:02,363] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0182 seconds
INFO    [2022-12-06 18:13:03,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343183.530393, 'message': 'Dec  6 18:13:02 hqnl0246134 sshd[241386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:13:05,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343185.5352488, 'message': 'Dec  6 18:13:04 hqnl0246134 sshd[241386]: Failed password for root from 61.177.173.18 port 45218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:13:07,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343187.538235, 'message': 'Dec  6 18:13:07 hqnl0246134 sshd[241386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 18:13:09,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:09,399] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 18:13:09,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343189.541259, 'message': 'Dec  6 18:13:08 hqnl0246134 sshd[241386]: Failed password for root from 61.177.173.18 port 45218 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 18:13:17,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:13:17,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:13:17,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:17,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-06 18:13:20,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:13:20,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:13:20,751] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:20,762] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-06 18:13:45,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343225.5949275, 'message': 'Dec  6 18:13:44 hqnl0246134 sshd[241442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 18:13:45,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343225.5954692, 'message': 'Dec  6 18:13:44 hqnl0246134 sshd[241445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.11.37.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 18:13:45,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343225.595308, 'message': 'Dec  6 18:13:44 hqnl0246134 sshd[241442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:13:45,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343225.5955908, 'message': 'Dec  6 18:13:44 hqnl0246134 sshd[241445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.37.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 18:13:45,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670343225.5957367, 'message': 'Dec  6 18:13:45 hqnl0246134 sshd[241442]: Failed password for root from 220.80.223.144 port 34396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:13:47,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343227.596781, 'message': 'Dec  6 18:13:45 hqnl0246134 sshd[241447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 18:13:47,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343227.5971599, 'message': 'Dec  6 18:13:46 hqnl0246134 sshd[241445]: Failed password for root from 141.11.37.50 port 37996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 18:13:47,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343227.5970309, 'message': 'Dec  6 18:13:45 hqnl0246134 sshd[241447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 18:13:47,826] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:13:47,827] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:13:49,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343229.5993276, 'message': 'Dec  6 18:13:48 hqnl0246134 sshd[241447]: Failed password for root from 61.177.173.18 port 20358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 18:13:50,757] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:13:50,824] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:13:50,824] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:13:50,825] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:13:50,825] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:13:50,825] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:13:50,834] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:13:50,850] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0245 seconds
WARNING [2022-12-06 18:13:50,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:13:50,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:50,877] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0335 seconds
INFO    [2022-12-06 18:13:50,878] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0307 seconds
INFO    [2022-12-06 18:13:51,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343231.6011221, 'message': 'Dec  6 18:13:50 hqnl0246134 sshd[241447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 18:13:51,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670343231.6013198, 'message': 'Dec  6 18:13:50 hqnl0246134 sshd[241449]: Invalid user admin from 202.110.197.126 port 57446', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 18:13:51,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.110.197.126', 'timestamp': 1670343231.601471, 'message': 'Dec  6 18:13:50 hqnl0246134 sshd[241449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.110.197.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:13:51,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.110.197.126', 'timestamp': 1670343231.6016126, 'message': 'Dec  6 18:13:50 hqnl0246134 sshd[241449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.110.197.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 18:13:53,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343233.602135, 'message': 'Dec  6 18:13:51 hqnl0246134 sshd[241447]: Failed password for root from 61.177.173.18 port 20358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 18:13:53,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670343233.6023836, 'message': 'Dec  6 18:13:51 hqnl0246134 sshd[241449]: Failed password for invalid user admin from 202.110.197.126 port 57446 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 18:13:53,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343233.6025255, 'message': 'Dec  6 18:13:52 hqnl0246134 sshd[241447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:13:53,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.110.197.126', 'timestamp': 1670343233.602667, 'message': 'Dec  6 18:13:52 hqnl0246134 sshd[241449]: Disconnected from invalid user admin 202.110.197.126 port 57446 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 18:13:55,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343235.605316, 'message': 'Dec  6 18:13:54 hqnl0246134 sshd[241447]: Failed password for root from 61.177.173.18 port 20358 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:13:59,320] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:13:59,321] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:13:59,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:13:59,342] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 18:14:09,378] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:14:09,403] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-06 18:14:17,797] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:14:17,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:14:17,805] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:14:17,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 18:14:20,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:14:20,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:14:20,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:14:20,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 18:14:20,953] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:14:20,954] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:14:20,954] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 18:14:27,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343267.6917017, 'message': 'Dec  6 18:14:27 hqnl0246134 sshd[241509]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.212.233.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 18:14:27,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343267.6921341, 'message': 'Dec  6 18:14:27 hqnl0246134 sshd[241509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.233.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:14:29,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343269.69586, 'message': 'Dec  6 18:14:29 hqnl0246134 sshd[241509]: Failed password for root from 125.212.233.50 port 44536 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:14:31,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343271.6983056, 'message': 'Dec  6 18:14:29 hqnl0246134 sshd[241519]: Invalid user zxin10 from 123.30.249.87 port 50624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:14:31,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343271.6986322, 'message': 'Dec  6 18:14:30 hqnl0246134 sshd[241519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:14:31,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343271.6987996, 'message': 'Dec  6 18:14:30 hqnl0246134 sshd[241519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:14:33,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343273.700271, 'message': 'Dec  6 18:14:32 hqnl0246134 sshd[241519]: Failed password for invalid user zxin10 from 123.30.249.87 port 50624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 18:14:33,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670343273.7005172, 'message': 'Dec  6 18:14:33 hqnl0246134 sshd[241519]: Disconnected from invalid user zxin10 123.30.249.87 port 50624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-06 18:14:37,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343277.7089162, 'message': 'Dec  6 18:14:35 hqnl0246134 sshd[241533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:14:37,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343277.7093112, 'message': 'Dec  6 18:14:35 hqnl0246134 sshd[241533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 18:14:37,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343277.7095547, 'message': 'Dec  6 18:14:37 hqnl0246134 sshd[241533]: Failed password for root from 61.177.173.18 port 63873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:14:41,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343281.7161357, 'message': 'Dec  6 18:14:39 hqnl0246134 sshd[241533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 18:14:43,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343283.7189147, 'message': 'Dec  6 18:14:41 hqnl0246134 sshd[241533]: Failed password for root from 61.177.173.18 port 63873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:14:43,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343283.7191253, 'message': 'Dec  6 18:14:42 hqnl0246134 sshd[241533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:14:43,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343283.719263, 'message': 'Dec  6 18:14:43 hqnl0246134 sshd[241533]: Failed password for root from 61.177.173.18 port 63873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 18:14:47,832] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:14:47,833] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:15:09,397] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:15:09,440] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0601 seconds
INFO    [2022-12-06 18:15:11,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343311.791074, 'message': 'Dec  6 18:15:11 hqnl0246134 sshd[241576]: Invalid user mosquitto from 122.164.86.17 port 29063', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 18:15:11,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343311.7913404, 'message': 'Dec  6 18:15:11 hqnl0246134 sshd[241576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.164.86.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:15:11,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343311.7914822, 'message': 'Dec  6 18:15:11 hqnl0246134 sshd[241576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.164.86.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:15:13,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343313.7963653, 'message': 'Dec  6 18:15:13 hqnl0246134 sshd[241576]: Failed password for invalid user mosquitto from 122.164.86.17 port 29063 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:15:17,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:15:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:15:17,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:15:17,889] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0399 seconds
INFO    [2022-12-06 18:15:17,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343317.8510666, 'message': 'Dec  6 18:15:15 hqnl0246134 sshd[241576]: Disconnected from invalid user mosquitto 122.164.86.17 port 29063 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 18:15:18,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:15:18,563] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:15:18,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:15:18,584] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:15:20,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:15:20,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:15:20,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:15:20,706] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 18:15:23,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343323.8189423, 'message': 'Dec  6 18:15:22 hqnl0246134 sshd[241601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 18:15:23,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343323.819363, 'message': 'Dec  6 18:15:22 hqnl0246134 sshd[241601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 18:15:25,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343325.8208482, 'message': 'Dec  6 18:15:24 hqnl0246134 sshd[241601]: Failed password for root from 61.177.173.18 port 34739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:15:25,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343325.821096, 'message': 'Dec  6 18:15:24 hqnl0246134 sshd[241601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:15:25,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343325.8255875, 'message': 'Dec  6 18:15:25 hqnl0246134 sshd[241601]: Failed password for root from 61.177.173.18 port 34739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:15:27,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343327.8236103, 'message': 'Dec  6 18:15:26 hqnl0246134 sshd[241601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:15:29,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343329.826454, 'message': 'Dec  6 18:15:28 hqnl0246134 sshd[241604]: Invalid user adminuser from 134.209.109.149 port 53434', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 18:15:29,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343329.827652, 'message': 'Dec  6 18:15:28 hqnl0246134 sshd[241601]: Failed password for root from 61.177.173.18 port 34739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 18:15:29,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343329.826792, 'message': 'Dec  6 18:15:28 hqnl0246134 sshd[241604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.109.149 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:15:29,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343329.8269548, 'message': 'Dec  6 18:15:28 hqnl0246134 sshd[241604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.109.149 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:15:31,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343331.8324087, 'message': 'Dec  6 18:15:31 hqnl0246134 sshd[241604]: Failed password for invalid user adminuser from 134.209.109.149 port 53434 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:15:33,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343333.8339334, 'message': 'Dec  6 18:15:32 hqnl0246134 sshd[241604]: Disconnected from invalid user adminuser 134.209.109.149 port 53434 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 18:15:47,840] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:15:47,840] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:15:51,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343351.8700645, 'message': 'Dec  6 18:15:51 hqnl0246134 sshd[241619]: Invalid user jw from 43.153.72.25 port 47200', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 18:15:51,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343351.8702822, 'message': 'Dec  6 18:15:51 hqnl0246134 sshd[241619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.72.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:15:51,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343351.87043, 'message': 'Dec  6 18:15:51 hqnl0246134 sshd[241619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.72.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:15:53,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343353.8727517, 'message': 'Dec  6 18:15:53 hqnl0246134 sshd[241619]: Failed password for invalid user jw from 43.153.72.25 port 47200 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:15:55,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343355.8739398, 'message': 'Dec  6 18:15:55 hqnl0246134 sshd[241619]: Disconnected from invalid user jw 43.153.72.25 port 47200 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 18:16:09,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:16:09,419] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 18:16:11,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343371.9055357, 'message': 'Dec  6 18:16:10 hqnl0246134 sshd[241642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-06 18:16:11,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343371.9058573, 'message': 'Dec  6 18:16:10 hqnl0246134 sshd[241642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 18:16:13,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343373.907692, 'message': 'Dec  6 18:16:12 hqnl0246134 sshd[241642]: Failed password for root from 61.177.173.18 port 63410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 18:16:15,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343375.9100244, 'message': 'Dec  6 18:16:14 hqnl0246134 sshd[241642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:16:17,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343377.9132674, 'message': 'Dec  6 18:16:16 hqnl0246134 sshd[241642]: Failed password for root from 61.177.173.18 port 63410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:16:17,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343377.9135451, 'message': 'Dec  6 18:16:16 hqnl0246134 sshd[241642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:16:18,515] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:16:18,516] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:16:18,525] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:16:18,538] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 18:16:19,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343379.9178724, 'message': 'Dec  6 18:16:19 hqnl0246134 sshd[241642]: Failed password for root from 61.177.173.18 port 63410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:16:19,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343379.9181619, 'message': 'Dec  6 18:16:19 hqnl0246134 sshd[241646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 18:16:19,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343379.9183238, 'message': 'Dec  6 18:16:19 hqnl0246134 sshd[241646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:16:21,253] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:16:21,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:16:21,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:16:21,287] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 18:16:21,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343381.9191751, 'message': 'Dec  6 18:16:20 hqnl0246134 sshd[241654]: Invalid user rust from 14.161.12.119 port 55502', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 18:16:21,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343381.9199095, 'message': 'Dec  6 18:16:21 hqnl0246134 sshd[241646]: Failed password for root from 96.43.99.83 port 60532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 18:16:21,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343381.919488, 'message': 'Dec  6 18:16:20 hqnl0246134 sshd[241654]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.12.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:16:22,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343381.919714, 'message': 'Dec  6 18:16:20 hqnl0246134 sshd[241654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.12.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:16:23,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343383.9232104, 'message': 'Dec  6 18:16:22 hqnl0246134 sshd[241654]: Failed password for invalid user rust from 14.161.12.119 port 55502 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 18:16:23,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343383.9235778, 'message': 'Dec  6 18:16:23 hqnl0246134 sshd[241654]: Disconnected from invalid user rust 14.161.12.119 port 55502 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 18:16:47,852] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:16:47,853] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:17:02,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343422.036175, 'message': 'Dec  6 18:17:00 hqnl0246134 sshd[241681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 18:17:02,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343422.0367444, 'message': 'Dec  6 18:17:00 hqnl0246134 sshd[241681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:17:04,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343424.0369043, 'message': 'Dec  6 18:17:02 hqnl0246134 sshd[241681]: Failed password for root from 61.177.173.18 port 39608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:17:06,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343426.0463567, 'message': 'Dec  6 18:17:05 hqnl0246134 sshd[241681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:17:08,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343428.0494766, 'message': 'Dec  6 18:17:07 hqnl0246134 sshd[241681]: Failed password for root from 61.177.173.18 port 39608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 18:17:09,399] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:17:09,422] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-06 18:17:10,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343430.051908, 'message': 'Dec  6 18:17:09 hqnl0246134 sshd[241681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 18:17:12,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343432.0545728, 'message': 'Dec  6 18:17:11 hqnl0246134 sshd[241681]: Failed password for root from 61.177.173.18 port 39608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 18:17:16,458] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:17:16,459] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:17:16,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:17:16,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 18:17:17,983] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:17:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:17:17,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:17:18,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-06 18:17:20,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:17:20,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:17:20,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:17:20,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
WARNING [2022-12-06 18:17:47,860] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:17:47,861] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:17:50,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343470.1178038, 'message': 'Dec  6 18:17:49 hqnl0246134 sshd[241738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 18:17:50,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343470.1186302, 'message': 'Dec  6 18:17:49 hqnl0246134 sshd[241738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 18:17:52,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343472.117842, 'message': 'Dec  6 18:17:51 hqnl0246134 sshd[241738]: Failed password for root from 61.177.173.18 port 14812 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 18:17:52,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343472.1180227, 'message': 'Dec  6 18:17:52 hqnl0246134 sshd[241738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:17:56,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343476.1293917, 'message': 'Dec  6 18:17:54 hqnl0246134 sshd[241738]: Failed password for root from 61.177.173.18 port 14812 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 18:17:58,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343478.129857, 'message': 'Dec  6 18:17:56 hqnl0246134 sshd[241738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:18:00,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343480.1319869, 'message': 'Dec  6 18:17:58 hqnl0246134 sshd[241738]: Failed password for root from 61.177.173.18 port 14812 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 18:18:09,405] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:18:09,431] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0371 seconds
INFO    [2022-12-06 18:18:17,880] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:18:17,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:18:17,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:18:17,900] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 18:18:20,655] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:18:20,656] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:18:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:18:20,678] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 18:18:32,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343512.1851096, 'message': 'Dec  6 18:18:30 hqnl0246134 sshd[241805]: Invalid user utente from 84.46.253.201 port 56986', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0571 seconds
INFO    [2022-12-06 18:18:32,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343512.1855416, 'message': 'Dec  6 18:18:30 hqnl0246134 sshd[241805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.46.253.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 18:18:32,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343512.1857138, 'message': 'Dec  6 18:18:30 hqnl0246134 sshd[241805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.46.253.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0629 seconds
INFO    [2022-12-06 18:18:34,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343514.186829, 'message': 'Dec  6 18:18:32 hqnl0246134 sshd[241805]: Failed password for invalid user utente from 84.46.253.201 port 56986 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:18:34,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343514.1871524, 'message': 'Dec  6 18:18:33 hqnl0246134 sshd[241812]: Invalid user anjana from 122.164.86.17 port 1326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 18:18:34,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343514.1873987, 'message': 'Dec  6 18:18:33 hqnl0246134 sshd[241805]: Disconnected from invalid user utente 84.46.253.201 port 56986 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 18:18:34,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343514.1876376, 'message': 'Dec  6 18:18:33 hqnl0246134 sshd[241812]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.164.86.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 18:18:34,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343514.1878295, 'message': 'Dec  6 18:18:33 hqnl0246134 sshd[241812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.164.86.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:18:36,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343516.1880875, 'message': 'Dec  6 18:18:35 hqnl0246134 sshd[241812]: Failed password for invalid user anjana from 122.164.86.17 port 1326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:18:36,284] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:18:36,284] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:18:36,291] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:18:36,302] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 18:18:38,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343518.1935518, 'message': 'Dec  6 18:18:36 hqnl0246134 sshd[241812]: Disconnected from invalid user anjana 122.164.86.17 port 1326 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 18:18:40,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343520.197634, 'message': 'Dec  6 18:18:38 hqnl0246134 sshd[241819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:18:40,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343520.198042, 'message': 'Dec  6 18:18:38 hqnl0246134 sshd[241819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:18:42,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343522.199859, 'message': 'Dec  6 18:18:40 hqnl0246134 sshd[241819]: Failed password for root from 61.177.173.18 port 44101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:18:44,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343524.2023244, 'message': 'Dec  6 18:18:43 hqnl0246134 sshd[241819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:18:46,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343526.2052007, 'message': 'Dec  6 18:18:44 hqnl0246134 sshd[241819]: Failed password for root from 61.177.173.18 port 44101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:18:46,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343526.2055726, 'message': 'Dec  6 18:18:45 hqnl0246134 sshd[241819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 18:18:47,864] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:18:47,865] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:18:48,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343528.20898, 'message': 'Dec  6 18:18:47 hqnl0246134 sshd[241819]: Failed password for root from 61.177.173.18 port 44101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 18:18:50,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343530.2115185, 'message': 'Dec  6 18:18:48 hqnl0246134 sshd[241824]: Invalid user operator from 43.153.72.25 port 52030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 18:18:50,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343530.2118056, 'message': 'Dec  6 18:18:48 hqnl0246134 sshd[241824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.72.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:18:50,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343530.2119765, 'message': 'Dec  6 18:18:48 hqnl0246134 sshd[241824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.72.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:18:52,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343532.213527, 'message': 'Dec  6 18:18:50 hqnl0246134 sshd[241824]: Failed password for invalid user operator from 43.153.72.25 port 52030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 18:18:52,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343532.2138793, 'message': 'Dec  6 18:18:51 hqnl0246134 sshd[241824]: Disconnected from invalid user operator 43.153.72.25 port 52030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 18:18:54,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343534.2141519, 'message': 'Dec  6 18:18:52 hqnl0246134 sshd[241826]: Invalid user lhy from 103.27.236.73 port 39752', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 18:18:54,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343534.2144632, 'message': 'Dec  6 18:18:52 hqnl0246134 sshd[241826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.27.236.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:18:54,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343534.2146409, 'message': 'Dec  6 18:18:52 hqnl0246134 sshd[241826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.236.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:18:56,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343536.2169654, 'message': 'Dec  6 18:18:54 hqnl0246134 sshd[241826]: Failed password for invalid user lhy from 103.27.236.73 port 39752 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:18:56,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343536.2171745, 'message': 'Dec  6 18:18:55 hqnl0246134 sshd[241826]: Disconnected from invalid user lhy 103.27.236.73 port 39752 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:19:04,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343544.2278273, 'message': 'Dec  6 18:19:03 hqnl0246134 sshd[241852]: Invalid user test from 161.35.24.244 port 56224', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 18:19:04,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343544.228205, 'message': 'Dec  6 18:19:03 hqnl0246134 sshd[241852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.24.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 18:19:04,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343544.228491, 'message': 'Dec  6 18:19:03 hqnl0246134 sshd[241852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:19:06,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343546.2309504, 'message': 'Dec  6 18:19:05 hqnl0246134 sshd[241852]: Failed password for invalid user test from 161.35.24.244 port 56224 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 18:19:06,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343546.2311997, 'message': 'Dec  6 18:19:05 hqnl0246134 sshd[241852]: Disconnected from invalid user test 161.35.24.244 port 56224 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 18:19:09,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:19:09,448] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-06 18:19:18,014] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:19:18,015] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:19:18,024] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:19:18,039] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 18:19:20,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:19:20,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:19:20,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:19:20,627] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 18:19:24,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670343564.2632003, 'message': 'Dec  6 18:19:22 hqnl0246134 sshd[241834]: Invalid user fuckyou from 102.219.33.178 port 33090', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 18:19:24,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.219.33.178', 'timestamp': 1670343564.2635543, 'message': 'Dec  6 18:19:23 hqnl0246134 sshd[241834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.219.33.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 18:19:24,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.219.33.178', 'timestamp': 1670343564.2637653, 'message': 'Dec  6 18:19:23 hqnl0246134 sshd[241834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.219.33.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:19:26,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670343566.2648053, 'message': 'Dec  6 18:19:24 hqnl0246134 sshd[241834]: Failed password for invalid user fuckyou from 102.219.33.178 port 33090 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:19:26,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670343566.2650497, 'message': 'Dec  6 18:19:25 hqnl0246134 sshd[241834]: Disconnected from invalid user fuckyou 102.219.33.178 port 33090 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:19:30,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343570.2724164, 'message': 'Dec  6 18:19:29 hqnl0246134 sshd[241865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0680 seconds
INFO    [2022-12-06 18:19:30,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343570.2728798, 'message': 'Dec  6 18:19:29 hqnl0246134 sshd[241865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 18:19:32,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343572.2733097, 'message': 'Dec  6 18:19:31 hqnl0246134 sshd[241865]: Failed password for root from 61.177.173.18 port 28783 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 18:19:32,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343572.2736385, 'message': 'Dec  6 18:19:32 hqnl0246134 sshd[241865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:19:34,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343574.2741914, 'message': 'Dec  6 18:19:33 hqnl0246134 sshd[241865]: Failed password for root from 61.177.173.18 port 28783 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 18:19:34,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343574.274502, 'message': 'Dec  6 18:19:34 hqnl0246134 sshd[241868]: Invalid user sergey from 96.43.99.83 port 59248', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 18:19:34,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343574.274657, 'message': 'Dec  6 18:19:34 hqnl0246134 sshd[241868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:19:34,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343574.2748497, 'message': 'Dec  6 18:19:34 hqnl0246134 sshd[241868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:19:36,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343576.2768118, 'message': 'Dec  6 18:19:34 hqnl0246134 sshd[241865]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 18:19:36,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343576.2770483, 'message': 'Dec  6 18:19:35 hqnl0246134 sshd[241868]: Failed password for invalid user sergey from 96.43.99.83 port 59248 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:19:36,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343576.2771788, 'message': 'Dec  6 18:19:35 hqnl0246134 sshd[241865]: Failed password for root from 61.177.173.18 port 28783 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 18:19:38,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670343578.281261, 'message': 'Dec  6 18:19:36 hqnl0246134 sshd[241868]: Disconnected from invalid user sergey 96.43.99.83 port 59248 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:19:38,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2815425, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241878]: Invalid user pi from 98.40.14.28 port 37170', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 18:19:38,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2816944, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241879]: Invalid user pi from 98.40.14.28 port 37172', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:19:38,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2818055, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.40.14.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:19:38,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2819583, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.40.14.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:19:38,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2820873, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.40.14.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:19:38,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343578.2822013, 'message': 'Dec  6 18:19:37 hqnl0246134 sshd[241879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.40.14.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:19:40,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343580.2824998, 'message': 'Dec  6 18:19:39 hqnl0246134 sshd[241878]: Failed password for invalid user pi from 98.40.14.28 port 37170 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:19:40,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.40.14.28', 'timestamp': 1670343580.2827978, 'message': 'Dec  6 18:19:39 hqnl0246134 sshd[241879]: Failed password for invalid user pi from 98.40.14.28 port 37172 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:19:42,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343582.284581, 'message': 'Dec  6 18:19:41 hqnl0246134 sshd[241882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.12.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:19:42,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343582.2848506, 'message': 'Dec  6 18:19:41 hqnl0246134 sshd[241882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.12.119  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:19:42,722] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:19:42,722] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:19:42,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:19:42,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 18:19:44,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343584.287272, 'message': 'Dec  6 18:19:43 hqnl0246134 sshd[241882]: Failed password for root from 14.161.12.119 port 44952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 18:19:47,920] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:19:47,921] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:20:00,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343600.3696601, 'message': 'Dec  6 18:19:59 hqnl0246134 sshd[241892]: Invalid user cubrid from 134.209.109.149 port 54500', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0982 seconds
INFO    [2022-12-06 18:20:00,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343600.3700705, 'message': 'Dec  6 18:19:59 hqnl0246134 sshd[241892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.109.149 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:20:00,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343600.3702366, 'message': 'Dec  6 18:19:59 hqnl0246134 sshd[241892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.109.149 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:20:02,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343602.3469744, 'message': 'Dec  6 18:20:02 hqnl0246134 sshd[241892]: Failed password for invalid user cubrid from 134.209.109.149 port 54500 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 18:20:02,550] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:20:02,652] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:20:02,653] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:20:02,654] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:20:02,654] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:20:02,654] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:20:02,668] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:20:02,692] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0376 seconds
WARNING [2022-12-06 18:20:02,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:20:02,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:20:02,736] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0523 seconds
INFO    [2022-12-06 18:20:02,738] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0494 seconds
INFO    [2022-12-06 18:20:04,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343604.3492613, 'message': 'Dec  6 18:20:04 hqnl0246134 sshd[241892]: Disconnected from invalid user cubrid 134.209.109.149 port 54500 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 18:20:09,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:20:09,445] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0406 seconds
INFO    [2022-12-06 18:20:18,199] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:20:18,200] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:20:18,210] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:20:18,223] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 18:20:18,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343618.3661897, 'message': 'Dec  6 18:20:17 hqnl0246134 sshd[241932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:20:18,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343618.366493, 'message': 'Dec  6 18:20:17 hqnl0246134 sshd[241932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:20:20,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343620.3696053, 'message': 'Dec  6 18:20:19 hqnl0246134 sshd[241932]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 18:20:20,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:20:20,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:20:20,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:20:20,964] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 18:20:22,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343622.3737218, 'message': 'Dec  6 18:20:22 hqnl0246134 sshd[241932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:20:26,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343626.3828025, 'message': 'Dec  6 18:20:24 hqnl0246134 sshd[241932]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 18:20:28,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343628.3835, 'message': 'Dec  6 18:20:26 hqnl0246134 sshd[241932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:20:28,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343628.3837497, 'message': 'Dec  6 18:20:28 hqnl0246134 sshd[241932]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 18:20:33,442] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:20:33,443] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:20:33,444] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 18:20:47,923] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:20:47,924] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:21:00,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.152.214.252', 'timestamp': 1670343660.4658453, 'message': 'Dec  6 18:21:00 hqnl0246134 sshd[241961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.152.214.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 18:21:00,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.152.214.252', 'timestamp': 1670343660.4666147, 'message': 'Dec  6 18:21:00 hqnl0246134 sshd[241961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.214.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:21:02,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '194.152.214.252', 'timestamp': 1670343662.4679422, 'message': 'Dec  6 18:21:02 hqnl0246134 sshd[241961]: Failed password for root from 194.152.214.252 port 54765 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:21:04,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343664.472527, 'message': 'Dec  6 18:21:03 hqnl0246134 sshd[241978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 18:21:04,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343664.4728043, 'message': 'Dec  6 18:21:03 hqnl0246134 sshd[241978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:21:06,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343666.4750943, 'message': 'Dec  6 18:21:05 hqnl0246134 sshd[241978]: Failed password for root from 61.177.173.18 port 20940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 18:21:07,015] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:21:07,016] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:21:07,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:21:07,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-06 18:21:08,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343668.4777606, 'message': 'Dec  6 18:21:08 hqnl0246134 sshd[241978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-06 18:21:09,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:21:09,455] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-06 18:21:10,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343670.4803698, 'message': 'Dec  6 18:21:10 hqnl0246134 sshd[241978]: Failed password for root from 61.177.173.18 port 20940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:21:14,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343674.482961, 'message': 'Dec  6 18:21:12 hqnl0246134 sshd[241978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 18:21:14,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343674.4832578, 'message': 'Dec  6 18:21:13 hqnl0246134 sshd[241986]: Invalid user admin from 124.154.86.134 port 60011', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:21:14,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343674.483472, 'message': 'Dec  6 18:21:13 hqnl0246134 sshd[241986]: Failed none for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 18:21:14,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343674.4840918, 'message': 'Dec  6 18:21:14 hqnl0246134 sshd[241978]: Failed password for root from 61.177.173.18 port 20940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 18:21:14,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343674.4837143, 'message': 'Dec  6 18:21:14 hqnl0246134 sshd[241986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.154.86.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:21:14,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343674.483914, 'message': 'Dec  6 18:21:14 hqnl0246134 sshd[241986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.154.86.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:21:16,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343676.4875684, 'message': 'Dec  6 18:21:15 hqnl0246134 sshd[241986]: Failed password for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:21:16,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343676.4878051, 'message': 'Dec  6 18:21:16 hqnl0246134 sshd[241986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.154.86.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:21:17,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:21:17,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:21:17,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:21:17,858] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 18:21:18,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343678.4895897, 'message': 'Dec  6 18:21:17 hqnl0246134 sshd[241986]: Failed password for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:21:18,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343678.4898422, 'message': 'Dec  6 18:21:18 hqnl0246134 sshd[241986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.154.86.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:21:20,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343680.492043, 'message': 'Dec  6 18:21:19 hqnl0246134 sshd[241986]: Failed password for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:21:20,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343680.492239, 'message': 'Dec  6 18:21:20 hqnl0246134 sshd[241986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.154.86.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 18:21:20,743] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:21:20,744] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:21:20,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:21:20,764] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 18:21:22,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343682.4943523, 'message': 'Dec  6 18:21:22 hqnl0246134 sshd[241986]: Failed password for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:21:24,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343684.497886, 'message': 'Dec  6 18:21:22 hqnl0246134 sshd[241986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.154.86.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:21:26,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343686.5022998, 'message': 'Dec  6 18:21:24 hqnl0246134 sshd[241986]: Failed password for invalid user admin from 124.154.86.134 port 60011 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 18:21:26,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343686.5025816, 'message': 'Dec  6 18:21:26 hqnl0246134 sshd[241986]: error: maximum authentication attempts exceeded for invalid user admin from 124.154.86.134 port 60011 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:21:26,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.154.86.134', 'timestamp': 1670343686.5028048, 'message': 'Dec  6 18:21:26 hqnl0246134 sshd[241986]: Disconnecting invalid user admin 124.154.86.134 port 60011: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:21:32,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343692.5101092, 'message': 'Dec  6 18:21:31 hqnl0246134 sshd[242014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.72.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 18:21:32,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343692.5104597, 'message': 'Dec  6 18:21:31 hqnl0246134 sshd[242014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.72.25  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:21:34,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.72.25', 'timestamp': 1670343694.5132732, 'message': 'Dec  6 18:21:33 hqnl0246134 sshd[242014]: Failed password for root from 43.153.72.25 port 41254 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 18:21:42,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343702.5224664, 'message': 'Dec  6 18:21:41 hqnl0246134 sshd[242021]: Invalid user zte from 84.46.253.201 port 51274', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:21:42,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343702.5228467, 'message': 'Dec  6 18:21:41 hqnl0246134 sshd[242021]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.46.253.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:21:42,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343702.522989, 'message': 'Dec  6 18:21:41 hqnl0246134 sshd[242021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.46.253.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:21:44,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343704.5282161, 'message': 'Dec  6 18:21:43 hqnl0246134 sshd[242021]: Failed password for invalid user zte from 84.46.253.201 port 51274 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:21:46,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343706.5336385, 'message': 'Dec  6 18:21:45 hqnl0246134 sshd[242021]: Disconnected from invalid user zte 84.46.253.201 port 51274 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
WARNING [2022-12-06 18:21:47,928] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:21:47,928] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:21:48,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343708.6250072, 'message': 'Dec  6 18:21:48 hqnl0246134 sshd[242024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.88.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0704 seconds
INFO    [2022-12-06 18:21:48,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343708.625345, 'message': 'Dec  6 18:21:48 hqnl0246134 sshd[242024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.88.244  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 18:21:50,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343710.540892, 'message': 'Dec  6 18:21:49 hqnl0246134 sshd[242024]: Failed password for root from 178.128.88.244 port 32790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:21:52,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343712.5463684, 'message': 'Dec  6 18:21:51 hqnl0246134 sshd[242035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 18:21:52,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343712.5465827, 'message': 'Dec  6 18:21:51 hqnl0246134 sshd[242035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 18:21:53,381] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 18:21:54,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343714.5535254, 'message': 'Dec  6 18:21:53 hqnl0246134 sshd[242035]: Failed password for root from 61.177.173.18 port 57669 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 18:21:54,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343714.5539925, 'message': 'Dec  6 18:21:53 hqnl0246134 sshd[242035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:21:56,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343716.5575948, 'message': 'Dec  6 18:21:55 hqnl0246134 sshd[242035]: Failed password for root from 61.177.173.18 port 57669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 18:21:56,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343716.5582542, 'message': 'Dec  6 18:21:56 hqnl0246134 sshd[242035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:21:58,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343718.561405, 'message': 'Dec  6 18:21:57 hqnl0246134 sshd[242068]: Invalid user localhost from 161.35.24.244 port 46138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 18:21:58,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343718.5625412, 'message': 'Dec  6 18:21:57 hqnl0246134 sshd[242035]: Failed password for root from 61.177.173.18 port 57669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 18:21:58,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343718.5616817, 'message': 'Dec  6 18:21:57 hqnl0246134 sshd[242068]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.24.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:21:58,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343718.5624018, 'message': 'Dec  6 18:21:57 hqnl0246134 sshd[242068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:22:00,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343720.5659316, 'message': 'Dec  6 18:21:59 hqnl0246134 sshd[242068]: Failed password for invalid user localhost from 161.35.24.244 port 46138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 18:22:00,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343720.566211, 'message': 'Dec  6 18:21:59 hqnl0246134 sshd[242068]: Disconnected from invalid user localhost 161.35.24.244 port 46138 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 18:22:06,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343726.5860598, 'message': 'Dec  6 18:22:04 hqnl0246134 sshd[242086]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.164.86.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 18:22:06,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343726.5865161, 'message': 'Dec  6 18:22:04 hqnl0246134 sshd[242086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.164.86.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:22:08,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.164.86.17', 'timestamp': 1670343728.595517, 'message': 'Dec  6 18:22:07 hqnl0246134 sshd[242086]: Failed password for root from 122.164.86.17 port 6198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 18:22:09,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:22:09,451] defence360agent.internals.the_sink: SensorIncidentList(<22 item(s)>) processed in 0.0391 seconds
INFO    [2022-12-06 18:22:19,654] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:22:19,655] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:22:19,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:22:19,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1020 seconds
INFO    [2022-12-06 18:22:24,629] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:22:24,630] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:22:24,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:22:24,648] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 18:22:30,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343750.6367228, 'message': 'Dec  6 18:22:30 hqnl0246134 sshd[242120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.33.182.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:22:30,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343750.6370008, 'message': 'Dec  6 18:22:30 hqnl0246134 sshd[242120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.182.8  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 18:22:32,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343752.6404548, 'message': 'Dec  6 18:22:31 hqnl0246134 sshd[242120]: Failed password for root from 178.33.182.8 port 59320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 18:22:36,529] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:22:36,529] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:22:36,537] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:22:36,548] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 18:22:40,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343760.659525, 'message': 'Dec  6 18:22:40 hqnl0246134 sshd[242135]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:22:40,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343760.659835, 'message': 'Dec  6 18:22:40 hqnl0246134 sshd[242135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:22:42,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343762.6618848, 'message': 'Dec  6 18:22:42 hqnl0246134 sshd[242135]: Failed password for root from 61.177.173.18 port 41113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:22:46,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343766.6724038, 'message': 'Dec  6 18:22:44 hqnl0246134 sshd[242135]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 18:22:47,934] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:22:47,934] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:22:48,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343768.6771982, 'message': 'Dec  6 18:22:47 hqnl0246134 sshd[242135]: Failed password for root from 61.177.173.18 port 41113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:22:48,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343768.677453, 'message': 'Dec  6 18:22:48 hqnl0246134 sshd[242140]: Invalid user g from 14.161.12.119 port 34416', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:22:48,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343768.6775694, 'message': 'Dec  6 18:22:48 hqnl0246134 sshd[242140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.161.12.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:22:48,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343768.6777334, 'message': 'Dec  6 18:22:48 hqnl0246134 sshd[242140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.12.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:22:50,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343770.677741, 'message': 'Dec  6 18:22:49 hqnl0246134 sshd[242135]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:22:50,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343770.6814923, 'message': 'Dec  6 18:22:50 hqnl0246134 sshd[242140]: Failed password for invalid user g from 14.161.12.119 port 34416 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:22:52,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343772.6806095, 'message': 'Dec  6 18:22:51 hqnl0246134 sshd[242135]: Failed password for root from 61.177.173.18 port 41113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 18:22:52,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.161.12.119', 'timestamp': 1670343772.6857228, 'message': 'Dec  6 18:22:52 hqnl0246134 sshd[242140]: Disconnected from invalid user g 14.161.12.119 port 34416 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 18:22:54,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343774.6845508, 'message': 'Dec  6 18:22:53 hqnl0246134 sshd[242142]: Invalid user uftp from 103.27.236.73 port 57432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 18:22:54,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343774.686423, 'message': 'Dec  6 18:22:54 hqnl0246134 sshd[242142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.27.236.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:22:54,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343774.6865969, 'message': 'Dec  6 18:22:54 hqnl0246134 sshd[242142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.236.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:22:56,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343776.6884792, 'message': 'Dec  6 18:22:55 hqnl0246134 sshd[242142]: Failed password for invalid user uftp from 103.27.236.73 port 57432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 18:22:58,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343778.6912165, 'message': 'Dec  6 18:22:57 hqnl0246134 sshd[242142]: Disconnected from invalid user uftp 103.27.236.73 port 57432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:23:02,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343782.7012289, 'message': 'Dec  6 18:23:02 hqnl0246134 sshd[242154]: Invalid user test from 134.209.109.149 port 42844', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 18:23:02,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343782.7017426, 'message': 'Dec  6 18:23:02 hqnl0246134 sshd[242154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.109.149 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:23:02,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343782.7019148, 'message': 'Dec  6 18:23:02 hqnl0246134 sshd[242154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.109.149 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:23:06,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343786.7289882, 'message': 'Dec  6 18:23:05 hqnl0246134 sshd[242154]: Failed password for invalid user test from 134.209.109.149 port 42844 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 18:23:08,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343788.7375546, 'message': 'Dec  6 18:23:07 hqnl0246134 sshd[242154]: Disconnected from invalid user test 134.209.109.149 port 42844 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-06 18:23:09,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:23:09,457] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0385 seconds
INFO    [2022-12-06 18:23:10,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343790.7384682, 'message': 'Dec  6 18:23:09 hqnl0246134 sshd[242166]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.212.233.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:23:10,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343790.7386851, 'message': 'Dec  6 18:23:09 hqnl0246134 sshd[242166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.233.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:23:12,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.212.233.50', 'timestamp': 1670343792.7517874, 'message': 'Dec  6 18:23:11 hqnl0246134 sshd[242166]: Failed password for root from 125.212.233.50 port 41504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:23:17,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:23:17,940] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:23:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:23:17,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 18:23:22,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:23:22,821] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:23:22,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:23:22,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 18:23:30,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343810.7747605, 'message': 'Dec  6 18:23:28 hqnl0246134 sshd[242185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:23:30,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343810.775036, 'message': 'Dec  6 18:23:28 hqnl0246134 sshd[242185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:23:30,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343810.7751865, 'message': 'Dec  6 18:23:30 hqnl0246134 sshd[242185]: Failed password for root from 61.177.173.18 port 15841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:23:32,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343812.7755084, 'message': 'Dec  6 18:23:31 hqnl0246134 sshd[242185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 18:23:34,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343814.7766123, 'message': 'Dec  6 18:23:33 hqnl0246134 sshd[242185]: Failed password for root from 61.177.173.18 port 15841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 18:23:36,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343816.7781017, 'message': 'Dec  6 18:23:35 hqnl0246134 sshd[242185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:23:38,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343818.7794778, 'message': 'Dec  6 18:23:37 hqnl0246134 sshd[242185]: Failed password for root from 61.177.173.18 port 15841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 18:23:47,939] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:23:47,940] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:24:09,438] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:24:09,465] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0401 seconds
INFO    [2022-12-06 18:24:18,468] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:24:18,468] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:24:18,484] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:24:18,497] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 18:24:20,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343860.8267267, 'message': 'Dec  6 18:24:18 hqnl0246134 sshd[242235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 18:24:20,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343860.8270216, 'message': 'Dec  6 18:24:18 hqnl0246134 sshd[242235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:24:21,431] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:24:21,431] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:24:21,438] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:24:21,449] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 18:24:22,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343862.8288581, 'message': 'Dec  6 18:24:21 hqnl0246134 sshd[242235]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 18:24:24,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343864.8299236, 'message': 'Dec  6 18:24:23 hqnl0246134 sshd[242235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:24:26,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343866.8326027, 'message': 'Dec  6 18:24:25 hqnl0246134 sshd[242235]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:24:28,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343868.8341112, 'message': 'Dec  6 18:24:27 hqnl0246134 sshd[242235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 18:24:30,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343870.837429, 'message': 'Dec  6 18:24:29 hqnl0246134 sshd[242235]: Failed password for root from 61.177.173.18 port 50004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 18:24:30,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343870.8377552, 'message': 'Dec  6 18:24:30 hqnl0246134 sshd[242246]: Invalid user openbravo from 141.11.37.50 port 47344', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 18:24:30,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343870.837898, 'message': 'Dec  6 18:24:30 hqnl0246134 sshd[242246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.11.37.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:24:30,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343870.8380046, 'message': 'Dec  6 18:24:30 hqnl0246134 sshd[242246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.37.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 18:24:34,503] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:24:34,504] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:24:34,514] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:24:34,538] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-06 18:24:34,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343874.8411727, 'message': 'Dec  6 18:24:33 hqnl0246134 sshd[242246]: Failed password for invalid user openbravo from 141.11.37.50 port 47344 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 18:24:34,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670343874.8415046, 'message': 'Dec  6 18:24:33 hqnl0246134 sshd[242246]: Disconnected from invalid user openbravo 141.11.37.50 port 47344 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:24:38,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343878.8454616, 'message': 'Dec  6 18:24:36 hqnl0246134 sshd[242261]: Invalid user apple from 84.46.253.201 port 41364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:24:38,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343878.8459322, 'message': 'Dec  6 18:24:36 hqnl0246134 sshd[242261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.46.253.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 18:24:38,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343878.8461232, 'message': 'Dec  6 18:24:36 hqnl0246134 sshd[242261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.46.253.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:24:40,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343880.8469036, 'message': 'Dec  6 18:24:38 hqnl0246134 sshd[242261]: Failed password for invalid user apple from 84.46.253.201 port 41364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 18:24:40,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670343880.847303, 'message': 'Dec  6 18:24:40 hqnl0246134 sshd[242261]: Disconnected from invalid user apple 84.46.253.201 port 41364 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 18:24:44,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343884.8516006, 'message': 'Dec  6 18:24:43 hqnl0246134 sshd[242263]: Invalid user travis from 161.35.24.244 port 36050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:24:44,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343884.8518717, 'message': 'Dec  6 18:24:43 hqnl0246134 sshd[242263]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.24.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:24:44,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343884.8520107, 'message': 'Dec  6 18:24:43 hqnl0246134 sshd[242263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:24:46,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343886.85453, 'message': 'Dec  6 18:24:45 hqnl0246134 sshd[242263]: Failed password for invalid user travis from 161.35.24.244 port 36050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 18:24:47,943] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:24:47,944] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:24:48,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.24.244', 'timestamp': 1670343888.8583622, 'message': 'Dec  6 18:24:47 hqnl0246134 sshd[242263]: Disconnected from invalid user travis 161.35.24.244 port 36050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 18:25:04,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343904.8747551, 'message': 'Dec  6 18:25:03 hqnl0246134 sshd[242270]: Invalid user ben from 45.154.12.139 port 59942', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 18:25:04,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343904.8753915, 'message': 'Dec  6 18:25:03 hqnl0246134 sshd[242270]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.154.12.139 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 18:25:04,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343904.8756382, 'message': 'Dec  6 18:25:03 hqnl0246134 sshd[242270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.154.12.139 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 18:25:06,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343906.8763945, 'message': 'Dec  6 18:25:06 hqnl0246134 sshd[242270]: Failed password for invalid user ben from 45.154.12.139 port 59942 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:25:08,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343908.8811095, 'message': 'Dec  6 18:25:08 hqnl0246134 sshd[242298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 18:25:08,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343908.8815181, 'message': 'Dec  6 18:25:08 hqnl0246134 sshd[242298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 18:25:09,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:25:09,464] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-06 18:25:10,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670343910.8849862, 'message': 'Dec  6 18:25:09 hqnl0246134 sshd[242270]: Disconnected from invalid user ben 45.154.12.139 port 59942 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 18:25:12,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343912.886941, 'message': 'Dec  6 18:25:10 hqnl0246134 sshd[242298]: Failed password for root from 61.177.173.18 port 24214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:25:14,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343914.8909457, 'message': 'Dec  6 18:25:12 hqnl0246134 sshd[242298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:25:16,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343916.8935728, 'message': 'Dec  6 18:25:14 hqnl0246134 sshd[242298]: Failed password for root from 61.177.173.18 port 24214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 18:25:16,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343916.893889, 'message': 'Dec  6 18:25:15 hqnl0246134 sshd[242308]: Invalid user rahul from 178.128.88.244 port 49936', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:25:16,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343916.8937757, 'message': 'Dec  6 18:25:15 hqnl0246134 sshd[242298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-06 18:25:16,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343916.894003, 'message': 'Dec  6 18:25:15 hqnl0246134 sshd[242308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.88.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-06 18:25:16,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343916.8941054, 'message': 'Dec  6 18:25:15 hqnl0246134 sshd[242308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.88.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:25:17,985] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:25:17,985] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:25:17,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:25:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 18:25:18,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343918.8949711, 'message': 'Dec  6 18:25:17 hqnl0246134 sshd[242298]: Failed password for root from 61.177.173.18 port 24214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 18:25:18,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343918.895232, 'message': 'Dec  6 18:25:17 hqnl0246134 sshd[242308]: Failed password for invalid user rahul from 178.128.88.244 port 49936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 18:25:20,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:25:20,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:25:20,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:25:20,731] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 18:25:20,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670343920.8972855, 'message': 'Dec  6 18:25:19 hqnl0246134 sshd[242308]: Disconnected from invalid user rahul 178.128.88.244 port 49936 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 18:25:26,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343926.9023054, 'message': 'Dec  6 18:25:26 hqnl0246134 sshd[242326]: Invalid user tom from 178.33.182.8 port 59788', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:25:26,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343926.9025912, 'message': 'Dec  6 18:25:26 hqnl0246134 sshd[242326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.33.182.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:25:26,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343926.9028232, 'message': 'Dec  6 18:25:26 hqnl0246134 sshd[242326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.182.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:25:30,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343930.9059622, 'message': 'Dec  6 18:25:29 hqnl0246134 sshd[242326]: Failed password for invalid user tom from 178.33.182.8 port 59788 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 18:25:30,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.33.182.8', 'timestamp': 1670343930.9062507, 'message': 'Dec  6 18:25:30 hqnl0246134 sshd[242326]: Disconnected from invalid user tom 178.33.182.8 port 59788 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 18:25:47,947] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:25:47,950] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:25:59,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343958.9505877, 'message': 'Dec  6 18:25:58 hqnl0246134 sshd[242343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0596 seconds
INFO    [2022-12-06 18:25:59,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343958.9515955, 'message': 'Dec  6 18:25:58 hqnl0246134 sshd[242343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 18:26:00,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343960.9536633, 'message': 'Dec  6 18:25:59 hqnl0246134 sshd[242343]: Failed password for root from 61.177.173.18 port 54331 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:26:00,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343960.9540162, 'message': 'Dec  6 18:26:00 hqnl0246134 sshd[242343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:26:02,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343962.9539726, 'message': 'Dec  6 18:26:02 hqnl0246134 sshd[242343]: Failed password for root from 61.177.173.18 port 54331 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-06 18:26:04,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343964.9586189, 'message': 'Dec  6 18:26:03 hqnl0246134 sshd[242343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 18:26:06,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670343966.964738, 'message': 'Dec  6 18:26:05 hqnl0246134 sshd[242343]: Failed password for root from 61.177.173.18 port 54331 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 18:26:08,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343968.9677498, 'message': 'Dec  6 18:26:08 hqnl0246134 sshd[242364]: Invalid user jacky from 134.209.109.149 port 59420', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 18:26:09,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343968.9680457, 'message': 'Dec  6 18:26:08 hqnl0246134 sshd[242364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.109.149 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 18:26:09,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343968.968251, 'message': 'Dec  6 18:26:08 hqnl0246134 sshd[242364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.109.149 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-06 18:26:09,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:26:09,485] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0529 seconds
INFO    [2022-12-06 18:26:10,028] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:26:10,029] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:26:10,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:26:10,049] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 18:26:10,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343970.9698594, 'message': 'Dec  6 18:26:10 hqnl0246134 sshd[242364]: Failed password for invalid user jacky from 134.209.109.149 port 59420 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:26:12,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.109.149', 'timestamp': 1670343972.9730544, 'message': 'Dec  6 18:26:12 hqnl0246134 sshd[242364]: Disconnected from invalid user jacky 134.209.109.149 port 59420 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:26:17,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:26:17,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:26:17,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:26:17,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 18:26:20,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:26:20,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:26:20,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:26:20,834] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 18:26:31,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343990.9962924, 'message': 'Dec  6 18:26:29 hqnl0246134 sshd[242406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.27.236.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 18:26:31,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343990.9969044, 'message': 'Dec  6 18:26:29 hqnl0246134 sshd[242406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.236.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 18:26:31,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.27.236.73', 'timestamp': 1670343990.9970884, 'message': 'Dec  6 18:26:30 hqnl0246134 sshd[242406]: Failed password for root from 103.27.236.73 port 46878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:26:47,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344007.0118332, 'message': 'Dec  6 18:26:46 hqnl0246134 sshd[242421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 18:26:47,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344007.0126345, 'message': 'Dec  6 18:26:46 hqnl0246134 sshd[242421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 18:26:47,958] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:26:47,958] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:26:49,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344009.0110612, 'message': 'Dec  6 18:26:48 hqnl0246134 sshd[242421]: Failed password for root from 61.177.173.18 port 29815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:26:49,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344009.0112727, 'message': 'Dec  6 18:26:48 hqnl0246134 sshd[242421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:26:51,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344011.01324, 'message': 'Dec  6 18:26:50 hqnl0246134 sshd[242421]: Failed password for root from 61.177.173.18 port 29815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:26:55,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344015.0183322, 'message': 'Dec  6 18:26:53 hqnl0246134 sshd[242421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:26:55,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344015.0186794, 'message': 'Dec  6 18:26:55 hqnl0246134 sshd[242421]: Failed password for root from 61.177.173.18 port 29815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 18:27:09,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:27:09,474] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 18:27:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:27:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:27:17,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:27:17,892] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 18:27:19,222] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:27:19,293] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:27:19,294] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:27:19,294] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:27:19,294] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:27:19,294] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:27:19,303] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:27:19,318] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0234 seconds
WARNING [2022-12-06 18:27:19,325] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:27:19,327] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:27:19,345] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0319 seconds
INFO    [2022-12-06 18:27:19,347] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0314 seconds
INFO    [2022-12-06 18:27:20,728] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:27:20,729] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:27:20,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:27:20,747] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 18:27:25,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344045.0649638, 'message': 'Dec  6 18:27:23 hqnl0246134 sshd[242465]: Invalid user tang from 194.152.214.252 port 15717', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 18:27:25,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670344045.0658457, 'message': 'Dec  6 18:27:25 hqnl0246134 sshd[242468]: Invalid user zs from 84.46.253.201 port 59696', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 18:27:25,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344045.0655112, 'message': 'Dec  6 18:27:23 hqnl0246134 sshd[242465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.152.214.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 18:27:25,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.46.253.201', 'timestamp': 1670344045.0660088, 'message': 'Dec  6 18:27:25 hqnl0246134 sshd[242468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.46.253.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 18:27:25,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344045.0656402, 'message': 'Dec  6 18:27:23 hqnl0246134 sshd[242465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.214.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 18:27:25,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.46.253.201', 'timestamp': 1670344045.066202, 'message': 'Dec  6 18:27:25 hqnl0246134 sshd[242468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.46.253.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 18:27:27,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344047.0661342, 'message': 'Dec  6 18:27:25 hqnl0246134 sshd[242465]: Failed password for invalid user tang from 194.152.214.252 port 15717 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:27:27,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670344047.0664701, 'message': 'Dec  6 18:27:26 hqnl0246134 sshd[242468]: Failed password for invalid user zs from 84.46.253.201 port 59696 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 18:27:27,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344047.0663452, 'message': 'Dec  6 18:27:25 hqnl0246134 sshd[242465]: Disconnected from invalid user tang 194.152.214.252 port 15717 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:27:28,893] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:27:28,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:27:28,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:27:28,999] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0902 seconds
INFO    [2022-12-06 18:27:29,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.46.253.201', 'timestamp': 1670344049.0692508, 'message': 'Dec  6 18:27:28 hqnl0246134 sshd[242468]: Disconnected from invalid user zs 84.46.253.201 port 59696 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0785 seconds
INFO    [2022-12-06 18:27:35,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344055.0788865, 'message': 'Dec  6 18:27:33 hqnl0246134 sshd[242483]: Invalid user antoine from 45.154.12.139 port 40040', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 18:27:35,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344055.079712, 'message': 'Dec  6 18:27:33 hqnl0246134 sshd[242493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 18:27:35,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344055.0794227, 'message': 'Dec  6 18:27:33 hqnl0246134 sshd[242483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.154.12.139 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:27:35,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344055.0798457, 'message': 'Dec  6 18:27:33 hqnl0246134 sshd[242493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 18:27:35,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344055.0795853, 'message': 'Dec  6 18:27:33 hqnl0246134 sshd[242483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.154.12.139 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:27:37,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344057.081171, 'message': 'Dec  6 18:27:35 hqnl0246134 sshd[242483]: Failed password for invalid user antoine from 45.154.12.139 port 40040 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:27:37,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344057.081403, 'message': 'Dec  6 18:27:36 hqnl0246134 sshd[242493]: Failed password for root from 61.177.173.18 port 58694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 18:27:39,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344059.0841413, 'message': 'Dec  6 18:27:37 hqnl0246134 sshd[242483]: Disconnected from invalid user antoine 45.154.12.139 port 40040 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:27:39,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344059.0858119, 'message': 'Dec  6 18:27:38 hqnl0246134 sshd[242493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 18:27:41,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344061.0868697, 'message': 'Dec  6 18:27:40 hqnl0246134 sshd[242493]: Failed password for root from 61.177.173.18 port 58694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:27:41,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344061.0872564, 'message': 'Dec  6 18:27:40 hqnl0246134 sshd[242493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 18:27:43,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344063.089145, 'message': 'Dec  6 18:27:42 hqnl0246134 sshd[242493]: Failed password for root from 61.177.173.18 port 58694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 18:27:47,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344067.0941932, 'message': 'Dec  6 18:27:46 hqnl0246134 sshd[242497]: Invalid user tom from 141.11.37.50 port 34568', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:27:47,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344067.0944793, 'message': 'Dec  6 18:27:46 hqnl0246134 sshd[242497]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.11.37.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:27:47,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344067.0947106, 'message': 'Dec  6 18:27:46 hqnl0246134 sshd[242497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.37.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 18:27:47,964] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:27:47,965] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:27:49,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344069.0957968, 'message': 'Dec  6 18:27:47 hqnl0246134 sshd[242497]: Failed password for invalid user tom from 141.11.37.50 port 34568 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:27:49,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344069.095969, 'message': 'Dec  6 18:27:48 hqnl0246134 sshd[242497]: Disconnected from invalid user tom 141.11.37.50 port 34568 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:27:52,385] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:27:52,386] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:27:52,387] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 18:27:53,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670344073.0998445, 'message': 'Dec  6 18:27:52 hqnl0246134 sshd[242502]: Accepted publickey for root from 188.32.176.34 port 37220 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 18:27:59,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344079.1061635, 'message': 'Dec  6 18:27:58 hqnl0246134 sshd[242554]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.212.233.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 18:27:59,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344079.10641, 'message': 'Dec  6 18:27:58 hqnl0246134 sshd[242554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.233.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 18:28:01,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344081.1064446, 'message': 'Dec  6 18:28:00 hqnl0246134 sshd[242554]: Failed password for root from 125.212.233.50 port 58682 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 18:28:09,452] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:28:09,498] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0557 seconds
INFO    [2022-12-06 18:28:11,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344091.1222856, 'message': 'Dec  6 18:28:10 hqnl0246134 sshd[242601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.141.212.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 18:28:11,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344091.1226568, 'message': 'Dec  6 18:28:10 hqnl0246134 sshd[242601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.141.212.12  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 18:28:13,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344093.1286418, 'message': 'Dec  6 18:28:12 hqnl0246134 sshd[242601]: Failed password for root from 110.141.212.12 port 52164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:28:15,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.33.182.8', 'timestamp': 1670344095.129899, 'message': 'Dec  6 18:28:14 hqnl0246134 sshd[242609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.33.182.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:28:15,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.33.182.8', 'timestamp': 1670344095.13216, 'message': 'Dec  6 18:28:14 hqnl0246134 sshd[242609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.182.8  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:28:17,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.33.182.8', 'timestamp': 1670344097.1326652, 'message': 'Dec  6 18:28:15 hqnl0246134 sshd[242609]: Failed password for root from 178.33.182.8 port 60294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 18:28:18,115] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:28:18,115] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:28:18,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:28:18,138] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 18:28:20,873] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:28:20,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:28:20,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:28:20,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:28:23,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344103.1381273, 'message': 'Dec  6 18:28:23 hqnl0246134 sshd[242621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 18:28:23,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344103.1385136, 'message': 'Dec  6 18:28:23 hqnl0246134 sshd[242621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:28:25,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344105.1438127, 'message': 'Dec  6 18:28:24 hqnl0246134 sshd[242621]: Failed password for root from 61.177.173.18 port 33374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:28:27,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344107.1491125, 'message': 'Dec  6 18:28:25 hqnl0246134 sshd[242621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:28:29,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344109.1531353, 'message': 'Dec  6 18:28:27 hqnl0246134 sshd[242621]: Failed password for root from 61.177.173.18 port 33374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:28:31,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344111.1566486, 'message': 'Dec  6 18:28:29 hqnl0246134 sshd[242621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:28:33,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344113.1582854, 'message': 'Dec  6 18:28:31 hqnl0246134 sshd[242621]: Failed password for root from 61.177.173.18 port 33374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:28:33,766] defence360agent.files: Updating all files
INFO    [2022-12-06 18:28:34,045] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:34,046] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 18:28:34,334] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:34,334] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 18:28:34,411] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:28:34,412] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:28:34,424] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:28:34,441] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 18:28:34,605] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:34,606] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 18:28:34,949] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:34,949] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 18:28:34,949] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 18:28:35,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670344115.160856, 'message': 'Dec  6 18:28:34 hqnl0246134 sshd[242639]: Invalid user ubuntu from 178.128.88.244 port 38858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 18:28:35,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.88.244', 'timestamp': 1670344115.161119, 'message': 'Dec  6 18:28:34 hqnl0246134 sshd[242639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.88.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:28:35,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.88.244', 'timestamp': 1670344115.16125, 'message': 'Dec  6 18:28:34 hqnl0246134 sshd[242639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.88.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:28:35,270] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 16:28:35 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E411F7976460F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 18:28:35,272] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 18:28:35,272] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 18:28:35,843] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:35,843] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 18:28:36,107] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:36,108] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 18:28:36,360] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:36,361] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 18:28:36,758] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:36,759] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 18:28:37,149] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 18:28:37,151] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 18:28:37,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670344117.1614132, 'message': 'Dec  6 18:28:36 hqnl0246134 sshd[242639]: Failed password for invalid user ubuntu from 178.128.88.244 port 38858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 18:28:39,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670344119.1665852, 'message': 'Dec  6 18:28:37 hqnl0246134 sshd[242624]: Accepted password for supportwwwuser from 212.58.119.251 port 10749 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0518 seconds
INFO    [2022-12-06 18:28:39,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.88.244', 'timestamp': 1670344119.1736293, 'message': 'Dec  6 18:28:37 hqnl0246134 sshd[242639]: Disconnected from invalid user ubuntu 178.128.88.244 port 38858 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 18:28:47,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '212.58.119.251', 'timestamp': 1670344127.1813784, 'message': 'Dec  6 18:28:46 hqnl0246134 sshd[242697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.58.119.251  user=supportwwwuser', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-06 18:28:47,968] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:28:47,969] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:28:49,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '212.58.119.251', 'timestamp': 1670344129.1815917, 'message': 'Dec  6 18:28:48 hqnl0246134 sshd[242697]: Failed password for supportwwwuser from 212.58.119.251 port 10750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:28:51,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670344131.1836424, 'message': 'Dec  6 18:28:50 hqnl0246134 sshd[242697]: Accepted password for supportwwwuser from 212.58.119.251 port 10750 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 18:29:05,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670344145.1976378, 'message': 'Dec  6 18:29:04 hqnl0246134 sshd[242747]: Accepted password for supportwwwuser from 212.58.119.251 port 10497 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0272 seconds
WARNING [2022-12-06 18:29:09,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:29:09,492] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0442 seconds
INFO    [2022-12-06 18:29:13,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344153.2045126, 'message': 'Dec  6 18:29:12 hqnl0246134 sshd[242798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1334 seconds
INFO    [2022-12-06 18:29:13,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344153.211073, 'message': 'Dec  6 18:29:12 hqnl0246134 sshd[242798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1250 seconds
INFO    [2022-12-06 18:29:15,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344155.2090738, 'message': 'Dec  6 18:29:14 hqnl0246134 sshd[242798]: Failed password for root from 61.177.173.18 port 64679 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0814 seconds
INFO    [2022-12-06 18:29:15,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344155.2093961, 'message': 'Dec  6 18:29:14 hqnl0246134 sshd[242798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0741 seconds
INFO    [2022-12-06 18:29:17,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344157.2099392, 'message': 'Dec  6 18:29:16 hqnl0246134 sshd[242798]: Failed password for root from 61.177.173.18 port 64679 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1532 seconds
INFO    [2022-12-06 18:29:19,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344159.2114296, 'message': 'Dec  6 18:29:19 hqnl0246134 sshd[242798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1291 seconds
INFO    [2022-12-06 18:29:23,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344163.2161682, 'message': 'Dec  6 18:29:21 hqnl0246134 sshd[242798]: Failed password for root from 61.177.173.18 port 64679 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0810 seconds
INFO    [2022-12-06 18:29:25,325] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:29:25,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:29:25,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:29:25,539] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1850 seconds
INFO    [2022-12-06 18:29:27,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344167.2249439, 'message': 'Dec  6 18:29:25 hqnl0246134 sshd[242807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.137.5.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 18:29:27,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344167.2253377, 'message': 'Dec  6 18:29:25 hqnl0246134 sshd[242807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.137.5.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 18:29:29,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344169.2282834, 'message': 'Dec  6 18:29:27 hqnl0246134 sshd[242807]: Failed password for root from 200.137.5.196 port 50371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2343 seconds
INFO    [2022-12-06 18:29:32,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:29:32,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:29:32,929] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:29:32,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1188 seconds
WARNING [2022-12-06 18:29:47,974] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:29:47,979] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:30:05,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344205.2746024, 'message': 'Dec  6 18:30:03 hqnl0246134 sshd[242864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1146 seconds
INFO    [2022-12-06 18:30:05,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344205.2756786, 'message': 'Dec  6 18:30:03 hqnl0246134 sshd[242866]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.154.12.139 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1149 seconds
INFO    [2022-12-06 18:30:05,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344205.2754471, 'message': 'Dec  6 18:30:03 hqnl0246134 sshd[242864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 18:30:05,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344205.2758324, 'message': 'Dec  6 18:30:03 hqnl0246134 sshd[242866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.154.12.139  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 18:30:07,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344207.2747023, 'message': 'Dec  6 18:30:05 hqnl0246134 sshd[242864]: Failed password for root from 61.177.173.18 port 43269 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 18:30:07,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.154.12.139', 'timestamp': 1670344207.275003, 'message': 'Dec  6 18:30:06 hqnl0246134 sshd[242866]: Failed password for root from 45.154.12.139 port 48370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 18:30:09,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344209.2776854, 'message': 'Dec  6 18:30:07 hqnl0246134 sshd[242864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
WARNING [2022-12-06 18:30:09,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:30:09,527] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0766 seconds
INFO    [2022-12-06 18:30:11,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344211.2792714, 'message': 'Dec  6 18:30:09 hqnl0246134 sshd[242864]: Failed password for root from 61.177.173.18 port 43269 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 18:30:11,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344211.2795975, 'message': 'Dec  6 18:30:09 hqnl0246134 sshd[242864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 18:30:11,832] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:30:11,833] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:30:11,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:30:11,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 18:30:13,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344213.2813158, 'message': 'Dec  6 18:30:12 hqnl0246134 sshd[242864]: Failed password for root from 61.177.173.18 port 43269 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:30:18,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:30:18,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:30:18,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:30:18,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-06 18:30:23,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:30:23,910] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:30:23,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:30:23,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 18:30:47,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670344247.3238366, 'message': 'Dec  6 18:30:47 hqnl0246134 sshd[242951]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 18:30:47,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670344247.3251376, 'message': 'Dec  6 18:30:47 hqnl0246134 sshd[242951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 18:30:47,982] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:30:47,991] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:30:49,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344249.326166, 'message': 'Dec  6 18:30:47 hqnl0246134 sshd[242949]: Invalid user jeremy from 210.16.201.188 port 40480', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2410 seconds
INFO    [2022-12-06 18:30:49,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.220', 'timestamp': 1670344249.3275704, 'message': 'Dec  6 18:30:48 hqnl0246134 sshd[242951]: Failed password for root from 152.89.196.220 port 23880 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2232 seconds
INFO    [2022-12-06 18:30:49,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344249.3270988, 'message': 'Dec  6 18:30:48 hqnl0246134 sshd[242949]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.16.201.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 18:30:49,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344249.327376, 'message': 'Dec  6 18:30:48 hqnl0246134 sshd[242949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1188 seconds
INFO    [2022-12-06 18:30:52,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344252.2447534, 'message': 'Dec  6 18:30:50 hqnl0246134 sshd[242949]: Failed password for invalid user jeremy from 210.16.201.188 port 40480 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1592 seconds
INFO    [2022-12-06 18:30:52,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344252.24672, 'message': 'Dec  6 18:30:51 hqnl0246134 sshd[242949]: Disconnected from invalid user jeremy 210.16.201.188 port 40480 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0746 seconds
INFO    [2022-12-06 18:30:53,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344253.331543, 'message': 'Dec  6 18:30:52 hqnl0246134 sshd[242956]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:30:53,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344253.3317773, 'message': 'Dec  6 18:30:52 hqnl0246134 sshd[242956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 18:30:55,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344255.3477278, 'message': 'Dec  6 18:30:53 hqnl0246134 sshd[242956]: Failed password for root from 61.177.173.18 port 14091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 18:30:55,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344255.3480031, 'message': 'Dec  6 18:30:54 hqnl0246134 sshd[242956]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 18:30:57,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344257.3502614, 'message': 'Dec  6 18:30:56 hqnl0246134 sshd[242958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.11.37.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0637 seconds
INFO    [2022-12-06 18:30:57,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344257.3507192, 'message': 'Dec  6 18:30:57 hqnl0246134 sshd[242956]: Failed password for root from 61.177.173.18 port 14091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-06 18:30:57,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344257.350579, 'message': 'Dec  6 18:30:56 hqnl0246134 sshd[242958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.37.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 18:30:59,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344259.3627338, 'message': 'Dec  6 18:30:58 hqnl0246134 sshd[242956]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 18:31:01,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.11.37.50', 'timestamp': 1670344261.3632407, 'message': 'Dec  6 18:30:59 hqnl0246134 sshd[242958]: Failed password for root from 141.11.37.50 port 50008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1027 seconds
INFO    [2022-12-06 18:31:01,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344261.36355, 'message': 'Dec  6 18:31:00 hqnl0246134 sshd[242956]: Failed password for root from 61.177.173.18 port 14091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1038 seconds
WARNING [2022-12-06 18:31:09,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:31:09,525] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0698 seconds
INFO    [2022-12-06 18:31:19,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:31:19,743] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:31:19,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:31:19,775] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
INFO    [2022-12-06 18:31:23,027] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:31:23,028] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:31:23,036] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:31:23,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 18:31:42,611] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:31:42,705] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:31:42,705] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:31:42,706] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:31:42,706] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:31:42,708] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:31:42,759] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:31:42,787] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0775 seconds
WARNING [2022-12-06 18:31:42,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:31:42,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:31:42,855] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0776 seconds
INFO    [2022-12-06 18:31:42,857] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0729 seconds
INFO    [2022-12-06 18:31:43,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344303.425131, 'message': 'Dec  6 18:31:42 hqnl0246134 sshd[243001]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:31:43,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344303.4255185, 'message': 'Dec  6 18:31:42 hqnl0246134 sshd[243001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:31:45,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344305.4134648, 'message': 'Dec  6 18:31:45 hqnl0246134 sshd[243001]: Failed password for root from 61.177.173.18 port 48790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 18:31:47,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344307.4156456, 'message': 'Dec  6 18:31:47 hqnl0246134 sshd[243001]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0480 seconds
WARNING [2022-12-06 18:31:47,994] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:31:47,995] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:31:49,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344309.4392447, 'message': 'Dec  6 18:31:48 hqnl0246134 sshd[243001]: Failed password for root from 61.177.173.18 port 48790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2051 seconds
INFO    [2022-12-06 18:31:51,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344311.433895, 'message': 'Dec  6 18:31:49 hqnl0246134 sshd[243001]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1208 seconds
WARNING [2022-12-06 18:31:53,801] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 18:31:53,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344313.805157, 'message': 'Dec  6 18:31:51 hqnl0246134 sshd[243001]: Failed password for root from 61.177.173.18 port 48790 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0775 seconds
INFO    [2022-12-06 18:32:06,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:32:06,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:32:06,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:32:06,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0411 seconds
WARNING [2022-12-06 18:32:09,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:32:09,527] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0671 seconds
INFO    [2022-12-06 18:32:12,844] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:32:12,846] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:32:12,852] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 18:32:21,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:32:21,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:32:21,954] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:32:21,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-06 18:32:27,647] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:32:27,649] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:32:27,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:32:27,715] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0545 seconds
INFO    [2022-12-06 18:32:31,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344351.5211058, 'message': 'Dec  6 18:32:30 hqnl0246134 sshd[243064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0666 seconds
INFO    [2022-12-06 18:32:31,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344351.521644, 'message': 'Dec  6 18:32:30 hqnl0246134 sshd[243064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:32:33,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344353.5193372, 'message': 'Dec  6 18:32:32 hqnl0246134 sshd[243064]: Failed password for root from 61.177.173.18 port 16842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 18:32:35,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344355.5193317, 'message': 'Dec  6 18:32:34 hqnl0246134 sshd[243064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0626 seconds
INFO    [2022-12-06 18:32:37,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344357.5252564, 'message': 'Dec  6 18:32:35 hqnl0246134 sshd[243064]: Failed password for root from 61.177.173.18 port 16842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 18:32:37,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344357.5256615, 'message': 'Dec  6 18:32:36 hqnl0246134 sshd[243064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 18:32:39,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344359.5275, 'message': 'Dec  6 18:32:38 hqnl0246134 sshd[243064]: Failed password for root from 61.177.173.18 port 16842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 18:32:47,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344367.5444078, 'message': 'Dec  6 18:32:47 hqnl0246134 sshd[243074]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.212.233.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-06 18:32:47,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344367.5456676, 'message': 'Dec  6 18:32:47 hqnl0246134 sshd[243074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.233.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 18:32:48,013] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:32:48,014] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:32:49,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.212.233.50', 'timestamp': 1670344369.5414538, 'message': 'Dec  6 18:32:49 hqnl0246134 sshd[243074]: Failed password for root from 125.212.233.50 port 47638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 18:33:05,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344385.555425, 'message': 'Dec  6 18:33:04 hqnl0246134 sshd[243096]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.200.159.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 18:33:05,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344385.5561755, 'message': 'Dec  6 18:33:04 hqnl0246134 sshd[243096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.159.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-06 18:33:07,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344387.5619907, 'message': 'Dec  6 18:33:06 hqnl0246134 sshd[243096]: Failed password for root from 42.200.159.37 port 42210 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1994 seconds
WARNING [2022-12-06 18:33:09,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:33:09,585] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1160 seconds
INFO    [2022-12-06 18:33:11,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670344391.564493, 'message': 'Dec  6 18:33:09 hqnl0246134 sshd[243076]: Invalid user user0 from 102.219.33.178 port 49040', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0821 seconds
INFO    [2022-12-06 18:33:11,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.219.33.178', 'timestamp': 1670344391.5666358, 'message': 'Dec  6 18:33:09 hqnl0246134 sshd[243076]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.219.33.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0920 seconds
INFO    [2022-12-06 18:33:11,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.219.33.178', 'timestamp': 1670344391.5669274, 'message': 'Dec  6 18:33:09 hqnl0246134 sshd[243076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.219.33.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0811 seconds
INFO    [2022-12-06 18:33:12,728] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:33:12,729] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:33:12,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:33:12,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0265 seconds
INFO    [2022-12-06 18:33:13,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670344393.5652456, 'message': 'Dec  6 18:33:11 hqnl0246134 sshd[243076]: Failed password for invalid user user0 from 102.219.33.178 port 49040 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:33:13,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670344393.566305, 'message': 'Dec  6 18:33:13 hqnl0246134 sshd[243076]: Disconnected from invalid user user0 102.219.33.178 port 49040 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:33:15,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344395.5833182, 'message': 'Dec  6 18:33:15 hqnl0246134 sshd[243112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.152.214.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-06 18:33:15,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344395.584404, 'message': 'Dec  6 18:33:15 hqnl0246134 sshd[243112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.214.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:33:18,154] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:33:18,155] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:33:18,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:33:18,176] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 18:33:19,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344399.5706713, 'message': 'Dec  6 18:33:17 hqnl0246134 sshd[243112]: Failed password for root from 194.152.214.252 port 42414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 18:33:19,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344399.5709584, 'message': 'Dec  6 18:33:18 hqnl0246134 sshd[243116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 18:33:19,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344399.571129, 'message': 'Dec  6 18:33:18 hqnl0246134 sshd[243116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:33:21,370] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:33:21,370] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:33:21,386] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:33:21,410] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0375 seconds
INFO    [2022-12-06 18:33:21,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344401.5721936, 'message': 'Dec  6 18:33:20 hqnl0246134 sshd[243116]: Failed password for root from 61.177.173.18 port 45215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 18:33:21,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344401.5731387, 'message': 'Dec  6 18:33:20 hqnl0246134 sshd[243116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 18:33:23,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344403.5755334, 'message': 'Dec  6 18:33:22 hqnl0246134 sshd[243116]: Failed password for root from 61.177.173.18 port 45215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:33:25,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344405.5773544, 'message': 'Dec  6 18:33:24 hqnl0246134 sshd[243116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 18:33:27,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344407.5800436, 'message': 'Dec  6 18:33:26 hqnl0246134 sshd[243116]: Failed password for root from 61.177.173.18 port 45215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 18:33:48,019] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:33:48,023] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:34:07,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344447.642147, 'message': 'Dec  6 18:34:06 hqnl0246134 sshd[243162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 18:34:07,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344447.6432686, 'message': 'Dec  6 18:34:06 hqnl0246134 sshd[243162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
WARNING [2022-12-06 18:34:09,481] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:34:09,511] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 18:34:09,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344449.6432376, 'message': 'Dec  6 18:34:08 hqnl0246134 sshd[243162]: Failed password for root from 61.177.173.18 port 25553 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:34:09,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344449.6434216, 'message': 'Dec  6 18:34:09 hqnl0246134 sshd[243162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:34:11,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344451.6452935, 'message': 'Dec  6 18:34:11 hqnl0246134 sshd[243162]: Failed password for root from 61.177.173.18 port 25553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:34:11,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344451.6454723, 'message': 'Dec  6 18:34:11 hqnl0246134 sshd[243162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:34:13,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344453.647886, 'message': 'Dec  6 18:34:13 hqnl0246134 sshd[243162]: Failed password for root from 61.177.173.18 port 25553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 18:34:16,279] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:34:16,280] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:34:16,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:34:16,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 18:34:17,810] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:34:17,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:34:17,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:34:17,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 18:34:20,522] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:34:20,523] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:34:20,530] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:34:20,542] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 18:34:48,026] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:34:48,028] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:34:55,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344495.7016141, 'message': 'Dec  6 18:34:55 hqnl0246134 sshd[243219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 18:34:55,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344495.7021253, 'message': 'Dec  6 18:34:55 hqnl0246134 sshd[243219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:34:57,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344497.7022128, 'message': 'Dec  6 18:34:57 hqnl0246134 sshd[243219]: Failed password for root from 61.177.173.18 port 59778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:34:57,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344497.7024102, 'message': 'Dec  6 18:34:57 hqnl0246134 sshd[243219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 18:35:01,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344501.7064211, 'message': 'Dec  6 18:35:00 hqnl0246134 sshd[243219]: Failed password for root from 61.177.173.18 port 59778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:35:03,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344503.708887, 'message': 'Dec  6 18:35:01 hqnl0246134 sshd[243219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 18:35:05,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344505.7205815, 'message': 'Dec  6 18:35:03 hqnl0246134 sshd[243219]: Failed password for root from 61.177.173.18 port 59778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0415 seconds
WARNING [2022-12-06 18:35:09,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:35:09,510] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-06 18:35:17,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:35:17,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:35:17,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:35:17,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 18:35:19,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344519.7253022, 'message': 'Dec  6 18:35:18 hqnl0246134 sshd[243269]: Invalid user freeswitch from 115.247.213.54 port 57820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 18:35:19,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344519.725557, 'message': 'Dec  6 18:35:18 hqnl0246134 sshd[243269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.247.213.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 18:35:19,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344519.7257102, 'message': 'Dec  6 18:35:18 hqnl0246134 sshd[243269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.247.213.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:35:20,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:35:20,574] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:35:20,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:35:20,591] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 18:35:21,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344521.728168, 'message': 'Dec  6 18:35:20 hqnl0246134 sshd[243269]: Failed password for invalid user freeswitch from 115.247.213.54 port 57820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 18:35:23,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344523.7303884, 'message': 'Dec  6 18:35:22 hqnl0246134 sshd[243269]: Disconnected from invalid user freeswitch 115.247.213.54 port 57820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 18:35:24,717] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:35:24,718] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:35:24,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:35:24,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 18:35:45,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344545.7538936, 'message': 'Dec  6 18:35:43 hqnl0246134 sshd[243298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 18:35:45,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344545.7544081, 'message': 'Dec  6 18:35:43 hqnl0246134 sshd[243298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:35:47,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344547.754106, 'message': 'Dec  6 18:35:46 hqnl0246134 sshd[243298]: Failed password for root from 61.177.173.18 port 32922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 18:35:47,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670344547.7542841, 'message': 'Dec  6 18:35:47 hqnl0246134 sshd[243301]: Invalid user user3 from 46.101.179.127 port 34376', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 18:35:47,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.179.127', 'timestamp': 1670344547.7543979, 'message': 'Dec  6 18:35:47 hqnl0246134 sshd[243301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.179.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:35:47,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.179.127', 'timestamp': 1670344547.754529, 'message': 'Dec  6 18:35:47 hqnl0246134 sshd[243301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.179.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 18:35:48,030] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:35:48,031] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:35:49,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344549.7565484, 'message': 'Dec  6 18:35:47 hqnl0246134 sshd[243298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 18:35:49,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670344549.7567828, 'message': 'Dec  6 18:35:49 hqnl0246134 sshd[243301]: Failed password for invalid user user3 from 46.101.179.127 port 34376 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 18:35:49,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670344549.7570546, 'message': 'Dec  6 18:35:49 hqnl0246134 sshd[243303]: Invalid user copy from 217.182.204.243 port 45694', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 18:35:49,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344549.756921, 'message': 'Dec  6 18:35:49 hqnl0246134 sshd[243298]: Failed password for root from 61.177.173.18 port 32922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:35:51,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.204.243', 'timestamp': 1670344551.7578163, 'message': 'Dec  6 18:35:49 hqnl0246134 sshd[243303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.204.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 18:35:51,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670344551.758125, 'message': 'Dec  6 18:35:50 hqnl0246134 sshd[243301]: Disconnected from invalid user user3 46.101.179.127 port 34376 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-06 18:35:51,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344551.7582629, 'message': 'Dec  6 18:35:50 hqnl0246134 sshd[243298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 18:35:51,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.204.243', 'timestamp': 1670344551.7579913, 'message': 'Dec  6 18:35:49 hqnl0246134 sshd[243303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.204.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:35:51,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670344551.7585037, 'message': 'Dec  6 18:35:51 hqnl0246134 sshd[243303]: Failed password for invalid user copy from 217.182.204.243 port 45694 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 18:35:53,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344553.7603536, 'message': 'Dec  6 18:35:52 hqnl0246134 sshd[243298]: Failed password for root from 61.177.173.18 port 32922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 18:35:53,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670344553.760587, 'message': 'Dec  6 18:35:53 hqnl0246134 sshd[243303]: Disconnected from invalid user copy 217.182.204.243 port 45694 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 18:36:03,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344563.7739742, 'message': 'Dec  6 18:36:02 hqnl0246134 sshd[243315]: Invalid user marvin from 43.130.200.181 port 57774', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 18:36:03,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344563.7742665, 'message': 'Dec  6 18:36:02 hqnl0246134 sshd[243315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.130.200.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 18:36:03,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344563.7743804, 'message': 'Dec  6 18:36:02 hqnl0246134 sshd[243315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.130.200.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 18:36:05,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344565.7772663, 'message': 'Dec  6 18:36:05 hqnl0246134 sshd[243315]: Failed password for invalid user marvin from 43.130.200.181 port 57774 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:36:07,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344567.784744, 'message': 'Dec  6 18:36:07 hqnl0246134 sshd[243315]: Disconnected from invalid user marvin 43.130.200.181 port 57774 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-06 18:36:09,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:36:09,528] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0473 seconds
INFO    [2022-12-06 18:36:17,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:36:17,766] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:36:17,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:36:17,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 18:36:20,285] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:36:20,286] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:36:20,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:36:20,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 18:36:27,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670344587.826504, 'message': 'Dec  6 18:36:26 hqnl0246134 sshd[243341]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 18:36:27,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670344587.8268478, 'message': 'Dec  6 18:36:26 hqnl0246134 sshd[243341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:36:29,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.187.120', 'timestamp': 1670344589.8285515, 'message': 'Dec  6 18:36:28 hqnl0246134 sshd[243341]: Failed password for root from 167.172.187.120 port 56304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 18:36:33,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344593.8335097, 'message': 'Dec  6 18:36:33 hqnl0246134 sshd[243348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:36:33,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344593.8338265, 'message': 'Dec  6 18:36:33 hqnl0246134 sshd[243348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:36:35,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344595.837315, 'message': 'Dec  6 18:36:35 hqnl0246134 sshd[243348]: Failed password for root from 61.177.173.18 port 61709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:36:37,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344597.8396785, 'message': 'Dec  6 18:36:37 hqnl0246134 sshd[243348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 18:36:37,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344597.8400288, 'message': 'Dec  6 18:36:37 hqnl0246134 sshd[243358]: Invalid user arun from 13.71.46.226 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 18:36:39,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344599.8423796, 'message': 'Dec  6 18:36:37 hqnl0246134 sshd[243358]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.71.46.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 18:36:39,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344599.8436759, 'message': 'Dec  6 18:36:39 hqnl0246134 sshd[243348]: Failed password for root from 61.177.173.18 port 61709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 18:36:39,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344599.8426223, 'message': 'Dec  6 18:36:37 hqnl0246134 sshd[243358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.71.46.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:36:41,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344601.8460505, 'message': 'Dec  6 18:36:40 hqnl0246134 sshd[243361]: Invalid user charles from 115.247.213.54 port 41726', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 18:36:41,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344601.8464978, 'message': 'Dec  6 18:36:40 hqnl0246134 sshd[243358]: Failed password for invalid user arun from 13.71.46.226 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 18:36:41,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670344601.8465989, 'message': 'Dec  6 18:36:40 hqnl0246134 sshd[243363]: Invalid user oliver from 189.174.137.15 port 40116', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 18:36:41,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344601.846256, 'message': 'Dec  6 18:36:40 hqnl0246134 sshd[243361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.247.213.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 18:36:41,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.174.137.15', 'timestamp': 1670344601.8467107, 'message': 'Dec  6 18:36:41 hqnl0246134 sshd[243363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.174.137.15 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 18:36:41,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344601.8469582, 'message': 'Dec  6 18:36:41 hqnl0246134 sshd[243348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 18:36:41,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344601.8463905, 'message': 'Dec  6 18:36:40 hqnl0246134 sshd[243361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.247.213.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:36:41,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.174.137.15', 'timestamp': 1670344601.846833, 'message': 'Dec  6 18:36:41 hqnl0246134 sshd[243363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.174.137.15 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 18:36:43,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344603.8462584, 'message': 'Dec  6 18:36:42 hqnl0246134 sshd[243361]: Failed password for invalid user charles from 115.247.213.54 port 41726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0586 seconds
INFO    [2022-12-06 18:36:43,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344603.846447, 'message': 'Dec  6 18:36:42 hqnl0246134 sshd[243358]: Disconnected from invalid user arun 13.71.46.226 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 18:36:43,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670344603.8473122, 'message': 'Dec  6 18:36:43 hqnl0246134 sshd[243363]: Failed password for invalid user oliver from 189.174.137.15 port 40116 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-06 18:36:43,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344603.847439, 'message': 'Dec  6 18:36:43 hqnl0246134 sshd[243348]: Failed password for root from 61.177.173.18 port 61709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-06 18:36:43,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.247.213.54', 'timestamp': 1670344603.8471937, 'message': 'Dec  6 18:36:42 hqnl0246134 sshd[243361]: Disconnected from invalid user charles 115.247.213.54 port 41726 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:36:45,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670344605.8512597, 'message': 'Dec  6 18:36:45 hqnl0246134 sshd[243363]: Disconnected from invalid user oliver 189.174.137.15 port 40116 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 18:36:48,033] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:36:48,034] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:37:09,504] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:37:09,541] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0534 seconds
INFO    [2022-12-06 18:37:18,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:37:18,406] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:37:18,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:37:18,431] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0239 seconds
INFO    [2022-12-06 18:37:21,038] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:37:21,038] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:37:21,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:37:21,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 18:37:23,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344643.9106739, 'message': 'Dec  6 18:37:23 hqnl0246134 sshd[243406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:37:23,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344643.9110599, 'message': 'Dec  6 18:37:23 hqnl0246134 sshd[243406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:37:25,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344645.9124093, 'message': 'Dec  6 18:37:25 hqnl0246134 sshd[243406]: Failed password for root from 61.177.173.18 port 44539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:37:27,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.44.165.85', 'timestamp': 1670344647.91495, 'message': 'Dec  6 18:37:26 hqnl0246134 sshd[243408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.44.165.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:37:27,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344647.9152446, 'message': 'Dec  6 18:37:27 hqnl0246134 sshd[243406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:37:27,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.44.165.85', 'timestamp': 1670344647.9151325, 'message': 'Dec  6 18:37:26 hqnl0246134 sshd[243408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.44.165.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:37:29,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.44.165.85', 'timestamp': 1670344649.9177682, 'message': 'Dec  6 18:37:28 hqnl0246134 sshd[243408]: Failed password for root from 198.44.165.85 port 39992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:37:31,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344651.9205182, 'message': 'Dec  6 18:37:30 hqnl0246134 sshd[243406]: Failed password for root from 61.177.173.18 port 44539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 18:37:33,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:37:33,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:37:33,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:37:33,723] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 18:37:33,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344653.9230978, 'message': 'Dec  6 18:37:32 hqnl0246134 sshd[243406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:37:35,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344655.9303727, 'message': 'Dec  6 18:37:34 hqnl0246134 sshd[243406]: Failed password for root from 61.177.173.18 port 44539 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-06 18:37:48,040] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:37:48,041] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:37:51,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344671.9593372, 'message': 'Dec  6 18:37:50 hqnl0246134 sshd[243453]: pam_imunify(sshd:auth): [IM360_RBL] The IP 111.93.235.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:37:52,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344671.959769, 'message': 'Dec  6 18:37:50 hqnl0246134 sshd[243453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.235.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 18:37:53,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344673.9629347, 'message': 'Dec  6 18:37:52 hqnl0246134 sshd[243453]: Failed password for root from 111.93.235.74 port 54224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:38:08,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.49.207.252', 'timestamp': 1670344687.9846766, 'message': 'Dec  6 18:38:06 hqnl0246134 sshd[243465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.49.207.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:38:08,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.49.207.252', 'timestamp': 1670344687.9850585, 'message': 'Dec  6 18:38:06 hqnl0246134 sshd[243465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.207.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 18:38:09,499] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:38:09,536] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0453 seconds
INFO    [2022-12-06 18:38:10,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '60.49.207.252', 'timestamp': 1670344689.985534, 'message': 'Dec  6 18:38:08 hqnl0246134 sshd[243465]: Failed password for root from 60.49.207.252 port 55476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:38:12,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344691.989421, 'message': 'Dec  6 18:38:11 hqnl0246134 sshd[243477]: Invalid user marisa from 43.130.200.181 port 56276', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 18:38:12,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344691.9897718, 'message': 'Dec  6 18:38:11 hqnl0246134 sshd[243477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.130.200.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-06 18:38:12,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344691.989995, 'message': 'Dec  6 18:38:11 hqnl0246134 sshd[243477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.130.200.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 18:38:14,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344693.9901707, 'message': 'Dec  6 18:38:12 hqnl0246134 sshd[243479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 18:38:14,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344693.9904857, 'message': 'Dec  6 18:38:13 hqnl0246134 sshd[243477]: Failed password for invalid user marisa from 43.130.200.181 port 56276 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 18:38:14,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344693.9903705, 'message': 'Dec  6 18:38:12 hqnl0246134 sshd[243479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:38:16,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344695.9934032, 'message': 'Dec  6 18:38:14 hqnl0246134 sshd[243477]: Disconnected from invalid user marisa 43.130.200.181 port 56276 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:38:16,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344695.9936438, 'message': 'Dec  6 18:38:14 hqnl0246134 sshd[243479]: Failed password for root from 61.177.173.18 port 18505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 18:38:18,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:38:18,871] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:38:18,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:38:18,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 18:38:18,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344698.8729308, 'message': 'Dec  6 18:38:16 hqnl0246134 sshd[243479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 18:38:20,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344699.9948642, 'message': 'Dec  6 18:38:18 hqnl0246134 sshd[243479]: Failed password for root from 61.177.173.18 port 18505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:38:20,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344699.995048, 'message': 'Dec  6 18:38:19 hqnl0246134 sshd[243479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:38:21,530] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:38:21,530] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:38:21,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:38:21,552] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 18:38:22,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344701.9982793, 'message': 'Dec  6 18:38:21 hqnl0246134 sshd[243479]: Failed password for root from 61.177.173.18 port 18505 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:38:34,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344714.0229309, 'message': 'Dec  6 18:38:32 hqnl0246134 sshd[243498]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.102.118.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 18:38:34,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344714.023596, 'message': 'Dec  6 18:38:32 hqnl0246134 sshd[243498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.102.118.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:38:36,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344716.0235832, 'message': 'Dec  6 18:38:34 hqnl0246134 sshd[243498]: Failed password for root from 187.102.118.254 port 44936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:38:40,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670344720.031079, 'message': 'Dec  6 18:38:38 hqnl0246134 sshd[243508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 18:38:40,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344720.0315614, 'message': 'Dec  6 18:38:38 hqnl0246134 sshd[243510]: Invalid user michelle from 200.137.5.196 port 46933', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 18:38:40,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670344720.0314248, 'message': 'Dec  6 18:38:38 hqnl0246134 sshd[243508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:38:40,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344720.031667, 'message': 'Dec  6 18:38:38 hqnl0246134 sshd[243510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.137.5.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:38:40,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344720.031807, 'message': 'Dec  6 18:38:38 hqnl0246134 sshd[243510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.137.5.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 18:38:42,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.55.198', 'timestamp': 1670344722.033826, 'message': 'Dec  6 18:38:40 hqnl0246134 sshd[243508]: Failed password for root from 178.128.55.198 port 59804 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 18:38:42,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344722.0340772, 'message': 'Dec  6 18:38:40 hqnl0246134 sshd[243510]: Failed password for invalid user michelle from 200.137.5.196 port 46933 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 18:38:42,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344722.034228, 'message': 'Dec  6 18:38:41 hqnl0246134 sshd[243510]: Disconnected from invalid user michelle 200.137.5.196 port 46933 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 18:38:44,384] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:38:44,385] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:38:44,397] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:38:44,424] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0372 seconds
WARNING [2022-12-06 18:38:48,042] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:38:48,043] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:38:56,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344736.0540226, 'message': 'Dec  6 18:38:54 hqnl0246134 sshd[243521]: Invalid user pdv from 194.152.214.252 port 60043', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 18:38:56,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344736.0545347, 'message': 'Dec  6 18:38:55 hqnl0246134 sshd[243520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.16.201.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:38:56,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344736.0542638, 'message': 'Dec  6 18:38:54 hqnl0246134 sshd[243521]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.152.214.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:38:56,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344736.0546381, 'message': 'Dec  6 18:38:55 hqnl0246134 sshd[243520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:38:56,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344736.05443, 'message': 'Dec  6 18:38:54 hqnl0246134 sshd[243521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.214.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:38:58,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344738.0542266, 'message': 'Dec  6 18:38:56 hqnl0246134 sshd[243521]: Failed password for invalid user pdv from 194.152.214.252 port 60043 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:38:58,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344738.0544403, 'message': 'Dec  6 18:38:57 hqnl0246134 sshd[243520]: Failed password for root from 210.16.201.188 port 52560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:39:00,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.152.214.252', 'timestamp': 1670344740.0572917, 'message': 'Dec  6 18:38:59 hqnl0246134 sshd[243521]: Disconnected from invalid user pdv 194.152.214.252 port 60043 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:39:02,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344742.0582697, 'message': 'Dec  6 18:39:01 hqnl0246134 sshd[243525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 18:39:02,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344742.058451, 'message': 'Dec  6 18:39:01 hqnl0246134 sshd[243525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 18:39:04,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344744.0608118, 'message': 'Dec  6 18:39:02 hqnl0246134 sshd[243527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 111.93.235.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:39:04,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344744.0611212, 'message': 'Dec  6 18:39:03 hqnl0246134 sshd[243525]: Failed password for root from 61.177.173.18 port 44396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:39:04,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344744.0610056, 'message': 'Dec  6 18:39:02 hqnl0246134 sshd[243527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.235.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 18:39:04,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344744.061298, 'message': 'Dec  6 18:39:03 hqnl0246134 sshd[243525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 18:39:06,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '111.93.235.74', 'timestamp': 1670344746.0640032, 'message': 'Dec  6 18:39:04 hqnl0246134 sshd[243527]: Failed password for root from 111.93.235.74 port 30419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 18:39:06,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344746.0642078, 'message': 'Dec  6 18:39:05 hqnl0246134 sshd[243525]: Failed password for root from 61.177.173.18 port 44396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 18:39:06,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344746.0643485, 'message': 'Dec  6 18:39:06 hqnl0246134 sshd[243525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:39:07,568] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:39:07,665] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:39:07,666] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:39:07,666] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:39:07,666] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:39:07,667] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:39:07,690] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:39:07,720] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0514 seconds
WARNING [2022-12-06 18:39:07,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:39:07,729] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:39:07,749] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0365 seconds
INFO    [2022-12-06 18:39:07,750] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0329 seconds
WARNING [2022-12-06 18:39:09,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:39:09,544] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0502 seconds
INFO    [2022-12-06 18:39:10,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344750.0686023, 'message': 'Dec  6 18:39:08 hqnl0246134 sshd[243525]: Failed password for root from 61.177.173.18 port 44396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 18:39:17,729] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:39:17,730] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:39:17,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:39:17,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 18:39:20,290] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:39:20,291] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:39:20,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:39:20,309] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 18:39:24,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344764.0890143, 'message': 'Dec  6 18:39:22 hqnl0246134 sshd[243673]: Invalid user admwizzbe from 110.141.212.12 port 53396', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 18:39:24,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344764.0895133, 'message': 'Dec  6 18:39:23 hqnl0246134 sshd[243683]: Invalid user demo from 43.130.200.181 port 60098', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 18:39:24,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344764.0892355, 'message': 'Dec  6 18:39:22 hqnl0246134 sshd[243673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.141.212.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:39:24,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344764.0896742, 'message': 'Dec  6 18:39:23 hqnl0246134 sshd[243683]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.130.200.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 18:39:24,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344764.0894067, 'message': 'Dec  6 18:39:22 hqnl0246134 sshd[243673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.141.212.12 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:39:24,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344764.0898433, 'message': 'Dec  6 18:39:23 hqnl0246134 sshd[243683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.130.200.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 18:39:26,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344766.0920653, 'message': 'Dec  6 18:39:25 hqnl0246134 sshd[243673]: Failed password for invalid user admwizzbe from 110.141.212.12 port 53396 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 18:39:26,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344766.0923903, 'message': 'Dec  6 18:39:25 hqnl0246134 sshd[243683]: Failed password for invalid user demo from 43.130.200.181 port 60098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 18:39:26,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344766.0925045, 'message': 'Dec  6 18:39:25 hqnl0246134 sshd[243683]: Disconnected from invalid user demo 43.130.200.181 port 60098 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:39:28,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670344768.0984862, 'message': 'Dec  6 18:39:26 hqnl0246134 sshd[243673]: Disconnected from invalid user admwizzbe 110.141.212.12 port 53396 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 18:39:28,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.122.171.202', 'timestamp': 1670344768.0986862, 'message': 'Dec  6 18:39:27 hqnl0246134 sshd[243685]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.122.171.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 18:39:28,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.122.171.202', 'timestamp': 1670344768.0988336, 'message': 'Dec  6 18:39:27 hqnl0246134 sshd[243685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.122.171.202  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:39:30,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '62.122.171.202', 'timestamp': 1670344770.1022508, 'message': 'Dec  6 18:39:29 hqnl0246134 sshd[243685]: Failed password for root from 62.122.171.202 port 37360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:39:37,795] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:39:37,796] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:39:37,798] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 18:39:48,047] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:39:48,048] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:39:50,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344790.1355832, 'message': 'Dec  6 18:39:49 hqnl0246134 sshd[243701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 18:39:50,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344790.136215, 'message': 'Dec  6 18:39:49 hqnl0246134 sshd[243701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:39:52,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344792.1375468, 'message': 'Dec  6 18:39:51 hqnl0246134 sshd[243701]: Failed password for root from 61.177.173.18 port 23794 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:39:52,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344792.1378176, 'message': 'Dec  6 18:39:52 hqnl0246134 sshd[243701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 18:39:56,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344796.147214, 'message': 'Dec  6 18:39:54 hqnl0246134 sshd[243701]: Failed password for root from 61.177.173.18 port 23794 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:39:58,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344798.14995, 'message': 'Dec  6 18:39:56 hqnl0246134 sshd[243701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:39:58,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344798.150218, 'message': 'Dec  6 18:39:58 hqnl0246134 sshd[243701]: Failed password for root from 61.177.173.18 port 23794 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 18:40:01,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:40:01,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:40:01,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:40:01,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
WARNING [2022-12-06 18:40:09,511] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:40:09,554] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0562 seconds
INFO    [2022-12-06 18:40:17,696] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:40:17,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:40:17,704] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:40:17,715] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 18:40:20,293] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:40:20,294] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:40:20,303] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:40:20,316] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 18:40:32,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344832.2012208, 'message': 'Dec  6 18:40:31 hqnl0246134 sshd[243758]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.130.200.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:40:32,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344832.2014656, 'message': 'Dec  6 18:40:31 hqnl0246134 sshd[243758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.130.200.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 18:40:34,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.130.200.181', 'timestamp': 1670344834.20389, 'message': 'Dec  6 18:40:33 hqnl0246134 sshd[243758]: Failed password for root from 43.130.200.181 port 47628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:40:40,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344840.2153351, 'message': 'Dec  6 18:40:38 hqnl0246134 sshd[243768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 18:40:40,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344840.2159328, 'message': 'Dec  6 18:40:38 hqnl0246134 sshd[243768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:40:42,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344842.218031, 'message': 'Dec  6 18:40:40 hqnl0246134 sshd[243768]: Failed password for root from 61.177.173.18 port 54315 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 18:40:44,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344844.22076, 'message': 'Dec  6 18:40:42 hqnl0246134 sshd[243768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:40:46,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344846.2232122, 'message': 'Dec  6 18:40:44 hqnl0246134 sshd[243768]: Failed password for root from 61.177.173.18 port 54315 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:40:46,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344846.2234037, 'message': 'Dec  6 18:40:45 hqnl0246134 sshd[243768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 18:40:48,051] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:40:48,052] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:40:48,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344848.2261465, 'message': 'Dec  6 18:40:47 hqnl0246134 sshd[243768]: Failed password for root from 61.177.173.18 port 54315 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:41:06,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344866.269901, 'message': 'Dec  6 18:41:04 hqnl0246134 sshd[243779]: Invalid user teamspeak from 42.200.159.37 port 42304', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:41:06,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344866.2705739, 'message': 'Dec  6 18:41:04 hqnl0246134 sshd[243779]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.200.159.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:41:06,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344866.2708333, 'message': 'Dec  6 18:41:04 hqnl0246134 sshd[243779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.159.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 18:41:08,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344868.2705605, 'message': 'Dec  6 18:41:06 hqnl0246134 sshd[243779]: Failed password for invalid user teamspeak from 42.200.159.37 port 42304 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 18:41:08,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670344868.2709947, 'message': 'Dec  6 18:41:07 hqnl0246134 sshd[243779]: Disconnected from invalid user teamspeak 42.200.159.37 port 42304 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 18:41:09,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:41:09,537] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 18:41:10,254] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:41:10,255] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:41:10,264] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:41:10,276] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 18:41:17,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:41:17,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:41:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:41:17,805] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:41:20,433] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:41:20,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:41:20,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:41:20,452] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 18:41:26,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344886.3063564, 'message': 'Dec  6 18:41:25 hqnl0246134 sshd[243807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 18:41:26,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344886.3066103, 'message': 'Dec  6 18:41:25 hqnl0246134 sshd[243807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 18:41:28,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344888.3087134, 'message': 'Dec  6 18:41:27 hqnl0246134 sshd[243807]: Failed password for root from 61.177.173.18 port 16853 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 18:41:30,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344890.309886, 'message': 'Dec  6 18:41:29 hqnl0246134 sshd[243807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 18:41:32,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344892.313602, 'message': 'Dec  6 18:41:31 hqnl0246134 sshd[243807]: Failed password for root from 61.177.173.18 port 16853 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 18:41:32,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344892.3139517, 'message': 'Dec  6 18:41:31 hqnl0246134 sshd[243807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:41:34,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344894.3145618, 'message': 'Dec  6 18:41:33 hqnl0246134 sshd[243807]: Failed password for root from 61.177.173.18 port 16853 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:41:46,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670344906.3368967, 'message': 'Dec  6 18:41:45 hqnl0246134 sshd[243846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 18:41:46,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670344906.3374517, 'message': 'Dec  6 18:41:45 hqnl0246134 sshd[243846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 18:41:48,055] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:41:48,056] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:41:50,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.196.76', 'timestamp': 1670344910.33833, 'message': 'Dec  6 18:41:48 hqnl0246134 sshd[243846]: Failed password for root from 137.184.196.76 port 32926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 18:41:53,806] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 18:41:56,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344916.3452983, 'message': 'Dec  6 18:41:54 hqnl0246134 sshd[243850]: Invalid user user from 200.137.5.196 port 41431', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:41:56,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344916.345801, 'message': 'Dec  6 18:41:54 hqnl0246134 sshd[243850]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.137.5.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:41:56,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344916.346051, 'message': 'Dec  6 18:41:54 hqnl0246134 sshd[243850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.137.5.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:41:58,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344918.348992, 'message': 'Dec  6 18:41:56 hqnl0246134 sshd[243850]: Failed password for invalid user user from 200.137.5.196 port 41431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 18:42:00,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670344920.3504004, 'message': 'Dec  6 18:41:58 hqnl0246134 sshd[243850]: Disconnected from invalid user user 200.137.5.196 port 41431 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:42:08,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344928.3597527, 'message': 'Dec  6 18:42:08 hqnl0246134 sshd[243873]: Invalid user automation from 210.16.201.188 port 41958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-06 18:42:08,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344928.3611095, 'message': 'Dec  6 18:42:08 hqnl0246134 sshd[243873]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.16.201.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 18:42:08,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344928.3638847, 'message': 'Dec  6 18:42:08 hqnl0246134 sshd[243873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0381 seconds
WARNING [2022-12-06 18:42:09,521] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:42:09,565] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0560 seconds
INFO    [2022-12-06 18:42:12,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344932.363307, 'message': 'Dec  6 18:42:10 hqnl0246134 sshd[243873]: Failed password for invalid user automation from 210.16.201.188 port 41958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:42:12,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670344932.3637712, 'message': 'Dec  6 18:42:12 hqnl0246134 sshd[243873]: Disconnected from invalid user automation 210.16.201.188 port 41958 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:42:16,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344936.3664901, 'message': 'Dec  6 18:42:15 hqnl0246134 sshd[243883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 18:42:16,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344936.3667636, 'message': 'Dec  6 18:42:15 hqnl0246134 sshd[243883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 18:42:17,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:42:17,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:42:17,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:42:17,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 18:42:18,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344938.3685434, 'message': 'Dec  6 18:42:17 hqnl0246134 sshd[243883]: Failed password for root from 61.177.173.18 port 54034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:42:20,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344940.3697407, 'message': 'Dec  6 18:42:19 hqnl0246134 sshd[243883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:42:20,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:42:20,707] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:42:20,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:42:20,735] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-06 18:42:22,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344942.3725538, 'message': 'Dec  6 18:42:21 hqnl0246134 sshd[243883]: Failed password for root from 61.177.173.18 port 54034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 18:42:24,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344944.37427, 'message': 'Dec  6 18:42:23 hqnl0246134 sshd[243883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-06 18:42:26,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344946.3750517, 'message': 'Dec  6 18:42:25 hqnl0246134 sshd[243883]: Failed password for root from 61.177.173.18 port 54034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:42:42,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344962.3944845, 'message': 'Dec  6 18:42:42 hqnl0246134 sshd[243909]: Invalid user xu from 13.71.46.226 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:42:42,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344962.3948495, 'message': 'Dec  6 18:42:42 hqnl0246134 sshd[243909]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.71.46.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:42:42,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344962.3950188, 'message': 'Dec  6 18:42:42 hqnl0246134 sshd[243909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.71.46.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:42:44,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344964.397346, 'message': 'Dec  6 18:42:43 hqnl0246134 sshd[243909]: Failed password for invalid user xu from 13.71.46.226 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 18:42:46,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670344966.398408, 'message': 'Dec  6 18:42:44 hqnl0246134 sshd[243909]: Disconnected from invalid user xu 13.71.46.226 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 18:42:47,600] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:42:47,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:42:47,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:42:47,622] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
WARNING [2022-12-06 18:42:48,060] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:42:48,061] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:42:48,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344968.4013066, 'message': 'Dec  6 18:42:48 hqnl0246134 sshd[243916]: Invalid user centor from 187.102.118.254 port 35028', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:42:48,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344968.401618, 'message': 'Dec  6 18:42:48 hqnl0246134 sshd[243916]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.102.118.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:42:48,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344968.4017909, 'message': 'Dec  6 18:42:48 hqnl0246134 sshd[243916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.102.118.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:42:50,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344970.4032636, 'message': 'Dec  6 18:42:49 hqnl0246134 sshd[243916]: Failed password for invalid user centor from 187.102.118.254 port 35028 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 18:42:52,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.102.118.254', 'timestamp': 1670344972.4069479, 'message': 'Dec  6 18:42:50 hqnl0246134 sshd[243916]: Disconnected from invalid user centor 187.102.118.254 port 35028 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 18:43:06,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344986.4236145, 'message': 'Dec  6 18:43:04 hqnl0246134 sshd[243932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 18:43:06,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344986.4240918, 'message': 'Dec  6 18:43:04 hqnl0246134 sshd[243932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:43:08,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344988.4246926, 'message': 'Dec  6 18:43:07 hqnl0246134 sshd[243932]: Failed password for root from 61.177.173.18 port 33450 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-06 18:43:09,520] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:43:09,550] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0372 seconds
INFO    [2022-12-06 18:43:10,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344990.4288223, 'message': 'Dec  6 18:43:09 hqnl0246134 sshd[243932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:43:12,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344992.429348, 'message': 'Dec  6 18:43:11 hqnl0246134 sshd[243932]: Failed password for root from 61.177.173.18 port 33450 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:43:14,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344994.4323878, 'message': 'Dec  6 18:43:13 hqnl0246134 sshd[243932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:43:16,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670344996.4343748, 'message': 'Dec  6 18:43:15 hqnl0246134 sshd[243932]: Failed password for root from 61.177.173.18 port 33450 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:43:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:43:17,974] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:43:17,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:43:17,994] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 18:43:20,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345000.4408402, 'message': 'Dec  6 18:43:19 hqnl0246134 sshd[243953]: Invalid user altair from 188.166.189.134 port 51936', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 18:43:20,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345000.4410713, 'message': 'Dec  6 18:43:19 hqnl0246134 sshd[243953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.189.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:43:20,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:43:20,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 18:43:20,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345000.4488704, 'message': 'Dec  6 18:43:19 hqnl0246134 sshd[243953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.189.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0911 seconds
WARNING [2022-12-06 18:43:20,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:43:20,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 18:43:22,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345002.4416156, 'message': 'Dec  6 18:43:21 hqnl0246134 sshd[243953]: Failed password for invalid user altair from 188.166.189.134 port 51936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 18:43:24,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345004.4446247, 'message': 'Dec  6 18:43:24 hqnl0246134 sshd[243953]: Disconnected from invalid user altair 188.166.189.134 port 51936 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 18:43:42,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.2.224.84', 'timestamp': 1670345022.4616635, 'message': 'Dec  6 18:43:40 hqnl0246134 sshd[243973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.2.224.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 18:43:42,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.2.224.84', 'timestamp': 1670345022.4621804, 'message': 'Dec  6 18:43:40 hqnl0246134 sshd[243973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.2.224.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:43:44,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.2.224.84', 'timestamp': 1670345024.4640756, 'message': 'Dec  6 18:43:43 hqnl0246134 sshd[243973]: Failed password for root from 61.2.224.84 port 42366 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 18:43:48,063] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:43:48,065] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:43:54,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345034.477608, 'message': 'Dec  6 18:43:53 hqnl0246134 sshd[243985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:43:54,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345034.4782772, 'message': 'Dec  6 18:43:53 hqnl0246134 sshd[243985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:43:56,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345036.4839437, 'message': 'Dec  6 18:43:55 hqnl0246134 sshd[243985]: Failed password for root from 61.177.173.18 port 57835 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:43:56,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345036.4842556, 'message': 'Dec  6 18:43:56 hqnl0246134 sshd[243985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:43:58,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345038.4863503, 'message': 'Dec  6 18:43:57 hqnl0246134 sshd[243985]: Failed password for root from 61.177.173.18 port 57835 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:43:58,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345038.4865313, 'message': 'Dec  6 18:43:58 hqnl0246134 sshd[243985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 18:44:02,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345042.509794, 'message': 'Dec  6 18:44:00 hqnl0246134 sshd[243985]: Failed password for root from 61.177.173.18 port 57835 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:44:05,418] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:44:05,418] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:44:05,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:44:05,445] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0262 seconds
WARNING [2022-12-06 18:44:09,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:44:09,563] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0471 seconds
INFO    [2022-12-06 18:44:10,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345050.5551324, 'message': 'Dec  6 18:44:09 hqnl0246134 sshd[244009]: Invalid user john from 42.200.159.37 port 59970', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 18:44:10,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345050.5553544, 'message': 'Dec  6 18:44:09 hqnl0246134 sshd[244009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.159.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 18:44:12,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345052.5598254, 'message': 'Dec  6 18:44:11 hqnl0246134 sshd[244009]: Failed password for invalid user john from 42.200.159.37 port 59970 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 18:44:14,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345054.56556, 'message': 'Dec  6 18:44:13 hqnl0246134 sshd[244009]: Disconnected from invalid user john 42.200.159.37 port 59970 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:44:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:44:17,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:44:17,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:44:17,946] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 18:44:18,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345058.5690231, 'message': 'Dec  6 18:44:17 hqnl0246134 sshd[244017]: Invalid user server from 217.182.204.243 port 39216', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:44:18,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345058.5692396, 'message': 'Dec  6 18:44:17 hqnl0246134 sshd[244017]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.204.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 18:44:18,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345058.569377, 'message': 'Dec  6 18:44:17 hqnl0246134 sshd[244017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.204.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:44:20,525] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:44:20,525] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:44:20,531] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:44:20,542] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 18:44:20,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345060.572501, 'message': 'Dec  6 18:44:19 hqnl0246134 sshd[244017]: Failed password for invalid user server from 217.182.204.243 port 39216 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:44:20,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345060.5726984, 'message': 'Dec  6 18:44:19 hqnl0246134 sshd[244017]: Disconnected from invalid user server 217.182.204.243 port 39216 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 18:44:24,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345064.5821059, 'message': 'Dec  6 18:44:22 hqnl0246134 sshd[244028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.53.228.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:44:24,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345064.5823395, 'message': 'Dec  6 18:44:22 hqnl0246134 sshd[244028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.228.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 18:44:26,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345066.5968072, 'message': 'Dec  6 18:44:25 hqnl0246134 sshd[244028]: Failed password for root from 84.53.228.192 port 38668 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 18:44:44,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345084.6384351, 'message': 'Dec  6 18:44:42 hqnl0246134 sshd[244034]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.141.212.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 18:44:44,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345084.639186, 'message': 'Dec  6 18:44:43 hqnl0246134 sshd[244044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 18:44:44,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345084.6417086, 'message': 'Dec  6 18:44:43 hqnl0246134 sshd[244046]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.102.118.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 18:44:44,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345084.6390297, 'message': 'Dec  6 18:44:42 hqnl0246134 sshd[244034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.141.212.12  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 18:44:44,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345084.6415882, 'message': 'Dec  6 18:44:43 hqnl0246134 sshd[244044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 18:44:44,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345084.6418855, 'message': 'Dec  6 18:44:43 hqnl0246134 sshd[244046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.102.118.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 18:44:44,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345084.6419914, 'message': 'Dec  6 18:44:44 hqnl0246134 sshd[244034]: Failed password for root from 110.141.212.12 port 38444 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 18:44:46,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345086.641764, 'message': 'Dec  6 18:44:44 hqnl0246134 sshd[244044]: Failed password for root from 61.177.173.18 port 39979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:44:46,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345086.6420095, 'message': 'Dec  6 18:44:45 hqnl0246134 sshd[244046]: Failed password for root from 187.102.118.254 port 50734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 18:44:46,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345086.6424575, 'message': 'Dec  6 18:44:45 hqnl0246134 sshd[244044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 18:44:48,069] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:44:48,070] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:44:48,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345088.645511, 'message': 'Dec  6 18:44:48 hqnl0246134 sshd[244044]: Failed password for root from 61.177.173.18 port 39979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:44:50,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345090.6470792, 'message': 'Dec  6 18:44:49 hqnl0246134 sshd[244044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:44:52,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345092.6481633, 'message': 'Dec  6 18:44:51 hqnl0246134 sshd[244044]: Failed password for root from 61.177.173.18 port 39979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 18:45:09,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:45:09,563] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0428 seconds
INFO    [2022-12-06 18:45:14,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670345114.6941292, 'message': 'Dec  6 18:45:13 hqnl0246134 sshd[244093]: Invalid user user21 from 200.137.5.196 port 35929', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 18:45:14,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.137.5.196', 'timestamp': 1670345114.695375, 'message': 'Dec  6 18:45:13 hqnl0246134 sshd[244093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.137.5.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:45:14,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.137.5.196', 'timestamp': 1670345114.6955016, 'message': 'Dec  6 18:45:13 hqnl0246134 sshd[244093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.137.5.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:45:16,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670345116.7006018, 'message': 'Dec  6 18:45:15 hqnl0246134 sshd[244093]: Failed password for invalid user user21 from 200.137.5.196 port 35929 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:45:16,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.137.5.196', 'timestamp': 1670345116.7007775, 'message': 'Dec  6 18:45:15 hqnl0246134 sshd[244093]: Disconnected from invalid user user21 200.137.5.196 port 35929 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:45:18,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:45:18,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:45:18,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:45:18,145] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0323 seconds
INFO    [2022-12-06 18:45:18,435] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:45:18,435] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:45:18,442] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:45:18,453] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 18:45:20,849] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:45:20,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:45:20,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:45:20,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345120.7044086, 'message': 'Dec  6 18:45:19 hqnl0246134 sshd[244103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.71.46.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1733 seconds
INFO    [2022-12-06 18:45:20,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0519 seconds
INFO    [2022-12-06 18:45:20,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345120.7046654, 'message': 'Dec  6 18:45:19 hqnl0246134 sshd[244103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.71.46.226  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 18:45:20,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345120.704849, 'message': 'Dec  6 18:45:20 hqnl0246134 sshd[244103]: Failed password for root from 13.71.46.226 port 1024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:45:32,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345132.7423227, 'message': 'Dec  6 18:45:30 hqnl0246134 sshd[244121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 18:45:32,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345132.7427428, 'message': 'Dec  6 18:45:30 hqnl0246134 sshd[244121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:45:32,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345132.7429159, 'message': 'Dec  6 18:45:32 hqnl0246134 sshd[244121]: Failed password for root from 61.177.173.18 port 11497 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:45:34,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345134.7436259, 'message': 'Dec  6 18:45:33 hqnl0246134 sshd[244121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:45:36,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670345136.7459936, 'message': 'Dec  6 18:45:35 hqnl0246134 sshd[244145]: Invalid user css from 210.16.201.188 port 59592', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:45:36,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345136.7476318, 'message': 'Dec  6 18:45:35 hqnl0246134 sshd[244121]: Failed password for root from 61.177.173.18 port 11497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:45:36,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.16.201.188', 'timestamp': 1670345136.7462504, 'message': 'Dec  6 18:45:35 hqnl0246134 sshd[244145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.16.201.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:45:36,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.16.201.188', 'timestamp': 1670345136.7475002, 'message': 'Dec  6 18:45:35 hqnl0246134 sshd[244145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:45:38,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670345138.7486432, 'message': 'Dec  6 18:45:37 hqnl0246134 sshd[244145]: Failed password for invalid user css from 210.16.201.188 port 59592 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 18:45:38,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345138.7490225, 'message': 'Dec  6 18:45:37 hqnl0246134 sshd[244121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 18:45:38,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.16.201.188', 'timestamp': 1670345138.7491632, 'message': 'Dec  6 18:45:37 hqnl0246134 sshd[244145]: Disconnected from invalid user css 210.16.201.188 port 59592 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:45:40,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345140.7521126, 'message': 'Dec  6 18:45:39 hqnl0246134 sshd[244121]: Failed password for root from 61.177.173.18 port 11497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 18:45:48,080] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:45:48,081] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:46:09,538] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:46:09,564] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-06 18:46:09,880] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:46:09,949] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:46:09,949] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:46:09,950] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:46:09,950] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:46:09,950] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:46:09,958] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:46:09,974] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0237 seconds
WARNING [2022-12-06 18:46:09,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:46:09,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:46:10,001] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0328 seconds
INFO    [2022-12-06 18:46:10,002] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
INFO    [2022-12-06 18:46:17,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:46:17,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:46:17,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:46:17,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 18:46:20,337] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:46:20,337] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:46:20,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:46:20,357] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 18:46:20,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345180.807014, 'message': 'Dec  6 18:46:19 hqnl0246134 sshd[244189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:46:20,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345180.8072236, 'message': 'Dec  6 18:46:19 hqnl0246134 sshd[244189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 18:46:22,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345182.812504, 'message': 'Dec  6 18:46:21 hqnl0246134 sshd[244189]: Failed password for root from 61.177.173.18 port 43820 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:46:24,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345184.8176236, 'message': 'Dec  6 18:46:23 hqnl0246134 sshd[244189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:46:26,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345186.8230124, 'message': 'Dec  6 18:46:25 hqnl0246134 sshd[244189]: Failed password for root from 61.177.173.18 port 43820 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 18:46:26,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345186.823267, 'message': 'Dec  6 18:46:25 hqnl0246134 sshd[244195]: Invalid user VM from 62.122.171.202 port 37692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:46:26,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345186.8236628, 'message': 'Dec  6 18:46:25 hqnl0246134 sshd[244189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 18:46:26,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345186.8234155, 'message': 'Dec  6 18:46:25 hqnl0246134 sshd[244195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.122.171.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 18:46:26,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345186.8235552, 'message': 'Dec  6 18:46:25 hqnl0246134 sshd[244195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.122.171.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:46:28,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345188.828755, 'message': 'Dec  6 18:46:26 hqnl0246134 sshd[244195]: Failed password for invalid user VM from 62.122.171.202 port 37692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 18:46:28,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345188.8290055, 'message': 'Dec  6 18:46:27 hqnl0246134 sshd[244189]: Failed password for root from 61.177.173.18 port 43820 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 18:46:28,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345188.8291166, 'message': 'Dec  6 18:46:27 hqnl0246134 sshd[244195]: Disconnected from invalid user VM 62.122.171.202 port 37692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:46:29,809] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:46:29,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:46:29,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:46:29,829] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 18:46:34,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345194.8496833, 'message': 'Dec  6 18:46:34 hqnl0246134 sshd[244204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.102.118.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 18:46:34,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345194.8501766, 'message': 'Dec  6 18:46:34 hqnl0246134 sshd[244204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.102.118.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:46:36,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.102.118.254', 'timestamp': 1670345196.854325, 'message': 'Dec  6 18:46:36 hqnl0246134 sshd[244204]: Failed password for root from 187.102.118.254 port 38206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:46:40,082] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:46:40,084] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:46:40,086] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 18:46:48,089] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:46:48,090] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:47:00,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670345220.8964887, 'message': 'Dec  6 18:47:00 hqnl0246134 sshd[244214]: Invalid user user02 from 102.219.33.178 port 36754', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 18:47:00,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.219.33.178', 'timestamp': 1670345220.8972588, 'message': 'Dec  6 18:47:00 hqnl0246134 sshd[244214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.219.33.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:47:00,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.219.33.178', 'timestamp': 1670345220.8974924, 'message': 'Dec  6 18:47:00 hqnl0246134 sshd[244214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.219.33.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:47:02,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345222.9048417, 'message': 'Dec  6 18:47:01 hqnl0246134 sshd[244229]: Invalid user coder from 42.200.159.37 port 49380', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 18:47:02,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670345222.9052844, 'message': 'Dec  6 18:47:02 hqnl0246134 sshd[244214]: Failed password for invalid user user02 from 102.219.33.178 port 36754 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 18:47:02,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345222.9050539, 'message': 'Dec  6 18:47:01 hqnl0246134 sshd[244229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 42.200.159.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:47:02,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345222.9051785, 'message': 'Dec  6 18:47:01 hqnl0246134 sshd[244229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.159.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:47:04,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345224.908579, 'message': 'Dec  6 18:47:03 hqnl0246134 sshd[244238]: Invalid user smbuser from 46.101.179.127 port 55210', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0663 seconds
INFO    [2022-12-06 18:47:04,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.219.33.178', 'timestamp': 1670345224.9089358, 'message': 'Dec  6 18:47:03 hqnl0246134 sshd[244214]: Disconnected from invalid user user02 102.219.33.178 port 36754 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 18:47:04,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345224.9093263, 'message': 'Dec  6 18:47:03 hqnl0246134 sshd[244229]: Failed password for invalid user coder from 42.200.159.37 port 49380 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0662 seconds
INFO    [2022-12-06 18:47:04,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345224.9095376, 'message': 'Dec  6 18:47:04 hqnl0246134 sshd[244240]: Invalid user oracle from 159.65.235.114 port 38432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0657 seconds
INFO    [2022-12-06 18:47:05,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345224.9091349, 'message': 'Dec  6 18:47:03 hqnl0246134 sshd[244238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.179.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 18:47:05,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345224.9097254, 'message': 'Dec  6 18:47:04 hqnl0246134 sshd[244240]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 18:47:05,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '42.200.159.37', 'timestamp': 1670345224.9101264, 'message': 'Dec  6 18:47:04 hqnl0246134 sshd[244229]: Disconnected from invalid user coder 42.200.159.37 port 49380 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 18:47:05,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345224.9099221, 'message': 'Dec  6 18:47:04 hqnl0246134 sshd[244240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:47:06,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345226.9107826, 'message': 'Dec  6 18:47:05 hqnl0246134 sshd[244238]: Failed password for invalid user smbuser from 46.101.179.127 port 55210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 18:47:06,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345226.911181, 'message': 'Dec  6 18:47:06 hqnl0246134 sshd[244240]: Failed password for invalid user oracle from 159.65.235.114 port 38432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 18:47:06,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345226.9110107, 'message': 'Dec  6 18:47:05 hqnl0246134 sshd[244238]: Disconnected from invalid user smbuser 46.101.179.127 port 55210 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:47:08,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345228.913998, 'message': 'Dec  6 18:47:07 hqnl0246134 sshd[244240]: Disconnected from invalid user oracle 159.65.235.114 port 38432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 18:47:08,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345228.9143598, 'message': 'Dec  6 18:47:08 hqnl0246134 sshd[244243]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 18:47:08,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345228.9145172, 'message': 'Dec  6 18:47:08 hqnl0246134 sshd[244243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 18:47:09,543] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:47:09,578] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-06 18:47:10,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345230.9138877, 'message': 'Dec  6 18:47:10 hqnl0246134 sshd[244243]: Failed password for root from 61.177.173.18 port 20584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:47:10,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345230.914094, 'message': 'Dec  6 18:47:10 hqnl0246134 sshd[244243]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:47:12,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345232.9167352, 'message': 'Dec  6 18:47:12 hqnl0246134 sshd[244255]: Invalid user benny from 178.128.217.58 port 48514', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 18:47:12,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345232.9170318, 'message': 'Dec  6 18:47:12 hqnl0246134 sshd[244243]: Failed password for root from 61.177.173.18 port 20584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 18:47:14,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345234.9181683, 'message': 'Dec  6 18:47:12 hqnl0246134 sshd[244255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.217.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 18:47:14,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345234.9184573, 'message': 'Dec  6 18:47:13 hqnl0246134 sshd[244243]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 18:47:14,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345234.9185646, 'message': 'Dec  6 18:47:14 hqnl0246134 sshd[244260]: Invalid user will from 217.182.204.243 port 33244', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 18:47:14,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345234.9183445, 'message': 'Dec  6 18:47:12 hqnl0246134 sshd[244255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.217.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 18:47:15,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345234.9188292, 'message': 'Dec  6 18:47:14 hqnl0246134 sshd[244260]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.204.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 18:47:15,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345234.9187217, 'message': 'Dec  6 18:47:14 hqnl0246134 sshd[244255]: Failed password for invalid user benny from 178.128.217.58 port 48514 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-06 18:47:15,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345234.9189453, 'message': 'Dec  6 18:47:14 hqnl0246134 sshd[244260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.204.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 18:47:16,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345236.9216661, 'message': 'Dec  6 18:47:15 hqnl0246134 sshd[244243]: Failed password for root from 61.177.173.18 port 20584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0509 seconds
INFO    [2022-12-06 18:47:16,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345236.9220777, 'message': 'Dec  6 18:47:16 hqnl0246134 sshd[244255]: Disconnected from invalid user benny 178.128.217.58 port 48514 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 18:47:16,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345236.9223087, 'message': 'Dec  6 18:47:16 hqnl0246134 sshd[244260]: Failed password for invalid user will from 217.182.204.243 port 33244 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-06 18:47:18,108] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:47:18,109] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:47:18,117] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:47:18,128] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 18:47:18,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345238.9221485, 'message': 'Dec  6 18:47:18 hqnl0246134 sshd[244260]: Disconnected from invalid user will 217.182.204.243 port 33244 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 18:47:20,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:47:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:47:20,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:47:20,662] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-06 18:47:34,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345254.9576905, 'message': 'Dec  6 18:47:34 hqnl0246134 sshd[244280]: Invalid user rohit from 167.172.187.120 port 41974', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 18:47:35,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345254.9585783, 'message': 'Dec  6 18:47:34 hqnl0246134 sshd[244280]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:47:35,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345254.9587786, 'message': 'Dec  6 18:47:34 hqnl0246134 sshd[244280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:47:36,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345256.9597223, 'message': 'Dec  6 18:47:36 hqnl0246134 sshd[244280]: Failed password for invalid user rohit from 167.172.187.120 port 41974 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 18:47:39,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345258.9629104, 'message': 'Dec  6 18:47:38 hqnl0246134 sshd[244280]: Disconnected from invalid user rohit 167.172.187.120 port 41974 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 18:47:40,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:47:40,646] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:47:40,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:47:40,672] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-06 18:47:43,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345262.9784036, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244298]: Invalid user naresh from 137.184.196.76 port 33230', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-06 18:47:43,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345262.9795673, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244296]: Invalid user kong from 13.71.46.226 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 18:47:43,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345262.9786913, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 18:47:43,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345262.9797494, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 13.71.46.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 18:47:43,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345262.978955, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 18:47:43,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345262.9799466, 'message': 'Dec  6 18:47:42 hqnl0246134 sshd[244296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.71.46.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 18:47:45,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345264.9803505, 'message': 'Dec  6 18:47:44 hqnl0246134 sshd[244298]: Failed password for invalid user naresh from 137.184.196.76 port 33230 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1352 seconds
INFO    [2022-12-06 18:47:45,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345264.9805415, 'message': 'Dec  6 18:47:44 hqnl0246134 sshd[244296]: Failed password for invalid user kong from 13.71.46.226 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1355 seconds
INFO    [2022-12-06 18:47:47,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345266.9855165, 'message': 'Dec  6 18:47:45 hqnl0246134 sshd[244298]: Disconnected from invalid user naresh 137.184.196.76 port 33230 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 18:47:47,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.71.46.226', 'timestamp': 1670345266.9857202, 'message': 'Dec  6 18:47:46 hqnl0246134 sshd[244296]: Disconnected from invalid user kong 13.71.46.226 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-06 18:47:48,095] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:47:48,096] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:47:59,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345279.007328, 'message': 'Dec  6 18:47:57 hqnl0246134 sshd[244304]: Invalid user pedro from 178.128.55.198 port 49344', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 18:47:59,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345279.009556, 'message': 'Dec  6 18:47:57 hqnl0246134 sshd[244306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:47:59,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345279.00915, 'message': 'Dec  6 18:47:57 hqnl0246134 sshd[244304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 18:47:59,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345279.0097876, 'message': 'Dec  6 18:47:57 hqnl0246134 sshd[244306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:47:59,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345279.0093634, 'message': 'Dec  6 18:47:57 hqnl0246134 sshd[244304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:48:01,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345281.0144508, 'message': 'Dec  6 18:47:59 hqnl0246134 sshd[244304]: Failed password for invalid user pedro from 178.128.55.198 port 49344 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 18:48:01,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345281.0147827, 'message': 'Dec  6 18:47:59 hqnl0246134 sshd[244306]: Failed password for root from 61.177.173.18 port 60467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 18:48:01,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345281.0149899, 'message': 'Dec  6 18:48:00 hqnl0246134 sshd[244306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 18:48:03,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345283.0168777, 'message': 'Dec  6 18:48:01 hqnl0246134 sshd[244304]: Disconnected from invalid user pedro 178.128.55.198 port 49344 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0607 seconds
INFO    [2022-12-06 18:48:03,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345283.01713, 'message': 'Dec  6 18:48:01 hqnl0246134 sshd[244306]: Failed password for root from 61.177.173.18 port 60467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0612 seconds
INFO    [2022-12-06 18:48:03,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345283.0179305, 'message': 'Dec  6 18:48:02 hqnl0246134 sshd[244306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:48:05,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345285.019854, 'message': 'Dec  6 18:48:04 hqnl0246134 sshd[244306]: Failed password for root from 61.177.173.18 port 60467 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
WARNING [2022-12-06 18:48:09,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:48:09,583] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0451 seconds
INFO    [2022-12-06 18:48:17,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:48:17,798] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:48:17,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:48:17,820] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 18:48:20,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:48:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:48:20,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:48:20,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 18:48:41,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670345321.069694, 'message': 'Dec  6 18:48:39 hqnl0246134 sshd[244340]: Invalid user test6 from 133.130.99.35 port 45600', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 18:48:41,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670345321.0702503, 'message': 'Dec  6 18:48:39 hqnl0246134 sshd[244340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:48:41,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670345321.0704265, 'message': 'Dec  6 18:48:39 hqnl0246134 sshd[244340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 18:48:43,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670345323.0698285, 'message': 'Dec  6 18:48:41 hqnl0246134 sshd[244340]: Failed password for invalid user test6 from 133.130.99.35 port 45600 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:48:43,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670345323.070108, 'message': 'Dec  6 18:48:43 hqnl0246134 sshd[244340]: Disconnected from invalid user test6 133.130.99.35 port 45600 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:48:47,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345327.0761406, 'message': 'Dec  6 18:48:46 hqnl0246134 sshd[244352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:48:47,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345327.0764031, 'message': 'Dec  6 18:48:46 hqnl0246134 sshd[244352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
WARNING [2022-12-06 18:48:48,099] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:48:48,099] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:48:49,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345329.0785875, 'message': 'Dec  6 18:48:48 hqnl0246134 sshd[244352]: Failed password for root from 61.177.173.18 port 32487 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:48:53,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345333.083973, 'message': 'Dec  6 18:48:51 hqnl0246134 sshd[244352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 18:48:53,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345333.0842564, 'message': 'Dec  6 18:48:52 hqnl0246134 sshd[244352]: Failed password for root from 61.177.173.18 port 32487 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 18:48:55,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345335.0856962, 'message': 'Dec  6 18:48:53 hqnl0246134 sshd[244352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0655 seconds
INFO    [2022-12-06 18:48:55,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345335.085893, 'message': 'Dec  6 18:48:53 hqnl0246134 sshd[244356]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.174.137.15 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0657 seconds
INFO    [2022-12-06 18:48:55,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345335.0860572, 'message': 'Dec  6 18:48:53 hqnl0246134 sshd[244356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.174.137.15  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 18:48:57,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345337.2429695, 'message': 'Dec  6 18:48:55 hqnl0246134 sshd[244352]: Failed password for root from 61.177.173.18 port 32487 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 18:48:57,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345337.2431364, 'message': 'Dec  6 18:48:55 hqnl0246134 sshd[244356]: Failed password for root from 189.174.137.15 port 58652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 18:48:58,707] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:48:58,708] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:48:58,715] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:48:58,726] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 18:49:09,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:49:09,577] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-06 18:49:17,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:49:17,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:49:17,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:49:17,721] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 18:49:20,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:49:20,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:49:20,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:49:20,367] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 18:49:29,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345369.1455624, 'message': 'Dec  6 18:49:28 hqnl0246134 sshd[244418]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.49.207.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:49:29,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345369.146006, 'message': 'Dec  6 18:49:28 hqnl0246134 sshd[244418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.207.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:49:31,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345371.1494331, 'message': 'Dec  6 18:49:30 hqnl0246134 sshd[244418]: Failed password for root from 60.49.207.252 port 57749 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 18:49:37,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345377.162701, 'message': 'Dec  6 18:49:36 hqnl0246134 sshd[244422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 18:49:37,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345377.1630695, 'message': 'Dec  6 18:49:36 hqnl0246134 sshd[244422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:49:39,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670345379.1620843, 'message': 'Dec  6 18:49:37 hqnl0246134 sshd[244424]: Invalid user customer from 164.92.66.116 port 51140', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0837 seconds
INFO    [2022-12-06 18:49:39,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345379.1624718, 'message': 'Dec  6 18:49:37 hqnl0246134 sshd[244422]: Failed password for root from 61.177.173.18 port 10457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0839 seconds
INFO    [2022-12-06 18:49:39,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.66.116', 'timestamp': 1670345379.1626203, 'message': 'Dec  6 18:49:37 hqnl0246134 sshd[244424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.66.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-06 18:49:39,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345379.1629236, 'message': 'Dec  6 18:49:38 hqnl0246134 sshd[244422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0580 seconds
INFO    [2022-12-06 18:49:39,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.66.116', 'timestamp': 1670345379.1627686, 'message': 'Dec  6 18:49:37 hqnl0246134 sshd[244424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.66.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 18:49:41,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670345381.1647456, 'message': 'Dec  6 18:49:40 hqnl0246134 sshd[244424]: Failed password for invalid user customer from 164.92.66.116 port 51140 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:49:43,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345383.1658933, 'message': 'Dec  6 18:49:41 hqnl0246134 sshd[244422]: Failed password for root from 61.177.173.18 port 10457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-06 18:49:43,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670345383.1660962, 'message': 'Dec  6 18:49:41 hqnl0246134 sshd[244424]: Disconnected from invalid user customer 164.92.66.116 port 51140 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 18:49:43,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345383.1662118, 'message': 'Dec  6 18:49:43 hqnl0246134 sshd[244422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 18:49:45,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345385.168692, 'message': 'Dec  6 18:49:43 hqnl0246134 sshd[244437]: Invalid user jimmy from 46.101.179.127 port 45412', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 18:49:45,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345385.169139, 'message': 'Dec  6 18:49:44 hqnl0246134 sshd[244422]: Failed password for root from 61.177.173.18 port 10457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 18:49:45,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345385.1688771, 'message': 'Dec  6 18:49:43 hqnl0246134 sshd[244437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.179.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:49:45,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345385.1690183, 'message': 'Dec  6 18:49:43 hqnl0246134 sshd[244437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.179.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 18:49:47,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345387.1727831, 'message': 'Dec  6 18:49:45 hqnl0246134 sshd[244437]: Failed password for invalid user jimmy from 46.101.179.127 port 45412 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 18:49:47,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345387.1730034, 'message': 'Dec  6 18:49:46 hqnl0246134 sshd[244440]: Invalid user klaus from 110.141.212.12 port 42794', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 18:49:47,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345387.1731172, 'message': 'Dec  6 18:49:46 hqnl0246134 sshd[244440]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.141.212.12 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 18:49:47,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345387.1732652, 'message': 'Dec  6 18:49:46 hqnl0246134 sshd[244440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.141.212.12 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
WARNING [2022-12-06 18:49:48,105] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:49:48,106] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:49:49,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345389.1739924, 'message': 'Dec  6 18:49:47 hqnl0246134 sshd[244437]: Disconnected from invalid user jimmy 46.101.179.127 port 45412 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 18:49:51,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345391.176405, 'message': 'Dec  6 18:49:49 hqnl0246134 sshd[244440]: Failed password for invalid user klaus from 110.141.212.12 port 42794 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 18:49:51,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.141.212.12', 'timestamp': 1670345391.1773412, 'message': 'Dec  6 18:49:50 hqnl0246134 sshd[244440]: Disconnected from invalid user klaus 110.141.212.12 port 42794 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:49:56,713] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:49:56,782] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:49:56,783] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:49:56,783] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:49:56,784] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:49:56,784] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:49:56,803] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:49:56,842] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0559 seconds
WARNING [2022-12-06 18:49:56,855] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:49:56,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:49:56,896] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0649 seconds
INFO    [2022-12-06 18:49:56,899] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0624 seconds
INFO    [2022-12-06 18:50:07,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345407.187437, 'message': 'Dec  6 18:50:05 hqnl0246134 sshd[244465]: Invalid user ftpuser1 from 137.184.196.76 port 33404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:50:07,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345407.1890097, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244471]: Invalid user jennifer from 217.182.204.243 port 50310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 18:50:07,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345407.1877067, 'message': 'Dec  6 18:50:05 hqnl0246134 sshd[244465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 18:50:07,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345407.1891437, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.204.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 18:50:07,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345407.1894007, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244473]: Invalid user tidb from 167.172.187.120 port 57668', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-06 18:50:07,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345407.188836, 'message': 'Dec  6 18:50:05 hqnl0246134 sshd[244465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 18:50:07,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345407.1892734, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.204.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 18:50:07,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345407.1896164, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244473]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-06 18:50:07,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345407.1899254, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.189.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 18:50:07,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345407.1902895, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.121.237.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 18:50:07,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345407.189772, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 18:50:07,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345407.190127, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.189.134  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 18:50:07,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345407.1904352, 'message': 'Dec  6 18:50:06 hqnl0246134 sshd[244469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.121.237.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:50:09,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345409.1988704, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244465]: Failed password for invalid user ftpuser1 from 137.184.196.76 port 33404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0605 seconds
INFO    [2022-12-06 18:50:09,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345409.1992521, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244471]: Failed password for invalid user jennifer from 217.182.204.243 port 50310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0611 seconds
INFO    [2022-12-06 18:50:09,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345409.1993978, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244473]: Failed password for invalid user tidb from 167.172.187.120 port 57668 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-06 18:50:09,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345409.1995568, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244467]: Failed password for root from 188.166.189.134 port 48638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-06 18:50:09,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.204.243', 'timestamp': 1670345409.1996717, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244471]: Disconnected from invalid user jennifer 217.182.204.243 port 50310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 18:50:09,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345409.1997926, 'message': 'Dec  6 18:50:08 hqnl0246134 sshd[244469]: Failed password for root from 168.121.237.82 port 35008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
WARNING [2022-12-06 18:50:09,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:50:09,594] defence360agent.internals.the_sink: SensorIncidentList(<30 item(s)>) processed in 0.0459 seconds
INFO    [2022-12-06 18:50:11,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345411.1927207, 'message': 'Dec  6 18:50:09 hqnl0246134 sshd[244465]: Disconnected from invalid user ftpuser1 137.184.196.76 port 33404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 18:50:11,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345411.1930876, 'message': 'Dec  6 18:50:10 hqnl0246134 sshd[244473]: Disconnected from invalid user tidb 167.172.187.120 port 57668 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 18:50:11,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345411.193227, 'message': 'Dec  6 18:50:10 hqnl0246134 sshd[244490]: Invalid user testuser2 from 164.92.157.100 port 34426', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-06 18:50:11,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345411.1933625, 'message': 'Dec  6 18:50:11 hqnl0246134 sshd[244490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.157.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:50:11,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345411.1934688, 'message': 'Dec  6 18:50:11 hqnl0246134 sshd[244490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.157.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:50:11,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:50:11,383] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:50:11,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:50:11,406] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 18:50:13,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345413.19346, 'message': 'Dec  6 18:50:13 hqnl0246134 sshd[244490]: Failed password for invalid user testuser2 from 164.92.157.100 port 34426 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:50:15,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345415.196032, 'message': 'Dec  6 18:50:14 hqnl0246134 sshd[244490]: Disconnected from invalid user testuser2 164.92.157.100 port 34426 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 18:50:18,378] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:50:18,379] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:50:18,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:50:18,403] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 18:50:21,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345421.2029765, 'message': 'Dec  6 18:50:19 hqnl0246134 sshd[244510]: Invalid user tuxedo from 68.183.142.49 port 36264', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-06 18:50:21,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345421.2033668, 'message': 'Dec  6 18:50:19 hqnl0246134 sshd[244510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.142.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0586 seconds
INFO    [2022-12-06 18:50:21,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345421.203586, 'message': 'Dec  6 18:50:19 hqnl0246134 sshd[244510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.142.49 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-06 18:50:22,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:50:22,463] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:50:22,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:50:22,485] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 18:50:23,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345423.2042844, 'message': 'Dec  6 18:50:21 hqnl0246134 sshd[244510]: Failed password for invalid user tuxedo from 68.183.142.49 port 36264 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:50:23,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345423.2044759, 'message': 'Dec  6 18:50:21 hqnl0246134 sshd[244510]: Disconnected from invalid user tuxedo 68.183.142.49 port 36264 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:50:26,912] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:50:26,913] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:50:26,913] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 18:50:27,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345427.2087803, 'message': 'Dec  6 18:50:25 hqnl0246134 sshd[244520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 18:50:27,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345427.2091775, 'message': 'Dec  6 18:50:25 hqnl0246134 sshd[244520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 18:50:29,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345429.2103868, 'message': 'Dec  6 18:50:27 hqnl0246134 sshd[244520]: Failed password for root from 61.177.173.18 port 37618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:50:31,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345431.213197, 'message': 'Dec  6 18:50:29 hqnl0246134 sshd[244520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 18:50:33,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345433.2148633, 'message': 'Dec  6 18:50:32 hqnl0246134 sshd[244520]: Failed password for root from 61.177.173.18 port 37618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:50:35,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345435.2180402, 'message': 'Dec  6 18:50:34 hqnl0246134 sshd[244520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:50:37,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345437.221269, 'message': 'Dec  6 18:50:36 hqnl0246134 sshd[244520]: Failed password for root from 61.177.173.18 port 37618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-06 18:50:48,119] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:50:48,120] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:50:53,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345453.2424066, 'message': 'Dec  6 18:50:52 hqnl0246134 sshd[244534]: Invalid user jane from 178.128.55.198 port 60444', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 18:50:53,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345453.2428987, 'message': 'Dec  6 18:50:52 hqnl0246134 sshd[244534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 18:50:53,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345453.2490194, 'message': 'Dec  6 18:50:52 hqnl0246134 sshd[244534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:50:55,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345455.2447176, 'message': 'Dec  6 18:50:54 hqnl0246134 sshd[244536]: Invalid user git from 62.122.171.202 port 37898', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 18:50:55,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345455.2453845, 'message': 'Dec  6 18:50:54 hqnl0246134 sshd[244534]: Failed password for invalid user jane from 178.128.55.198 port 60444 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 18:50:55,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345455.2450264, 'message': 'Dec  6 18:50:54 hqnl0246134 sshd[244536]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.122.171.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:50:55,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345455.2452052, 'message': 'Dec  6 18:50:54 hqnl0246134 sshd[244536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.122.171.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:50:57,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345457.2460387, 'message': 'Dec  6 18:50:56 hqnl0246134 sshd[244536]: Failed password for invalid user git from 62.122.171.202 port 37898 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 18:50:57,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345457.2463315, 'message': 'Dec  6 18:50:56 hqnl0246134 sshd[244534]: Disconnected from invalid user jane 178.128.55.198 port 60444 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 18:50:57,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345457.2462196, 'message': 'Dec  6 18:50:56 hqnl0246134 sshd[244536]: Disconnected from invalid user git 62.122.171.202 port 37898 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 18:51:09,570] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:51:09,596] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-06 18:51:13,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345473.2704039, 'message': 'Dec  6 18:51:13 hqnl0246134 sshd[244554]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.53.228.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:51:13,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345473.2722378, 'message': 'Dec  6 18:51:13 hqnl0246134 sshd[244554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.228.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:51:15,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345475.273043, 'message': 'Dec  6 18:51:14 hqnl0246134 sshd[244556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 18:51:15,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345475.273413, 'message': 'Dec  6 18:51:14 hqnl0246134 sshd[244554]: Failed password for root from 84.53.228.192 port 54214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 18:51:15,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345475.273253, 'message': 'Dec  6 18:51:14 hqnl0246134 sshd[244556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 18:51:17,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345477.276342, 'message': 'Dec  6 18:51:16 hqnl0246134 sshd[244556]: Failed password for root from 61.177.173.18 port 10638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 18:51:17,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:51:17,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:51:17,722] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:51:17,734] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 18:51:19,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345479.2795942, 'message': 'Dec  6 18:51:18 hqnl0246134 sshd[244556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 18:51:19,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:51:19,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:51:19,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:51:19,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 18:51:21,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345481.281922, 'message': 'Dec  6 18:51:20 hqnl0246134 sshd[244556]: Failed password for root from 61.177.173.18 port 10638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 18:51:21,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345481.2821646, 'message': 'Dec  6 18:51:20 hqnl0246134 sshd[244556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 18:51:22,242] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:51:22,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:51:22,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:51:22,261] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 18:51:23,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345483.2859018, 'message': 'Dec  6 18:51:22 hqnl0246134 sshd[244556]: Failed password for root from 61.177.173.18 port 10638 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 18:51:40,100] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 18:51:40,102] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 18:51:40,991] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-06 18:51:48,124] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:51:48,125] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 18:51:53,808] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 18:52:03,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345523.3416595, 'message': 'Dec  6 18:52:02 hqnl0246134 sshd[244615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 18:52:03,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345523.3424988, 'message': 'Dec  6 18:52:02 hqnl0246134 sshd[244615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:52:05,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345525.3446753, 'message': 'Dec  6 18:52:04 hqnl0246134 sshd[244615]: Failed password for root from 61.177.173.18 port 39997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:52:05,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345525.3448937, 'message': 'Dec  6 18:52:05 hqnl0246134 sshd[244615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:52:07,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345527.3474474, 'message': 'Dec  6 18:52:07 hqnl0246134 sshd[244615]: Failed password for root from 61.177.173.18 port 39997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:52:09,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345529.3522742, 'message': 'Dec  6 18:52:07 hqnl0246134 sshd[244615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:52:09,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345529.352489, 'message': 'Dec  6 18:52:08 hqnl0246134 sshd[244615]: Failed password for root from 61.177.173.18 port 39997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-06 18:52:09,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:52:09,618] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-06 18:52:11,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345531.3564637, 'message': 'Dec  6 18:52:10 hqnl0246134 sshd[244619]: Invalid user postgres from 189.174.137.15 port 47616', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 18:52:11,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345531.3566818, 'message': 'Dec  6 18:52:10 hqnl0246134 sshd[244619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.174.137.15 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 18:52:11,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345531.3568304, 'message': 'Dec  6 18:52:10 hqnl0246134 sshd[244619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.174.137.15 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:52:13,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345533.3564813, 'message': 'Dec  6 18:52:12 hqnl0246134 sshd[244619]: Failed password for invalid user postgres from 189.174.137.15 port 47616 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 18:52:15,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345535.3598864, 'message': 'Dec  6 18:52:14 hqnl0246134 sshd[244619]: Disconnected from invalid user postgres 189.174.137.15 port 47616 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 18:52:17,895] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:52:17,895] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:52:17,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:52:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:52:20,388] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:52:20,389] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:52:20,398] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:52:20,411] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 18:52:27,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345547.3866582, 'message': 'Dec  6 18:52:25 hqnl0246134 sshd[244644]: Invalid user wj from 46.101.179.127 port 35050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 18:52:27,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345547.3870356, 'message': 'Dec  6 18:52:25 hqnl0246134 sshd[244644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.179.127 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 18:52:27,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345547.3872373, 'message': 'Dec  6 18:52:25 hqnl0246134 sshd[244644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.179.127 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 18:52:27,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345547.3874156, 'message': 'Dec  6 18:52:27 hqnl0246134 sshd[244644]: Failed password for invalid user wj from 46.101.179.127 port 35050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:52:29,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.179.127', 'timestamp': 1670345549.3865016, 'message': 'Dec  6 18:52:28 hqnl0246134 sshd[244644]: Disconnected from invalid user wj 46.101.179.127 port 35050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 18:52:29,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345549.38676, 'message': 'Dec  6 18:52:28 hqnl0246134 sshd[244646]: Invalid user csgosrv from 137.184.196.76 port 33578', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 18:52:29,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345549.386881, 'message': 'Dec  6 18:52:29 hqnl0246134 sshd[244646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.196.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:52:29,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345549.3870065, 'message': 'Dec  6 18:52:29 hqnl0246134 sshd[244646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.196.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:52:30,867] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:52:30,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:52:30,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:52:30,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 18:52:31,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345551.3893554, 'message': 'Dec  6 18:52:30 hqnl0246134 sshd[244646]: Failed password for invalid user csgosrv from 137.184.196.76 port 33578 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:52:33,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.196.76', 'timestamp': 1670345553.3916872, 'message': 'Dec  6 18:52:32 hqnl0246134 sshd[244646]: Disconnected from invalid user csgosrv 137.184.196.76 port 33578 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:52:39,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345559.4005678, 'message': 'Dec  6 18:52:38 hqnl0246134 sshd[244655]: Invalid user oracle from 60.49.207.252 port 39507', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 18:52:39,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345559.400931, 'message': 'Dec  6 18:52:38 hqnl0246134 sshd[244655]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.49.207.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:52:39,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345559.4011471, 'message': 'Dec  6 18:52:38 hqnl0246134 sshd[244655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.207.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:52:41,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345561.4020727, 'message': 'Dec  6 18:52:40 hqnl0246134 sshd[244655]: Failed password for invalid user oracle from 60.49.207.252 port 39507 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 18:52:41,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345561.4023979, 'message': 'Dec  6 18:52:40 hqnl0246134 sshd[244665]: Invalid user programacion from 167.172.187.120 port 45148', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 18:52:41,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345561.4025326, 'message': 'Dec  6 18:52:40 hqnl0246134 sshd[244665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:52:41,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345561.4026368, 'message': 'Dec  6 18:52:40 hqnl0246134 sshd[244665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 18:52:43,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345563.406221, 'message': 'Dec  6 18:52:42 hqnl0246134 sshd[244655]: Disconnected from invalid user oracle 60.49.207.252 port 39507 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-06 18:52:43,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345563.4065406, 'message': 'Dec  6 18:52:42 hqnl0246134 sshd[244665]: Failed password for invalid user programacion from 167.172.187.120 port 45148 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 18:52:43,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670345563.4067793, 'message': 'Dec  6 18:52:42 hqnl0246134 sshd[244665]: Disconnected from invalid user programacion 167.172.187.120 port 45148 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
WARNING [2022-12-06 18:52:48,130] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:52:48,130] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:52:53,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345573.421663, 'message': 'Dec  6 18:52:51 hqnl0246134 sshd[244673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 18:52:53,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345573.4219975, 'message': 'Dec  6 18:52:51 hqnl0246134 sshd[244673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 18:52:55,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345575.4246051, 'message': 'Dec  6 18:52:53 hqnl0246134 sshd[244673]: Failed password for root from 61.177.173.18 port 19993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 18:52:55,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345575.424962, 'message': 'Dec  6 18:52:53 hqnl0246134 sshd[244673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 18:52:57,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345577.4287937, 'message': 'Dec  6 18:52:56 hqnl0246134 sshd[244673]: Failed password for root from 61.177.173.18 port 19993 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:52:59,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345579.430812, 'message': 'Dec  6 18:52:58 hqnl0246134 sshd[244673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:53:01,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345581.4342105, 'message': 'Dec  6 18:53:00 hqnl0246134 sshd[244673]: Failed password for root from 61.177.173.18 port 19993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 18:53:09,594] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:53:09,631] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0461 seconds
INFO    [2022-12-06 18:53:17,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345597.4630113, 'message': 'Dec  6 18:53:17 hqnl0246134 sshd[244724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.189.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 18:53:17,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345597.4634473, 'message': 'Dec  6 18:53:17 hqnl0246134 sshd[244724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.189.134  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:53:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:53:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:53:17,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:53:17,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 18:53:20,542] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:53:20,543] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:53:20,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:53:20,566] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 18:53:21,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345601.468048, 'message': 'Dec  6 18:53:19 hqnl0246134 sshd[244724]: Failed password for root from 188.166.189.134 port 35002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 18:53:21,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345601.4684215, 'message': 'Dec  6 18:53:21 hqnl0246134 sshd[244734]: Invalid user xmail from 164.92.157.100 port 33610', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-06 18:53:21,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345601.4686584, 'message': 'Dec  6 18:53:21 hqnl0246134 sshd[244734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.157.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:53:21,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345601.468864, 'message': 'Dec  6 18:53:21 hqnl0246134 sshd[244734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.157.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 18:53:25,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345605.4856021, 'message': 'Dec  6 18:53:23 hqnl0246134 sshd[244734]: Failed password for invalid user xmail from 164.92.157.100 port 33610 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:53:25,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345605.485863, 'message': 'Dec  6 18:53:24 hqnl0246134 sshd[244734]: Disconnected from invalid user xmail 164.92.157.100 port 33610 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:53:39,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345619.5270467, 'message': 'Dec  6 18:53:38 hqnl0246134 sshd[244740]: Invalid user mary from 178.128.55.198 port 43296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 18:53:39,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345619.528263, 'message': 'Dec  6 18:53:38 hqnl0246134 sshd[244742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 18:53:39,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345619.5277903, 'message': 'Dec  6 18:53:38 hqnl0246134 sshd[244740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 18:53:39,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345619.528502, 'message': 'Dec  6 18:53:38 hqnl0246134 sshd[244742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:53:39,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345619.5280755, 'message': 'Dec  6 18:53:38 hqnl0246134 sshd[244740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 18:53:41,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345621.5305731, 'message': 'Dec  6 18:53:40 hqnl0246134 sshd[244740]: Failed password for invalid user mary from 178.128.55.198 port 43296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 18:53:41,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345621.5309567, 'message': 'Dec  6 18:53:40 hqnl0246134 sshd[244742]: Failed password for root from 61.177.173.18 port 44318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:53:41,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.55.198', 'timestamp': 1670345621.531212, 'message': 'Dec  6 18:53:40 hqnl0246134 sshd[244740]: Disconnected from invalid user mary 178.128.55.198 port 43296 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:53:41,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345621.5310957, 'message': 'Dec  6 18:53:40 hqnl0246134 sshd[244742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 18:53:43,635] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:53:43,636] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:53:43,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:53:43,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
INFO    [2022-12-06 18:53:43,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345623.6377811, 'message': 'Dec  6 18:53:43 hqnl0246134 sshd[244742]: Failed password for root from 61.177.173.18 port 44318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:53:45,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345625.5375493, 'message': 'Dec  6 18:53:45 hqnl0246134 sshd[244742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:53:47,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345627.5426693, 'message': 'Dec  6 18:53:47 hqnl0246134 sshd[244742]: Failed password for root from 61.177.173.18 port 44318 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-06 18:53:48,134] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:53:48,135] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:53:53,322] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:53:53,390] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:53:53,391] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:53:53,391] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:53:53,391] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:53:53,391] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:53:53,400] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:53:53,415] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0229 seconds
WARNING [2022-12-06 18:53:53,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:53:53,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:53:53,439] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0303 seconds
INFO    [2022-12-06 18:53:53,441] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0288 seconds
INFO    [2022-12-06 18:54:07,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345647.6348298, 'message': 'Dec  6 18:54:06 hqnl0246134 sshd[244772]: Invalid user test2 from 68.183.142.49 port 55760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:54:07,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345647.635067, 'message': 'Dec  6 18:54:06 hqnl0246134 sshd[244772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.142.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:54:07,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345647.635198, 'message': 'Dec  6 18:54:06 hqnl0246134 sshd[244772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.142.49 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-06 18:54:09,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:54:09,621] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-06 18:54:09,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345649.6370044, 'message': 'Dec  6 18:54:08 hqnl0246134 sshd[244772]: Failed password for invalid user test2 from 68.183.142.49 port 55760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:54:09,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345649.6371865, 'message': 'Dec  6 18:54:08 hqnl0246134 sshd[244772]: Disconnected from invalid user test2 68.183.142.49 port 55760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:54:13,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345653.648945, 'message': 'Dec  6 18:54:13 hqnl0246134 sshd[244782]: Invalid user steam from 84.53.228.192 port 42190', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 18:54:13,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345653.6493042, 'message': 'Dec  6 18:54:13 hqnl0246134 sshd[244782]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.53.228.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 18:54:13,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345653.6494617, 'message': 'Dec  6 18:54:13 hqnl0246134 sshd[244782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.228.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 18:54:15,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345655.6498885, 'message': 'Dec  6 18:54:15 hqnl0246134 sshd[244782]: Failed password for invalid user steam from 84.53.228.192 port 42190 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:54:17,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345657.6624947, 'message': 'Dec  6 18:54:17 hqnl0246134 sshd[244782]: Disconnected from invalid user steam 84.53.228.192 port 42190 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 18:54:17,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:54:17,837] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:54:17,844] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:54:17,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 18:54:20,455] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:54:20,456] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:54:20,463] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:54:20,475] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 18:54:23,517] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 18:54:23,518] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 18:54:23,519] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 18:54:25,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345665.690001, 'message': 'Dec  6 18:54:25 hqnl0246134 sshd[244796]: Invalid user alejandro from 164.92.157.100 port 36504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 18:54:25,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345665.6902964, 'message': 'Dec  6 18:54:25 hqnl0246134 sshd[244796]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.157.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:54:25,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345665.6904461, 'message': 'Dec  6 18:54:25 hqnl0246134 sshd[244796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.157.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 18:54:27,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345667.6927054, 'message': 'Dec  6 18:54:27 hqnl0246134 sshd[244796]: Failed password for invalid user alejandro from 164.92.157.100 port 36504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 18:54:27,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345667.6929805, 'message': 'Dec  6 18:54:27 hqnl0246134 sshd[244799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 18:54:27,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345667.6931121, 'message': 'Dec  6 18:54:27 hqnl0246134 sshd[244799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:54:29,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345669.695988, 'message': 'Dec  6 18:54:28 hqnl0246134 sshd[244796]: Disconnected from invalid user alejandro 164.92.157.100 port 36504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:54:29,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345669.6962662, 'message': 'Dec  6 18:54:29 hqnl0246134 sshd[244799]: Failed password for root from 61.177.173.18 port 21406 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 18:54:33,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345673.705738, 'message': 'Dec  6 18:54:31 hqnl0246134 sshd[244799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 18:54:33,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345673.7062557, 'message': 'Dec  6 18:54:33 hqnl0246134 sshd[244799]: Failed password for root from 61.177.173.18 port 21406 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:54:35,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345675.7194526, 'message': 'Dec  6 18:54:34 hqnl0246134 sshd[244799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 18:54:37,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345677.735922, 'message': 'Dec  6 18:54:36 hqnl0246134 sshd[244799]: Failed password for root from 61.177.173.18 port 21406 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 18:54:48,139] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:54:48,140] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:55:01,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345701.8166952, 'message': 'Dec  6 18:55:00 hqnl0246134 sshd[244815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.174.137.15 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0501 seconds
INFO    [2022-12-06 18:55:01,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345701.817199, 'message': 'Dec  6 18:55:00 hqnl0246134 sshd[244815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.174.137.15  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 18:55:03,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.174.137.15', 'timestamp': 1670345703.8195953, 'message': 'Dec  6 18:55:02 hqnl0246134 sshd[244815]: Failed password for root from 189.174.137.15 port 36540 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 18:55:06,704] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:55:06,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:55:06,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:55:06,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
WARNING [2022-12-06 18:55:09,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:55:09,645] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0522 seconds
INFO    [2022-12-06 18:55:11,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345711.828798, 'message': 'Dec  6 18:55:11 hqnl0246134 sshd[244845]: Invalid user guest from 62.122.171.202 port 38108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 18:55:11,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345711.829192, 'message': 'Dec  6 18:55:11 hqnl0246134 sshd[244845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.122.171.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:55:11,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345711.8293514, 'message': 'Dec  6 18:55:11 hqnl0246134 sshd[244845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.122.171.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 18:55:15,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345715.833668, 'message': 'Dec  6 18:55:13 hqnl0246134 sshd[244845]: Failed password for invalid user guest from 62.122.171.202 port 38108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:55:15,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.122.171.202', 'timestamp': 1670345715.8339236, 'message': 'Dec  6 18:55:14 hqnl0246134 sshd[244845]: Disconnected from invalid user guest 62.122.171.202 port 38108 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:55:17,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:55:17,909] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:55:17,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:55:17,927] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 18:55:20,622] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:55:20,622] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:55:20,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:55:20,639] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-06 18:55:23,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345723.8407824, 'message': 'Dec  6 18:55:23 hqnl0246134 sshd[244875]: Invalid user testuser from 46.101.127.204 port 56360', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 18:55:23,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345723.841071, 'message': 'Dec  6 18:55:23 hqnl0246134 sshd[244875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.127.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 18:55:25,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345725.8442633, 'message': 'Dec  6 18:55:25 hqnl0246134 sshd[244875]: Failed password for invalid user testuser from 46.101.127.204 port 56360 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 18:55:27,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345727.8454394, 'message': 'Dec  6 18:55:27 hqnl0246134 sshd[244875]: Disconnected from invalid user testuser 46.101.127.204 port 56360 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1271 seconds
INFO    [2022-12-06 18:55:29,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.223.92.101', 'timestamp': 1670345729.8466597, 'message': 'Dec  6 18:55:29 hqnl0246134 sshd[244886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.223.92.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 18:55:29,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.223.92.101', 'timestamp': 1670345729.8470492, 'message': 'Dec  6 18:55:29 hqnl0246134 sshd[244886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.223.92.101  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 18:55:31,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345731.8517318, 'message': 'Dec  6 18:55:29 hqnl0246134 sshd[244890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.157.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 18:55:31,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '102.223.92.101', 'timestamp': 1670345731.852141, 'message': 'Dec  6 18:55:31 hqnl0246134 sshd[244886]: Failed password for root from 102.223.92.101 port 62939 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 18:55:31,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345731.8520114, 'message': 'Dec  6 18:55:29 hqnl0246134 sshd[244890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.157.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:55:33,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.92.157.100', 'timestamp': 1670345733.857297, 'message': 'Dec  6 18:55:32 hqnl0246134 sshd[244890]: Failed password for root from 164.92.157.100 port 37808 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 18:55:33,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670345733.8579004, 'message': 'Dec  6 18:55:33 hqnl0246134 sshd[244892]: Invalid user gmodserver from 79.225.71.198 port 33112', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 18:55:33,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.225.71.198', 'timestamp': 1670345733.8585205, 'message': 'Dec  6 18:55:33 hqnl0246134 sshd[244892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.225.71.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 18:55:33,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.225.71.198', 'timestamp': 1670345733.8586304, 'message': 'Dec  6 18:55:33 hqnl0246134 sshd[244892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.225.71.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 18:55:35,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670345735.861976, 'message': 'Dec  6 18:55:35 hqnl0246134 sshd[244892]: Failed password for invalid user gmodserver from 79.225.71.198 port 33112 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 18:55:37,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670345737.8635604, 'message': 'Dec  6 18:55:37 hqnl0246134 sshd[244892]: Disconnected from invalid user gmodserver 79.225.71.198 port 33112 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 18:55:48,144] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:55:48,146] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:55:51,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345751.8971553, 'message': 'Dec  6 18:55:50 hqnl0246134 sshd[244905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 18:55:51,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345751.8979108, 'message': 'Dec  6 18:55:50 hqnl0246134 sshd[244905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 18:55:53,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345753.8977218, 'message': 'Dec  6 18:55:53 hqnl0246134 sshd[244905]: Failed password for root from 45.93.201.82 port 48736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:55:57,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345757.906221, 'message': 'Dec  6 18:55:56 hqnl0246134 sshd[244910]: Invalid user git from 60.49.207.252 port 29155', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 18:55:57,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345757.91314, 'message': 'Dec  6 18:55:57 hqnl0246134 sshd[244905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 18:55:57,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345757.9128006, 'message': 'Dec  6 18:55:56 hqnl0246134 sshd[244910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.49.207.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 18:55:58,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345757.9129803, 'message': 'Dec  6 18:55:56 hqnl0246134 sshd[244910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.207.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 18:55:59,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345759.9125562, 'message': 'Dec  6 18:55:58 hqnl0246134 sshd[244910]: Failed password for invalid user git from 60.49.207.252 port 29155 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 18:55:59,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345759.9128373, 'message': 'Dec  6 18:55:59 hqnl0246134 sshd[244905]: Failed password for root from 45.93.201.82 port 48736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 18:56:01,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.49.207.252', 'timestamp': 1670345761.917684, 'message': 'Dec  6 18:56:00 hqnl0246134 sshd[244910]: Disconnected from invalid user git 60.49.207.252 port 29155 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0658 seconds
INFO    [2022-12-06 18:56:01,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345761.9180126, 'message': 'Dec  6 18:56:00 hqnl0246134 sshd[244913]: Invalid user joe from 68.183.142.49 port 57926', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0659 seconds
INFO    [2022-12-06 18:56:02,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345761.9184217, 'message': 'Dec  6 18:56:00 hqnl0246134 sshd[244913]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.142.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 18:56:02,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345761.9186273, 'message': 'Dec  6 18:56:00 hqnl0246134 sshd[244913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.142.49 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 18:56:03,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345763.9184663, 'message': 'Dec  6 18:56:02 hqnl0246134 sshd[244913]: Failed password for invalid user joe from 68.183.142.49 port 57926 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 18:56:03,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345763.9187589, 'message': 'Dec  6 18:56:02 hqnl0246134 sshd[244905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 18:56:03,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345763.9186459, 'message': 'Dec  6 18:56:02 hqnl0246134 sshd[244913]: Disconnected from invalid user joe 68.183.142.49 port 57926 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 18:56:05,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670345765.9224362, 'message': 'Dec  6 18:56:04 hqnl0246134 sshd[244905]: Failed password for root from 45.93.201.82 port 48736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 18:56:09,610] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:56:09,664] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0671 seconds
INFO    [2022-12-06 18:56:09,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345769.9273481, 'message': 'Dec  6 18:56:08 hqnl0246134 sshd[244925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 18:56:09,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345769.9276495, 'message': 'Dec  6 18:56:08 hqnl0246134 sshd[244925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 18:56:11,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345771.9309075, 'message': 'Dec  6 18:56:11 hqnl0246134 sshd[244925]: Failed password for root from 61.177.173.18 port 47906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 18:56:13,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345773.9331517, 'message': 'Dec  6 18:56:13 hqnl0246134 sshd[244925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 18:56:15,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345775.9356766, 'message': 'Dec  6 18:56:15 hqnl0246134 sshd[244925]: Failed password for root from 61.177.173.18 port 47906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 18:56:15,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345775.936216, 'message': 'Dec  6 18:56:15 hqnl0246134 sshd[244925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 18:56:17,824] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:56:17,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:56:17,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:56:17,845] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:56:19,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345779.9357784, 'message': 'Dec  6 18:56:17 hqnl0246134 sshd[244925]: Failed password for root from 61.177.173.18 port 47906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 18:56:20,607] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:56:20,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:56:20,622] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:56:20,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0293 seconds
INFO    [2022-12-06 18:56:22,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:56:22,406] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:56:22,419] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:56:22,439] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0321 seconds
INFO    [2022-12-06 18:56:31,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345791.95381, 'message': 'Dec  6 18:56:30 hqnl0246134 sshd[244955]: Invalid user ems from 188.166.189.134 port 49522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 18:56:31,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345791.9541063, 'message': 'Dec  6 18:56:30 hqnl0246134 sshd[244955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.189.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:56:32,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345791.9542432, 'message': 'Dec  6 18:56:30 hqnl0246134 sshd[244955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.189.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:56:33,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345793.9534342, 'message': 'Dec  6 18:56:32 hqnl0246134 sshd[244955]: Failed password for invalid user ems from 188.166.189.134 port 49522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:56:35,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.189.134', 'timestamp': 1670345795.9573514, 'message': 'Dec  6 18:56:34 hqnl0246134 sshd[244955]: Disconnected from invalid user ems 188.166.189.134 port 49522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 18:56:48,150] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:56:48,151] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:56:50,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345809.9864793, 'message': 'Dec  6 18:56:49 hqnl0246134 sshd[244967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 18:56:50,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345809.9870555, 'message': 'Dec  6 18:56:49 hqnl0246134 sshd[244967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 18:56:52,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345811.9863195, 'message': 'Dec  6 18:56:50 hqnl0246134 sshd[244969]: Invalid user jiayu from 159.65.235.114 port 49340', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 18:56:52,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345811.9868069, 'message': 'Dec  6 18:56:50 hqnl0246134 sshd[244967]: Failed password for root from 61.177.173.18 port 54731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 18:56:52,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345811.9865248, 'message': 'Dec  6 18:56:50 hqnl0246134 sshd[244969]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 18:56:52,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345811.9869106, 'message': 'Dec  6 18:56:51 hqnl0246134 sshd[244967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 18:56:52,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345811.986668, 'message': 'Dec  6 18:56:50 hqnl0246134 sshd[244969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 18:56:54,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345813.9892113, 'message': 'Dec  6 18:56:52 hqnl0246134 sshd[244969]: Failed password for invalid user jiayu from 159.65.235.114 port 49340 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 18:56:54,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345813.9894989, 'message': 'Dec  6 18:56:53 hqnl0246134 sshd[244967]: Failed password for root from 61.177.173.18 port 54731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 18:56:54,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345813.9897296, 'message': 'Dec  6 18:56:53 hqnl0246134 sshd[244969]: Disconnected from invalid user jiayu 159.65.235.114 port 49340 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 18:56:56,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670345815.9933722, 'message': 'Dec  6 18:56:55 hqnl0246134 sshd[244972]: Invalid user atualiza from 157.245.157.93 port 44082', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 18:56:56,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345815.9935908, 'message': 'Dec  6 18:56:55 hqnl0246134 sshd[244967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-06 18:56:56,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.157.93', 'timestamp': 1670345815.99374, 'message': 'Dec  6 18:56:55 hqnl0246134 sshd[244972]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.157.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 18:56:56,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.157.93', 'timestamp': 1670345815.9938462, 'message': 'Dec  6 18:56:55 hqnl0246134 sshd[244972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.157.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 18:56:58,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345817.99739, 'message': 'Dec  6 18:56:57 hqnl0246134 sshd[244967]: Failed password for root from 61.177.173.18 port 54731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 18:56:58,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670345817.9977715, 'message': 'Dec  6 18:56:57 hqnl0246134 sshd[244972]: Failed password for invalid user atualiza from 157.245.157.93 port 44082 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 18:57:00,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670345819.9980426, 'message': 'Dec  6 18:56:59 hqnl0246134 sshd[244972]: Disconnected from invalid user atualiza 157.245.157.93 port 44082 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
WARNING [2022-12-06 18:57:09,611] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:57:09,652] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0502 seconds
INFO    [2022-12-06 18:57:14,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345834.0188737, 'message': 'Dec  6 18:57:12 hqnl0246134 sshd[245001]: Invalid user elsearch from 84.53.228.192 port 58408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 18:57:14,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345834.0192435, 'message': 'Dec  6 18:57:12 hqnl0246134 sshd[245001]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.53.228.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 18:57:14,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345834.0193965, 'message': 'Dec  6 18:57:12 hqnl0246134 sshd[245001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.53.228.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 18:57:16,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345836.0207918, 'message': 'Dec  6 18:57:14 hqnl0246134 sshd[245001]: Failed password for invalid user elsearch from 84.53.228.192 port 58408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 18:57:16,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.53.228.192', 'timestamp': 1670345836.0211065, 'message': 'Dec  6 18:57:14 hqnl0246134 sshd[245001]: Disconnected from invalid user elsearch 84.53.228.192 port 58408 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 18:57:17,942] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:57:17,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:57:17,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:57:17,962] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 18:57:20,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:57:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:57:20,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:57:20,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 18:57:42,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345862.090554, 'message': 'Dec  6 18:57:40 hqnl0246134 sshd[245019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 18:57:42,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345862.0913267, 'message': 'Dec  6 18:57:40 hqnl0246134 sshd[245019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 18:57:44,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345864.0951736, 'message': 'Dec  6 18:57:42 hqnl0246134 sshd[245019]: Failed password for root from 61.177.173.18 port 57342 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 18:57:44,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.125.217', 'timestamp': 1670345864.1010299, 'message': 'Dec  6 18:57:42 hqnl0246134 sshd[245029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.125.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 18:57:44,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.209.255', 'timestamp': 1670345864.1013155, 'message': 'Dec  6 18:57:43 hqnl0246134 sshd[245031]: Invalid user dbadmin from 168.138.209.255 port 46444', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-06 18:57:44,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.125.217', 'timestamp': 1670345864.1011834, 'message': 'Dec  6 18:57:42 hqnl0246134 sshd[245029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.125.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 18:57:44,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.138.209.255', 'timestamp': 1670345864.1014535, 'message': 'Dec  6 18:57:43 hqnl0246134 sshd[245031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.138.209.255 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 18:57:44,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.138.209.255', 'timestamp': 1670345864.1015663, 'message': 'Dec  6 18:57:43 hqnl0246134 sshd[245031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.209.255 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 18:57:46,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.125.217', 'timestamp': 1670345866.0985951, 'message': 'Dec  6 18:57:44 hqnl0246134 sshd[245029]: Failed password for root from 178.128.125.217 port 40072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 18:57:46,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345866.0988653, 'message': 'Dec  6 18:57:44 hqnl0246134 sshd[245019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-06 18:57:46,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.209.255', 'timestamp': 1670345866.0991025, 'message': 'Dec  6 18:57:45 hqnl0246134 sshd[245031]: Failed password for invalid user dbadmin from 168.138.209.255 port 46444 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-06 18:57:47,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:57:47,798] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:57:47,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:57:47,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
INFO    [2022-12-06 18:57:48,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345868.0992792, 'message': 'Dec  6 18:57:46 hqnl0246134 sshd[245019]: Failed password for root from 61.177.173.18 port 57342 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0496 seconds
WARNING [2022-12-06 18:57:48,152] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:57:48,153] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:57:48,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.209.255', 'timestamp': 1670345868.09981, 'message': 'Dec  6 18:57:47 hqnl0246134 sshd[245031]: Disconnected from invalid user dbadmin 168.138.209.255 port 46444 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 18:57:48,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345868.0995758, 'message': 'Dec  6 18:57:46 hqnl0246134 sshd[245019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 18:57:50,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345870.1016102, 'message': 'Dec  6 18:57:48 hqnl0246134 sshd[245064]: Invalid user roots from 68.183.142.49 port 60076', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 18:57:50,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345870.1021826, 'message': 'Dec  6 18:57:49 hqnl0246134 sshd[245019]: Failed password for root from 61.177.173.18 port 57342 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 18:57:50,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345870.1019044, 'message': 'Dec  6 18:57:48 hqnl0246134 sshd[245064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.142.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 18:57:50,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345870.1020699, 'message': 'Dec  6 18:57:48 hqnl0246134 sshd[245064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.142.49 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:57:52,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345872.1078858, 'message': 'Dec  6 18:57:50 hqnl0246134 sshd[245064]: Failed password for invalid user roots from 68.183.142.49 port 60076 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 18:57:52,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.142.49', 'timestamp': 1670345872.1080775, 'message': 'Dec  6 18:57:51 hqnl0246134 sshd[245064]: Disconnected from invalid user roots 68.183.142.49 port 60076 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 18:58:00,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345880.1349053, 'message': 'Dec  6 18:57:58 hqnl0246134 sshd[245069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.121.237.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 18:58:00,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345880.1351612, 'message': 'Dec  6 18:57:58 hqnl0246134 sshd[245069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.121.237.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 18:58:02,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.121.237.82', 'timestamp': 1670345882.1387138, 'message': 'Dec  6 18:58:00 hqnl0246134 sshd[245069]: Failed password for root from 168.121.237.82 port 40448 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 18:58:09,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:58:09,646] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-06 18:58:18,097] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:58:18,098] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:58:18,111] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:58:18,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
INFO    [2022-12-06 18:58:21,028] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:58:21,028] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:58:21,035] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:58:21,047] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 18:58:28,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345908.198234, 'message': 'Dec  6 18:58:27 hqnl0246134 sshd[245115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 18:58:28,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345908.1988566, 'message': 'Dec  6 18:58:27 hqnl0246134 sshd[245115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 18:58:30,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345910.198164, 'message': 'Dec  6 18:58:29 hqnl0246134 sshd[245115]: Failed password for root from 61.177.173.18 port 62942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0592 seconds
INFO    [2022-12-06 18:58:32,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345912.2005694, 'message': 'Dec  6 18:58:31 hqnl0246134 sshd[245115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 18:58:34,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345914.2044263, 'message': 'Dec  6 18:58:33 hqnl0246134 sshd[245115]: Failed password for root from 61.177.173.18 port 62942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 18:58:34,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345914.2047749, 'message': 'Dec  6 18:58:33 hqnl0246134 sshd[245115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 18:58:36,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670345916.208944, 'message': 'Dec  6 18:58:35 hqnl0246134 sshd[245115]: Failed password for root from 61.177.173.18 port 62942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 18:58:37,157] defence360agent.files: Updating all files
INFO    [2022-12-06 18:58:37,482] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:37,482] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 18:58:37,821] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:37,821] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 18:58:38,092] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:38,092] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 18:58:38,454] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:38,454] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 18:58:38,455] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 18:58:38,719] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 16:58:38 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E42C35F526ABB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 18:58:38,720] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 18:58:38,721] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 18:58:39,323] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:39,323] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 18:58:39,645] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:39,646] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 18:58:39,909] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:39,909] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 18:58:40,326] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:40,326] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 18:58:40,919] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 18:58:40,921] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 18:58:48,156] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:58:48,158] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:59:04,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345944.2899745, 'message': 'Dec  6 18:59:04 hqnl0246134 sshd[245148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.127.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 18:59:04,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345944.2903428, 'message': 'Dec  6 18:59:04 hqnl0246134 sshd[245148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.127.204  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 18:59:06,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345946.2983036, 'message': 'Dec  6 18:59:04 hqnl0246134 sshd[245150]: Invalid user meteor from 178.128.217.58 port 35820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 18:59:06,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.127.204', 'timestamp': 1670345946.2987337, 'message': 'Dec  6 18:59:06 hqnl0246134 sshd[245148]: Failed password for root from 46.101.127.204 port 56574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 18:59:06,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345946.298502, 'message': 'Dec  6 18:59:05 hqnl0246134 sshd[245150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.217.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 18:59:06,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345946.2986267, 'message': 'Dec  6 18:59:05 hqnl0246134 sshd[245150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.217.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 18:59:08,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345948.3000953, 'message': 'Dec  6 18:59:06 hqnl0246134 sshd[245150]: Failed password for invalid user meteor from 178.128.217.58 port 35820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 18:59:09,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:59:09,686] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0735 seconds
INFO    [2022-12-06 18:59:10,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:59:10,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 18:59:10,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.217.58', 'timestamp': 1670345950.3050344, 'message': 'Dec  6 18:59:09 hqnl0246134 sshd[245150]: Disconnected from invalid user meteor 178.128.217.58 port 35820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1226 seconds
WARNING [2022-12-06 18:59:10,431] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:59:10,442] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 18:59:18,017] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:59:18,018] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:59:18,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:59:18,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 18:59:20,719] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 18:59:20,719] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 18:59:20,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:59:20,746] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-06 18:59:26,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670345966.328762, 'message': 'Dec  6 18:59:24 hqnl0246134 sshd[245183]: Invalid user oracle from 59.127.158.223 port 41008', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 18:59:26,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670345966.3290484, 'message': 'Dec  6 18:59:24 hqnl0246134 sshd[245183]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:59:26,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670345966.3292377, 'message': 'Dec  6 18:59:24 hqnl0246134 sshd[245183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 18:59:26,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670345966.3294015, 'message': 'Dec  6 18:59:25 hqnl0246134 sshd[245183]: Failed password for invalid user oracle from 59.127.158.223 port 41008 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 18:59:28,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670345968.329868, 'message': 'Dec  6 18:59:26 hqnl0246134 sshd[245183]: Disconnected from invalid user oracle 59.127.158.223 port 41008 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
WARNING [2022-12-06 18:59:48,162] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 18:59:48,165] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 18:59:58,249] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 18:59:58,321] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 18:59:58,321] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 18:59:58,322] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 18:59:58,322] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 18:59:58,323] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 18:59:58,342] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 18:59:58,366] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0414 seconds
WARNING [2022-12-06 18:59:58,377] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 18:59:58,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 18:59:58,407] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0499 seconds
INFO    [2022-12-06 18:59:58,409] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0472 seconds
INFO    [2022-12-06 18:59:58,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345998.37416, 'message': 'Dec  6 18:59:57 hqnl0246134 sshd[245203]: Invalid user user from 159.65.235.114 port 38476', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 18:59:58,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345998.3744676, 'message': 'Dec  6 18:59:58 hqnl0246134 sshd[245203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 18:59:58,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670345998.3746312, 'message': 'Dec  6 18:59:58 hqnl0246134 sshd[245203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 19:00:00,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346000.375618, 'message': 'Dec  6 19:00:00 hqnl0246134 sshd[245203]: Failed password for invalid user user from 159.65.235.114 port 38476 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:00:02,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346002.3819654, 'message': 'Dec  6 19:00:01 hqnl0246134 sshd[245203]: Disconnected from invalid user user 159.65.235.114 port 38476 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1315 seconds
INFO    [2022-12-06 19:00:04,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346004.3791032, 'message': 'Dec  6 19:00:02 hqnl0246134 sshd[245205]: Invalid user test01 from 164.92.66.116 port 59396', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 19:00:04,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346004.3793523, 'message': 'Dec  6 19:00:03 hqnl0246134 sshd[245205]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.66.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 19:00:04,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346004.3795218, 'message': 'Dec  6 19:00:03 hqnl0246134 sshd[245205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.66.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 19:00:06,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346006.3822618, 'message': 'Dec  6 19:00:04 hqnl0246134 sshd[245205]: Failed password for invalid user test01 from 164.92.66.116 port 59396 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 19:00:06,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346006.3826337, 'message': 'Dec  6 19:00:05 hqnl0246134 sshd[245205]: Disconnected from invalid user test01 164.92.66.116 port 59396 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
WARNING [2022-12-06 19:00:09,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:00:09,663] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0425 seconds
INFO    [2022-12-06 19:00:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:00:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:00:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:00:17,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 19:00:22,380] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:00:22,380] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:00:22,388] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:00:22,400] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 19:00:28,449] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:00:28,450] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:00:28,451] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 19:00:42,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346042.446987, 'message': 'Dec  6 19:00:40 hqnl0246134 sshd[245274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 19:00:42,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346042.4474058, 'message': 'Dec  6 19:00:40 hqnl0246134 sshd[245274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:00:44,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346044.4495046, 'message': 'Dec  6 19:00:42 hqnl0246134 sshd[245274]: Failed password for root from 61.177.173.18 port 63955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 19:00:46,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346046.4505641, 'message': 'Dec  6 19:00:44 hqnl0246134 sshd[245274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 19:00:48,171] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:00:48,172] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:00:48,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346048.452604, 'message': 'Dec  6 19:00:46 hqnl0246134 sshd[245274]: Failed password for root from 61.177.173.18 port 63955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 19:00:48,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346048.452913, 'message': 'Dec  6 19:00:47 hqnl0246134 sshd[245274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 19:00:50,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346050.4581342, 'message': 'Dec  6 19:00:49 hqnl0246134 sshd[245274]: Failed password for root from 61.177.173.18 port 63955 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:00:56,021] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:00:56,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:00:56,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:00:56,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-06 19:01:09,632] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:01:09,657] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-06 19:01:18,393] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:01:18,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:01:18,402] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:01:18,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 19:01:21,363] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:01:21,363] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:01:21,370] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:01:21,382] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 19:01:28,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346088.4993286, 'message': 'Dec  6 19:01:28 hqnl0246134 sshd[245326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:01:28,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346088.4997113, 'message': 'Dec  6 19:01:28 hqnl0246134 sshd[245326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:01:30,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346090.503752, 'message': 'Dec  6 19:01:30 hqnl0246134 sshd[245326]: Failed password for root from 61.177.173.18 port 44189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:01:32,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346092.5067582, 'message': 'Dec  6 19:01:30 hqnl0246134 sshd[245326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:01:32,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346092.5070343, 'message': 'Dec  6 19:01:32 hqnl0246134 sshd[245326]: Failed password for root from 61.177.173.18 port 44189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:01:34,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346094.5102222, 'message': 'Dec  6 19:01:32 hqnl0246134 sshd[245326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:01:36,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346096.5154657, 'message': 'Dec  6 19:01:34 hqnl0246134 sshd[245326]: Failed password for root from 61.177.173.18 port 44189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 19:01:44,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346104.5236645, 'message': 'Dec  6 19:01:42 hqnl0246134 sshd[245340]: Invalid user customer from 102.223.92.101 port 27780', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 19:01:44,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346104.524309, 'message': 'Dec  6 19:01:42 hqnl0246134 sshd[245340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.223.92.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:01:44,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346104.5244696, 'message': 'Dec  6 19:01:42 hqnl0246134 sshd[245340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.223.92.101 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:01:44,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346104.524599, 'message': 'Dec  6 19:01:44 hqnl0246134 sshd[245340]: Failed password for invalid user customer from 102.223.92.101 port 27780 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:01:46,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346106.525696, 'message': 'Dec  6 19:01:44 hqnl0246134 sshd[245340]: Disconnected from invalid user customer 102.223.92.101 port 27780 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-06 19:01:48,175] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:01:48,176] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:01:50,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346110.5297332, 'message': 'Dec  6 19:01:48 hqnl0246134 sshd[245342]: Invalid user auditor from 46.101.127.204 port 56744', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:01:50,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346110.5299776, 'message': 'Dec  6 19:01:48 hqnl0246134 sshd[245342]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.127.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:01:50,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346110.5300918, 'message': 'Dec  6 19:01:48 hqnl0246134 sshd[245342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.127.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 19:01:52,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346112.5327764, 'message': 'Dec  6 19:01:50 hqnl0246134 sshd[245342]: Failed password for invalid user auditor from 46.101.127.204 port 56744 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:01:52,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346112.5330768, 'message': 'Dec  6 19:01:51 hqnl0246134 sshd[245342]: Disconnected from invalid user auditor 46.101.127.204 port 56744 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 19:01:53,811] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:01:54,069] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:01:54,070] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:01:54,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:01:54,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-06 19:02:09,650] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:02:09,676] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0349 seconds
INFO    [2022-12-06 19:02:14,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346134.5705495, 'message': 'Dec  6 19:02:14 hqnl0246134 sshd[245377]: Invalid user admin from 79.225.71.198 port 42240', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 19:02:14,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346134.5711458, 'message': 'Dec  6 19:02:14 hqnl0246134 sshd[245377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.225.71.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:02:14,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346134.5714068, 'message': 'Dec  6 19:02:14 hqnl0246134 sshd[245377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.225.71.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 19:02:16,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346136.5700123, 'message': 'Dec  6 19:02:15 hqnl0246134 sshd[245380]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 19:02:16,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346136.57039, 'message': 'Dec  6 19:02:16 hqnl0246134 sshd[245377]: Failed password for invalid user admin from 79.225.71.198 port 42240 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 19:02:16,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346136.5705316, 'message': 'Dec  6 19:02:16 hqnl0246134 sshd[245382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.217.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 19:02:16,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346136.5702546, 'message': 'Dec  6 19:02:15 hqnl0246134 sshd[245380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 19:02:16,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346136.570689, 'message': 'Dec  6 19:02:16 hqnl0246134 sshd[245382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.217.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 19:02:17,968] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:02:17,968] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:02:17,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:02:17,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 19:02:18,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346138.5724208, 'message': 'Dec  6 19:02:16 hqnl0246134 sshd[245377]: Disconnected from invalid user admin 79.225.71.198 port 42240 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 19:02:18,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346138.5726159, 'message': 'Dec  6 19:02:17 hqnl0246134 sshd[245380]: Failed password for root from 61.177.173.18 port 17745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 19:02:20,499] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:02:20,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:02:20,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:02:20,518] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 19:02:20,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346140.573861, 'message': 'Dec  6 19:02:18 hqnl0246134 sshd[245382]: Failed password for root from 178.128.217.58 port 52200 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 19:02:20,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346140.5741096, 'message': 'Dec  6 19:02:19 hqnl0246134 sshd[245380]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 19:02:22,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346142.5768495, 'message': 'Dec  6 19:02:21 hqnl0246134 sshd[245380]: Failed password for root from 61.177.173.18 port 17745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:02:24,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346144.5775075, 'message': 'Dec  6 19:02:23 hqnl0246134 sshd[245380]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 19:02:26,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346146.58198, 'message': 'Dec  6 19:02:26 hqnl0246134 sshd[245380]: Failed password for root from 61.177.173.18 port 17745 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 19:02:48,178] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:02:48,179] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:02:48,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346168.622999, 'message': 'Dec  6 19:02:47 hqnl0246134 sshd[245430]: Invalid user testuser from 164.92.66.116 port 48308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 19:02:48,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346168.6235666, 'message': 'Dec  6 19:02:47 hqnl0246134 sshd[245430]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.66.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:02:48,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346168.6237507, 'message': 'Dec  6 19:02:47 hqnl0246134 sshd[245430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.66.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:02:50,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346170.6256504, 'message': 'Dec  6 19:02:49 hqnl0246134 sshd[245430]: Failed password for invalid user testuser from 164.92.66.116 port 48308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:02:50,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346170.6258512, 'message': 'Dec  6 19:02:49 hqnl0246134 sshd[245430]: Disconnected from invalid user testuser 164.92.66.116 port 48308 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:02:54,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346174.628776, 'message': 'Dec  6 19:02:53 hqnl0246134 sshd[245432]: Invalid user mukesh from 159.65.235.114 port 55854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 19:02:54,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346174.6290984, 'message': 'Dec  6 19:02:53 hqnl0246134 sshd[245432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 19:02:54,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346174.6292822, 'message': 'Dec  6 19:02:53 hqnl0246134 sshd[245432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 19:02:56,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346176.6322207, 'message': 'Dec  6 19:02:55 hqnl0246134 sshd[245432]: Failed password for invalid user mukesh from 159.65.235.114 port 55854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:02:58,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670346178.6334803, 'message': 'Dec  6 19:02:57 hqnl0246134 sshd[245432]: Disconnected from invalid user mukesh 159.65.235.114 port 55854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 19:03:06,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346186.6432812, 'message': 'Dec  6 19:03:04 hqnl0246134 sshd[245447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 19:03:06,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346186.6437333, 'message': 'Dec  6 19:03:04 hqnl0246134 sshd[245447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:03:08,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346188.6446598, 'message': 'Dec  6 19:03:06 hqnl0246134 sshd[245447]: Failed password for root from 61.177.173.18 port 53750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 19:03:09,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:03:09,683] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 19:03:10,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346190.6456351, 'message': 'Dec  6 19:03:09 hqnl0246134 sshd[245447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 19:03:12,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346192.6490767, 'message': 'Dec  6 19:03:11 hqnl0246134 sshd[245447]: Failed password for root from 61.177.173.18 port 53750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 19:03:14,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346194.6510353, 'message': 'Dec  6 19:03:13 hqnl0246134 sshd[245447]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:03:16,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346196.6529272, 'message': 'Dec  6 19:03:15 hqnl0246134 sshd[245447]: Failed password for root from 61.177.173.18 port 53750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:03:17,978] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:03:17,978] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:03:17,986] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:03:17,997] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 19:03:20,588] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:03:20,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:03:20,597] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:03:20,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 19:03:22,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346202.6702683, 'message': 'Dec  6 19:03:21 hqnl0246134 sshd[245472]: Invalid user oradev from 206.42.33.143 port 49033', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 19:03:22,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346202.6705155, 'message': 'Dec  6 19:03:21 hqnl0246134 sshd[245472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.42.33.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:03:22,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346202.6729157, 'message': 'Dec  6 19:03:21 hqnl0246134 sshd[245472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.42.33.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 19:03:24,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346204.672524, 'message': 'Dec  6 19:03:24 hqnl0246134 sshd[245472]: Failed password for invalid user oradev from 206.42.33.143 port 49033 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:03:26,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346206.6735654, 'message': 'Dec  6 19:03:25 hqnl0246134 sshd[245472]: Disconnected from invalid user oradev 206.42.33.143 port 49033 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 19:03:27,723] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:03:27,723] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:03:27,730] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:03:27,742] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 19:03:30,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346210.7733002, 'message': 'Dec  6 19:03:28 hqnl0246134 sshd[245479]: Invalid user oracle from 168.121.237.82 port 59844', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:03:30,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346210.7734866, 'message': 'Dec  6 19:03:29 hqnl0246134 sshd[245479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.121.237.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:03:30,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346210.7735937, 'message': 'Dec  6 19:03:29 hqnl0246134 sshd[245479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.121.237.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:03:32,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346212.6871572, 'message': 'Dec  6 19:03:31 hqnl0246134 sshd[245479]: Failed password for invalid user oracle from 168.121.237.82 port 59844 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 19:03:32,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346212.6873991, 'message': 'Dec  6 19:03:32 hqnl0246134 sshd[245479]: Disconnected from invalid user oracle 168.121.237.82 port 59844 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 19:03:48,182] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:03:48,184] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:03:52,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346232.7326245, 'message': 'Dec  6 19:03:52 hqnl0246134 sshd[245493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 19:03:52,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346232.7352781, 'message': 'Dec  6 19:03:52 hqnl0246134 sshd[245493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 19:03:56,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346236.7413688, 'message': 'Dec  6 19:03:55 hqnl0246134 sshd[245493]: Failed password for root from 61.177.173.18 port 27564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 19:03:58,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346238.7441804, 'message': 'Dec  6 19:03:56 hqnl0246134 sshd[245493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 19:03:58,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346238.7446153, 'message': 'Dec  6 19:03:58 hqnl0246134 sshd[245493]: Failed password for root from 61.177.173.18 port 27564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 19:04:00,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346240.747363, 'message': 'Dec  6 19:03:59 hqnl0246134 sshd[245493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:04:02,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346242.7505198, 'message': 'Dec  6 19:04:01 hqnl0246134 sshd[245493]: Failed password for root from 61.177.173.18 port 27564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
WARNING [2022-12-06 19:04:10,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:04:10,316] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.6629 seconds
INFO    [2022-12-06 19:04:17,948] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:04:17,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:04:17,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:04:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 19:04:20,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:04:20,832] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:04:20,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:04:20,907] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0577 seconds
INFO    [2022-12-06 19:04:30,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346270.8002312, 'message': 'Dec  6 19:04:30 hqnl0246134 sshd[245530]: Invalid user admin from 46.101.127.204 port 56914', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 19:04:30,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346270.8004947, 'message': 'Dec  6 19:04:30 hqnl0246134 sshd[245530]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.127.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 19:04:30,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346270.8013847, 'message': 'Dec  6 19:04:30 hqnl0246134 sshd[245530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.127.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1432 seconds
INFO    [2022-12-06 19:04:34,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346274.8047411, 'message': 'Dec  6 19:04:32 hqnl0246134 sshd[245530]: Failed password for invalid user admin from 46.101.127.204 port 56914 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 19:04:34,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.127.204', 'timestamp': 1670346274.8049946, 'message': 'Dec  6 19:04:34 hqnl0246134 sshd[245530]: Disconnected from invalid user admin 46.101.127.204 port 56914 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 19:04:36,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346276.8062398, 'message': 'Dec  6 19:04:36 hqnl0246134 sshd[245535]: Invalid user frank from 59.127.158.223 port 48622', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 19:04:36,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346276.806433, 'message': 'Dec  6 19:04:36 hqnl0246134 sshd[245535]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 19:04:36,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346276.807236, 'message': 'Dec  6 19:04:36 hqnl0246134 sshd[245535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 19:04:37,299] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:04:37,299] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:04:37,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:04:37,316] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 19:04:38,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346278.808628, 'message': 'Dec  6 19:04:37 hqnl0246134 sshd[245535]: Failed password for invalid user frank from 59.127.158.223 port 48622 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:04:38,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346278.80884, 'message': 'Dec  6 19:04:38 hqnl0246134 sshd[245535]: Disconnected from invalid user frank 59.127.158.223 port 48622 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:04:40,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346280.8162532, 'message': 'Dec  6 19:04:39 hqnl0246134 sshd[245542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 19:04:40,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346280.8166249, 'message': 'Dec  6 19:04:39 hqnl0246134 sshd[245542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 19:04:42,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346282.8178782, 'message': 'Dec  6 19:04:41 hqnl0246134 sshd[245542]: Failed password for root from 61.177.173.18 port 53663 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 19:04:44,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346284.8211296, 'message': 'Dec  6 19:04:44 hqnl0246134 sshd[245542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:04:46,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346286.8230698, 'message': 'Dec  6 19:04:45 hqnl0246134 sshd[245542]: Failed password for root from 61.177.173.18 port 53663 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 19:04:46,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346286.823321, 'message': 'Dec  6 19:04:46 hqnl0246134 sshd[245542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
WARNING [2022-12-06 19:04:48,189] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:04:48,189] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:04:48,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346288.825549, 'message': 'Dec  6 19:04:48 hqnl0246134 sshd[245542]: Failed password for root from 61.177.173.18 port 53663 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:05:06,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346306.8600256, 'message': 'Dec  6 19:05:05 hqnl0246134 sshd[245578]: Invalid user test01 from 102.223.92.101 port 30662', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 19:05:06,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346306.8606298, 'message': 'Dec  6 19:05:05 hqnl0246134 sshd[245578]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.223.92.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:05:06,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346306.8608105, 'message': 'Dec  6 19:05:05 hqnl0246134 sshd[245578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.223.92.101 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 19:05:08,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346308.862038, 'message': 'Dec  6 19:05:07 hqnl0246134 sshd[245578]: Failed password for invalid user test01 from 102.223.92.101 port 30662 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 19:05:08,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346308.8624415, 'message': 'Dec  6 19:05:07 hqnl0246134 sshd[245578]: Disconnected from invalid user test01 102.223.92.101 port 30662 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 19:05:09,664] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:05:09,689] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-06 19:05:17,972] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:05:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:05:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:05:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-06 19:05:20,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:05:20,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:05:20,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:05:20,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 19:05:26,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346326.8933713, 'message': 'Dec  6 19:05:25 hqnl0246134 sshd[245613]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.217.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:05:26,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346326.8936942, 'message': 'Dec  6 19:05:25 hqnl0246134 sshd[245613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.217.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:05:28,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.217.58', 'timestamp': 1670346328.895895, 'message': 'Dec  6 19:05:27 hqnl0246134 sshd[245613]: Failed password for root from 178.128.217.58 port 40350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-06 19:05:28,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346328.8972847, 'message': 'Dec  6 19:05:28 hqnl0246134 sshd[245618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-06 19:05:28,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346328.897495, 'message': 'Dec  6 19:05:28 hqnl0246134 sshd[245618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 19:05:30,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346330.8981848, 'message': 'Dec  6 19:05:29 hqnl0246134 sshd[245622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.66.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 19:05:30,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346330.8985922, 'message': 'Dec  6 19:05:29 hqnl0246134 sshd[245618]: Failed password for root from 61.177.173.18 port 43667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 19:05:30,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346330.8984427, 'message': 'Dec  6 19:05:29 hqnl0246134 sshd[245622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.66.116  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 19:05:30,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346330.898698, 'message': 'Dec  6 19:05:30 hqnl0246134 sshd[245618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 19:05:32,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.92.66.116', 'timestamp': 1670346332.9010305, 'message': 'Dec  6 19:05:31 hqnl0246134 sshd[245622]: Failed password for root from 164.92.66.116 port 37230 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-06 19:05:32,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346332.9019072, 'message': 'Dec  6 19:05:31 hqnl0246134 sshd[245618]: Failed password for root from 61.177.173.18 port 43667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 19:05:32,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346332.9020832, 'message': 'Dec  6 19:05:32 hqnl0246134 sshd[245618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:05:34,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346334.9068794, 'message': 'Dec  6 19:05:34 hqnl0246134 sshd[245618]: Failed password for root from 61.177.173.18 port 43667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:05:36,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346336.9144185, 'message': 'Dec  6 19:05:36 hqnl0246134 sshd[245626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.42.33.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:05:36,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346336.914929, 'message': 'Dec  6 19:05:36 hqnl0246134 sshd[245626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.42.33.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:05:38,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346338.9170468, 'message': 'Dec  6 19:05:38 hqnl0246134 sshd[245626]: Failed password for root from 206.42.33.143 port 36298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 19:05:43,203] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:05:43,203] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:05:43,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:05:43,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-06 19:05:48,193] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:05:48,195] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:06:09,671] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:06:09,700] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0377 seconds
INFO    [2022-12-06 19:06:15,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346374.9893672, 'message': 'Dec  6 19:06:13 hqnl0246134 sshd[245665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 19:06:15,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346374.9900184, 'message': 'Dec  6 19:06:13 hqnl0246134 sshd[245665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:06:17,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346376.9924479, 'message': 'Dec  6 19:06:15 hqnl0246134 sshd[245665]: Failed password for root from 61.177.173.18 port 63626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:06:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:06:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:06:17,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:06:17,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 19:06:19,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346378.9988508, 'message': 'Dec  6 19:06:17 hqnl0246134 sshd[245665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:06:20,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:06:20,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:06:20,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:06:20,606] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 19:06:21,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346381.0049658, 'message': 'Dec  6 19:06:19 hqnl0246134 sshd[245665]: Failed password for root from 61.177.173.18 port 63626 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.1181 seconds
INFO    [2022-12-06 19:06:21,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346381.005168, 'message': 'Dec  6 19:06:20 hqnl0246134 sshd[245665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 19:06:23,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346383.0076127, 'message': 'Dec  6 19:06:22 hqnl0246134 sshd[245665]: Failed password for root from 61.177.173.18 port 63626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:06:33,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346393.0259058, 'message': 'Dec  6 19:06:31 hqnl0246134 sshd[245713]: Invalid user user from 59.127.158.223 port 50958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:06:33,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346393.0261245, 'message': 'Dec  6 19:06:31 hqnl0246134 sshd[245713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 19:06:33,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346393.0262818, 'message': 'Dec  6 19:06:31 hqnl0246134 sshd[245713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 19:06:35,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346395.0284283, 'message': 'Dec  6 19:06:33 hqnl0246134 sshd[245713]: Failed password for invalid user user from 59.127.158.223 port 50958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:06:35,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346395.02863, 'message': 'Dec  6 19:06:33 hqnl0246134 sshd[245713]: Disconnected from invalid user user 59.127.158.223 port 50958 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 19:06:48,198] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:06:48,199] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:07:03,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346423.095172, 'message': 'Dec  6 19:07:02 hqnl0246134 sshd[245736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 19:07:03,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346423.0955606, 'message': 'Dec  6 19:07:02 hqnl0246134 sshd[245736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 19:07:05,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346425.0973198, 'message': 'Dec  6 19:07:04 hqnl0246134 sshd[245736]: Failed password for root from 61.177.173.18 port 54116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:07:09,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346429.1071725, 'message': 'Dec  6 19:07:07 hqnl0246134 sshd[245736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 19:07:09,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:07:09,702] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-06 19:07:09,883] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:07:09,956] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:07:09,957] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:07:09,958] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:07:09,958] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:07:09,958] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:07:09,967] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:07:09,982] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0232 seconds
WARNING [2022-12-06 19:07:09,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:07:09,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:07:10,007] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0301 seconds
INFO    [2022-12-06 19:07:10,009] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0285 seconds
INFO    [2022-12-06 19:07:11,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346431.1143398, 'message': 'Dec  6 19:07:09 hqnl0246134 sshd[245736]: Failed password for root from 61.177.173.18 port 54116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:07:13,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346433.12019, 'message': 'Dec  6 19:07:11 hqnl0246134 sshd[245736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 19:07:15,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346435.1284745, 'message': 'Dec  6 19:07:13 hqnl0246134 sshd[245736]: Failed password for root from 61.177.173.18 port 54116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 19:07:17,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:07:17,914] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:07:17,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:07:17,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 19:07:20,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:07:20,606] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:07:20,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:07:20,625] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 19:07:40,086] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:07:40,086] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:07:40,087] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 19:07:48,202] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:07:48,203] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:07:49,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346469.197436, 'message': 'Dec  6 19:07:47 hqnl0246134 sshd[245782]: Invalid user maint from 206.42.33.143 port 51235', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 19:07:49,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346469.2050602, 'message': 'Dec  6 19:07:47 hqnl0246134 sshd[245782]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.42.33.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:07:49,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346469.2052367, 'message': 'Dec  6 19:07:47 hqnl0246134 sshd[245782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.42.33.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:07:51,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346471.2019138, 'message': 'Dec  6 19:07:49 hqnl0246134 sshd[245782]: Failed password for invalid user maint from 206.42.33.143 port 51235 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 19:07:51,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346471.2021441, 'message': 'Dec  6 19:07:49 hqnl0246134 sshd[245784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 19:07:51,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346471.202293, 'message': 'Dec  6 19:07:49 hqnl0246134 sshd[245782]: Disconnected from invalid user maint 206.42.33.143 port 51235 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 19:07:51,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346471.2024724, 'message': 'Dec  6 19:07:49 hqnl0246134 sshd[245784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 19:07:52,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:07:52,644] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:07:52,651] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:07:52,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 19:07:53,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346473.204213, 'message': 'Dec  6 19:07:51 hqnl0246134 sshd[245784]: Failed password for root from 61.177.173.18 port 33834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:07:53,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346473.2044241, 'message': 'Dec  6 19:07:52 hqnl0246134 sshd[245784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 19:07:55,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346475.204964, 'message': 'Dec  6 19:07:53 hqnl0246134 sshd[245784]: Failed password for root from 61.177.173.18 port 33834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 19:07:55,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346475.2052505, 'message': 'Dec  6 19:07:54 hqnl0246134 sshd[245784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 19:07:57,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346477.2067215, 'message': 'Dec  6 19:07:56 hqnl0246134 sshd[245784]: Failed password for root from 61.177.173.18 port 33834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:08:05,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346485.2152395, 'message': 'Dec  6 19:08:04 hqnl0246134 sshd[245795]: Invalid user chrome from 79.225.71.198 port 32792', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 19:08:05,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346485.21546, 'message': 'Dec  6 19:08:04 hqnl0246134 sshd[245795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.225.71.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:08:05,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346485.2156236, 'message': 'Dec  6 19:08:04 hqnl0246134 sshd[245795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.225.71.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:08:07,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346487.2173502, 'message': 'Dec  6 19:08:06 hqnl0246134 sshd[245795]: Failed password for invalid user chrome from 79.225.71.198 port 32792 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:08:09,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346489.2200942, 'message': 'Dec  6 19:08:08 hqnl0246134 sshd[245795]: Disconnected from invalid user chrome 79.225.71.198 port 32792 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0408 seconds
WARNING [2022-12-06 19:08:09,677] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:08:09,705] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0351 seconds
INFO    [2022-12-06 19:08:17,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:08:17,868] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:08:17,887] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:08:17,910] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0405 seconds
INFO    [2022-12-06 19:08:20,427] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:08:20,428] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:08:20,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:08:20,449] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 19:08:25,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346505.2462761, 'message': 'Dec  6 19:08:24 hqnl0246134 sshd[245831]: Invalid user testuser from 157.245.157.93 port 33290', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 19:08:25,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346505.2467458, 'message': 'Dec  6 19:08:25 hqnl0246134 sshd[245831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.157.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:08:25,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346505.247024, 'message': 'Dec  6 19:08:25 hqnl0246134 sshd[245831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.157.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:08:29,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346509.2537217, 'message': 'Dec  6 19:08:27 hqnl0246134 sshd[245831]: Failed password for invalid user testuser from 157.245.157.93 port 33290 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:08:31,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346511.2576168, 'message': 'Dec  6 19:08:29 hqnl0246134 sshd[245831]: Disconnected from invalid user testuser 157.245.157.93 port 33290 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 19:08:31,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346511.2582505, 'message': 'Dec  6 19:08:30 hqnl0246134 sshd[245833]: Invalid user testuser from 102.223.92.101 port 12923', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 19:08:31,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346511.2589874, 'message': 'Dec  6 19:08:31 hqnl0246134 sshd[245833]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.223.92.101 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 19:08:31,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346511.259177, 'message': 'Dec  6 19:08:31 hqnl0246134 sshd[245833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.223.92.101 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 19:08:33,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346513.2627506, 'message': 'Dec  6 19:08:33 hqnl0246134 sshd[245833]: Failed password for invalid user testuser from 102.223.92.101 port 12923 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:08:35,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.223.92.101', 'timestamp': 1670346515.2680163, 'message': 'Dec  6 19:08:33 hqnl0246134 sshd[245833]: Disconnected from invalid user testuser 102.223.92.101 port 12923 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 19:08:35,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346515.2684693, 'message': 'Dec  6 19:08:34 hqnl0246134 sshd[245835]: Invalid user tester from 59.127.158.223 port 53318', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 19:08:35,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346515.2687244, 'message': 'Dec  6 19:08:34 hqnl0246134 sshd[245835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 19:08:35,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346515.26958, 'message': 'Dec  6 19:08:34 hqnl0246134 sshd[245835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 19:08:37,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346517.2714992, 'message': 'Dec  6 19:08:36 hqnl0246134 sshd[245835]: Failed password for invalid user tester from 59.127.158.223 port 53318 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 19:08:37,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346517.2717059, 'message': 'Dec  6 19:08:37 hqnl0246134 sshd[245838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 19:08:37,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346517.2721183, 'message': 'Dec  6 19:08:37 hqnl0246134 sshd[245838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 19:08:39,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670346519.2744188, 'message': 'Dec  6 19:08:37 hqnl0246134 sshd[245835]: Disconnected from invalid user tester 59.127.158.223 port 53318 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:08:41,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346521.2769537, 'message': 'Dec  6 19:08:39 hqnl0246134 sshd[245838]: Failed password for root from 61.177.173.18 port 56453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 19:08:43,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346523.281233, 'message': 'Dec  6 19:08:41 hqnl0246134 sshd[245838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:08:45,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346525.2847943, 'message': 'Dec  6 19:08:43 hqnl0246134 sshd[245838]: Failed password for root from 61.177.173.18 port 56453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 19:08:45,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346525.28578, 'message': 'Dec  6 19:08:43 hqnl0246134 sshd[245838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 19:08:47,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346527.2868016, 'message': 'Dec  6 19:08:45 hqnl0246134 sshd[245838]: Failed password for root from 61.177.173.18 port 56453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 19:08:48,205] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:08:48,206] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:08:53,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346533.3058014, 'message': 'Dec  6 19:08:53 hqnl0246134 sshd[245851]: Invalid user git from 168.121.237.82 port 50870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 19:08:53,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346533.3060875, 'message': 'Dec  6 19:08:53 hqnl0246134 sshd[245851]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.121.237.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 19:08:53,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346533.3073487, 'message': 'Dec  6 19:08:53 hqnl0246134 sshd[245851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.121.237.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:08:55,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346535.3124118, 'message': 'Dec  6 19:08:55 hqnl0246134 sshd[245851]: Failed password for invalid user git from 168.121.237.82 port 50870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:08:57,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.121.237.82', 'timestamp': 1670346537.3156443, 'message': 'Dec  6 19:08:55 hqnl0246134 sshd[245851]: Disconnected from invalid user git 168.121.237.82 port 50870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-06 19:09:09,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:09:09,718] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0441 seconds
INFO    [2022-12-06 19:09:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:09:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:09:17,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:09:17,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 19:09:21,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:09:21,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:09:21,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:09:21,073] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
INFO    [2022-12-06 19:09:27,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346567.3728933, 'message': 'Dec  6 19:09:25 hqnl0246134 sshd[246008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 19:09:27,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346567.3732884, 'message': 'Dec  6 19:09:25 hqnl0246134 sshd[246008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 19:09:29,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346569.3781276, 'message': 'Dec  6 19:09:28 hqnl0246134 sshd[246008]: Failed password for root from 61.177.173.18 port 38651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 19:09:31,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346571.3807297, 'message': 'Dec  6 19:09:30 hqnl0246134 sshd[246008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 19:09:33,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346573.3838704, 'message': 'Dec  6 19:09:32 hqnl0246134 sshd[246008]: Failed password for root from 61.177.173.18 port 38651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 19:09:35,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346575.3867397, 'message': 'Dec  6 19:09:34 hqnl0246134 sshd[246008]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 19:09:37,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346577.3904004, 'message': 'Dec  6 19:09:36 hqnl0246134 sshd[246008]: Failed password for root from 61.177.173.18 port 38651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:09:41,419] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:09:41,420] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:09:41,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:09:41,440] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-06 19:09:48,208] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:09:48,210] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:09:59,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346599.4288125, 'message': 'Dec  6 19:09:58 hqnl0246134 sshd[246027]: Invalid user deploy from 206.42.33.143 port 37942', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 19:09:59,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346599.4293797, 'message': 'Dec  6 19:09:58 hqnl0246134 sshd[246027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.42.33.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:09:59,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346599.4295666, 'message': 'Dec  6 19:09:58 hqnl0246134 sshd[246027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.42.33.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:10:01,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346601.438405, 'message': 'Dec  6 19:09:59 hqnl0246134 sshd[246027]: Failed password for invalid user deploy from 206.42.33.143 port 37942 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:10:01,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.42.33.143', 'timestamp': 1670346601.4387207, 'message': 'Dec  6 19:10:00 hqnl0246134 sshd[246027]: Disconnected from invalid user deploy 206.42.33.143 port 37942 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
WARNING [2022-12-06 19:10:09,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:10:09,713] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-06 19:10:13,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346613.4627647, 'message': 'Dec  6 19:10:12 hqnl0246134 sshd[246052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 19:10:13,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346613.4630532, 'message': 'Dec  6 19:10:12 hqnl0246134 sshd[246052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 19:10:15,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346615.4646041, 'message': 'Dec  6 19:10:14 hqnl0246134 sshd[246052]: Failed password for root from 61.177.173.18 port 10741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 19:10:15,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346615.465025, 'message': 'Dec  6 19:10:14 hqnl0246134 sshd[246052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 19:10:17,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346617.4657152, 'message': 'Dec  6 19:10:17 hqnl0246134 sshd[246052]: Failed password for root from 61.177.173.18 port 10741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0725 seconds
INFO    [2022-12-06 19:10:19,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346619.4687881, 'message': 'Dec  6 19:10:19 hqnl0246134 sshd[246052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 19:10:20,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:10:20,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:10:20,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:10:20,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 19:10:22,822] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:10:22,823] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:10:22,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:10:22,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 19:10:23,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346623.4749608, 'message': 'Dec  6 19:10:21 hqnl0246134 sshd[246052]: Failed password for root from 61.177.173.18 port 10741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 19:10:25,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670346625.4788613, 'message': 'Dec  6 19:10:24 hqnl0246134 sshd[246087]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 19:10:25,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670346625.4791586, 'message': 'Dec  6 19:10:24 hqnl0246134 sshd[246087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:10:27,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.123', 'timestamp': 1670346627.4807372, 'message': 'Dec  6 19:10:26 hqnl0246134 sshd[246087]: Failed password for root from 152.89.196.123 port 42194 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
WARNING [2022-12-06 19:10:48,214] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:10:48,216] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:11:01,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346661.5323024, 'message': 'Dec  6 19:11:00 hqnl0246134 sshd[246103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 19:11:01,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346661.5331745, 'message': 'Dec  6 19:11:00 hqnl0246134 sshd[246103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:11:01,748] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:11:01,817] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:11:01,818] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:11:01,819] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:11:01,819] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:11:01,819] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:11:01,831] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:11:01,849] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-06 19:11:01,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:11:01,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:11:01,881] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0380 seconds
INFO    [2022-12-06 19:11:01,883] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0368 seconds
INFO    [2022-12-06 19:11:03,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346663.5353065, 'message': 'Dec  6 19:11:01 hqnl0246134 sshd[246103]: Failed password for root from 61.177.173.18 port 49828 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 19:11:03,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346663.5355594, 'message': 'Dec  6 19:11:02 hqnl0246134 sshd[246103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 19:11:05,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346665.5378358, 'message': 'Dec  6 19:11:04 hqnl0246134 sshd[246103]: Failed password for root from 61.177.173.18 port 49828 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 19:11:07,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346667.5457594, 'message': 'Dec  6 19:11:06 hqnl0246134 sshd[246103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:11:09,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346669.5468116, 'message': 'Dec  6 19:11:08 hqnl0246134 sshd[246103]: Failed password for root from 61.177.173.18 port 49828 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0534 seconds
WARNING [2022-12-06 19:11:09,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:11:09,781] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.1007 seconds
INFO    [2022-12-06 19:11:12,308] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:11:12,308] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:11:12,318] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:11:12,332] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 19:11:18,096] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:11:18,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:11:18,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:11:18,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 19:11:20,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:11:20,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:11:20,961] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:11:20,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 19:11:31,949] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:11:31,950] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:11:31,951] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 19:11:37,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346697.5819833, 'message': 'Dec  6 19:11:35 hqnl0246134 sshd[246167]: Invalid user admin from 157.245.157.93 port 50162', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 19:11:37,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346697.582453, 'message': 'Dec  6 19:11:35 hqnl0246134 sshd[246167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.157.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 19:11:37,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346697.5826209, 'message': 'Dec  6 19:11:35 hqnl0246134 sshd[246167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.157.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:11:37,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346697.5827608, 'message': 'Dec  6 19:11:37 hqnl0246134 sshd[246167]: Failed password for invalid user admin from 157.245.157.93 port 50162 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 19:11:39,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346699.5819433, 'message': 'Dec  6 19:11:37 hqnl0246134 sshd[246167]: Disconnected from invalid user admin 157.245.157.93 port 50162 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:11:47,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346707.5903935, 'message': 'Dec  6 19:11:46 hqnl0246134 sshd[246177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 19:11:47,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346707.5943577, 'message': 'Dec  6 19:11:46 hqnl0246134 sshd[246177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 19:11:48,221] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:11:48,222] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:11:49,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346709.592769, 'message': 'Dec  6 19:11:47 hqnl0246134 sshd[246177]: Failed password for root from 61.177.173.18 port 27188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:11:49,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346709.593073, 'message': 'Dec  6 19:11:48 hqnl0246134 sshd[246177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:11:51,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346711.5958564, 'message': 'Dec  6 19:11:50 hqnl0246134 sshd[246177]: Failed password for root from 61.177.173.18 port 27188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 19:11:51,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346711.5961957, 'message': 'Dec  6 19:11:51 hqnl0246134 sshd[246177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 19:11:53,816] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:11:55,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346715.5983746, 'message': 'Dec  6 19:11:53 hqnl0246134 sshd[246177]: Failed password for root from 61.177.173.18 port 27188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 19:12:09,692] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:12:09,714] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 19:12:19,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:12:19,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:12:19,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:12:19,622] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 19:12:22,403] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:12:22,404] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:12:22,410] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:12:22,422] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 19:12:35,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346755.6548724, 'message': 'Dec  6 19:12:34 hqnl0246134 sshd[246223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 19:12:35,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346755.6552866, 'message': 'Dec  6 19:12:34 hqnl0246134 sshd[246223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:12:37,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346757.6582189, 'message': 'Dec  6 19:12:36 hqnl0246134 sshd[246223]: Failed password for root from 61.177.173.18 port 62831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 19:12:37,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346757.6586087, 'message': 'Dec  6 19:12:36 hqnl0246134 sshd[246223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:12:39,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346759.6607058, 'message': 'Dec  6 19:12:38 hqnl0246134 sshd[246223]: Failed password for root from 61.177.173.18 port 62831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 19:12:39,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346759.6610484, 'message': 'Dec  6 19:12:39 hqnl0246134 sshd[246223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:12:41,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346761.66368, 'message': 'Dec  6 19:12:41 hqnl0246134 sshd[246223]: Failed password for root from 61.177.173.18 port 62831 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:12:46,190] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:12:46,191] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:12:46,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:12:46,222] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
WARNING [2022-12-06 19:12:48,225] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:12:48,226] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:13:02,782] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 19:13:02,790] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:13:02,805] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0223 seconds
INFO    [2022-12-06 19:13:03,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346783.689353, 'message': 'Dec  6 19:13:01 hqnl0246134 sshd[246250]: Invalid user stefano from 133.130.99.35 port 34062', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 19:13:03,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346783.689576, 'message': 'Dec  6 19:13:02 hqnl0246134 sshd[246250]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:13:03,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346783.689816, 'message': 'Dec  6 19:13:02 hqnl0246134 sshd[246250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:13:05,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346785.6945422, 'message': 'Dec  6 19:13:04 hqnl0246134 sshd[246250]: Failed password for invalid user stefano from 133.130.99.35 port 34062 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 19:13:07,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346787.698393, 'message': 'Dec  6 19:13:06 hqnl0246134 sshd[246250]: Disconnected from invalid user stefano 133.130.99.35 port 34062 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
WARNING [2022-12-06 19:13:09,693] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:13:09,713] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0268 seconds
INFO    [2022-12-06 19:13:17,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346797.7093558, 'message': 'Dec  6 19:13:16 hqnl0246134 sshd[246285]: Invalid user deborah from 79.225.71.198 port 51544', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 19:13:17,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346797.7098942, 'message': 'Dec  6 19:13:16 hqnl0246134 sshd[246285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.225.71.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 19:13:17,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346797.7109966, 'message': 'Dec  6 19:13:16 hqnl0246134 sshd[246285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.225.71.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 19:13:18,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:13:18,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:13:18,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:13:18,158] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-06 19:13:19,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346799.7111814, 'message': 'Dec  6 19:13:18 hqnl0246134 sshd[246285]: Failed password for invalid user deborah from 79.225.71.198 port 51544 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 19:13:19,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.225.71.198', 'timestamp': 1670346799.711394, 'message': 'Dec  6 19:13:18 hqnl0246134 sshd[246285]: Disconnected from invalid user deborah 79.225.71.198 port 51544 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:13:21,423] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:13:21,423] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:13:21,439] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:13:21,459] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0339 seconds
INFO    [2022-12-06 19:13:21,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346801.7176042, 'message': 'Dec  6 19:13:21 hqnl0246134 sshd[246295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 19:13:21,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346801.7178662, 'message': 'Dec  6 19:13:21 hqnl0246134 sshd[246295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 19:13:23,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346803.7203717, 'message': 'Dec  6 19:13:23 hqnl0246134 sshd[246295]: Failed password for root from 61.177.173.18 port 30203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:13:25,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346805.7232702, 'message': 'Dec  6 19:13:25 hqnl0246134 sshd[246295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 19:13:27,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346807.7289648, 'message': 'Dec  6 19:13:27 hqnl0246134 sshd[246295]: Failed password for root from 61.177.173.18 port 30203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 19:13:31,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346811.7354014, 'message': 'Dec  6 19:13:29 hqnl0246134 sshd[246295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 19:13:31,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346811.7357483, 'message': 'Dec  6 19:13:31 hqnl0246134 sshd[246295]: Failed password for root from 61.177.173.18 port 30203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:13:33,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346813.7380953, 'message': 'Dec  6 19:13:32 hqnl0246134 sshd[246300]: Invalid user alex from 133.130.99.35 port 39784', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 19:13:33,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346813.7384152, 'message': 'Dec  6 19:13:32 hqnl0246134 sshd[246300]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:13:33,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346813.7385726, 'message': 'Dec  6 19:13:32 hqnl0246134 sshd[246300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:13:35,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346815.7409472, 'message': 'Dec  6 19:13:34 hqnl0246134 sshd[246300]: Failed password for invalid user alex from 133.130.99.35 port 39784 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:13:37,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346817.7424579, 'message': 'Dec  6 19:13:36 hqnl0246134 sshd[246300]: Disconnected from invalid user alex 133.130.99.35 port 39784 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
WARNING [2022-12-06 19:13:48,229] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:13:48,231] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:14:05,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346845.7833734, 'message': 'Dec  6 19:14:04 hqnl0246134 sshd[246325]: Invalid user linux from 133.130.99.35 port 45504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 19:14:05,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346845.783897, 'message': 'Dec  6 19:14:04 hqnl0246134 sshd[246325]: pam_imunify(sshd:auth): [IM360_RBL] The IP 133.130.99.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 19:14:05,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346845.7841413, 'message': 'Dec  6 19:14:04 hqnl0246134 sshd[246325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.99.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:14:07,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346847.7854142, 'message': 'Dec  6 19:14:05 hqnl0246134 sshd[246325]: Failed password for invalid user linux from 133.130.99.35 port 45504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 19:14:07,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '133.130.99.35', 'timestamp': 1670346847.7856793, 'message': 'Dec  6 19:14:07 hqnl0246134 sshd[246325]: Disconnected from invalid user linux 133.130.99.35 port 45504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
WARNING [2022-12-06 19:14:09,697] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:14:09,721] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-06 19:14:09,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346849.7858438, 'message': 'Dec  6 19:14:09 hqnl0246134 sshd[246329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:14:09,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346849.78638, 'message': 'Dec  6 19:14:09 hqnl0246134 sshd[246329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 19:14:10,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:14:10,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:14:10,129] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:14:10,141] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 19:14:13,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346853.7943726, 'message': 'Dec  6 19:14:11 hqnl0246134 sshd[246329]: Failed password for root from 61.177.173.18 port 61262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 19:14:13,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346853.794785, 'message': 'Dec  6 19:14:13 hqnl0246134 sshd[246329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 19:14:15,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346855.797548, 'message': 'Dec  6 19:14:15 hqnl0246134 sshd[246329]: Failed password for root from 61.177.173.18 port 61262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 19:14:17,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346857.7979467, 'message': 'Dec  6 19:14:15 hqnl0246134 sshd[246329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 19:14:17,978] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:14:17,978] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:14:17,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:14:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 19:14:19,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346859.8043766, 'message': 'Dec  6 19:14:18 hqnl0246134 sshd[246329]: Failed password for root from 61.177.173.18 port 61262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:14:20,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:14:20,882] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:14:20,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:14:20,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-06 19:14:45,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346885.8494205, 'message': 'Dec  6 19:14:45 hqnl0246134 sshd[246360]: Invalid user taller from 157.245.157.93 port 38804', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:14:45,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346885.8499398, 'message': 'Dec  6 19:14:45 hqnl0246134 sshd[246360]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.157.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 19:14:45,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346885.8501282, 'message': 'Dec  6 19:14:45 hqnl0246134 sshd[246360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.157.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 19:14:48,233] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:14:48,234] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:14:49,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346889.8547187, 'message': 'Dec  6 19:14:48 hqnl0246134 sshd[246360]: Failed password for invalid user taller from 157.245.157.93 port 38804 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 19:14:51,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.245.157.93', 'timestamp': 1670346891.8570144, 'message': 'Dec  6 19:14:49 hqnl0246134 sshd[246360]: Disconnected from invalid user taller 157.245.157.93 port 38804 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 19:14:57,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346897.8650985, 'message': 'Dec  6 19:14:57 hqnl0246134 sshd[246373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:14:57,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346897.8654299, 'message': 'Dec  6 19:14:57 hqnl0246134 sshd[246373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:14:59,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346899.8697817, 'message': 'Dec  6 19:14:59 hqnl0246134 sshd[246373]: Failed password for root from 61.177.173.18 port 34054 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 19:15:01,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346901.8741586, 'message': 'Dec  6 19:15:01 hqnl0246134 sshd[246373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 19:15:03,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346903.8774445, 'message': 'Dec  6 19:15:03 hqnl0246134 sshd[246373]: Failed password for root from 61.177.173.18 port 34054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 19:15:05,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346905.8796966, 'message': 'Dec  6 19:15:05 hqnl0246134 sshd[246373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:15:07,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346907.884994, 'message': 'Dec  6 19:15:07 hqnl0246134 sshd[246373]: Failed password for root from 61.177.173.18 port 34054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 19:15:09,699] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:15:09,726] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0341 seconds
INFO    [2022-12-06 19:15:18,001] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:15:18,002] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:15:18,013] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:15:18,029] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 19:15:20,631] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:15:20,632] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:15:20,640] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:15:20,651] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 19:15:45,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346945.9594808, 'message': 'Dec  6 19:15:45 hqnl0246134 sshd[246452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 19:15:46,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346945.960055, 'message': 'Dec  6 19:15:45 hqnl0246134 sshd[246452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 19:15:47,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346947.9611297, 'message': 'Dec  6 19:15:47 hqnl0246134 sshd[246452]: Failed password for root from 61.177.173.18 port 63191 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
WARNING [2022-12-06 19:15:48,239] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:15:48,240] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:15:49,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346949.964458, 'message': 'Dec  6 19:15:49 hqnl0246134 sshd[246452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:15:51,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346951.967368, 'message': 'Dec  6 19:15:51 hqnl0246134 sshd[246452]: Failed password for root from 61.177.173.18 port 63191 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 19:15:52,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346951.9675825, 'message': 'Dec  6 19:15:51 hqnl0246134 sshd[246452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:15:55,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346955.9725175, 'message': 'Dec  6 19:15:54 hqnl0246134 sshd[246452]: Failed password for root from 61.177.173.18 port 63191 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:16:00,194] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:16:00,195] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:16:00,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:16:00,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
WARNING [2022-12-06 19:16:09,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:16:09,721] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0263 seconds
INFO    [2022-12-06 19:16:18,320] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:16:18,321] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:16:18,329] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:16:18,340] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 19:16:21,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:16:21,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:16:21,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:16:21,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 19:16:32,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346992.0350778, 'message': 'Dec  6 19:16:31 hqnl0246134 sshd[246500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 19:16:32,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346992.0358486, 'message': 'Dec  6 19:16:31 hqnl0246134 sshd[246500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:16:34,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346994.0418987, 'message': 'Dec  6 19:16:33 hqnl0246134 sshd[246500]: Failed password for root from 61.177.173.18 port 34091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 19:16:36,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346996.0447748, 'message': 'Dec  6 19:16:34 hqnl0246134 sshd[246500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:16:38,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670346998.0538807, 'message': 'Dec  6 19:16:36 hqnl0246134 sshd[246500]: Failed password for root from 61.177.173.18 port 34091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 19:16:40,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347000.0535767, 'message': 'Dec  6 19:16:38 hqnl0246134 sshd[246500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 19:16:40,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347000.0542703, 'message': 'Dec  6 19:16:40 hqnl0246134 sshd[246500]: Failed password for root from 61.177.173.18 port 34091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
WARNING [2022-12-06 19:16:48,244] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:16:48,246] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:17:09,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:17:09,732] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-06 19:17:15,656] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:17:15,757] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:17:15,758] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:17:15,759] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:17:15,759] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:17:15,759] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:17:15,774] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:17:15,796] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0359 seconds
WARNING [2022-12-06 19:17:15,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:17:15,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:17:15,844] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0550 seconds
INFO    [2022-12-06 19:17:15,846] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0533 seconds
INFO    [2022-12-06 19:17:18,019] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:17:18,020] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:17:18,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:17:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 19:17:20,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347040.103154, 'message': 'Dec  6 19:17:19 hqnl0246134 sshd[246553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:17:20,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347040.103413, 'message': 'Dec  6 19:17:20 hqnl0246134 sshd[246553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:17:20,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:17:20,985] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:17:20,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:17:21,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 19:17:24,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347044.1060894, 'message': 'Dec  6 19:17:22 hqnl0246134 sshd[246553]: Failed password for root from 61.177.173.18 port 19357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 19:17:26,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347046.1091223, 'message': 'Dec  6 19:17:24 hqnl0246134 sshd[246553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 19:17:26,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347046.1094642, 'message': 'Dec  6 19:17:25 hqnl0246134 sshd[246553]: Failed password for root from 61.177.173.18 port 19357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:17:28,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347048.1099734, 'message': 'Dec  6 19:17:26 hqnl0246134 sshd[246553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 19:17:30,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347050.1126366, 'message': 'Dec  6 19:17:28 hqnl0246134 sshd[246553]: Failed password for root from 61.177.173.18 port 19357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 19:17:33,447] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:17:33,448] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:17:33,455] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:17:33,469] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
WARNING [2022-12-06 19:17:48,247] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:17:48,248] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:17:48,571] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:17:48,572] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:17:48,573] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 19:18:08,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347088.1543505, 'message': 'Dec  6 19:18:06 hqnl0246134 sshd[246591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 19:18:08,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347088.154746, 'message': 'Dec  6 19:18:06 hqnl0246134 sshd[246591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0272 seconds
WARNING [2022-12-06 19:18:09,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:18:09,727] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0258 seconds
INFO    [2022-12-06 19:18:10,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347090.1570807, 'message': 'Dec  6 19:18:08 hqnl0246134 sshd[246591]: Failed password for root from 61.177.173.18 port 51042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:18:10,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347090.1572611, 'message': 'Dec  6 19:18:08 hqnl0246134 sshd[246591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:18:12,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347092.1578536, 'message': 'Dec  6 19:18:11 hqnl0246134 sshd[246591]: Failed password for root from 61.177.173.18 port 51042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:18:14,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347094.160367, 'message': 'Dec  6 19:18:13 hqnl0246134 sshd[246591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:18:16,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347096.1635623, 'message': 'Dec  6 19:18:14 hqnl0246134 sshd[246591]: Failed password for root from 61.177.173.18 port 51042 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 19:18:18,219] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:18:18,219] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:18:18,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:18:18,252] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 19:18:20,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:18:20,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:18:20,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:18:20,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 19:18:48,252] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:18:48,254] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:18:54,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347134.217816, 'message': 'Dec  6 19:18:53 hqnl0246134 sshd[246649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 19:18:54,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347134.2190151, 'message': 'Dec  6 19:18:53 hqnl0246134 sshd[246649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:18:56,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347136.2178912, 'message': 'Dec  6 19:18:54 hqnl0246134 sshd[246649]: Failed password for root from 61.177.173.18 port 25410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:18:56,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347136.2180965, 'message': 'Dec  6 19:18:55 hqnl0246134 sshd[246649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:18:58,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347138.2201056, 'message': 'Dec  6 19:18:57 hqnl0246134 sshd[246649]: Failed password for root from 61.177.173.18 port 25410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 19:19:00,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347140.2218444, 'message': 'Dec  6 19:18:59 hqnl0246134 sshd[246649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 19:19:02,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347142.2248688, 'message': 'Dec  6 19:19:01 hqnl0246134 sshd[246649]: Failed password for root from 61.177.173.18 port 25410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:19:04,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:19:04,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:19:04,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:19:04,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 19:19:09,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:19:09,736] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0292 seconds
INFO    [2022-12-06 19:19:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:19:18,040] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:19:18,050] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:19:18,064] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-06 19:19:20,700] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:19:20,701] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:19:20,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:19:20,719] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 19:19:40,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347180.2679496, 'message': 'Dec  6 19:19:39 hqnl0246134 sshd[246690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 19:19:40,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347180.268542, 'message': 'Dec  6 19:19:39 hqnl0246134 sshd[246690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:19:42,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347182.2694857, 'message': 'Dec  6 19:19:41 hqnl0246134 sshd[246690]: Failed password for root from 61.177.173.18 port 58337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:19:44,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347184.2697155, 'message': 'Dec  6 19:19:44 hqnl0246134 sshd[246690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 19:19:48,259] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:19:48,261] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:19:48,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347188.2747967, 'message': 'Dec  6 19:19:46 hqnl0246134 sshd[246690]: Failed password for root from 61.177.173.18 port 58337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 19:19:50,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347190.276959, 'message': 'Dec  6 19:19:48 hqnl0246134 sshd[246690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 19:19:52,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347192.2834563, 'message': 'Dec  6 19:19:50 hqnl0246134 sshd[246690]: Failed password for root from 61.177.173.18 port 58337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 19:20:09,717] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:20:09,736] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0262 seconds
INFO    [2022-12-06 19:20:18,280] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:20:18,281] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:20:18,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:20:18,301] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 19:20:21,154] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:20:21,155] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:20:21,169] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:20:21,187] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
INFO    [2022-12-06 19:20:28,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347228.3403761, 'message': 'Dec  6 19:20:26 hqnl0246134 sshd[246754]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 19:20:28,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347228.340624, 'message': 'Dec  6 19:20:26 hqnl0246134 sshd[246754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:20:30,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347230.3490038, 'message': 'Dec  6 19:20:29 hqnl0246134 sshd[246754]: Failed password for root from 61.177.173.18 port 34683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:20:32,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347232.3553896, 'message': 'Dec  6 19:20:31 hqnl0246134 sshd[246754]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 19:20:34,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347234.3593724, 'message': 'Dec  6 19:20:33 hqnl0246134 sshd[246754]: Failed password for root from 61.177.173.18 port 34683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:20:36,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347236.3623104, 'message': 'Dec  6 19:20:35 hqnl0246134 sshd[246754]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:20:38,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347238.3642256, 'message': 'Dec  6 19:20:37 hqnl0246134 sshd[246754]: Failed password for root from 61.177.173.18 port 34683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:20:40,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:20:40,849] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:20:40,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:20:40,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-06 19:20:48,266] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:20:48,268] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:21:09,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:21:09,761] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0431 seconds
INFO    [2022-12-06 19:21:16,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347276.4179957, 'message': 'Dec  6 19:21:15 hqnl0246134 sshd[246781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 19:21:16,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347276.4184716, 'message': 'Dec  6 19:21:15 hqnl0246134 sshd[246781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:21:17,822] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:21:17,823] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 19:21:17,824] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
WARNING [2022-12-06 19:21:17,834] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:21:17,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-06 19:21:17,890] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:21:17,890] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:21:17,891] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:21:17,891] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:21:17,891] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:21:17,900] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:21:17,916] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0244 seconds
WARNING [2022-12-06 19:21:17,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:21:17,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:21:17,942] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0314 seconds
INFO    [2022-12-06 19:21:17,943] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0293 seconds
INFO    [2022-12-06 19:21:18,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347278.417916, 'message': 'Dec  6 19:21:17 hqnl0246134 sshd[246781]: Failed password for root from 61.177.173.18 port 12901 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 19:21:20,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347280.4199128, 'message': 'Dec  6 19:21:19 hqnl0246134 sshd[246781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 19:21:20,767] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:21:20,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:21:20,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:21:20,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0330 seconds
INFO    [2022-12-06 19:21:22,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347282.4227033, 'message': 'Dec  6 19:21:21 hqnl0246134 sshd[246781]: Failed password for root from 61.177.173.18 port 12901 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 19:21:22,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347282.4230032, 'message': 'Dec  6 19:21:21 hqnl0246134 sshd[246781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 19:21:24,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347284.4254754, 'message': 'Dec  6 19:21:24 hqnl0246134 sshd[246781]: Failed password for root from 61.177.173.18 port 12901 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:21:48,019] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:21:48,020] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:21:48,021] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 19:21:48,270] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:21:48,271] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:21:53,819] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:22:04,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347324.4771807, 'message': 'Dec  6 19:22:03 hqnl0246134 sshd[246834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 19:22:04,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347324.477648, 'message': 'Dec  6 19:22:03 hqnl0246134 sshd[246834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 19:22:06,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347326.4778895, 'message': 'Dec  6 19:22:05 hqnl0246134 sshd[246834]: Failed password for root from 61.177.173.18 port 46948 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:22:08,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347328.4802585, 'message': 'Dec  6 19:22:07 hqnl0246134 sshd[246834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 19:22:09,736] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:22:09,759] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0377 seconds
INFO    [2022-12-06 19:22:10,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347330.4835079, 'message': 'Dec  6 19:22:09 hqnl0246134 sshd[246834]: Failed password for root from 61.177.173.18 port 46948 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 19:22:12,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347332.4857452, 'message': 'Dec  6 19:22:12 hqnl0246134 sshd[246834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:22:14,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347334.4862382, 'message': 'Dec  6 19:22:14 hqnl0246134 sshd[246834]: Failed password for root from 61.177.173.18 port 46948 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 19:22:19,703] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:22:19,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:22:19,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:22:19,768] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0507 seconds
INFO    [2022-12-06 19:22:21,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:22:21,068] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:22:21,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:22:21,090] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-06 19:22:24,155] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:22:24,155] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:22:24,167] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:22:24,190] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0343 seconds
WARNING [2022-12-06 19:22:48,275] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:22:48,276] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:22:52,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347372.5368686, 'message': 'Dec  6 19:22:50 hqnl0246134 sshd[246900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 19:22:52,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347372.5372186, 'message': 'Dec  6 19:22:50 hqnl0246134 sshd[246900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:22:54,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347374.537641, 'message': 'Dec  6 19:22:53 hqnl0246134 sshd[246900]: Failed password for root from 61.177.173.18 port 22534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 19:22:56,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347376.5428634, 'message': 'Dec  6 19:22:55 hqnl0246134 sshd[246900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 19:22:56,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347376.5431495, 'message': 'Dec  6 19:22:56 hqnl0246134 sshd[246900]: Failed password for root from 61.177.173.18 port 22534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:22:58,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347378.5447977, 'message': 'Dec  6 19:22:57 hqnl0246134 sshd[246900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:23:00,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347380.548498, 'message': 'Dec  6 19:22:59 hqnl0246134 sshd[246900]: Failed password for root from 61.177.173.18 port 22534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-06 19:23:09,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:23:09,768] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0429 seconds
INFO    [2022-12-06 19:23:18,098] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:23:18,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:23:18,114] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:23:18,136] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0356 seconds
INFO    [2022-12-06 19:23:20,842] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:23:20,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:23:20,849] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:23:20,860] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 19:23:38,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347418.5906675, 'message': 'Dec  6 19:23:37 hqnl0246134 sshd[246944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 19:23:38,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347418.5910811, 'message': 'Dec  6 19:23:37 hqnl0246134 sshd[246944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:23:40,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347420.593271, 'message': 'Dec  6 19:23:39 hqnl0246134 sshd[246944]: Failed password for root from 61.177.173.18 port 44161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 19:23:40,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347420.59354, 'message': 'Dec  6 19:23:39 hqnl0246134 sshd[246944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:23:42,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347422.593796, 'message': 'Dec  6 19:23:41 hqnl0246134 sshd[246944]: Failed password for root from 61.177.173.18 port 44161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 19:23:44,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347424.5948222, 'message': 'Dec  6 19:23:43 hqnl0246134 sshd[246944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:23:46,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347426.596044, 'message': 'Dec  6 19:23:45 hqnl0246134 sshd[246944]: Failed password for root from 61.177.173.18 port 44161 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 19:23:48,278] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:23:48,279] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:23:48,722] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:23:48,722] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:23:48,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:23:48,743] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-06 19:24:09,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:24:09,763] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-06 19:24:18,055] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:24:18,056] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:24:18,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:24:18,081] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 19:24:20,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:24:20,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:24:20,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:24:20,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 19:24:24,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347464.6335447, 'message': 'Dec  6 19:24:24 hqnl0246134 sshd[246997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:24:24,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347464.634481, 'message': 'Dec  6 19:24:24 hqnl0246134 sshd[246997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 19:24:26,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347466.635838, 'message': 'Dec  6 19:24:25 hqnl0246134 sshd[246997]: Failed password for root from 61.177.173.18 port 21581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:24:26,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347466.6360822, 'message': 'Dec  6 19:24:26 hqnl0246134 sshd[246997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:24:28,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347468.6378658, 'message': 'Dec  6 19:24:28 hqnl0246134 sshd[246997]: Failed password for root from 61.177.173.18 port 21581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 19:24:28,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347468.6381464, 'message': 'Dec  6 19:24:28 hqnl0246134 sshd[246997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 19:24:30,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347470.6397169, 'message': 'Dec  6 19:24:30 hqnl0246134 sshd[246997]: Failed password for root from 61.177.173.18 port 21581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
WARNING [2022-12-06 19:24:48,283] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:24:48,285] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:25:09,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:25:09,766] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-06 19:25:12,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347512.6793523, 'message': 'Dec  6 19:25:10 hqnl0246134 sshd[247043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 19:25:12,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347512.6797676, 'message': 'Dec  6 19:25:10 hqnl0246134 sshd[247043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:25:14,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347514.678085, 'message': 'Dec  6 19:25:12 hqnl0246134 sshd[247043]: Failed password for root from 61.177.173.18 port 52830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 19:25:14,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347514.678277, 'message': 'Dec  6 19:25:13 hqnl0246134 sshd[247043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 19:25:16,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347516.6808136, 'message': 'Dec  6 19:25:14 hqnl0246134 sshd[247043]: Failed password for root from 61.177.173.18 port 52830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 19:25:16,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347516.6810913, 'message': 'Dec  6 19:25:15 hqnl0246134 sshd[247043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 19:25:18,524] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:25:18,524] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:25:18,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:25:18,548] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 19:25:18,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347518.6824784, 'message': 'Dec  6 19:25:17 hqnl0246134 sshd[247043]: Failed password for root from 61.177.173.18 port 52830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 19:25:21,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:25:21,494] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:25:21,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:25:21,515] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 19:25:22,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:25:22,384] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:25:22,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:25:22,402] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 19:25:48,287] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:25:48,288] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:25:58,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347558.7357748, 'message': 'Dec  6 19:25:58 hqnl0246134 sshd[247095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 19:25:58,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347558.7368042, 'message': 'Dec  6 19:25:58 hqnl0246134 sshd[247095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 19:26:00,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347560.7348375, 'message': 'Dec  6 19:26:00 hqnl0246134 sshd[247095]: Failed password for root from 61.177.173.18 port 26340 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 19:26:04,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347564.7412822, 'message': 'Dec  6 19:26:02 hqnl0246134 sshd[247095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 19:26:04,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347564.7416131, 'message': 'Dec  6 19:26:03 hqnl0246134 sshd[247129]: Invalid user t from 190.120.254.76 port 42443', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 19:26:04,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347564.7418227, 'message': 'Dec  6 19:26:03 hqnl0246134 sshd[247129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.120.254.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:26:04,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347564.742003, 'message': 'Dec  6 19:26:03 hqnl0246134 sshd[247129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.120.254.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 19:26:06,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347566.743049, 'message': 'Dec  6 19:26:04 hqnl0246134 sshd[247095]: Failed password for root from 61.177.173.18 port 26340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1615 seconds
INFO    [2022-12-06 19:26:06,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347566.7437067, 'message': 'Dec  6 19:26:05 hqnl0246134 sshd[247129]: Failed password for invalid user t from 190.120.254.76 port 42443 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1717 seconds
INFO    [2022-12-06 19:26:06,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347566.7434509, 'message': 'Dec  6 19:26:05 hqnl0246134 sshd[247095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0733 seconds
INFO    [2022-12-06 19:26:08,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347568.7456214, 'message': 'Dec  6 19:26:06 hqnl0246134 sshd[247095]: Failed password for root from 61.177.173.18 port 26340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 19:26:08,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347568.7459335, 'message': 'Dec  6 19:26:07 hqnl0246134 sshd[247129]: Disconnected from invalid user t 190.120.254.76 port 42443 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
WARNING [2022-12-06 19:26:09,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:26:09,764] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-06 19:26:18,234] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:26:18,235] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:26:18,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:26:18,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 19:26:21,063] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:26:21,064] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:26:21,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:26:21,107] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-06 19:26:46,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347606.8001664, 'message': 'Dec  6 19:26:46 hqnl0246134 sshd[247168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 19:26:46,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347606.8005714, 'message': 'Dec  6 19:26:46 hqnl0246134 sshd[247168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 19:26:48,304] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:26:48,305] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:26:48,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347608.80276, 'message': 'Dec  6 19:26:48 hqnl0246134 sshd[247168]: Failed password for root from 61.177.173.18 port 59705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:26:50,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347610.8060575, 'message': 'Dec  6 19:26:50 hqnl0246134 sshd[247168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:26:54,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347614.812016, 'message': 'Dec  6 19:26:52 hqnl0246134 sshd[247168]: Failed password for root from 61.177.173.18 port 59705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 19:26:56,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347616.8137944, 'message': 'Dec  6 19:26:54 hqnl0246134 sshd[247168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 19:26:56,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347616.8141954, 'message': 'Dec  6 19:26:56 hqnl0246134 sshd[247168]: Failed password for root from 61.177.173.18 port 59705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:27:00,188] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:27:00,188] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:27:00,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:27:00,214] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
WARNING [2022-12-06 19:27:09,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:27:09,776] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 19:27:17,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:27:17,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:27:17,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:27:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 19:27:21,134] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:27:21,135] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:27:21,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:27:21,166] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-06 19:27:36,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347656.8723516, 'message': 'Dec  6 19:27:34 hqnl0246134 sshd[247237]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 19:27:36,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347656.8727071, 'message': 'Dec  6 19:27:34 hqnl0246134 sshd[247237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 19:27:38,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347658.8732722, 'message': 'Dec  6 19:27:37 hqnl0246134 sshd[247237]: Failed password for root from 61.177.173.18 port 37263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:27:40,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347660.8769228, 'message': 'Dec  6 19:27:39 hqnl0246134 sshd[247237]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 19:27:42,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347662.8800313, 'message': 'Dec  6 19:27:41 hqnl0246134 sshd[247237]: Failed password for root from 61.177.173.18 port 37263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:27:44,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347664.8810673, 'message': 'Dec  6 19:27:43 hqnl0246134 sshd[247237]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 19:27:46,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347666.883226, 'message': 'Dec  6 19:27:45 hqnl0246134 sshd[247237]: Failed password for root from 61.177.173.18 port 37263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 19:27:48,307] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:27:48,308] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:27:50,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670347670.8888874, 'message': 'Dec  6 19:27:49 hqnl0246134 sshd[247240]: Invalid user manager from 210.19.254.6 port 34275', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:27:50,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670347670.8892741, 'message': 'Dec  6 19:27:49 hqnl0246134 sshd[247240]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:27:50,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670347670.8894117, 'message': 'Dec  6 19:27:49 hqnl0246134 sshd[247240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 19:27:52,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670347672.89392, 'message': 'Dec  6 19:27:51 hqnl0246134 sshd[247240]: Failed password for invalid user manager from 210.19.254.6 port 34275 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 19:27:54,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670347674.89528, 'message': 'Dec  6 19:27:53 hqnl0246134 sshd[247240]: Disconnected from invalid user manager 210.19.254.6 port 34275 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 19:28:09,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:28:09,777] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-06 19:28:18,340] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:28:18,342] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:28:18,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:28:18,410] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0637 seconds
INFO    [2022-12-06 19:28:21,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:28:21,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:28:21,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:28:21,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0388 seconds
INFO    [2022-12-06 19:28:22,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347702.9285712, 'message': 'Dec  6 19:28:22 hqnl0246134 sshd[247287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 19:28:22,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347702.9331524, 'message': 'Dec  6 19:28:22 hqnl0246134 sshd[247287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:28:23,307] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:28:23,380] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:28:23,381] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:28:23,381] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:28:23,381] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:28:23,382] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:28:23,399] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:28:23,424] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0420 seconds
WARNING [2022-12-06 19:28:23,436] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:28:23,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:28:23,462] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0477 seconds
INFO    [2022-12-06 19:28:23,464] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0443 seconds
INFO    [2022-12-06 19:28:26,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347706.9348552, 'message': 'Dec  6 19:28:25 hqnl0246134 sshd[247287]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:28:28,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347708.9403687, 'message': 'Dec  6 19:28:27 hqnl0246134 sshd[247287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 19:28:30,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347710.9456117, 'message': 'Dec  6 19:28:29 hqnl0246134 sshd[247287]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:28:32,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347712.9500852, 'message': 'Dec  6 19:28:31 hqnl0246134 sshd[247287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 19:28:34,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347714.954124, 'message': 'Dec  6 19:28:33 hqnl0246134 sshd[247287]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:28:36,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347716.9608972, 'message': 'Dec  6 19:28:35 hqnl0246134 sshd[247289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.120.254.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:28:37,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347716.961179, 'message': 'Dec  6 19:28:35 hqnl0246134 sshd[247289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.120.254.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:28:38,418] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:28:38,419] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:28:38,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:28:38,437] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 19:28:38,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347718.9666457, 'message': 'Dec  6 19:28:37 hqnl0246134 sshd[247289]: Failed password for root from 190.120.254.76 port 53747 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:28:40,924] defence360agent.files: Updating all files
INFO    [2022-12-06 19:28:41,262] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:41,262] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 19:28:41,550] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:41,550] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 19:28:41,874] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:41,874] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 19:28:42,212] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:42,213] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 19:28:42,213] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 19:28:42,519] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 17:28:42 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E44675A4949E7'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 19:28:42,521] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 19:28:42,521] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 19:28:43,119] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:43,120] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 19:28:43,389] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:43,390] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 19:28:43,713] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:43,713] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 19:28:44,061] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:44,061] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 19:28:44,450] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 19:28:44,451] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 19:28:46,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670347726.9796603, 'message': 'Dec  6 19:28:45 hqnl0246134 sshd[247297]: Invalid user python from 130.61.12.206 port 47374', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:28:47,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.12.206', 'timestamp': 1670347726.9798717, 'message': 'Dec  6 19:28:45 hqnl0246134 sshd[247297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.12.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:28:47,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.12.206', 'timestamp': 1670347726.979986, 'message': 'Dec  6 19:28:45 hqnl0246134 sshd[247297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.12.206 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 19:28:48,311] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:28:48,312] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:28:49,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670347729.0025823, 'message': 'Dec  6 19:28:47 hqnl0246134 sshd[247297]: Failed password for invalid user python from 130.61.12.206 port 47374 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 19:28:51,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670347730.9838648, 'message': 'Dec  6 19:28:49 hqnl0246134 sshd[247297]: Disconnected from invalid user python 130.61.12.206 port 47374 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:29:04,930] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:29:04,932] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:29:04,933] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-06 19:29:09,767] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:29:09,848] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0986 seconds
INFO    [2022-12-06 19:29:11,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347751.0090604, 'message': 'Dec  6 19:29:09 hqnl0246134 sshd[247324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:29:11,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347751.009314, 'message': 'Dec  6 19:29:09 hqnl0246134 sshd[247324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:29:13,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347753.010938, 'message': 'Dec  6 19:29:11 hqnl0246134 sshd[247324]: Failed password for root from 61.177.173.18 port 35798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 19:29:13,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347753.0111835, 'message': 'Dec  6 19:29:11 hqnl0246134 sshd[247324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 19:29:15,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670347755.0151165, 'message': 'Dec  6 19:29:13 hqnl0246134 sshd[247327]: Invalid user john from 181.46.164.14 port 56296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-06 19:29:15,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347755.0153923, 'message': 'Dec  6 19:29:13 hqnl0246134 sshd[247324]: Failed password for root from 61.177.173.18 port 35798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 19:29:15,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.46.164.14', 'timestamp': 1670347755.0175319, 'message': 'Dec  6 19:29:14 hqnl0246134 sshd[247327]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.46.164.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 19:29:15,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347755.0178854, 'message': 'Dec  6 19:29:14 hqnl0246134 sshd[247324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 19:29:15,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.46.164.14', 'timestamp': 1670347755.0177073, 'message': 'Dec  6 19:29:14 hqnl0246134 sshd[247327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.46.164.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 19:29:17,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670347757.0248995, 'message': 'Dec  6 19:29:15 hqnl0246134 sshd[247327]: Failed password for invalid user john from 181.46.164.14 port 56296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 19:29:17,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347757.0252068, 'message': 'Dec  6 19:29:16 hqnl0246134 sshd[247324]: Failed password for root from 61.177.173.18 port 35798 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 19:29:18,054] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:29:18,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:29:18,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:29:18,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 19:29:19,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.236.188.179', 'timestamp': 1670347759.042352, 'message': 'Dec  6 19:29:17 hqnl0246134 sshd[247331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.236.188.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1205 seconds
INFO    [2022-12-06 19:29:19,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670347759.0428524, 'message': 'Dec  6 19:29:17 hqnl0246134 sshd[247327]: Disconnected from invalid user john 181.46.164.14 port 56296 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1204 seconds
INFO    [2022-12-06 19:29:19,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.236.188.179', 'timestamp': 1670347759.0427058, 'message': 'Dec  6 19:29:17 hqnl0246134 sshd[247331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.236.188.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:29:20,887] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:29:20,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:29:20,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:29:20,907] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 19:29:21,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.236.188.179', 'timestamp': 1670347761.0275779, 'message': 'Dec  6 19:29:20 hqnl0246134 sshd[247331]: Failed password for root from 2.236.188.179 port 49878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 19:29:48,315] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:29:48,316] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:29:57,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347797.1150641, 'message': 'Dec  6 19:29:56 hqnl0246134 sshd[247387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:29:57,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347797.1160743, 'message': 'Dec  6 19:29:56 hqnl0246134 sshd[247387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:29:59,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347799.1163437, 'message': 'Dec  6 19:29:58 hqnl0246134 sshd[247387]: Failed password for root from 61.177.173.18 port 16778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 19:30:01,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347801.1172037, 'message': 'Dec  6 19:29:59 hqnl0246134 sshd[247387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 19:30:03,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347803.1203182, 'message': 'Dec  6 19:30:02 hqnl0246134 sshd[247387]: Failed password for root from 61.177.173.18 port 16778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 19:30:05,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347805.1207762, 'message': 'Dec  6 19:30:03 hqnl0246134 sshd[247387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:30:07,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347807.1716263, 'message': 'Dec  6 19:30:05 hqnl0246134 sshd[247387]: Failed password for root from 61.177.173.18 port 16778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 19:30:09,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:30:09,788] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 19:30:10,660] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:30:10,661] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:30:10,668] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:30:10,680] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 19:30:11,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670347811.1368873, 'message': 'Dec  6 19:30:10 hqnl0246134 sshd[247417]: Invalid user sammy from 50.192.223.205 port 35646', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:30:11,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.192.223.205', 'timestamp': 1670347811.1370878, 'message': 'Dec  6 19:30:10 hqnl0246134 sshd[247417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.192.223.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:30:13,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670347813.1370366, 'message': 'Dec  6 19:30:12 hqnl0246134 sshd[247417]: Failed password for invalid user sammy from 50.192.223.205 port 35646 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 19:30:15,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347815.1400487, 'message': 'Dec  6 19:30:13 hqnl0246134 sshd[247423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.120.254.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 19:30:15,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670347815.140383, 'message': 'Dec  6 19:30:13 hqnl0246134 sshd[247417]: Disconnected from invalid user sammy 50.192.223.205 port 35646 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:30:15,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347815.1402574, 'message': 'Dec  6 19:30:13 hqnl0246134 sshd[247423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.120.254.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:30:15,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347815.1404972, 'message': 'Dec  6 19:30:14 hqnl0246134 sshd[247423]: Failed password for root from 190.120.254.76 port 33805 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:30:17,702] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:30:17,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:30:17,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:30:17,720] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 19:30:20,664] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:30:20,664] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:30:20,673] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:30:20,686] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 19:30:45,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347845.2279568, 'message': 'Dec  6 19:30:43 hqnl0246134 sshd[247455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 19:30:45,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347845.2284884, 'message': 'Dec  6 19:30:43 hqnl0246134 sshd[247455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 19:30:47,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347847.2298317, 'message': 'Dec  6 19:30:45 hqnl0246134 sshd[247455]: Failed password for root from 61.177.173.18 port 47889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:30:47,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347847.2301817, 'message': 'Dec  6 19:30:46 hqnl0246134 sshd[247455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 19:30:48,318] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:30:48,319] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:30:49,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347849.2316263, 'message': 'Dec  6 19:30:48 hqnl0246134 sshd[247455]: Failed password for root from 61.177.173.18 port 47889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 19:30:51,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347851.2343698, 'message': 'Dec  6 19:30:50 hqnl0246134 sshd[247455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 19:30:53,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347853.2373405, 'message': 'Dec  6 19:30:52 hqnl0246134 sshd[247455]: Failed password for root from 61.177.173.18 port 47889 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 19:31:09,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:31:09,795] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-06 19:31:18,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:31:18,344] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:31:18,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:31:18,368] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 19:31:20,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:31:20,976] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:31:20,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:31:21,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-06 19:31:31,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347891.2934039, 'message': 'Dec  6 19:31:30 hqnl0246134 sshd[247508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 19:31:31,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347891.2936985, 'message': 'Dec  6 19:31:30 hqnl0246134 sshd[247508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:31:33,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347893.2953877, 'message': 'Dec  6 19:31:31 hqnl0246134 sshd[247508]: Failed password for root from 61.177.173.18 port 23229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:31:33,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347893.2956097, 'message': 'Dec  6 19:31:32 hqnl0246134 sshd[247508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 19:31:35,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347895.2984762, 'message': 'Dec  6 19:31:34 hqnl0246134 sshd[247508]: Failed password for root from 61.177.173.18 port 23229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 19:31:35,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347895.2987483, 'message': 'Dec  6 19:31:34 hqnl0246134 sshd[247508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1440 seconds
INFO    [2022-12-06 19:31:37,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347897.3004148, 'message': 'Dec  6 19:31:36 hqnl0246134 sshd[247508]: Failed password for root from 61.177.173.18 port 23229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:31:39,364] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:31:39,364] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:31:39,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:31:39,383] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 19:31:48,322] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:31:48,322] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:31:53,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347913.3214355, 'message': 'Dec  6 19:31:52 hqnl0246134 sshd[247528]: Invalid user altair from 190.120.254.76 port 42096', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 19:31:53,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347913.3221827, 'message': 'Dec  6 19:31:52 hqnl0246134 sshd[247528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.120.254.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 19:31:53,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347913.3224857, 'message': 'Dec  6 19:31:52 hqnl0246134 sshd[247528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.120.254.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
WARNING [2022-12-06 19:31:53,822] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:31:55,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347915.3238645, 'message': 'Dec  6 19:31:55 hqnl0246134 sshd[247528]: Failed password for invalid user altair from 190.120.254.76 port 42096 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 19:31:57,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670347917.3260462, 'message': 'Dec  6 19:31:56 hqnl0246134 sshd[247528]: Disconnected from invalid user altair 190.120.254.76 port 42096 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-06 19:32:09,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:32:09,797] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0345 seconds
INFO    [2022-12-06 19:32:17,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347937.3691852, 'message': 'Dec  6 19:32:17 hqnl0246134 sshd[247553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 19:32:17,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347937.3695874, 'message': 'Dec  6 19:32:17 hqnl0246134 sshd[247553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:32:18,025] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:32:18,026] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:32:18,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:32:18,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 19:32:19,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347939.371124, 'message': 'Dec  6 19:32:19 hqnl0246134 sshd[247553]: Failed password for root from 61.177.173.18 port 53686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 19:32:20,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:32:20,709] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:32:20,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:32:20,731] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 19:32:23,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347943.3764248, 'message': 'Dec  6 19:32:21 hqnl0246134 sshd[247553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 19:32:23,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347943.3766725, 'message': 'Dec  6 19:32:23 hqnl0246134 sshd[247553]: Failed password for root from 61.177.173.18 port 53686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:32:25,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347945.3830984, 'message': 'Dec  6 19:32:23 hqnl0246134 sshd[247553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 19:32:27,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347947.389155, 'message': 'Dec  6 19:32:25 hqnl0246134 sshd[247553]: Failed password for root from 61.177.173.18 port 53686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:32:47,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '94.153.212.68', 'timestamp': 1670347967.448275, 'message': 'Dec  6 19:32:45 hqnl0246134 sshd[247577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 94.153.212.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:32:47,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '94.153.212.68', 'timestamp': 1670347967.4485588, 'message': 'Dec  6 19:32:45 hqnl0246134 sshd[247577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.153.212.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 19:32:48,325] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:32:48,326] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:32:49,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '94.153.212.68', 'timestamp': 1670347969.454066, 'message': 'Dec  6 19:32:47 hqnl0246134 sshd[247577]: Failed password for root from 94.153.212.68 port 59656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 19:32:52,274] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:32:52,275] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:32:52,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:32:52,299] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 19:33:05,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347985.527954, 'message': 'Dec  6 19:33:05 hqnl0246134 sshd[247600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 19:33:05,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347985.5286486, 'message': 'Dec  6 19:33:05 hqnl0246134 sshd[247600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:33:09,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347989.5411289, 'message': 'Dec  6 19:33:07 hqnl0246134 sshd[247600]: Failed password for root from 61.177.173.18 port 33098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 19:33:09,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347989.5413098, 'message': 'Dec  6 19:33:09 hqnl0246134 sshd[247600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 19:33:09,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:33:09,817] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0518 seconds
INFO    [2022-12-06 19:33:13,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347993.560277, 'message': 'Dec  6 19:33:11 hqnl0246134 sshd[247600]: Failed password for root from 61.177.173.18 port 33098 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 19:33:15,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347995.5615454, 'message': 'Dec  6 19:33:13 hqnl0246134 sshd[247600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:33:17,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670347997.5642667, 'message': 'Dec  6 19:33:15 hqnl0246134 sshd[247600]: Failed password for root from 61.177.173.18 port 33098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:33:18,034] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:33:18,035] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:33:18,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:33:18,053] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 19:33:20,609] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:33:20,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:33:20,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:33:20,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 19:33:29,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670348009.638706, 'message': 'Dec  6 19:33:28 hqnl0246134 sshd[247644]: Invalid user centos from 190.120.254.76 port 50384', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:33:29,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.120.254.76', 'timestamp': 1670348009.6389916, 'message': 'Dec  6 19:33:28 hqnl0246134 sshd[247644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.120.254.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:33:29,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.120.254.76', 'timestamp': 1670348009.6391747, 'message': 'Dec  6 19:33:28 hqnl0246134 sshd[247644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.120.254.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:33:31,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670348011.6400409, 'message': 'Dec  6 19:33:30 hqnl0246134 sshd[247644]: Failed password for invalid user centos from 190.120.254.76 port 50384 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 19:33:31,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.120.254.76', 'timestamp': 1670348011.6402535, 'message': 'Dec  6 19:33:31 hqnl0246134 sshd[247644]: Disconnected from invalid user centos 190.120.254.76 port 50384 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 19:33:48,331] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:33:48,332] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:33:53,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348033.7436101, 'message': 'Dec  6 19:33:52 hqnl0246134 sshd[247663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 169.239.220.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-06 19:33:53,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348033.744771, 'message': 'Dec  6 19:33:53 hqnl0246134 sshd[247665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 19:33:53,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348033.7444534, 'message': 'Dec  6 19:33:52 hqnl0246134 sshd[247663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.220.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 19:33:53,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348033.7450979, 'message': 'Dec  6 19:33:53 hqnl0246134 sshd[247665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 19:33:55,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348035.745503, 'message': 'Dec  6 19:33:54 hqnl0246134 sshd[247663]: Failed password for root from 169.239.220.35 port 59440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 19:33:55,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348035.7457108, 'message': 'Dec  6 19:33:55 hqnl0246134 sshd[247665]: Failed password for root from 61.177.173.18 port 60203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 19:33:57,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348037.7504442, 'message': 'Dec  6 19:33:57 hqnl0246134 sshd[247665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:34:01,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348041.7565289, 'message': 'Dec  6 19:34:00 hqnl0246134 sshd[247665]: Failed password for root from 61.177.173.18 port 60203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:34:03,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348043.7579758, 'message': 'Dec  6 19:34:01 hqnl0246134 sshd[247665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:34:05,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348045.758489, 'message': 'Dec  6 19:34:03 hqnl0246134 sshd[247665]: Failed password for root from 61.177.173.18 port 60203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
WARNING [2022-12-06 19:34:09,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:34:09,799] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0296 seconds
INFO    [2022-12-06 19:34:18,051] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:34:18,052] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:34:18,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:34:18,072] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 19:34:20,671] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:34:20,672] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:34:20,680] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:34:20,692] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 19:34:43,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348083.8273082, 'message': 'Dec  6 19:34:42 hqnl0246134 sshd[247715]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:34:43,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348083.827637, 'message': 'Dec  6 19:34:42 hqnl0246134 sshd[247715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:34:45,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348085.828357, 'message': 'Dec  6 19:34:44 hqnl0246134 sshd[247715]: Failed password for root from 61.177.173.18 port 43069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:34:45,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348085.8292298, 'message': 'Dec  6 19:34:44 hqnl0246134 sshd[247715]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:34:47,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348087.8295662, 'message': 'Dec  6 19:34:47 hqnl0246134 sshd[247715]: Failed password for root from 61.177.173.18 port 43069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 19:34:48,334] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:34:48,335] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:34:49,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348089.8324816, 'message': 'Dec  6 19:34:49 hqnl0246134 sshd[247715]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:34:51,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348091.8349962, 'message': 'Dec  6 19:34:50 hqnl0246134 sshd[247715]: Failed password for root from 61.177.173.18 port 43069 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 19:34:53,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:34:53,957] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:34:53,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:34:53,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 19:34:57,985] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:34:58,051] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:34:58,051] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:34:58,052] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:34:58,052] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:34:58,052] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:34:58,062] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:34:58,081] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0283 seconds
WARNING [2022-12-06 19:34:58,091] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:34:58,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:34:58,128] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0534 seconds
INFO    [2022-12-06 19:34:58,131] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0523 seconds
WARNING [2022-12-06 19:35:09,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:35:09,800] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0280 seconds
INFO    [2022-12-06 19:35:18,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:35:18,023] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:35:18,064] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:35:18,092] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0550 seconds
INFO    [2022-12-06 19:35:20,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:35:20,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:35:20,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:35:20,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 19:35:28,182] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:35:28,183] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:35:28,184] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 19:35:29,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348129.8728886, 'message': 'Dec  6 19:35:29 hqnl0246134 sshd[247791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:35:29,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348129.8731804, 'message': 'Dec  6 19:35:29 hqnl0246134 sshd[247791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:35:33,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348133.8774388, 'message': 'Dec  6 19:35:31 hqnl0246134 sshd[247791]: Failed password for root from 61.177.173.18 port 64036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:35:35,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348135.8803716, 'message': 'Dec  6 19:35:34 hqnl0246134 sshd[247791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:35:37,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348137.8830924, 'message': 'Dec  6 19:35:36 hqnl0246134 sshd[247791]: Failed password for root from 61.177.173.18 port 64036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 19:35:39,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348139.8838022, 'message': 'Dec  6 19:35:38 hqnl0246134 sshd[247791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:35:41,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348141.8864748, 'message': 'Dec  6 19:35:40 hqnl0246134 sshd[247791]: Failed password for root from 61.177.173.18 port 64036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 19:35:48,338] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:35:48,339] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:36:05,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348165.916829, 'message': 'Dec  6 19:36:04 hqnl0246134 sshd[247818]: Invalid user ai from 181.46.164.14 port 52522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 19:36:05,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348165.918173, 'message': 'Dec  6 19:36:04 hqnl0246134 sshd[247818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.46.164.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:36:05,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348165.9184864, 'message': 'Dec  6 19:36:04 hqnl0246134 sshd[247818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.46.164.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:36:07,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348167.9165275, 'message': 'Dec  6 19:36:06 hqnl0246134 sshd[247818]: Failed password for invalid user ai from 181.46.164.14 port 52522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 19:36:09,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:36:09,814] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0372 seconds
INFO    [2022-12-06 19:36:09,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348169.9177399, 'message': 'Dec  6 19:36:08 hqnl0246134 sshd[247818]: Disconnected from invalid user ai 181.46.164.14 port 52522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:36:11,203] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:36:11,204] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:36:11,211] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:36:11,222] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 19:36:17,941] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:36:17,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:36:17,959] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:36:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0490 seconds
INFO    [2022-12-06 19:36:19,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348179.9273593, 'message': 'Dec  6 19:36:18 hqnl0246134 sshd[247828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 19:36:19,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348179.9280162, 'message': 'Dec  6 19:36:19 hqnl0246134 sshd[247836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.12.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 19:36:19,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348179.9276295, 'message': 'Dec  6 19:36:18 hqnl0246134 sshd[247828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 19:36:19,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348179.928174, 'message': 'Dec  6 19:36:19 hqnl0246134 sshd[247836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.12.206  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 19:36:20,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348179.9278212, 'message': 'Dec  6 19:36:19 hqnl0246134 sshd[247828]: Failed password for root from 61.177.173.18 port 47252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:36:20,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:36:20,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:36:20,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:36:20,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-06 19:36:21,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348181.9282115, 'message': 'Dec  6 19:36:20 hqnl0246134 sshd[247828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 19:36:21,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348181.9284322, 'message': 'Dec  6 19:36:21 hqnl0246134 sshd[247836]: Failed password for root from 130.61.12.206 port 50608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 19:36:23,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348183.9309776, 'message': 'Dec  6 19:36:22 hqnl0246134 sshd[247828]: Failed password for root from 61.177.173.18 port 47252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:36:23,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348183.9311824, 'message': 'Dec  6 19:36:22 hqnl0246134 sshd[247828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:36:25,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348185.9337986, 'message': 'Dec  6 19:36:24 hqnl0246134 sshd[247828]: Failed password for root from 61.177.173.18 port 47252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 19:36:48,343] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:36:48,344] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:37:06,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348225.9858673, 'message': 'Dec  6 19:37:04 hqnl0246134 sshd[247886]: Invalid user xq from 50.192.223.205 port 41202', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 19:37:06,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348225.9866326, 'message': 'Dec  6 19:37:04 hqnl0246134 sshd[247884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 19:37:06,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348225.9870582, 'message': 'Dec  6 19:37:04 hqnl0246134 sshd[247886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.192.223.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:37:06,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348225.9869206, 'message': 'Dec  6 19:37:04 hqnl0246134 sshd[247884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 19:37:06,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348225.9872203, 'message': 'Dec  6 19:37:04 hqnl0246134 sshd[247886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.192.223.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 19:37:08,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348227.9873953, 'message': 'Dec  6 19:37:06 hqnl0246134 sshd[247884]: Failed password for root from 61.177.173.18 port 19320 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 19:37:08,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348227.9877036, 'message': 'Dec  6 19:37:06 hqnl0246134 sshd[247886]: Failed password for invalid user xq from 50.192.223.205 port 41202 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-06 19:37:08,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348227.9878402, 'message': 'Dec  6 19:37:06 hqnl0246134 sshd[247884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
WARNING [2022-12-06 19:37:09,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:37:09,829] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-06 19:37:10,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348229.988383, 'message': 'Dec  6 19:37:08 hqnl0246134 sshd[247886]: Disconnected from invalid user xq 50.192.223.205 port 41202 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 19:37:10,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348229.988624, 'message': 'Dec  6 19:37:08 hqnl0246134 sshd[247884]: Failed password for root from 61.177.173.18 port 19320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 19:37:10,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348229.9889805, 'message': 'Dec  6 19:37:09 hqnl0246134 sshd[247884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 19:37:12,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348231.991246, 'message': 'Dec  6 19:37:10 hqnl0246134 sshd[247884]: Failed password for root from 61.177.173.18 port 19320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 19:37:17,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:37:17,871] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:37:17,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:37:17,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 19:37:20,617] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:37:20,618] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:37:20,626] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:37:20,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 19:37:48,348] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:37:48,349] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:37:52,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348272.0453017, 'message': 'Dec  6 19:37:51 hqnl0246134 sshd[247937]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.46.164.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 19:37:52,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348272.0458155, 'message': 'Dec  6 19:37:51 hqnl0246134 sshd[247939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 19:37:52,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348272.0456543, 'message': 'Dec  6 19:37:51 hqnl0246134 sshd[247937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.46.164.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 19:37:52,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348272.0459304, 'message': 'Dec  6 19:37:51 hqnl0246134 sshd[247939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 19:37:54,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.46.164.14', 'timestamp': 1670348274.045069, 'message': 'Dec  6 19:37:52 hqnl0246134 sshd[247937]: Failed password for root from 181.46.164.14 port 56838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 19:37:54,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348274.0452554, 'message': 'Dec  6 19:37:53 hqnl0246134 sshd[247939]: Failed password for root from 61.177.173.18 port 52503 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 19:37:54,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348274.045397, 'message': 'Dec  6 19:37:53 hqnl0246134 sshd[247939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:37:56,036] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:37:56,036] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:37:56,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:37:56,066] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0288 seconds
INFO    [2022-12-06 19:37:56,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348276.0454345, 'message': 'Dec  6 19:37:55 hqnl0246134 sshd[247939]: Failed password for root from 61.177.173.18 port 52503 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 19:37:56,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348276.0456247, 'message': 'Dec  6 19:37:55 hqnl0246134 sshd[247939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 19:37:58,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348278.0478914, 'message': 'Dec  6 19:37:57 hqnl0246134 sshd[247939]: Failed password for root from 61.177.173.18 port 52503 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 19:38:09,794] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:38:09,820] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-06 19:38:17,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:38:17,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:38:17,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:38:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 19:38:20,823] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:38:20,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:38:20,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:38:20,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-06 19:38:34,698] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:38:34,774] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:38:34,774] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:38:34,775] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:38:34,775] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:38:34,776] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:38:34,791] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:38:34,808] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0313 seconds
WARNING [2022-12-06 19:38:34,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:38:34,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:38:34,834] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0316 seconds
INFO    [2022-12-06 19:38:34,836] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0296 seconds
INFO    [2022-12-06 19:38:38,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348318.096486, 'message': 'Dec  6 19:38:38 hqnl0246134 sshd[247996]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:38:38,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348318.0967464, 'message': 'Dec  6 19:38:38 hqnl0246134 sshd[247996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 19:38:40,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348320.0976167, 'message': 'Dec  6 19:38:39 hqnl0246134 sshd[247996]: Failed password for root from 61.177.173.18 port 21285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:38:42,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348322.1040304, 'message': 'Dec  6 19:38:40 hqnl0246134 sshd[247996]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:38:44,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348324.1078131, 'message': 'Dec  6 19:38:42 hqnl0246134 sshd[247996]: Failed password for root from 61.177.173.18 port 21285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:38:46,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348326.1133175, 'message': 'Dec  6 19:38:44 hqnl0246134 sshd[247996]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:38:48,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348328.1145945, 'message': 'Dec  6 19:38:46 hqnl0246134 sshd[247996]: Failed password for root from 61.177.173.18 port 21285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-06 19:38:48,352] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:38:48,353] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:38:50,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348330.1178133, 'message': 'Dec  6 19:38:49 hqnl0246134 sshd[248005]: Invalid user glassfish from 130.61.12.206 port 43732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:38:52,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348332.1205704, 'message': 'Dec  6 19:38:50 hqnl0246134 sshd[248005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.12.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 19:38:52,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348332.1211333, 'message': 'Dec  6 19:38:50 hqnl0246134 sshd[248007]: Invalid user conectar from 94.153.212.68 port 51178', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 19:38:52,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348332.120973, 'message': 'Dec  6 19:38:50 hqnl0246134 sshd[248005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.12.206 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 19:38:52,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348332.1212537, 'message': 'Dec  6 19:38:50 hqnl0246134 sshd[248007]: pam_imunify(sshd:auth): [IM360_RBL] The IP 94.153.212.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 19:38:52,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348332.1213803, 'message': 'Dec  6 19:38:50 hqnl0246134 sshd[248007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.153.212.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:38:54,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348334.1224394, 'message': 'Dec  6 19:38:52 hqnl0246134 sshd[248005]: Failed password for invalid user glassfish from 130.61.12.206 port 43732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 19:38:54,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348334.1227643, 'message': 'Dec  6 19:38:52 hqnl0246134 sshd[248007]: Failed password for invalid user conectar from 94.153.212.68 port 51178 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 19:38:54,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348334.123023, 'message': 'Dec  6 19:38:53 hqnl0246134 sshd[248005]: Disconnected from invalid user glassfish 130.61.12.206 port 43732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 19:38:54,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348334.1229036, 'message': 'Dec  6 19:38:53 hqnl0246134 sshd[248007]: Disconnected from invalid user conectar 94.153.212.68 port 51178 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
WARNING [2022-12-06 19:39:09,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:39:09,823] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-06 19:39:12,408] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:39:12,409] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:39:12,410] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 19:39:18,477] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:39:18,477] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:39:18,503] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:39:18,556] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0732 seconds
INFO    [2022-12-06 19:39:22,843] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:39:22,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:39:22,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:39:22,880] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0342 seconds
INFO    [2022-12-06 19:39:26,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348366.1596181, 'message': 'Dec  6 19:39:25 hqnl0246134 sshd[248188]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:39:26,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348366.1599145, 'message': 'Dec  6 19:39:25 hqnl0246134 sshd[248188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:39:28,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348368.1611946, 'message': 'Dec  6 19:39:27 hqnl0246134 sshd[248188]: Failed password for root from 61.177.173.18 port 54106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:39:28,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348368.161442, 'message': 'Dec  6 19:39:27 hqnl0246134 sshd[248188]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:39:30,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348370.1621916, 'message': 'Dec  6 19:39:29 hqnl0246134 sshd[248188]: Failed password for root from 61.177.173.18 port 54106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 19:39:32,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348372.1624115, 'message': 'Dec  6 19:39:30 hqnl0246134 sshd[248188]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 19:39:32,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348372.1626785, 'message': 'Dec  6 19:39:31 hqnl0246134 sshd[248188]: Failed password for root from 61.177.173.18 port 54106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:39:35,095] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:39:35,095] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:39:35,102] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:39:35,113] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
WARNING [2022-12-06 19:39:48,355] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:39:48,356] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:39:56,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348396.1855283, 'message': 'Dec  6 19:39:54 hqnl0246134 sshd[248212]: Invalid user musikbot from 50.192.223.205 port 58786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 19:39:56,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348396.1860402, 'message': 'Dec  6 19:39:54 hqnl0246134 sshd[248212]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.192.223.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 19:39:56,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348396.1862543, 'message': 'Dec  6 19:39:54 hqnl0246134 sshd[248212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.192.223.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:39:58,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348398.1863277, 'message': 'Dec  6 19:39:56 hqnl0246134 sshd[248212]: Failed password for invalid user musikbot from 50.192.223.205 port 58786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 19:39:58,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348398.1865997, 'message': 'Dec  6 19:39:57 hqnl0246134 sshd[248212]: Disconnected from invalid user musikbot 50.192.223.205 port 58786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 19:40:09,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:40:09,829] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 19:40:14,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348414.2066805, 'message': 'Dec  6 19:40:13 hqnl0246134 sshd[248238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:40:14,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348414.2070594, 'message': 'Dec  6 19:40:13 hqnl0246134 sshd[248238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:40:16,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348416.208295, 'message': 'Dec  6 19:40:15 hqnl0246134 sshd[248238]: Failed password for root from 61.177.173.18 port 27416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 19:40:16,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348416.2084763, 'message': 'Dec  6 19:40:16 hqnl0246134 sshd[248238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:40:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:40:17,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:40:17,970] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:40:17,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 19:40:20,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348420.2135005, 'message': 'Dec  6 19:40:18 hqnl0246134 sshd[248238]: Failed password for root from 61.177.173.18 port 27416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:40:20,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:40:20,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:40:20,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:40:20,928] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 19:40:22,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348422.2161143, 'message': 'Dec  6 19:40:20 hqnl0246134 sshd[248238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 19:40:24,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348424.2192674, 'message': 'Dec  6 19:40:22 hqnl0246134 sshd[248238]: Failed password for root from 61.177.173.18 port 27416 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 19:40:48,359] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:40:48,360] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:41:02,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348462.2827, 'message': 'Dec  6 19:41:01 hqnl0246134 sshd[248303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 19:41:02,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348462.283229, 'message': 'Dec  6 19:41:01 hqnl0246134 sshd[248303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:41:04,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348464.282755, 'message': 'Dec  6 19:41:03 hqnl0246134 sshd[248303]: Failed password for root from 61.177.173.18 port 55485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 19:41:06,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348466.2854695, 'message': 'Dec  6 19:41:05 hqnl0246134 sshd[248303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:41:08,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348468.2878165, 'message': 'Dec  6 19:41:07 hqnl0246134 sshd[248303]: Failed password for root from 61.177.173.18 port 55485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:41:08,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348468.2879858, 'message': 'Dec  6 19:41:07 hqnl0246134 sshd[248303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 19:41:09,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:41:09,921] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 19:41:10,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348470.2898612, 'message': 'Dec  6 19:41:09 hqnl0246134 sshd[248303]: Failed password for root from 61.177.173.18 port 55485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0757 seconds
INFO    [2022-12-06 19:41:13,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:41:13,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:41:13,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:41:13,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 19:41:17,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:41:17,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:41:17,949] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:41:17,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 19:41:20,655] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:41:20,656] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:41:20,665] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:41:20,679] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 19:41:28,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348488.3106124, 'message': 'Dec  6 19:41:27 hqnl0246134 sshd[248343]: Invalid user ircd from 130.61.12.206 port 45110', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-06 19:41:28,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348488.3114543, 'message': 'Dec  6 19:41:27 hqnl0246134 sshd[248343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.12.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 19:41:28,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348488.3117468, 'message': 'Dec  6 19:41:27 hqnl0246134 sshd[248343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.12.206 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 19:41:30,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348490.309752, 'message': 'Dec  6 19:41:29 hqnl0246134 sshd[248343]: Failed password for invalid user ircd from 130.61.12.206 port 45110 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-06 19:41:30,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.12.206', 'timestamp': 1670348490.3099353, 'message': 'Dec  6 19:41:30 hqnl0246134 sshd[248343]: Disconnected from invalid user ircd 130.61.12.206 port 45110 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 19:41:48,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348508.3305123, 'message': 'Dec  6 19:41:46 hqnl0246134 sshd[248350]: Invalid user applprod from 94.153.212.68 port 37650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 19:41:48,361] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:41:48,362] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:41:48,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348508.3307998, 'message': 'Dec  6 19:41:46 hqnl0246134 sshd[248350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 94.153.212.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:41:48,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348508.3309321, 'message': 'Dec  6 19:41:46 hqnl0246134 sshd[248350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.153.212.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:41:50,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348510.3328426, 'message': 'Dec  6 19:41:48 hqnl0246134 sshd[248350]: Failed password for invalid user applprod from 94.153.212.68 port 37650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 19:41:50,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348510.3330746, 'message': 'Dec  6 19:41:48 hqnl0246134 sshd[248352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 19:41:50,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348510.3333545, 'message': 'Dec  6 19:41:50 hqnl0246134 sshd[248350]: Disconnected from invalid user applprod 94.153.212.68 port 37650 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 19:41:50,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348510.3332472, 'message': 'Dec  6 19:41:48 hqnl0246134 sshd[248352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 19:41:50,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348510.3334713, 'message': 'Dec  6 19:41:50 hqnl0246134 sshd[248352]: Failed password for root from 61.177.173.18 port 30809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 19:41:52,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348512.3345966, 'message': 'Dec  6 19:41:50 hqnl0246134 sshd[248352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 19:41:53,824] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:41:54,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348514.3363845, 'message': 'Dec  6 19:41:52 hqnl0246134 sshd[248352]: Failed password for root from 61.177.173.18 port 30809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 19:41:54,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348514.336617, 'message': 'Dec  6 19:41:53 hqnl0246134 sshd[248352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 19:41:56,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348516.3374794, 'message': 'Dec  6 19:41:55 hqnl0246134 sshd[248352]: Failed password for root from 61.177.173.18 port 30809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0620 seconds
WARNING [2022-12-06 19:42:09,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:42:09,938] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-06 19:42:17,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:42:17,947] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:42:17,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:42:17,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 19:42:20,605] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:42:20,606] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:42:20,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:42:20,627] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 19:42:36,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348556.379315, 'message': 'Dec  6 19:42:36 hqnl0246134 sshd[248415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0651 seconds
INFO    [2022-12-06 19:42:36,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348556.3798616, 'message': 'Dec  6 19:42:36 hqnl0246134 sshd[248415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 19:42:38,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348558.3776402, 'message': 'Dec  6 19:42:38 hqnl0246134 sshd[248415]: Failed password for root from 61.177.173.18 port 62066 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 19:42:40,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348560.3799007, 'message': 'Dec  6 19:42:38 hqnl0246134 sshd[248415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 19:42:40,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348560.380102, 'message': 'Dec  6 19:42:40 hqnl0246134 sshd[248415]: Failed password for root from 61.177.173.18 port 62066 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 19:42:42,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348562.3829083, 'message': 'Dec  6 19:42:40 hqnl0246134 sshd[248415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:42:44,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348564.3909361, 'message': 'Dec  6 19:42:43 hqnl0246134 sshd[248415]: Failed password for root from 61.177.173.18 port 62066 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 19:42:47,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:42:47,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:42:47,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:42:47,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
WARNING [2022-12-06 19:42:48,364] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:42:48,365] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:42:50,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348570.3982275, 'message': 'Dec  6 19:42:48 hqnl0246134 sshd[248429]: Invalid user movies from 50.192.223.205 port 48138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:42:50,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348570.3985052, 'message': 'Dec  6 19:42:48 hqnl0246134 sshd[248429]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.192.223.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 19:42:50,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348570.3986304, 'message': 'Dec  6 19:42:48 hqnl0246134 sshd[248429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.192.223.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:42:52,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348572.4007075, 'message': 'Dec  6 19:42:51 hqnl0246134 sshd[248429]: Failed password for invalid user movies from 50.192.223.205 port 48138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 19:42:54,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.192.223.205', 'timestamp': 1670348574.401822, 'message': 'Dec  6 19:42:53 hqnl0246134 sshd[248429]: Disconnected from invalid user movies 50.192.223.205 port 48138 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
WARNING [2022-12-06 19:43:09,920] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:43:09,943] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0395 seconds
INFO    [2022-12-06 19:43:10,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.236.188.179', 'timestamp': 1670348590.430521, 'message': 'Dec  6 19:43:09 hqnl0246134 sshd[248453]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.236.188.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:43:10,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.236.188.179', 'timestamp': 1670348590.430755, 'message': 'Dec  6 19:43:09 hqnl0246134 sshd[248453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.236.188.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:43:12,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.236.188.179', 'timestamp': 1670348592.4323497, 'message': 'Dec  6 19:43:11 hqnl0246134 sshd[248453]: Failed password for root from 2.236.188.179 port 59078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 19:43:17,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:43:17,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:43:17,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:43:17,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 19:43:20,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:43:20,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:43:20,561] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:43:20,572] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 19:43:24,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348604.4498026, 'message': 'Dec  6 19:43:24 hqnl0246134 sshd[248478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 19:43:24,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348604.450317, 'message': 'Dec  6 19:43:24 hqnl0246134 sshd[248478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 19:43:28,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348608.4567394, 'message': 'Dec  6 19:43:26 hqnl0246134 sshd[248478]: Failed password for root from 61.177.173.18 port 40816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 19:43:30,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348610.460028, 'message': 'Dec  6 19:43:28 hqnl0246134 sshd[248478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 19:43:32,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348612.4653404, 'message': 'Dec  6 19:43:30 hqnl0246134 sshd[248478]: Failed password for root from 61.177.173.18 port 40816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 19:43:32,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348612.4655802, 'message': 'Dec  6 19:43:31 hqnl0246134 sshd[248478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 19:43:34,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348614.4669156, 'message': 'Dec  6 19:43:32 hqnl0246134 sshd[248478]: Failed password for root from 61.177.173.18 port 40816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 19:43:48,368] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:43:48,370] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:43:50,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348630.4870393, 'message': 'Dec  6 19:43:49 hqnl0246134 sshd[248485]: Invalid user g from 210.19.254.6 port 35390', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 19:43:50,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348630.487471, 'message': 'Dec  6 19:43:49 hqnl0246134 sshd[248485]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 19:43:50,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348630.4876504, 'message': 'Dec  6 19:43:49 hqnl0246134 sshd[248485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 19:43:52,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348632.4907193, 'message': 'Dec  6 19:43:51 hqnl0246134 sshd[248485]: Failed password for invalid user g from 210.19.254.6 port 35390 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 19:43:52,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348632.491773, 'message': 'Dec  6 19:43:51 hqnl0246134 sshd[248485]: Disconnected from invalid user g 210.19.254.6 port 35390 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 19:43:54,320] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:43:54,321] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:43:54,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:43:54,365] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0423 seconds
WARNING [2022-12-06 19:44:09,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:44:09,953] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-06 19:44:12,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348652.5152414, 'message': 'Dec  6 19:44:11 hqnl0246134 sshd[248516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 19:44:12,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348652.5155635, 'message': 'Dec  6 19:44:11 hqnl0246134 sshd[248516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:44:14,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348654.5163543, 'message': 'Dec  6 19:44:13 hqnl0246134 sshd[248516]: Failed password for root from 61.177.173.18 port 19764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 19:44:16,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348656.5175304, 'message': 'Dec  6 19:44:15 hqnl0246134 sshd[248516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:44:17,859] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:44:17,860] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:44:17,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:44:17,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
INFO    [2022-12-06 19:44:18,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348658.5211978, 'message': 'Dec  6 19:44:17 hqnl0246134 sshd[248516]: Failed password for root from 61.177.173.18 port 19764 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 19:44:18,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348658.5214777, 'message': 'Dec  6 19:44:18 hqnl0246134 sshd[248516]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:44:20,625] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:44:20,625] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:44:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:44:20,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670348660.5259352, 'message': 'Dec  6 19:44:20 hqnl0246134 sshd[248552]: Invalid user admin from 152.89.196.220 port 44624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1405 seconds
INFO    [2022-12-06 19:44:20,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348660.5264196, 'message': 'Dec  6 19:44:20 hqnl0246134 sshd[248516]: Failed password for root from 61.177.173.18 port 19764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1412 seconds
INFO    [2022-12-06 19:44:20,675] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0488 seconds
INFO    [2022-12-06 19:44:20,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670348660.5261934, 'message': 'Dec  6 19:44:20 hqnl0246134 sshd[248552]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 19:44:20,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670348660.5263104, 'message': 'Dec  6 19:44:20 hqnl0246134 sshd[248552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:44:22,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670348662.5273108, 'message': 'Dec  6 19:44:22 hqnl0246134 sshd[248552]: Failed password for invalid user admin from 152.89.196.220 port 44624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 19:44:24,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670348664.5328634, 'message': 'Dec  6 19:44:23 hqnl0246134 sshd[248552]: Disconnected from invalid user admin 152.89.196.220 port 44624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 19:44:48,373] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:44:48,375] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:44:52,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348692.575084, 'message': 'Dec  6 19:44:51 hqnl0246134 sshd[248573]: Invalid user customer from 94.153.212.68 port 52364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 19:44:52,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348692.5754995, 'message': 'Dec  6 19:44:51 hqnl0246134 sshd[248573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 94.153.212.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:44:52,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348692.5756598, 'message': 'Dec  6 19:44:51 hqnl0246134 sshd[248573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.153.212.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 19:44:54,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348694.580658, 'message': 'Dec  6 19:44:53 hqnl0246134 sshd[248573]: Failed password for invalid user customer from 94.153.212.68 port 52364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:44:56,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '94.153.212.68', 'timestamp': 1670348696.5814173, 'message': 'Dec  6 19:44:55 hqnl0246134 sshd[248573]: Disconnected from invalid user customer 94.153.212.68 port 52364 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 19:44:58,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348698.584508, 'message': 'Dec  6 19:44:58 hqnl0246134 sshd[248583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:44:58,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348698.5847633, 'message': 'Dec  6 19:44:58 hqnl0246134 sshd[248583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 19:45:00,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348700.5859194, 'message': 'Dec  6 19:45:00 hqnl0246134 sshd[248583]: Failed password for root from 61.177.173.18 port 41803 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 19:45:02,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348702.5888362, 'message': 'Dec  6 19:45:02 hqnl0246134 sshd[248583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-06 19:45:04,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348704.5900798, 'message': 'Dec  6 19:45:04 hqnl0246134 sshd[248583]: Failed password for root from 61.177.173.18 port 41803 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 19:45:06,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348706.5942645, 'message': 'Dec  6 19:45:04 hqnl0246134 sshd[248583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 19:45:08,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348708.6006558, 'message': 'Dec  6 19:45:06 hqnl0246134 sshd[248583]: Failed password for root from 61.177.173.18 port 41803 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-06 19:45:09,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:45:09,944] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 19:45:18,149] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:45:18,150] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:45:18,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:45:18,184] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0322 seconds
INFO    [2022-12-06 19:45:20,906] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:45:20,906] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:45:20,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:45:20,927] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
WARNING [2022-12-06 19:45:48,377] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:45:48,378] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:45:48,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348748.6542025, 'message': 'Dec  6 19:45:47 hqnl0246134 sshd[248646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 19:45:48,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348748.6547744, 'message': 'Dec  6 19:45:47 hqnl0246134 sshd[248646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:45:50,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348750.6565306, 'message': 'Dec  6 19:45:49 hqnl0246134 sshd[248646]: Failed password for root from 61.177.173.18 port 27247 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 19:45:50,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348750.6567984, 'message': 'Dec  6 19:45:49 hqnl0246134 sshd[248646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 19:45:52,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348752.6661706, 'message': 'Dec  6 19:45:51 hqnl0246134 sshd[248646]: Failed password for root from 61.177.173.18 port 27247 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:45:52,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348752.6665466, 'message': 'Dec  6 19:45:51 hqnl0246134 sshd[248646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:45:54,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348754.660578, 'message': 'Dec  6 19:45:53 hqnl0246134 sshd[248646]: Failed password for root from 61.177.173.18 port 27247 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 19:45:58,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:45:58,085] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:45:58,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:45:58,104] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 19:46:09,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:46:09,971] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0550 seconds
INFO    [2022-12-06 19:46:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:46:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:46:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:46:18,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 19:46:20,540] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:46:20,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:46:20,546] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:46:20,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 19:46:21,259] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:46:21,327] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:46:21,328] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:46:21,328] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:46:21,328] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:46:21,329] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:46:21,342] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:46:21,366] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0368 seconds
WARNING [2022-12-06 19:46:21,379] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:46:21,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:46:21,397] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0406 seconds
INFO    [2022-12-06 19:46:21,399] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0365 seconds
INFO    [2022-12-06 19:46:38,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348798.7080615, 'message': 'Dec  6 19:46:37 hqnl0246134 sshd[248699]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 19:46:38,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348798.7088826, 'message': 'Dec  6 19:46:37 hqnl0246134 sshd[248699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 19:46:40,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348800.7103636, 'message': 'Dec  6 19:46:38 hqnl0246134 sshd[248699]: Failed password for root from 61.177.173.18 port 60954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 19:46:40,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348800.7106252, 'message': 'Dec  6 19:46:39 hqnl0246134 sshd[248699]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 19:46:42,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348802.7127063, 'message': 'Dec  6 19:46:41 hqnl0246134 sshd[248699]: Failed password for root from 61.177.173.18 port 60954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:46:44,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348804.715004, 'message': 'Dec  6 19:46:43 hqnl0246134 sshd[248699]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 19:46:46,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348806.717793, 'message': 'Dec  6 19:46:45 hqnl0246134 sshd[248699]: Failed password for root from 61.177.173.18 port 60954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-06 19:46:48,380] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:46:48,381] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:46:51,459] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:46:51,459] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:46:51,460] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 19:47:09,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:47:09,960] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0386 seconds
INFO    [2022-12-06 19:47:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:47:17,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:47:17,976] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:47:17,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
INFO    [2022-12-06 19:47:20,721] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:47:20,721] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:47:20,729] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:47:20,741] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 19:47:24,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348844.7593453, 'message': 'Dec  6 19:47:23 hqnl0246134 sshd[248745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 19:47:24,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348844.7599192, 'message': 'Dec  6 19:47:23 hqnl0246134 sshd[248745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 19:47:26,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348846.7613199, 'message': 'Dec  6 19:47:25 hqnl0246134 sshd[248745]: Failed password for root from 61.177.173.18 port 18268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 19:47:28,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348848.7629235, 'message': 'Dec  6 19:47:27 hqnl0246134 sshd[248745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:47:30,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348850.7663572, 'message': 'Dec  6 19:47:29 hqnl0246134 sshd[248745]: Failed password for root from 61.177.173.18 port 18268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:47:30,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348850.7665424, 'message': 'Dec  6 19:47:30 hqnl0246134 sshd[248745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 19:47:32,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348852.7689528, 'message': 'Dec  6 19:47:32 hqnl0246134 sshd[248745]: Failed password for root from 61.177.173.18 port 18268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 19:47:35,148] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:47:35,149] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:47:35,160] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:47:35,178] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
WARNING [2022-12-06 19:47:48,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:47:48,389] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:48:09,942] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:48:09,966] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-06 19:48:12,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348892.808938, 'message': 'Dec  6 19:48:10 hqnl0246134 sshd[248785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 19:48:12,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348892.8096228, 'message': 'Dec  6 19:48:10 hqnl0246134 sshd[248785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:48:12,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348892.809899, 'message': 'Dec  6 19:48:12 hqnl0246134 sshd[248785]: Failed password for root from 61.177.173.18 port 41549 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 19:48:14,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348894.8066902, 'message': 'Dec  6 19:48:12 hqnl0246134 sshd[248785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 19:48:16,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348896.807071, 'message': 'Dec  6 19:48:15 hqnl0246134 sshd[248785]: Failed password for root from 61.177.173.18 port 41549 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 19:48:18,483] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:48:18,484] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:48:18,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:48:18,507] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 19:48:18,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348898.8098862, 'message': 'Dec  6 19:48:17 hqnl0246134 sshd[248785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:48:18,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348898.810099, 'message': 'Dec  6 19:48:18 hqnl0246134 sshd[248785]: Failed password for root from 61.177.173.18 port 41549 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:48:21,186] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:48:21,187] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:48:21,198] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:48:21,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 19:48:38,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348918.8265717, 'message': 'Dec  6 19:48:38 hqnl0246134 sshd[248835]: Invalid user test from 169.239.220.35 port 52774', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 19:48:38,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348918.8269536, 'message': 'Dec  6 19:48:38 hqnl0246134 sshd[248835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 169.239.220.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 19:48:38,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348918.8271258, 'message': 'Dec  6 19:48:38 hqnl0246134 sshd[248835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.220.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 19:48:42,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348922.8267374, 'message': 'Dec  6 19:48:40 hqnl0246134 sshd[248835]: Failed password for invalid user test from 169.239.220.35 port 52774 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 19:48:44,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670348924.8281088, 'message': 'Dec  6 19:48:43 hqnl0246134 sshd[248835]: Disconnected from invalid user test 169.239.220.35 port 52774 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:48:45,859] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:48:45,859] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:48:45,867] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:48:45,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-06 19:48:48,392] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:48:48,393] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:48:58,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348938.8396077, 'message': 'Dec  6 19:48:58 hqnl0246134 sshd[248856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 19:48:58,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348938.840153, 'message': 'Dec  6 19:48:58 hqnl0246134 sshd[248856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 19:49:00,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348940.8405159, 'message': 'Dec  6 19:48:59 hqnl0246134 sshd[248856]: Failed password for root from 61.177.173.18 port 15781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 19:49:00,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348940.840832, 'message': 'Dec  6 19:49:00 hqnl0246134 sshd[248856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:49:02,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348942.8432524, 'message': 'Dec  6 19:49:01 hqnl0246134 sshd[248856]: Failed password for root from 61.177.173.18 port 15781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 19:49:02,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348942.8435695, 'message': 'Dec  6 19:49:02 hqnl0246134 sshd[248856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 19:49:04,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348944.8441904, 'message': 'Dec  6 19:49:04 hqnl0246134 sshd[248856]: Failed password for root from 61.177.173.18 port 15781 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 19:49:09,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:49:09,962] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 19:49:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:49:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:49:17,910] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:49:17,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 19:49:20,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:49:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:49:20,590] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:49:20,618] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0387 seconds
INFO    [2022-12-06 19:49:32,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348972.8788567, 'message': 'Dec  6 19:49:32 hqnl0246134 sshd[248896]: Invalid user new from 210.19.254.6 port 53518', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1068 seconds
INFO    [2022-12-06 19:49:33,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348972.8793814, 'message': 'Dec  6 19:49:32 hqnl0246134 sshd[248896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0949 seconds
INFO    [2022-12-06 19:49:33,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348972.8796096, 'message': 'Dec  6 19:49:32 hqnl0246134 sshd[248896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1196 seconds
INFO    [2022-12-06 19:49:34,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348974.8808353, 'message': 'Dec  6 19:49:34 hqnl0246134 sshd[248896]: Failed password for invalid user new from 210.19.254.6 port 53518 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:49:36,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670348976.8824706, 'message': 'Dec  6 19:49:36 hqnl0246134 sshd[248896]: Disconnected from invalid user new 210.19.254.6 port 53518 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 19:49:44,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348984.8939743, 'message': 'Dec  6 19:49:44 hqnl0246134 sshd[248904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 19:49:44,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348984.8943949, 'message': 'Dec  6 19:49:44 hqnl0246134 sshd[248904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:49:46,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348986.896978, 'message': 'Dec  6 19:49:46 hqnl0246134 sshd[248904]: Failed password for root from 61.177.173.18 port 46014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
WARNING [2022-12-06 19:49:48,395] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:49:48,396] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:49:50,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348990.9022808, 'message': 'Dec  6 19:49:48 hqnl0246134 sshd[248904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 19:49:50,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348990.9025726, 'message': 'Dec  6 19:49:50 hqnl0246134 sshd[248904]: Failed password for root from 61.177.173.18 port 46014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 19:49:52,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348992.9040344, 'message': 'Dec  6 19:49:51 hqnl0246134 sshd[248904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 19:49:54,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670348994.9058106, 'message': 'Dec  6 19:49:53 hqnl0246134 sshd[248904]: Failed password for root from 61.177.173.18 port 46014 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
WARNING [2022-12-06 19:50:09,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:50:10,018] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0821 seconds
INFO    [2022-12-06 19:50:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:50:17,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:50:17,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:50:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-06 19:50:20,511] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:50:20,512] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:50:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:50:20,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 19:50:32,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349032.9520779, 'message': 'Dec  6 19:50:32 hqnl0246134 sshd[248973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 19:50:32,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349032.9525373, 'message': 'Dec  6 19:50:32 hqnl0246134 sshd[248973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 19:50:34,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349034.954025, 'message': 'Dec  6 19:50:34 hqnl0246134 sshd[248973]: Failed password for root from 61.177.173.18 port 37322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:50:36,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349036.9564767, 'message': 'Dec  6 19:50:35 hqnl0246134 sshd[248973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 19:50:36,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349036.956669, 'message': 'Dec  6 19:50:36 hqnl0246134 sshd[248973]: Failed password for root from 61.177.173.18 port 37322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:50:38,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349038.9590435, 'message': 'Dec  6 19:50:37 hqnl0246134 sshd[248973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 19:50:40,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349040.9615166, 'message': 'Dec  6 19:50:39 hqnl0246134 sshd[248973]: Failed password for root from 61.177.173.18 port 37322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 19:50:44,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:50:44,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:50:44,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:50:44,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0407 seconds
WARNING [2022-12-06 19:50:48,402] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:50:48,403] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:51:09,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:51:09,981] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 19:51:16,505] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:51:16,572] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:51:16,573] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:51:16,573] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:51:16,574] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:51:16,574] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:51:16,587] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:51:16,605] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0296 seconds
WARNING [2022-12-06 19:51:16,612] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:51:16,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:51:16,633] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0343 seconds
INFO    [2022-12-06 19:51:16,635] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0326 seconds
INFO    [2022-12-06 19:51:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:51:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:51:17,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:51:17,941] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 19:51:20,621] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:51:20,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:51:20,635] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:51:20,648] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 19:51:21,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349081.012722, 'message': 'Dec  6 19:51:19 hqnl0246134 sshd[249019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 19:51:21,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349081.0132208, 'message': 'Dec  6 19:51:19 hqnl0246134 sshd[249019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 19:51:23,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349083.014854, 'message': 'Dec  6 19:51:21 hqnl0246134 sshd[249019]: Failed password for root from 61.177.173.18 port 15290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:51:23,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349083.0150802, 'message': 'Dec  6 19:51:22 hqnl0246134 sshd[249019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:51:25,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349085.0198221, 'message': 'Dec  6 19:51:23 hqnl0246134 sshd[249019]: Failed password for root from 61.177.173.18 port 15290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 19:51:25,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349085.0203147, 'message': 'Dec  6 19:51:24 hqnl0246134 sshd[249019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:51:27,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349087.024132, 'message': 'Dec  6 19:51:26 hqnl0246134 sshd[249019]: Failed password for root from 61.177.173.18 port 15290 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 19:51:40,104] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 19:51:40,106] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 19:51:40,988] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 19:51:46,701] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:51:46,702] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:51:46,702] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 19:51:48,405] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:51:48,406] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:51:53,883] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 19:52:09,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349129.0825536, 'message': 'Dec  6 19:52:07 hqnl0246134 sshd[249104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 19:52:09,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349129.083545, 'message': 'Dec  6 19:52:07 hqnl0246134 sshd[249104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 19:52:09,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:52:09,984] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0345 seconds
INFO    [2022-12-06 19:52:11,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349131.082719, 'message': 'Dec  6 19:52:09 hqnl0246134 sshd[249104]: Failed password for root from 61.177.173.18 port 46077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 19:52:13,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349133.085122, 'message': 'Dec  6 19:52:11 hqnl0246134 sshd[249104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 19:52:15,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349135.0861013, 'message': 'Dec  6 19:52:13 hqnl0246134 sshd[249104]: Failed password for root from 61.177.173.18 port 46077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:52:15,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349135.0863526, 'message': 'Dec  6 19:52:14 hqnl0246134 sshd[249104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:52:17,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349137.088331, 'message': 'Dec  6 19:52:16 hqnl0246134 sshd[249104]: Failed password for root from 61.177.173.18 port 46077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 19:52:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:52:17,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:52:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:52:17,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 19:52:22,247] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:52:22,248] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:52:22,261] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:52:22,280] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
INFO    [2022-12-06 19:52:22,780] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:52:22,781] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:52:22,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:52:22,800] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-06 19:52:48,408] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:52:48,409] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:52:55,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349175.1471727, 'message': 'Dec  6 19:52:54 hqnl0246134 sshd[249141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 19:52:55,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349175.1479473, 'message': 'Dec  6 19:52:54 hqnl0246134 sshd[249141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:52:57,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349177.1485844, 'message': 'Dec  6 19:52:56 hqnl0246134 sshd[249141]: Failed password for root from 61.177.173.18 port 62400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:52:57,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349177.1488388, 'message': 'Dec  6 19:52:56 hqnl0246134 sshd[249141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 19:52:59,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349179.1500182, 'message': 'Dec  6 19:52:58 hqnl0246134 sshd[249141]: Failed password for root from 61.177.173.18 port 62400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:53:01,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349181.1527703, 'message': 'Dec  6 19:53:01 hqnl0246134 sshd[249141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 19:53:05,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349185.1574337, 'message': 'Dec  6 19:53:03 hqnl0246134 sshd[249141]: Failed password for root from 61.177.173.18 port 62400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 19:53:09,961] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:53:09,981] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-06 19:53:18,206] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:53:18,206] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:53:18,217] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:53:18,235] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0281 seconds
INFO    [2022-12-06 19:53:21,237] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:53:21,237] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:53:21,248] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:53:21,266] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-06 19:53:45,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349225.2076354, 'message': 'Dec  6 19:53:43 hqnl0246134 sshd[249184]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 19:53:45,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349225.2079597, 'message': 'Dec  6 19:53:43 hqnl0246134 sshd[249184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 19:53:47,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349227.2098632, 'message': 'Dec  6 19:53:46 hqnl0246134 sshd[249184]: Failed password for root from 61.177.173.18 port 44916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 19:53:48,412] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:53:48,413] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:53:49,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349229.212917, 'message': 'Dec  6 19:53:48 hqnl0246134 sshd[249184]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 19:53:51,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349231.2165394, 'message': 'Dec  6 19:53:50 hqnl0246134 sshd[249184]: Failed password for root from 61.177.173.18 port 44916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 19:53:53,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349233.219311, 'message': 'Dec  6 19:53:52 hqnl0246134 sshd[249184]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 19:53:55,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349235.2218022, 'message': 'Dec  6 19:53:54 hqnl0246134 sshd[249184]: Failed password for root from 61.177.173.18 port 44916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0700 seconds
INFO    [2022-12-06 19:53:58,017] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:53:58,018] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:53:58,026] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:53:58,038] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-06 19:54:09,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:54:09,989] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-06 19:54:17,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.83.28.210', 'timestamp': 1670349257.2647452, 'message': 'Dec  6 19:54:16 hqnl0246134 sshd[249187]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.83.28.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 19:54:17,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.83.28.210', 'timestamp': 1670349257.2651517, 'message': 'Dec  6 19:54:16 hqnl0246134 sshd[249187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.83.28.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:54:17,991] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:54:17,992] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:54:18,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:54:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-06 19:54:19,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.83.28.210', 'timestamp': 1670349259.2659636, 'message': 'Dec  6 19:54:18 hqnl0246134 sshd[249187]: Failed password for root from 186.83.28.210 port 40430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 19:54:20,912] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:54:20,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:54:20,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:54:20,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 19:54:31,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349271.2825816, 'message': 'Dec  6 19:54:31 hqnl0246134 sshd[249239]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 19:54:31,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349271.282958, 'message': 'Dec  6 19:54:31 hqnl0246134 sshd[249239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 19:54:33,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349273.2840464, 'message': 'Dec  6 19:54:33 hqnl0246134 sshd[249239]: Failed password for root from 61.177.173.18 port 17250 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 19:54:33,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349273.2845528, 'message': 'Dec  6 19:54:33 hqnl0246134 sshd[249239]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 19:54:37,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349277.2980545, 'message': 'Dec  6 19:54:35 hqnl0246134 sshd[249239]: Failed password for root from 61.177.173.18 port 17250 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 19:54:39,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349279.29893, 'message': 'Dec  6 19:54:37 hqnl0246134 sshd[249239]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 19:54:41,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349281.3017373, 'message': 'Dec  6 19:54:39 hqnl0246134 sshd[249239]: Failed password for root from 61.177.173.18 port 17250 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 19:54:48,415] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:54:48,415] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:55:01,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670349301.3244648, 'message': 'Dec  6 19:55:01 hqnl0246134 sshd[249254]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 19:55:01,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670349301.326849, 'message': 'Dec  6 19:55:01 hqnl0246134 sshd[249254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-06 19:55:03,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.19.254.6', 'timestamp': 1670349303.326923, 'message': 'Dec  6 19:55:03 hqnl0246134 sshd[249254]: Failed password for root from 210.19.254.6 port 35730 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 19:55:05,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349305.32937, 'message': 'Dec  6 19:55:04 hqnl0246134 sshd[249275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 169.239.220.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:55:05,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349305.3300555, 'message': 'Dec  6 19:55:04 hqnl0246134 sshd[249275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.220.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 19:55:07,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349307.3298678, 'message': 'Dec  6 19:55:05 hqnl0246134 sshd[249275]: Failed password for root from 169.239.220.35 port 48825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 19:55:08,047] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:55:08,048] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:55:08,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:55:08,073] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
WARNING [2022-12-06 19:55:09,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:55:10,099] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.1375 seconds
INFO    [2022-12-06 19:55:18,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:55:18,212] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:55:18,220] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:55:18,233] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 19:55:19,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349319.3532765, 'message': 'Dec  6 19:55:18 hqnl0246134 sshd[249297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 19:55:19,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349319.3534913, 'message': 'Dec  6 19:55:18 hqnl0246134 sshd[249297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 19:55:21,043] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:55:21,044] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:55:21,051] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:55:21,062] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 19:55:21,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349321.35877, 'message': 'Dec  6 19:55:20 hqnl0246134 sshd[249297]: Failed password for root from 61.177.173.18 port 45047 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 19:55:21,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349321.3590167, 'message': 'Dec  6 19:55:20 hqnl0246134 sshd[249297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 19:55:23,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349323.3650744, 'message': 'Dec  6 19:55:22 hqnl0246134 sshd[249297]: Failed password for root from 61.177.173.18 port 45047 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 19:55:25,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349325.3697388, 'message': 'Dec  6 19:55:24 hqnl0246134 sshd[249297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 19:55:27,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349327.369882, 'message': 'Dec  6 19:55:26 hqnl0246134 sshd[249297]: Failed password for root from 61.177.173.18 port 45047 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 19:55:48,418] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:55:48,419] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:56:03,736] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 19:56:03,802] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 19:56:03,803] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 19:56:03,803] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 19:56:03,803] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 19:56:03,804] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 19:56:03,815] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 19:56:03,837] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0329 seconds
WARNING [2022-12-06 19:56:03,849] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 19:56:03,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:56:03,881] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0530 seconds
INFO    [2022-12-06 19:56:03,883] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0494 seconds
INFO    [2022-12-06 19:56:05,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349365.421639, 'message': 'Dec  6 19:56:04 hqnl0246134 sshd[249366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 19:56:05,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349365.4219759, 'message': 'Dec  6 19:56:04 hqnl0246134 sshd[249366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 19:56:07,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349367.425147, 'message': 'Dec  6 19:56:07 hqnl0246134 sshd[249366]: Failed password for root from 61.177.173.18 port 15619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 19:56:09,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349369.430133, 'message': 'Dec  6 19:56:09 hqnl0246134 sshd[249366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 19:56:09,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:56:10,003] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 19:56:11,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349371.4333801, 'message': 'Dec  6 19:56:11 hqnl0246134 sshd[249366]: Failed password for root from 61.177.173.18 port 15619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 19:56:15,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349375.4384267, 'message': 'Dec  6 19:56:13 hqnl0246134 sshd[249366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 19:56:15,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349375.4387538, 'message': 'Dec  6 19:56:15 hqnl0246134 sshd[249366]: Failed password for root from 61.177.173.18 port 15619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 19:56:18,317] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:56:18,318] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:56:18,329] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:56:18,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 19:56:18,793] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:56:18,794] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:56:18,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:56:18,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0339 seconds
INFO    [2022-12-06 19:56:21,115] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:56:21,116] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:56:21,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:56:21,135] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 19:56:27,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349387.4552803, 'message': 'Dec  6 19:56:26 hqnl0246134 sshd[249396]: Invalid user test from 165.22.213.171 port 53702', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 19:56:27,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349387.4558008, 'message': 'Dec  6 19:56:26 hqnl0246134 sshd[249396]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.213.171 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 19:56:27,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349387.4559655, 'message': 'Dec  6 19:56:26 hqnl0246134 sshd[249396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.213.171 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:56:29,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349389.4570189, 'message': 'Dec  6 19:56:28 hqnl0246134 sshd[249396]: Failed password for invalid user test from 165.22.213.171 port 53702 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 19:56:31,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349391.457962, 'message': 'Dec  6 19:56:31 hqnl0246134 sshd[249396]: Disconnected from invalid user test 165.22.213.171 port 53702 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 19:56:34,342] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 19:56:34,342] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 19:56:34,343] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 19:56:48,421] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:56:48,422] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:56:53,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349413.4940596, 'message': 'Dec  6 19:56:53 hqnl0246134 sshd[249405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 19:56:53,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349413.4944558, 'message': 'Dec  6 19:56:53 hqnl0246134 sshd[249405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 19:56:55,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349415.495864, 'message': 'Dec  6 19:56:54 hqnl0246134 sshd[249405]: Failed password for root from 61.177.173.18 port 54258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 19:56:57,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349417.498207, 'message': 'Dec  6 19:56:55 hqnl0246134 sshd[249405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 19:56:59,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349419.5008805, 'message': 'Dec  6 19:56:57 hqnl0246134 sshd[249405]: Failed password for root from 61.177.173.18 port 54258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 19:57:01,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349421.5039144, 'message': 'Dec  6 19:56:59 hqnl0246134 sshd[249405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 19:57:03,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349423.5077431, 'message': 'Dec  6 19:57:01 hqnl0246134 sshd[249405]: Failed password for root from 61.177.173.18 port 54258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-06 19:57:09,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:57:10,001] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 19:57:18,077] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:57:18,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:57:18,085] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:57:18,097] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 19:57:21,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:57:21,101] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:57:21,110] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:57:21,122] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 19:57:41,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349461.5607736, 'message': 'Dec  6 19:57:41 hqnl0246134 sshd[249461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 19:57:41,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349461.5612502, 'message': 'Dec  6 19:57:41 hqnl0246134 sshd[249461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 19:57:43,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349463.5622044, 'message': 'Dec  6 19:57:43 hqnl0246134 sshd[249461]: Failed password for root from 61.177.173.18 port 27278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 19:57:45,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349465.5649784, 'message': 'Dec  6 19:57:43 hqnl0246134 sshd[249461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 19:57:45,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349465.565183, 'message': 'Dec  6 19:57:45 hqnl0246134 sshd[249461]: Failed password for root from 61.177.173.18 port 27278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 19:57:47,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349467.5654786, 'message': 'Dec  6 19:57:45 hqnl0246134 sshd[249461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
WARNING [2022-12-06 19:57:48,425] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:57:48,426] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 19:57:49,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349469.569347, 'message': 'Dec  6 19:57:47 hqnl0246134 sshd[249461]: Failed password for root from 61.177.173.18 port 27278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0759 seconds
INFO    [2022-12-06 19:57:49,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349469.5802236, 'message': 'Dec  6 19:57:48 hqnl0246134 sshd[249466]: Invalid user admin from 184.168.122.146 port 36154', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-06 19:57:49,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349469.5810235, 'message': 'Dec  6 19:57:48 hqnl0246134 sshd[249466]: pam_imunify(sshd:auth): [IM360_RBL] The IP 184.168.122.146 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 19:57:49,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349469.5816536, 'message': 'Dec  6 19:57:48 hqnl0246134 sshd[249466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.168.122.146 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 19:57:51,177] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:57:51,178] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:57:51,199] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:57:51,235] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0421 seconds
INFO    [2022-12-06 19:57:51,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349471.5701184, 'message': 'Dec  6 19:57:50 hqnl0246134 sshd[249466]: Failed password for invalid user admin from 184.168.122.146 port 36154 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 19:57:53,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349473.5709977, 'message': 'Dec  6 19:57:52 hqnl0246134 sshd[249466]: Disconnected from invalid user admin 184.168.122.146 port 36154 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-06 19:58:09,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:58:10,011] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0374 seconds
INFO    [2022-12-06 19:58:17,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:58:17,855] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:58:17,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:58:17,879] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-06 19:58:20,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:58:20,693] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:58:20,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:58:20,711] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 19:58:29,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349509.6241307, 'message': 'Dec  6 19:58:29 hqnl0246134 sshd[249518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 19:58:29,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349509.6245124, 'message': 'Dec  6 19:58:29 hqnl0246134 sshd[249518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 19:58:31,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349511.6245124, 'message': 'Dec  6 19:58:31 hqnl0246134 sshd[249518]: Failed password for root from 61.177.173.18 port 52437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 19:58:33,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349513.6342573, 'message': 'Dec  6 19:58:33 hqnl0246134 sshd[249518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 19:58:37,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349517.648925, 'message': 'Dec  6 19:58:36 hqnl0246134 sshd[249518]: Failed password for root from 61.177.173.18 port 52437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 19:58:39,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349519.655657, 'message': 'Dec  6 19:58:37 hqnl0246134 sshd[249518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 19:58:39,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349519.6559567, 'message': 'Dec  6 19:58:39 hqnl0246134 sshd[249518]: Failed password for root from 61.177.173.18 port 52437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 19:58:44,453] defence360agent.files: Updating all files
INFO    [2022-12-06 19:58:44,739] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:44,740] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 19:58:45,026] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:45,027] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 19:58:45,355] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:45,355] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 19:58:45,642] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:45,643] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 19:58:45,643] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 19:58:45,965] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 17:58:45 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E460B3FF14926'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 19:58:45,967] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 19:58:45,967] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 19:58:46,606] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:46,606] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 19:58:46,927] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:46,928] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 19:58:47,192] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:47,193] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 19:58:47,587] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:47,588] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 19:58:48,034] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 19:58:48,035] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 19:58:48,429] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:58:48,430] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 19:59:09,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:59:10,016] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-06 19:59:17,894] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:59:17,895] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:59:17,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:59:17,914] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 19:59:19,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349559.7164073, 'message': 'Dec  6 19:59:18 hqnl0246134 sshd[249542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 19:59:19,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349559.716627, 'message': 'Dec  6 19:59:18 hqnl0246134 sshd[249542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 19:59:20,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:59:20,438] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:59:20,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:59:20,458] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 19:59:21,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349561.719255, 'message': 'Dec  6 19:59:20 hqnl0246134 sshd[249542]: Failed password for root from 61.177.173.18 port 31727 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 19:59:21,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349561.720393, 'message': 'Dec  6 19:59:21 hqnl0246134 sshd[249542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 19:59:23,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349563.7221637, 'message': 'Dec  6 19:59:23 hqnl0246134 sshd[249542]: Failed password for root from 61.177.173.18 port 31727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:59:25,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349565.7263222, 'message': 'Dec  6 19:59:25 hqnl0246134 sshd[249542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 19:59:25,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349565.7265913, 'message': 'Dec  6 19:59:25 hqnl0246134 sshd[249572]: Invalid user zhang from 165.22.213.171 port 56236', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 19:59:25,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349565.7267485, 'message': 'Dec  6 19:59:25 hqnl0246134 sshd[249572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.213.171 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 19:59:25,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349565.7268548, 'message': 'Dec  6 19:59:25 hqnl0246134 sshd[249572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.213.171 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 19:59:27,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349567.7365668, 'message': 'Dec  6 19:59:27 hqnl0246134 sshd[249542]: Failed password for root from 61.177.173.18 port 31727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1299 seconds
INFO    [2022-12-06 19:59:27,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349567.7375176, 'message': 'Dec  6 19:59:27 hqnl0246134 sshd[249572]: Failed password for invalid user zhang from 165.22.213.171 port 56236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1345 seconds
INFO    [2022-12-06 19:59:29,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349569.7346652, 'message': 'Dec  6 19:59:29 hqnl0246134 sshd[249572]: Disconnected from invalid user zhang 165.22.213.171 port 56236 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 19:59:30,417] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 19:59:30,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 19:59:30,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 19:59:30,438] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-06 19:59:48,433] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 19:59:48,433] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:00:07,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349607.8065622, 'message': 'Dec  6 20:00:06 hqnl0246134 sshd[249646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 20:00:07,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349607.8070176, 'message': 'Dec  6 20:00:06 hqnl0246134 sshd[249646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 20:00:09,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349609.8110652, 'message': 'Dec  6 20:00:09 hqnl0246134 sshd[249646]: Failed password for root from 61.177.173.18 port 52972 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 20:00:09,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:00:10,013] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0289 seconds
INFO    [2022-12-06 20:00:11,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349611.8173227, 'message': 'Dec  6 20:00:11 hqnl0246134 sshd[249646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 20:00:13,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349613.8218064, 'message': 'Dec  6 20:00:12 hqnl0246134 sshd[249646]: Failed password for root from 61.177.173.18 port 52972 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:00:13,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349613.8254497, 'message': 'Dec  6 20:00:13 hqnl0246134 sshd[249646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 20:00:15,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349615.8247306, 'message': 'Dec  6 20:00:15 hqnl0246134 sshd[249646]: Failed password for root from 61.177.173.18 port 52972 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 20:00:16,608] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:00:16,682] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:00:16,683] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:00:16,683] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:00:16,683] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:00:16,683] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:00:16,699] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:00:16,716] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0325 seconds
WARNING [2022-12-06 20:00:16,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:00:16,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:00:16,745] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0348 seconds
INFO    [2022-12-06 20:00:16,747] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0329 seconds
INFO    [2022-12-06 20:00:17,869] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:00:17,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:00:17,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:00:17,899] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0289 seconds
INFO    [2022-12-06 20:00:19,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349619.8261354, 'message': 'Dec  6 20:00:18 hqnl0246134 sshd[249663]: Invalid user philip from 184.168.122.146 port 39710', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:00:19,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349619.8263986, 'message': 'Dec  6 20:00:18 hqnl0246134 sshd[249663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 184.168.122.146 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 20:00:19,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349619.8329144, 'message': 'Dec  6 20:00:18 hqnl0246134 sshd[249663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.168.122.146 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 20:00:20,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:00:20,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:00:20,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:00:20,664] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:00:21,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349621.8316803, 'message': 'Dec  6 20:00:20 hqnl0246134 sshd[249663]: Failed password for invalid user philip from 184.168.122.146 port 39710 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:00:23,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349623.833999, 'message': 'Dec  6 20:00:22 hqnl0246134 sshd[249663]: Disconnected from invalid user philip 184.168.122.146 port 39710 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:00:37,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349637.854396, 'message': 'Dec  6 20:00:36 hqnl0246134 sshd[249685]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.68.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 20:00:37,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349637.8549275, 'message': 'Dec  6 20:00:36 hqnl0246134 sshd[249685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:00:39,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349639.8545763, 'message': 'Dec  6 20:00:39 hqnl0246134 sshd[249685]: Failed password for root from 139.59.68.67 port 33054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 20:00:43,551] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:00:43,551] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:00:43,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:00:43,570] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 20:00:46,809] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:00:46,810] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:00:46,811] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 20:00:48,437] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:00:48,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:00:55,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349655.8773901, 'message': 'Dec  6 20:00:54 hqnl0246134 sshd[249692]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:00:55,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349655.8783834, 'message': 'Dec  6 20:00:54 hqnl0246134 sshd[249692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:00:57,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349657.8784854, 'message': 'Dec  6 20:00:56 hqnl0246134 sshd[249692]: Failed password for root from 61.177.173.18 port 30158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 20:00:57,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349657.878909, 'message': 'Dec  6 20:00:57 hqnl0246134 sshd[249692]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 20:00:59,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349659.8783252, 'message': 'Dec  6 20:00:59 hqnl0246134 sshd[249692]: Failed password for root from 61.177.173.18 port 30158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:00:59,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349659.8785167, 'message': 'Dec  6 20:00:59 hqnl0246134 sshd[249692]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:01:01,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349661.8872614, 'message': 'Dec  6 20:01:01 hqnl0246134 sshd[249692]: Failed password for root from 61.177.173.18 port 30158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-06 20:01:09,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:01:10,029] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0407 seconds
INFO    [2022-12-06 20:01:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:01:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:01:17,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:01:17,923] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 20:01:21,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:01:21,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:01:21,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:01:21,317] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 20:01:31,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349691.9545894, 'message': 'Dec  6 20:01:30 hqnl0246134 sshd[249741]: Invalid user ubuntu from 169.239.220.35 port 44875', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 20:01:32,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349691.95515, 'message': 'Dec  6 20:01:31 hqnl0246134 sshd[249741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 169.239.220.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:01:32,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349691.9553292, 'message': 'Dec  6 20:01:31 hqnl0246134 sshd[249741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.220.35 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:01:33,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349693.9544055, 'message': 'Dec  6 20:01:32 hqnl0246134 sshd[249741]: Failed password for invalid user ubuntu from 169.239.220.35 port 44875 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 20:01:33,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '169.239.220.35', 'timestamp': 1670349693.9546518, 'message': 'Dec  6 20:01:33 hqnl0246134 sshd[249741]: Disconnected from invalid user ubuntu 169.239.220.35 port 44875 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:01:35,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349695.9566746, 'message': 'Dec  6 20:01:35 hqnl0246134 sshd[249744]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.213.171 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:01:37,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349697.9578788, 'message': 'Dec  6 20:01:35 hqnl0246134 sshd[249744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.213.171  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:01:39,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349699.9604752, 'message': 'Dec  6 20:01:38 hqnl0246134 sshd[249744]: Failed password for root from 165.22.213.171 port 50716 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:01:43,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349703.965188, 'message': 'Dec  6 20:01:43 hqnl0246134 sshd[249750]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:01:44,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349703.965408, 'message': 'Dec  6 20:01:43 hqnl0246134 sshd[249750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 20:01:45,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349705.96567, 'message': 'Dec  6 20:01:44 hqnl0246134 sshd[249750]: Failed password for root from 61.177.173.18 port 61531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 20:01:46,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349705.9658887, 'message': 'Dec  6 20:01:45 hqnl0246134 sshd[249750]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:01:48,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349707.9680603, 'message': 'Dec  6 20:01:47 hqnl0246134 sshd[249750]: Failed password for root from 61.177.173.18 port 61531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0739 seconds
INFO    [2022-12-06 20:01:48,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349707.9684126, 'message': 'Dec  6 20:01:47 hqnl0246134 sshd[249750]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0561 seconds
WARNING [2022-12-06 20:01:48,444] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:01:48,445] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:01:51,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349711.9725997, 'message': 'Dec  6 20:01:50 hqnl0246134 sshd[249750]: Failed password for root from 61.177.173.18 port 61531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 20:01:53,887] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 20:02:10,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:02:10,031] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0365 seconds
INFO    [2022-12-06 20:02:16,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349736.0083835, 'message': 'Dec  6 20:02:15 hqnl0246134 sshd[249790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 184.168.122.146 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:02:16,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349736.008803, 'message': 'Dec  6 20:02:15 hqnl0246134 sshd[249790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.168.122.146  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:02:18,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349738.010028, 'message': 'Dec  6 20:02:17 hqnl0246134 sshd[249790]: Failed password for root from 184.168.122.146 port 38378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 20:02:18,202] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:02:18,202] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:02:18,209] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:02:18,221] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 20:02:20,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:02:20,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:02:20,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:02:20,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 20:02:20,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:02:20,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:02:20,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:02:20,956] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 20:02:32,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349752.0245862, 'message': 'Dec  6 20:02:30 hqnl0246134 sshd[249818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 20:02:32,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349752.0253375, 'message': 'Dec  6 20:02:30 hqnl0246134 sshd[249818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:02:32,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349752.02552, 'message': 'Dec  6 20:02:31 hqnl0246134 sshd[249818]: Failed password for root from 61.177.173.18 port 39309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:02:34,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349754.0266542, 'message': 'Dec  6 20:02:32 hqnl0246134 sshd[249818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 20:02:36,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349756.0307665, 'message': 'Dec  6 20:02:34 hqnl0246134 sshd[249818]: Failed password for root from 61.177.173.18 port 39309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 20:02:36,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349756.0310209, 'message': 'Dec  6 20:02:35 hqnl0246134 sshd[249818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 20:02:38,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349758.034487, 'message': 'Dec  6 20:02:36 hqnl0246134 sshd[249818]: Failed password for root from 61.177.173.18 port 39309 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 20:02:48,448] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:02:48,451] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:03:10,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:03:10,044] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-06 20:03:18,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349798.078882, 'message': 'Dec  6 20:03:16 hqnl0246134 sshd[249878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 20:03:18,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349798.079472, 'message': 'Dec  6 20:03:16 hqnl0246134 sshd[249878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:03:18,869] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:03:18,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:03:18,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:03:18,889] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 20:03:20,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349800.0782492, 'message': 'Dec  6 20:03:18 hqnl0246134 sshd[249878]: Failed password for root from 61.177.173.18 port 64074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 20:03:20,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349800.0786111, 'message': 'Dec  6 20:03:18 hqnl0246134 sshd[249878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:03:21,506] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:03:21,507] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:03:21,514] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:03:21,528] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 20:03:22,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349802.0844977, 'message': 'Dec  6 20:03:20 hqnl0246134 sshd[249878]: Failed password for root from 61.177.173.18 port 64074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 20:03:22,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349802.0848405, 'message': 'Dec  6 20:03:20 hqnl0246134 sshd[249878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 20:03:24,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349804.0895903, 'message': 'Dec  6 20:03:22 hqnl0246134 sshd[249878]: Failed password for root from 61.177.173.18 port 64074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 20:03:34,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349814.1156716, 'message': 'Dec  6 20:03:33 hqnl0246134 sshd[249902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.213.171 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 20:03:34,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349814.1162808, 'message': 'Dec  6 20:03:33 hqnl0246134 sshd[249902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.213.171  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 20:03:36,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.213.171', 'timestamp': 1670349816.1183643, 'message': 'Dec  6 20:03:36 hqnl0246134 sshd[249902]: Failed password for root from 165.22.213.171 port 45198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:03:40,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:03:40,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:03:40,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:03:40,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0508 seconds
WARNING [2022-12-06 20:03:48,453] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:03:48,454] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:04:04,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349844.1545992, 'message': 'Dec  6 20:04:03 hqnl0246134 sshd[249936]: Invalid user epg from 184.168.122.146 port 37036', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 20:04:04,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349844.155551, 'message': 'Dec  6 20:04:04 hqnl0246134 sshd[249938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-06 20:04:04,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349844.155249, 'message': 'Dec  6 20:04:03 hqnl0246134 sshd[249936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 184.168.122.146 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 20:04:04,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349844.1557097, 'message': 'Dec  6 20:04:04 hqnl0246134 sshd[249938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 20:04:04,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349844.1554248, 'message': 'Dec  6 20:04:03 hqnl0246134 sshd[249936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.168.122.146 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:04:08,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349848.15689, 'message': 'Dec  6 20:04:06 hqnl0246134 sshd[249936]: Failed password for invalid user epg from 184.168.122.146 port 37036 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 20:04:08,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349848.1571555, 'message': 'Dec  6 20:04:06 hqnl0246134 sshd[249938]: Failed password for root from 61.177.173.18 port 45430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 20:04:08,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '184.168.122.146', 'timestamp': 1670349848.1573093, 'message': 'Dec  6 20:04:07 hqnl0246134 sshd[249936]: Disconnected from invalid user epg 184.168.122.146 port 37036 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0421 seconds
WARNING [2022-12-06 20:04:10,021] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:04:10,049] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0402 seconds
INFO    [2022-12-06 20:04:10,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349850.158647, 'message': 'Dec  6 20:04:08 hqnl0246134 sshd[249938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:04:12,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349852.162361, 'message': 'Dec  6 20:04:10 hqnl0246134 sshd[249938]: Failed password for root from 61.177.173.18 port 45430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 20:04:14,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349854.1631603, 'message': 'Dec  6 20:04:12 hqnl0246134 sshd[249938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:04:16,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349856.166829, 'message': 'Dec  6 20:04:14 hqnl0246134 sshd[249938]: Failed password for root from 61.177.173.18 port 45430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:04:18,063] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:04:18,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:04:18,070] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:04:18,082] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 20:04:20,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:04:20,750] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:04:20,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:04:20,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
WARNING [2022-12-06 20:04:48,457] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:04:48,458] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:04:52,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349892.225887, 'message': 'Dec  6 20:04:50 hqnl0246134 sshd[249980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 20:04:52,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349892.226708, 'message': 'Dec  6 20:04:50 hqnl0246134 sshd[249980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:04:54,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349894.2277076, 'message': 'Dec  6 20:04:53 hqnl0246134 sshd[249980]: Failed password for root from 61.177.173.18 port 12440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:04:56,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349896.2302911, 'message': 'Dec  6 20:04:55 hqnl0246134 sshd[249980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 20:04:58,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349898.2322934, 'message': 'Dec  6 20:04:57 hqnl0246134 sshd[249980]: Failed password for root from 61.177.173.18 port 12440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 20:04:58,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349898.2326796, 'message': 'Dec  6 20:04:57 hqnl0246134 sshd[249980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:05:00,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349900.236602, 'message': 'Dec  6 20:04:59 hqnl0246134 sshd[249980]: Failed password for root from 61.177.173.18 port 12440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
WARNING [2022-12-06 20:05:10,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:05:10,575] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.5621 seconds
INFO    [2022-12-06 20:05:17,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:05:17,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:05:17,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:05:17,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 20:05:20,336] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:05:20,336] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:05:20,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:05:20,354] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 20:05:40,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349940.2849486, 'message': 'Dec  6 20:05:39 hqnl0246134 sshd[250051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 20:05:40,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349940.2855422, 'message': 'Dec  6 20:05:39 hqnl0246134 sshd[250051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:05:42,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349942.2864652, 'message': 'Dec  6 20:05:41 hqnl0246134 sshd[250051]: Failed password for root from 61.177.173.18 port 45491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:05:42,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349942.286727, 'message': 'Dec  6 20:05:41 hqnl0246134 sshd[250051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 20:05:44,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349944.2885513, 'message': 'Dec  6 20:05:43 hqnl0246134 sshd[250051]: Failed password for root from 61.177.173.18 port 45491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:05:44,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349944.2888036, 'message': 'Dec  6 20:05:43 hqnl0246134 sshd[250051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:05:46,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349946.290024, 'message': 'Dec  6 20:05:45 hqnl0246134 sshd[250051]: Failed password for root from 61.177.173.18 port 45491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 20:05:48,461] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:05:48,462] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:05:48,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:05:48,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:05:48,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:05:48,862] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0369 seconds
WARNING [2022-12-06 20:06:10,026] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:06:10,048] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0310 seconds
INFO    [2022-12-06 20:06:17,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:06:17,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:06:17,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:06:17,918] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
INFO    [2022-12-06 20:06:20,481] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:06:20,481] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:06:20,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:06:20,505] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 20:06:28,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349988.342678, 'message': 'Dec  6 20:06:27 hqnl0246134 sshd[250095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 20:06:28,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349988.3432734, 'message': 'Dec  6 20:06:27 hqnl0246134 sshd[250095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:06:30,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349990.344791, 'message': 'Dec  6 20:06:30 hqnl0246134 sshd[250095]: Failed password for root from 61.177.173.18 port 22567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 20:06:32,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349992.345716, 'message': 'Dec  6 20:06:31 hqnl0246134 sshd[250095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 20:06:32,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349992.3458843, 'message': 'Dec  6 20:06:32 hqnl0246134 sshd[250105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.68.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 20:06:32,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349992.3459983, 'message': 'Dec  6 20:06:32 hqnl0246134 sshd[250105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:06:34,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.68.67', 'timestamp': 1670349994.3510728, 'message': 'Dec  6 20:06:33 hqnl0246134 sshd[250105]: Failed password for root from 139.59.68.67 port 50294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 20:06:34,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349994.3515112, 'message': 'Dec  6 20:06:33 hqnl0246134 sshd[250095]: Failed password for root from 61.177.173.18 port 22567 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 20:06:36,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349996.352347, 'message': 'Dec  6 20:06:36 hqnl0246134 sshd[250095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:06:38,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670349998.3547518, 'message': 'Dec  6 20:06:37 hqnl0246134 sshd[250095]: Failed password for root from 61.177.173.18 port 22567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 20:06:48,464] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:06:48,466] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:07:10,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:07:10,056] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-06 20:07:14,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350034.3931782, 'message': 'Dec  6 20:07:14 hqnl0246134 sshd[250161]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 20:07:14,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350034.3934743, 'message': 'Dec  6 20:07:14 hqnl0246134 sshd[250161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:07:18,102] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:07:18,103] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:07:18,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:07:18,135] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
INFO    [2022-12-06 20:07:18,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350038.3967001, 'message': 'Dec  6 20:07:16 hqnl0246134 sshd[250161]: Failed password for root from 61.177.173.18 port 44168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:07:20,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350040.3978267, 'message': 'Dec  6 20:07:18 hqnl0246134 sshd[250161]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:07:20,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350040.3980107, 'message': 'Dec  6 20:07:20 hqnl0246134 sshd[250161]: Failed password for root from 61.177.173.18 port 44168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:07:20,864] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:07:20,865] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:07:20,873] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:07:20,886] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 20:07:22,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350042.3986115, 'message': 'Dec  6 20:07:20 hqnl0246134 sshd[250161]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:07:22,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350042.398852, 'message': 'Dec  6 20:07:22 hqnl0246134 sshd[250161]: Failed password for root from 61.177.173.18 port 44168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 20:07:25,598] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:07:25,599] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:07:25,606] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:07:25,618] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 20:07:30,671] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:07:30,740] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:07:30,741] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:07:30,741] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:07:30,741] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:07:30,742] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:07:30,754] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:07:30,777] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0346 seconds
WARNING [2022-12-06 20:07:30,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:07:30,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:07:30,828] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0618 seconds
INFO    [2022-12-06 20:07:30,830] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0566 seconds
WARNING [2022-12-06 20:07:48,467] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:07:48,472] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:07:48,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350068.4309542, 'message': 'Dec  6 20:07:46 hqnl0246134 sshd[250191]: Invalid user git from 200.11.141.86 port 55386', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-06 20:07:48,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350068.4314222, 'message': 'Dec  6 20:07:47 hqnl0246134 sshd[250191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.11.141.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 20:07:48,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350068.431549, 'message': 'Dec  6 20:07:47 hqnl0246134 sshd[250191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.11.141.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:07:50,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350070.4325635, 'message': 'Dec  6 20:07:48 hqnl0246134 sshd[250191]: Failed password for invalid user git from 200.11.141.86 port 55386 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:07:52,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350072.4350462, 'message': 'Dec  6 20:07:51 hqnl0246134 sshd[250191]: Disconnected from invalid user git 200.11.141.86 port 55386 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 20:08:01,068] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:08:01,069] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:08:01,070] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 20:08:02,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350082.4434738, 'message': 'Dec  6 20:08:02 hqnl0246134 sshd[250213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 20:08:02,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350082.4438624, 'message': 'Dec  6 20:08:02 hqnl0246134 sshd[250213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:08:04,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350084.4470592, 'message': 'Dec  6 20:08:04 hqnl0246134 sshd[250213]: Failed password for root from 61.177.173.18 port 24286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 20:08:06,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350086.4488792, 'message': 'Dec  6 20:08:04 hqnl0246134 sshd[250213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 20:08:06,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350086.449096, 'message': 'Dec  6 20:08:06 hqnl0246134 sshd[250213]: Failed password for root from 61.177.173.18 port 24286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:08:08,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350088.4511416, 'message': 'Dec  6 20:08:06 hqnl0246134 sshd[250213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-06 20:08:10,035] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:08:10,062] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-06 20:08:10,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350090.452555, 'message': 'Dec  6 20:08:08 hqnl0246134 sshd[250213]: Failed password for root from 61.177.173.18 port 24286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:08:17,890] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:08:17,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:08:17,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:08:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 20:08:20,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:08:20,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:08:20,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:08:20,595] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
WARNING [2022-12-06 20:08:48,477] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:08:48,479] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:08:50,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350130.4972713, 'message': 'Dec  6 20:08:48 hqnl0246134 sshd[250247]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 20:08:50,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350130.497843, 'message': 'Dec  6 20:08:48 hqnl0246134 sshd[250247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:08:52,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350132.498438, 'message': 'Dec  6 20:08:50 hqnl0246134 sshd[250247]: Failed password for root from 61.177.173.18 port 47761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 20:08:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350134.5005069, 'message': 'Dec  6 20:08:52 hqnl0246134 sshd[250247]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 20:08:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350134.5006948, 'message': 'Dec  6 20:08:53 hqnl0246134 sshd[250249]: Invalid user albert from 95.103.229.174 port 34894', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 20:08:54,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350134.5008745, 'message': 'Dec  6 20:08:53 hqnl0246134 sshd[250249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.103.229.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:08:54,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350134.5009892, 'message': 'Dec  6 20:08:53 hqnl0246134 sshd[250249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.103.229.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:08:56,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350136.5027654, 'message': 'Dec  6 20:08:54 hqnl0246134 sshd[250247]: Failed password for root from 61.177.173.18 port 47761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 20:08:56,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350136.5030887, 'message': 'Dec  6 20:08:55 hqnl0246134 sshd[250249]: Failed password for invalid user albert from 95.103.229.174 port 34894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 20:08:56,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350136.5029778, 'message': 'Dec  6 20:08:55 hqnl0246134 sshd[250247]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 20:08:58,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350138.5059383, 'message': 'Dec  6 20:08:56 hqnl0246134 sshd[250247]: Failed password for root from 61.177.173.18 port 47761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 20:08:58,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '83.40.33.56', 'timestamp': 1670350138.5063055, 'message': 'Dec  6 20:08:56 hqnl0246134 sshd[250251]: Invalid user ronald from 83.40.33.56 port 60454', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 20:08:58,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350138.5067422, 'message': 'Dec  6 20:08:57 hqnl0246134 sshd[250249]: Disconnected from invalid user albert 95.103.229.174 port 34894 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-06 20:08:58,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '83.40.33.56', 'timestamp': 1670350138.5064843, 'message': 'Dec  6 20:08:57 hqnl0246134 sshd[250251]: pam_imunify(sshd:auth): [IM360_RBL] The IP 83.40.33.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:08:58,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '83.40.33.56', 'timestamp': 1670350138.5066156, 'message': 'Dec  6 20:08:57 hqnl0246134 sshd[250251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.40.33.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:08:59,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:08:59,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:08:59,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:08:59,975] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 20:09:00,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '83.40.33.56', 'timestamp': 1670350140.5094914, 'message': 'Dec  6 20:08:59 hqnl0246134 sshd[250251]: Failed password for invalid user ronald from 83.40.33.56 port 60454 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:09:00,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '83.40.33.56', 'timestamp': 1670350140.5097685, 'message': 'Dec  6 20:08:59 hqnl0246134 sshd[250251]: Disconnected from invalid user ronald 83.40.33.56 port 60454 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 20:09:10,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:09:10,081] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0521 seconds
INFO    [2022-12-06 20:09:17,761] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:09:17,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:09:17,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:09:17,781] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 20:09:20,526] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:09:20,526] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:09:20,538] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:09:20,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-06 20:09:36,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350176.5537784, 'message': 'Dec  6 20:09:36 hqnl0246134 sshd[250422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:09:36,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350176.5541532, 'message': 'Dec  6 20:09:36 hqnl0246134 sshd[250422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:09:38,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350178.5560498, 'message': 'Dec  6 20:09:36 hqnl0246134 sshd[250424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.68.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:09:38,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350178.5564516, 'message': 'Dec  6 20:09:37 hqnl0246134 sshd[250422]: Failed password for root from 61.177.173.18 port 21469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 20:09:38,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350178.5563145, 'message': 'Dec  6 20:09:36 hqnl0246134 sshd[250424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 20:09:38,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350178.5567129, 'message': 'Dec  6 20:09:38 hqnl0246134 sshd[250422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 20:09:38,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350178.5565574, 'message': 'Dec  6 20:09:38 hqnl0246134 sshd[250424]: Failed password for root from 139.59.68.67 port 38626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:09:40,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350180.5581725, 'message': 'Dec  6 20:09:40 hqnl0246134 sshd[250422]: Failed password for root from 61.177.173.18 port 21469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:09:44,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350184.5656147, 'message': 'Dec  6 20:09:42 hqnl0246134 sshd[250422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:09:44,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350184.5659554, 'message': 'Dec  6 20:09:44 hqnl0246134 sshd[250422]: Failed password for root from 61.177.173.18 port 21469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0163 seconds
WARNING [2022-12-06 20:09:48,482] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:09:48,483] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:10:10,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:10:10,065] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-06 20:10:17,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:10:17,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:10:17,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:10:17,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 20:10:20,501] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:10:20,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:10:20,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:10:20,522] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 20:10:24,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350224.6126277, 'message': 'Dec  6 20:10:23 hqnl0246134 sshd[250478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:10:24,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350224.612981, 'message': 'Dec  6 20:10:23 hqnl0246134 sshd[250478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:10:26,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350226.6144614, 'message': 'Dec  6 20:10:25 hqnl0246134 sshd[250478]: Failed password for root from 61.177.173.18 port 47116 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 20:10:26,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350226.6148415, 'message': 'Dec  6 20:10:25 hqnl0246134 sshd[250478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:10:28,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350228.6344004, 'message': 'Dec  6 20:10:27 hqnl0246134 sshd[250478]: Failed password for root from 61.177.173.18 port 47116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0636 seconds
INFO    [2022-12-06 20:10:28,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350228.6347468, 'message': 'Dec  6 20:10:28 hqnl0246134 sshd[250478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:10:30,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350230.61783, 'message': 'Dec  6 20:10:30 hqnl0246134 sshd[250478]: Failed password for root from 61.177.173.18 port 47116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 20:10:32,910] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:10:32,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:10:32,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:10:32,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 20:10:38,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350238.6262894, 'message': 'Dec  6 20:10:37 hqnl0246134 sshd[250519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.194.50.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:10:38,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350238.6265786, 'message': 'Dec  6 20:10:37 hqnl0246134 sshd[250519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.194.50.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:10:40,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350240.6282058, 'message': 'Dec  6 20:10:39 hqnl0246134 sshd[250519]: Failed password for root from 109.194.50.49 port 42508 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 20:10:48,487] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:10:48,488] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:11:10,052] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:11:10,076] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-06 20:11:12,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350272.6593485, 'message': 'Dec  6 20:11:12 hqnl0246134 sshd[250541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:11:12,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350272.6595924, 'message': 'Dec  6 20:11:12 hqnl0246134 sshd[250541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:11:14,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350274.6609998, 'message': 'Dec  6 20:11:14 hqnl0246134 sshd[250541]: Failed password for root from 61.177.173.18 port 27284 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:11:18,310] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:11:18,310] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:11:18,320] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:11:18,331] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 20:11:18,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350278.6648574, 'message': 'Dec  6 20:11:16 hqnl0246134 sshd[250541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 20:11:20,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350280.6667259, 'message': 'Dec  6 20:11:19 hqnl0246134 sshd[250541]: Failed password for root from 61.177.173.18 port 27284 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:11:20,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:11:20,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:11:20,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:11:20,984] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 20:11:22,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350282.6717815, 'message': 'Dec  6 20:11:21 hqnl0246134 sshd[250541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 20:11:24,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350284.6774786, 'message': 'Dec  6 20:11:23 hqnl0246134 sshd[250541]: Failed password for root from 61.177.173.18 port 27284 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:11:36,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350296.6918778, 'message': 'Dec  6 20:11:35 hqnl0246134 sshd[250567]: Invalid user sig from 103.179.198.14 port 58794', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 20:11:36,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350296.6925094, 'message': 'Dec  6 20:11:35 hqnl0246134 sshd[250567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.179.198.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 20:11:36,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350296.692742, 'message': 'Dec  6 20:11:35 hqnl0246134 sshd[250567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.198.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 20:11:38,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350298.6926675, 'message': 'Dec  6 20:11:37 hqnl0246134 sshd[250567]: Failed password for invalid user sig from 103.179.198.14 port 58794 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 20:11:38,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350298.6929202, 'message': 'Dec  6 20:11:38 hqnl0246134 sshd[250567]: Disconnected from invalid user sig 103.179.198.14 port 58794 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 20:11:42,422] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:11:42,423] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:11:42,434] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:11:42,455] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
WARNING [2022-12-06 20:11:48,490] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:11:48,491] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:11:48,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350308.7047486, 'message': 'Dec  6 20:11:48 hqnl0246134 sshd[250580]: Invalid user cisco from 167.71.198.42 port 60906', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:11:48,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350308.7049956, 'message': 'Dec  6 20:11:48 hqnl0246134 sshd[250580]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.198.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:11:48,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350308.7051332, 'message': 'Dec  6 20:11:48 hqnl0246134 sshd[250580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 20:11:50,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350310.7057705, 'message': 'Dec  6 20:11:50 hqnl0246134 sshd[250580]: Failed password for invalid user cisco from 167.71.198.42 port 60906 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 20:11:50,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350310.705952, 'message': 'Dec  6 20:11:50 hqnl0246134 sshd[250580]: Disconnected from invalid user cisco 167.71.198.42 port 60906 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 20:11:53,890] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 20:12:00,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350320.7207294, 'message': 'Dec  6 20:12:00 hqnl0246134 sshd[250595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 20:12:00,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350320.7212746, 'message': 'Dec  6 20:12:00 hqnl0246134 sshd[250595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:12:02,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350322.7225142, 'message': 'Dec  6 20:12:01 hqnl0246134 sshd[250595]: Failed password for root from 61.177.173.18 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:12:02,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350322.7227015, 'message': 'Dec  6 20:12:02 hqnl0246134 sshd[250595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:12:04,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350324.7248108, 'message': 'Dec  6 20:12:04 hqnl0246134 sshd[250595]: Failed password for root from 61.177.173.18 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:12:08,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350328.7283313, 'message': 'Dec  6 20:12:06 hqnl0246134 sshd[250595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:12:08,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350328.7285666, 'message': 'Dec  6 20:12:08 hqnl0246134 sshd[250595]: Failed password for root from 61.177.173.18 port 49005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-06 20:12:10,054] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:12:10,077] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0310 seconds
INFO    [2022-12-06 20:12:18,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:12:18,111] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:12:18,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:12:18,131] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 20:12:20,637] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:12:20,638] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:12:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:12:20,657] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 20:12:21,918] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:12:21,985] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:12:21,986] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:12:21,986] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:12:21,987] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:12:21,987] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:12:22,002] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:12:22,018] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0302 seconds
WARNING [2022-12-06 20:12:22,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:12:22,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:12:22,043] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0299 seconds
INFO    [2022-12-06 20:12:22,044] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0284 seconds
INFO    [2022-12-06 20:12:24,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350344.7444031, 'message': 'Dec  6 20:12:23 hqnl0246134 sshd[250630]: Invalid user jboss from 75.30.64.54 port 51306', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 20:12:24,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350344.7446945, 'message': 'Dec  6 20:12:23 hqnl0246134 sshd[250630]: pam_imunify(sshd:auth): [IM360_RBL] The IP 75.30.64.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:12:24,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350344.7448049, 'message': 'Dec  6 20:12:23 hqnl0246134 sshd[250630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.30.64.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:12:26,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350346.745946, 'message': 'Dec  6 20:12:25 hqnl0246134 sshd[250630]: Failed password for invalid user jboss from 75.30.64.54 port 51306 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 20:12:28,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350348.748391, 'message': 'Dec  6 20:12:27 hqnl0246134 sshd[250630]: Disconnected from invalid user jboss 75.30.64.54 port 51306 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-06 20:12:48,493] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:12:48,495] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:12:48,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350368.7699869, 'message': 'Dec  6 20:12:48 hqnl0246134 sshd[250651]: Invalid user samuel from 139.59.68.67 port 55190', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 20:12:48,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350368.7704556, 'message': 'Dec  6 20:12:48 hqnl0246134 sshd[250651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.68.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 20:12:48,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350368.7706325, 'message': 'Dec  6 20:12:48 hqnl0246134 sshd[250651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:12:50,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350370.7726643, 'message': 'Dec  6 20:12:49 hqnl0246134 sshd[250653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 20:12:50,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350370.7735817, 'message': 'Dec  6 20:12:50 hqnl0246134 sshd[250651]: Failed password for invalid user samuel from 139.59.68.67 port 55190 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-06 20:12:50,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350370.7734184, 'message': 'Dec  6 20:12:49 hqnl0246134 sshd[250653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 20:12:50,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350370.7737036, 'message': 'Dec  6 20:12:50 hqnl0246134 sshd[250653]: Failed password for root from 61.177.173.18 port 22497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 20:12:52,117] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:12:52,117] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:12:52,118] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 20:12:52,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350372.7759435, 'message': 'Dec  6 20:12:51 hqnl0246134 sshd[250653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 20:12:52,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.68.67', 'timestamp': 1670350372.7761238, 'message': 'Dec  6 20:12:51 hqnl0246134 sshd[250651]: Disconnected from invalid user samuel 139.59.68.67 port 55190 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 20:12:54,207] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:12:54,207] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:12:54,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:12:54,225] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 20:12:54,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350374.777789, 'message': 'Dec  6 20:12:53 hqnl0246134 sshd[250653]: Failed password for root from 61.177.173.18 port 22497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:12:54,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350374.778022, 'message': 'Dec  6 20:12:53 hqnl0246134 sshd[250653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:12:56,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350376.7804496, 'message': 'Dec  6 20:12:56 hqnl0246134 sshd[250653]: Failed password for root from 61.177.173.18 port 22497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:13:02,024] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 20:13:02,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:13:02,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0190 seconds
WARNING [2022-12-06 20:13:10,057] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:13:10,079] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0289 seconds
INFO    [2022-12-06 20:13:17,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:13:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:13:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:13:17,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 20:13:20,545] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:13:20,546] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:13:20,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:13:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-06 20:13:38,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350418.8369277, 'message': 'Dec  6 20:13:38 hqnl0246134 sshd[250722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 20:13:38,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350418.837895, 'message': 'Dec  6 20:13:38 hqnl0246134 sshd[250722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:13:40,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350420.8389351, 'message': 'Dec  6 20:13:39 hqnl0246134 sshd[250722]: Failed password for root from 61.177.173.18 port 59432 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 20:13:40,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350420.8393345, 'message': 'Dec  6 20:13:40 hqnl0246134 sshd[250722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 20:13:44,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350424.842234, 'message': 'Dec  6 20:13:43 hqnl0246134 sshd[250722]: Failed password for root from 61.177.173.18 port 59432 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:13:44,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350424.8424087, 'message': 'Dec  6 20:13:44 hqnl0246134 sshd[250722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 20:13:46,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350426.8482995, 'message': 'Dec  6 20:13:46 hqnl0246134 sshd[250722]: Failed password for root from 61.177.173.18 port 59432 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-06 20:13:48,497] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:13:48,498] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:13:56,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350436.8540509, 'message': 'Dec  6 20:13:55 hqnl0246134 sshd[250753]: Invalid user git from 143.198.222.239 port 39808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:13:56,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350436.8542905, 'message': 'Dec  6 20:13:55 hqnl0246134 sshd[250753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.222.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 20:13:56,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350436.854405, 'message': 'Dec  6 20:13:55 hqnl0246134 sshd[250753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:13:58,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350438.8539867, 'message': 'Dec  6 20:13:57 hqnl0246134 sshd[250753]: Failed password for invalid user git from 143.198.222.239 port 39808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:13:58,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350438.8541892, 'message': 'Dec  6 20:13:57 hqnl0246134 sshd[250753]: Disconnected from invalid user git 143.198.222.239 port 39808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:14:00,721] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:14:00,722] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:14:00,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:14:00,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0411 seconds
WARNING [2022-12-06 20:14:10,066] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:14:10,093] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0393 seconds
INFO    [2022-12-06 20:14:17,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:14:17,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:14:17,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:14:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 20:14:20,501] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:14:20,501] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:14:20,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:14:20,518] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 20:14:24,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350464.8881664, 'message': 'Dec  6 20:14:24 hqnl0246134 sshd[250794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:14:24,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350464.888424, 'message': 'Dec  6 20:14:24 hqnl0246134 sshd[250794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 20:14:26,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350466.8896897, 'message': 'Dec  6 20:14:26 hqnl0246134 sshd[250794]: Failed password for root from 61.177.173.18 port 29178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 20:14:28,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350468.890901, 'message': 'Dec  6 20:14:26 hqnl0246134 sshd[250794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 20:14:28,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350468.8913007, 'message': 'Dec  6 20:14:28 hqnl0246134 sshd[250794]: Failed password for root from 61.177.173.18 port 29178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:14:30,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350470.8931096, 'message': 'Dec  6 20:14:29 hqnl0246134 sshd[250794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 20:14:32,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350472.8948762, 'message': 'Dec  6 20:14:31 hqnl0246134 sshd[250794]: Failed password for root from 61.177.173.18 port 29178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:14:42,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350482.909973, 'message': 'Dec  6 20:14:41 hqnl0246134 sshd[250811]: Invalid user td from 200.11.141.86 port 45342', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:14:42,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350482.910708, 'message': 'Dec  6 20:14:41 hqnl0246134 sshd[250811]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.11.141.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:14:42,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350482.9109588, 'message': 'Dec  6 20:14:41 hqnl0246134 sshd[250811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.11.141.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:14:44,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350484.909663, 'message': 'Dec  6 20:14:43 hqnl0246134 sshd[250811]: Failed password for invalid user td from 200.11.141.86 port 45342 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 20:14:44,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350484.909939, 'message': 'Dec  6 20:14:44 hqnl0246134 sshd[250811]: Disconnected from invalid user td 200.11.141.86 port 45342 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 20:14:48,503] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:14:48,504] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:15:10,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:15:10,089] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0309 seconds
INFO    [2022-12-06 20:15:12,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350512.9339352, 'message': 'Dec  6 20:15:11 hqnl0246134 sshd[250848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:15:12,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350512.9343178, 'message': 'Dec  6 20:15:11 hqnl0246134 sshd[250848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:15:14,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350514.934016, 'message': 'Dec  6 20:15:13 hqnl0246134 sshd[250848]: Failed password for root from 61.177.173.18 port 58795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:15:14,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350514.9342928, 'message': 'Dec  6 20:15:14 hqnl0246134 sshd[250848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 20:15:17,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350516.9382436, 'message': 'Dec  6 20:15:16 hqnl0246134 sshd[250848]: Failed password for root from 61.177.173.18 port 58795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0636 seconds
INFO    [2022-12-06 20:15:17,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350516.9388394, 'message': 'Dec  6 20:15:16 hqnl0246134 sshd[250848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-06 20:15:18,422] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:15:18,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:15:18,434] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:15:18,453] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0288 seconds
INFO    [2022-12-06 20:15:18,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350518.938248, 'message': 'Dec  6 20:15:18 hqnl0246134 sshd[250848]: Failed password for root from 61.177.173.18 port 58795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:15:21,104] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:15:21,105] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:15:21,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:15:21,124] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 20:15:48,517] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:15:48,519] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:15:59,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350558.9873762, 'message': 'Dec  6 20:15:57 hqnl0246134 sshd[250884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 20:15:59,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350558.9905877, 'message': 'Dec  6 20:15:57 hqnl0246134 sshd[250884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 20:16:01,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350560.989954, 'message': 'Dec  6 20:15:59 hqnl0246134 sshd[250884]: Failed password for root from 61.177.173.18 port 23887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 20:16:01,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350560.9904814, 'message': 'Dec  6 20:16:00 hqnl0246134 sshd[250884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 20:16:03,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350562.9950638, 'message': 'Dec  6 20:16:02 hqnl0246134 sshd[250884]: Failed password for root from 61.177.173.18 port 23887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:16:03,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350562.9960213, 'message': 'Dec  6 20:16:02 hqnl0246134 sshd[250884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:16:05,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350564.9980032, 'message': 'Dec  6 20:16:03 hqnl0246134 sshd[250884]: Failed password for root from 61.177.173.18 port 23887 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 20:16:07,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:16:07,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:16:07,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:16:07,485] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 20:16:10,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:16:10,099] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0375 seconds
INFO    [2022-12-06 20:16:17,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:16:17,950] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:16:18,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:16:18,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1489 seconds
INFO    [2022-12-06 20:16:20,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:16:20,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:16:20,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:16:20,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 20:16:43,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '66.43.250.3', 'timestamp': 1670350603.0417058, 'message': 'Dec  6 20:16:41 hqnl0246134 sshd[250938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 66.43.250.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 20:16:43,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '66.43.250.3', 'timestamp': 1670350603.0425074, 'message': 'Dec  6 20:16:41 hqnl0246134 sshd[250938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.43.250.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 20:16:45,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '66.43.250.3', 'timestamp': 1670350605.0424774, 'message': 'Dec  6 20:16:43 hqnl0246134 sshd[250938]: Failed password for root from 66.43.250.3 port 60274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:16:47,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350607.0473983, 'message': 'Dec  6 20:16:45 hqnl0246134 sshd[250941]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:16:47,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350607.0476127, 'message': 'Dec  6 20:16:45 hqnl0246134 sshd[250941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 20:16:48,522] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:16:48,523] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:16:49,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350609.0506456, 'message': 'Dec  6 20:16:47 hqnl0246134 sshd[250941]: Failed password for root from 61.177.173.18 port 55232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:16:49,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350609.0508125, 'message': 'Dec  6 20:16:47 hqnl0246134 sshd[250941]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:16:51,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350611.053085, 'message': 'Dec  6 20:16:49 hqnl0246134 sshd[250941]: Failed password for root from 61.177.173.18 port 55232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:16:51,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350611.0532694, 'message': 'Dec  6 20:16:49 hqnl0246134 sshd[250941]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:16:53,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350613.0568044, 'message': 'Dec  6 20:16:51 hqnl0246134 sshd[250941]: Failed password for root from 61.177.173.18 port 55232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 20:17:01,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350621.0686393, 'message': 'Dec  6 20:16:59 hqnl0246134 sshd[250954]: Invalid user test2 from 167.172.50.255 port 43504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 20:17:01,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350621.0689974, 'message': 'Dec  6 20:16:59 hqnl0246134 sshd[250954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.50.255 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:17:01,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350621.069132, 'message': 'Dec  6 20:16:59 hqnl0246134 sshd[250954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.50.255 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:17:03,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350623.0703652, 'message': 'Dec  6 20:17:01 hqnl0246134 sshd[250954]: Failed password for invalid user test2 from 167.172.50.255 port 43504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:17:05,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350625.0733986, 'message': 'Dec  6 20:17:03 hqnl0246134 sshd[250954]: Disconnected from invalid user test2 167.172.50.255 port 43504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:17:07,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.82.89.207', 'timestamp': 1670350627.0760317, 'message': 'Dec  6 20:17:05 hqnl0246134 sshd[250977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.82.89.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:17:07,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '124.82.89.207', 'timestamp': 1670350627.076408, 'message': 'Dec  6 20:17:05 hqnl0246134 sshd[250977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.82.89.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 20:17:09,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '124.82.89.207', 'timestamp': 1670350629.0793147, 'message': 'Dec  6 20:17:08 hqnl0246134 sshd[250977]: Failed password for root from 124.82.89.207 port 49792 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
WARNING [2022-12-06 20:17:10,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:17:10,098] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-06 20:17:12,636] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:17:12,636] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:17:12,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:17:12,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 20:17:17,856] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:17:17,857] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:17:17,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:17:17,879] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 20:17:20,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:17:20,592] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:17:20,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:17:20,613] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 20:17:29,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350649.10739, 'message': 'Dec  6 20:17:27 hqnl0246134 sshd[250998]: Invalid user java from 115.249.50.242 port 50638', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 20:17:29,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350649.1079092, 'message': 'Dec  6 20:17:27 hqnl0246134 sshd[250998]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.249.50.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 20:17:29,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350649.1081905, 'message': 'Dec  6 20:17:27 hqnl0246134 sshd[250998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.249.50.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:17:31,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350651.109314, 'message': 'Dec  6 20:17:29 hqnl0246134 sshd[250998]: Failed password for invalid user java from 115.249.50.242 port 50638 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 20:17:31,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350651.1097713, 'message': 'Dec  6 20:17:30 hqnl0246134 sshd[250998]: Disconnected from invalid user java 115.249.50.242 port 50638 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 20:17:33,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350653.1104836, 'message': 'Dec  6 20:17:32 hqnl0246134 sshd[251010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 20:17:33,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350653.1108437, 'message': 'Dec  6 20:17:32 hqnl0246134 sshd[251010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 20:17:35,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350655.112583, 'message': 'Dec  6 20:17:34 hqnl0246134 sshd[251010]: Failed password for root from 61.177.173.18 port 26476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 20:17:37,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350657.1148078, 'message': 'Dec  6 20:17:36 hqnl0246134 sshd[251010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:17:39,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350659.1175225, 'message': 'Dec  6 20:17:38 hqnl0246134 sshd[251010]: Failed password for root from 61.177.173.18 port 26476 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:17:39,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350659.1177642, 'message': 'Dec  6 20:17:38 hqnl0246134 sshd[251010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:17:43,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350663.1205838, 'message': 'Dec  6 20:17:41 hqnl0246134 sshd[251010]: Failed password for root from 61.177.173.18 port 26476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 20:17:48,526] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:17:48,527] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:17:52,150] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:17:52,216] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:17:52,216] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:17:52,217] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:17:52,217] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:17:52,217] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:17:52,227] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:17:52,244] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0261 seconds
WARNING [2022-12-06 20:17:52,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:17:52,255] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:17:52,279] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0418 seconds
INFO    [2022-12-06 20:17:52,282] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0407 seconds
INFO    [2022-12-06 20:18:09,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350689.1434724, 'message': 'Dec  6 20:18:07 hqnl0246134 sshd[251057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.211.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:18:09,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350689.1440704, 'message': 'Dec  6 20:18:07 hqnl0246134 sshd[251057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.211.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:18:09,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350689.1443794, 'message': 'Dec  6 20:18:09 hqnl0246134 sshd[251057]: Failed password for root from 152.32.211.250 port 8042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 20:18:10,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:18:10,104] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-06 20:18:18,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:18:18,085] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:18:18,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:18:18,103] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 20:18:20,994] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:18:20,995] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:18:21,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:18:21,016] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 20:18:22,368] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:18:22,369] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:18:22,370] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 20:18:23,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350703.15801, 'message': 'Dec  6 20:18:22 hqnl0246134 sshd[251075]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-06 20:18:23,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670350703.158558, 'message': 'Dec  6 20:18:22 hqnl0246134 sshd[251077]: Invalid user test from 59.127.158.223 port 56944', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 20:18:23,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350703.1583273, 'message': 'Dec  6 20:18:22 hqnl0246134 sshd[251075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 20:18:23,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670350703.1587331, 'message': 'Dec  6 20:18:22 hqnl0246134 sshd[251077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:18:23,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670350703.1589217, 'message': 'Dec  6 20:18:22 hqnl0246134 sshd[251077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:18:25,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350705.1599946, 'message': 'Dec  6 20:18:24 hqnl0246134 sshd[251075]: Failed password for root from 61.177.173.18 port 64111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:18:27,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670350707.1630557, 'message': 'Dec  6 20:18:25 hqnl0246134 sshd[251077]: Failed password for invalid user test from 59.127.158.223 port 56944 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:18:27,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350707.1634493, 'message': 'Dec  6 20:18:26 hqnl0246134 sshd[251075]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 20:18:29,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670350709.1651292, 'message': 'Dec  6 20:18:27 hqnl0246134 sshd[251077]: Disconnected from invalid user test 59.127.158.223 port 56944 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 20:18:29,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350709.1653922, 'message': 'Dec  6 20:18:28 hqnl0246134 sshd[251075]: Failed password for root from 61.177.173.18 port 64111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 20:18:31,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350711.1679556, 'message': 'Dec  6 20:18:30 hqnl0246134 sshd[251075]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 20:18:33,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350713.1699936, 'message': 'Dec  6 20:18:32 hqnl0246134 sshd[251075]: Failed password for root from 61.177.173.18 port 64111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:18:35,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350715.1734128, 'message': 'Dec  6 20:18:34 hqnl0246134 sshd[251092]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.73.44.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 20:18:35,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350715.1737416, 'message': 'Dec  6 20:18:34 hqnl0246134 sshd[251092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.73.44.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 20:18:35,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:18:35,574] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:18:35,582] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:18:35,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 20:18:37,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350717.1804128, 'message': 'Dec  6 20:18:37 hqnl0246134 sshd[251092]: Failed password for root from 50.73.44.36 port 38934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
WARNING [2022-12-06 20:18:48,647] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:18:48,648] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:19:09,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350749.214292, 'message': 'Dec  6 20:19:08 hqnl0246134 sshd[251116]: Invalid user bp from 200.11.141.86 port 57894', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 20:19:09,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350749.2147238, 'message': 'Dec  6 20:19:08 hqnl0246134 sshd[251116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.11.141.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:19:09,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350749.2148764, 'message': 'Dec  6 20:19:08 hqnl0246134 sshd[251116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.11.141.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 20:19:10,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:19:10,110] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0336 seconds
INFO    [2022-12-06 20:19:11,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350751.2157423, 'message': 'Dec  6 20:19:10 hqnl0246134 sshd[251118]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 20:19:11,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350751.216255, 'message': 'Dec  6 20:19:10 hqnl0246134 sshd[251116]: Failed password for invalid user bp from 200.11.141.86 port 57894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 20:19:11,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350751.2160444, 'message': 'Dec  6 20:19:10 hqnl0246134 sshd[251118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:19:13,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.11.141.86', 'timestamp': 1670350753.2180846, 'message': 'Dec  6 20:19:11 hqnl0246134 sshd[251116]: Disconnected from invalid user bp 200.11.141.86 port 57894 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 20:19:13,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350753.218316, 'message': 'Dec  6 20:19:13 hqnl0246134 sshd[251118]: Failed password for root from 61.177.173.18 port 35305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:19:15,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350755.2182374, 'message': 'Dec  6 20:19:14 hqnl0246134 sshd[251118]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:19:17,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350757.2207422, 'message': 'Dec  6 20:19:16 hqnl0246134 sshd[251118]: Failed password for root from 61.177.173.18 port 35305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:19:17,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350757.220959, 'message': 'Dec  6 20:19:16 hqnl0246134 sshd[251118]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:19:18,002] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:19:18,003] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:19:18,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:19:18,024] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 20:19:19,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350759.222169, 'message': 'Dec  6 20:19:18 hqnl0246134 sshd[251118]: Failed password for root from 61.177.173.18 port 35305 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:19:20,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:19:20,612] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:19:20,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:19:20,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-06 20:19:48,652] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:19:48,654] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:19:59,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350799.2740474, 'message': 'Dec  6 20:19:57 hqnl0246134 sshd[251150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 20:19:59,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350799.274893, 'message': 'Dec  6 20:19:57 hqnl0246134 sshd[251150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:20:01,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350801.2749813, 'message': 'Dec  6 20:19:59 hqnl0246134 sshd[251150]: Failed password for root from 61.177.173.18 port 58674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-06 20:20:03,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350803.277539, 'message': 'Dec  6 20:20:01 hqnl0246134 sshd[251150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 20:20:03,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350803.2777195, 'message': 'Dec  6 20:20:03 hqnl0246134 sshd[251150]: Failed password for root from 61.177.173.18 port 58674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:20:05,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350805.2797468, 'message': 'Dec  6 20:20:04 hqnl0246134 sshd[251150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:20:07,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350807.2824364, 'message': 'Dec  6 20:20:06 hqnl0246134 sshd[251150]: Failed password for root from 61.177.173.18 port 58674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 20:20:10,086] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:20:10,105] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0271 seconds
INFO    [2022-12-06 20:20:10,925] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:20:10,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:20:10,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:20:10,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 20:20:17,748] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:20:17,748] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:20:17,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:20:17,768] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 20:20:19,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670350819.2984726, 'message': 'Dec  6 20:20:17 hqnl0246134 sshd[251200]: Invalid user telecomadmin from 152.89.196.220 port 40560', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:20:19,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670350819.2986617, 'message': 'Dec  6 20:20:17 hqnl0246134 sshd[251200]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:20:19,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670350819.298785, 'message': 'Dec  6 20:20:17 hqnl0246134 sshd[251200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:20:20,538] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:20:20,538] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:20:20,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:20:20,557] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 20:20:21,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670350821.301055, 'message': 'Dec  6 20:20:19 hqnl0246134 sshd[251200]: Failed password for invalid user telecomadmin from 152.89.196.220 port 40560 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:20:23,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670350823.3042078, 'message': 'Dec  6 20:20:21 hqnl0246134 sshd[251200]: Disconnected from invalid user telecomadmin 152.89.196.220 port 40560 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:20:47,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350847.331687, 'message': 'Dec  6 20:20:45 hqnl0246134 sshd[251224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 20:20:47,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350847.3325863, 'message': 'Dec  6 20:20:45 hqnl0246134 sshd[251224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:20:47,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350847.3372111, 'message': 'Dec  6 20:20:47 hqnl0246134 sshd[251224]: Failed password for root from 61.177.173.18 port 31554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 20:20:48,660] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:20:48,661] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:20:49,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350849.333336, 'message': 'Dec  6 20:20:47 hqnl0246134 sshd[251224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 20:20:49,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350849.3336291, 'message': 'Dec  6 20:20:49 hqnl0246134 sshd[251226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.50.255 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 20:20:49,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350849.3345013, 'message': 'Dec  6 20:20:49 hqnl0246134 sshd[251226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.50.255  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 20:20:51,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350851.336984, 'message': 'Dec  6 20:20:49 hqnl0246134 sshd[251224]: Failed password for root from 61.177.173.18 port 31554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 20:20:51,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.50.255', 'timestamp': 1670350851.3373427, 'message': 'Dec  6 20:20:50 hqnl0246134 sshd[251226]: Failed password for root from 167.172.50.255 port 44004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-06 20:20:53,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350853.3396242, 'message': 'Dec  6 20:20:51 hqnl0246134 sshd[251224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:20:55,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350855.34155, 'message': 'Dec  6 20:20:53 hqnl0246134 sshd[251224]: Failed password for root from 61.177.173.18 port 31554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 20:21:10,099] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:21:10,131] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0475 seconds
INFO    [2022-12-06 20:21:15,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350875.3657458, 'message': 'Dec  6 20:21:13 hqnl0246134 sshd[251246]: Invalid user ronald from 109.194.50.49 port 34282', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 20:21:15,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350875.365978, 'message': 'Dec  6 20:21:14 hqnl0246134 sshd[251246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.194.50.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 20:21:15,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350875.3661106, 'message': 'Dec  6 20:21:14 hqnl0246134 sshd[251246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.194.50.49 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:21:17,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350877.366075, 'message': 'Dec  6 20:21:15 hqnl0246134 sshd[251246]: Failed password for invalid user ronald from 109.194.50.49 port 34282 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:21:17,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.194.50.49', 'timestamp': 1670350877.3663895, 'message': 'Dec  6 20:21:16 hqnl0246134 sshd[251246]: Disconnected from invalid user ronald 109.194.50.49 port 34282 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:21:18,014] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:21:18,015] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:21:18,022] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:21:18,032] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 20:21:19,140] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:21:19,140] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:21:19,378] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:21:19,400] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1055 seconds
INFO    [2022-12-06 20:21:20,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:21:20,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:21:20,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:21:20,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 20:21:33,387] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:21:33,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350893.3837306, 'message': 'Dec  6 20:21:32 hqnl0246134 sshd[251273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 20:21:33,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350893.3845341, 'message': 'Dec  6 20:21:32 hqnl0246134 sshd[251273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:21:33,460] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:21:33,461] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:21:33,461] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:21:33,461] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:21:33,462] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:21:33,471] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:21:33,486] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0239 seconds
WARNING [2022-12-06 20:21:33,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:21:33,494] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:21:33,511] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0304 seconds
INFO    [2022-12-06 20:21:33,512] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0284 seconds
INFO    [2022-12-06 20:21:35,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350895.3857274, 'message': 'Dec  6 20:21:33 hqnl0246134 sshd[251273]: Failed password for root from 61.177.173.18 port 62193 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 20:21:35,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350895.3861663, 'message': 'Dec  6 20:21:34 hqnl0246134 sshd[251273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:21:37,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350897.388133, 'message': 'Dec  6 20:21:36 hqnl0246134 sshd[251273]: Failed password for root from 61.177.173.18 port 62193 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 20:21:39,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350899.3898191, 'message': 'Dec  6 20:21:39 hqnl0246134 sshd[251273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:21:41,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350901.3923218, 'message': 'Dec  6 20:21:40 hqnl0246134 sshd[251273]: Failed password for root from 61.177.173.18 port 62193 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 20:21:43,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350903.3949203, 'message': 'Dec  6 20:21:41 hqnl0246134 sshd[251298]: Invalid user test from 115.249.50.242 port 40186', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:21:43,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350903.395172, 'message': 'Dec  6 20:21:41 hqnl0246134 sshd[251298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.249.50.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 20:21:43,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350903.3953016, 'message': 'Dec  6 20:21:41 hqnl0246134 sshd[251298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.249.50.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 20:21:45,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350905.3971822, 'message': 'Dec  6 20:21:43 hqnl0246134 sshd[251298]: Failed password for invalid user test from 115.249.50.242 port 40186 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:21:47,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670350907.398281, 'message': 'Dec  6 20:21:46 hqnl0246134 sshd[251298]: Disconnected from invalid user test 115.249.50.242 port 40186 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 20:21:47,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350907.3986459, 'message': 'Dec  6 20:21:47 hqnl0246134 sshd[251301]: Invalid user romain from 95.103.229.174 port 44034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
WARNING [2022-12-06 20:21:48,667] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:21:48,668] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:21:49,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350909.4551935, 'message': 'Dec  6 20:21:47 hqnl0246134 sshd[251301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.103.229.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:21:49,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350909.455408, 'message': 'Dec  6 20:21:47 hqnl0246134 sshd[251301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.103.229.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 20:21:51,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350911.4021044, 'message': 'Dec  6 20:21:49 hqnl0246134 sshd[251301]: Failed password for invalid user romain from 95.103.229.174 port 44034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:21:51,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670350911.4023798, 'message': 'Dec  6 20:21:49 hqnl0246134 sshd[251301]: Disconnected from invalid user romain 95.103.229.174 port 44034 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 20:21:53,892] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 20:22:10,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:22:10,127] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 20:22:12,896] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:22:12,897] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:22:12,897] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 20:22:17,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:22:17,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:22:17,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:22:17,913] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 20:22:19,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350939.620512, 'message': 'Dec  6 20:22:18 hqnl0246134 sshd[251335]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 20:22:19,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350939.6208076, 'message': 'Dec  6 20:22:18 hqnl0246134 sshd[251335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:22:20,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:22:20,980] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:22:20,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:22:21,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
INFO    [2022-12-06 20:22:21,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350941.4321003, 'message': 'Dec  6 20:22:20 hqnl0246134 sshd[251335]: Failed password for root from 61.177.173.18 port 26695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:22:23,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350943.4335828, 'message': 'Dec  6 20:22:22 hqnl0246134 sshd[251335]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:22:25,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350945.4393282, 'message': 'Dec  6 20:22:24 hqnl0246134 sshd[251335]: Failed password for root from 61.177.173.18 port 26695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:22:25,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350945.4396508, 'message': 'Dec  6 20:22:25 hqnl0246134 sshd[251335]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:22:27,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350947.43848, 'message': 'Dec  6 20:22:26 hqnl0246134 sshd[251335]: Failed password for root from 61.177.173.18 port 26695 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 20:22:27,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350947.4386733, 'message': 'Dec  6 20:22:27 hqnl0246134 sshd[251345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.198.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 20:22:29,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.179.198.14', 'timestamp': 1670350949.440835, 'message': 'Dec  6 20:22:29 hqnl0246134 sshd[251345]: Failed password for root from 103.179.198.14 port 57690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 20:22:43,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350963.4554434, 'message': 'Dec  6 20:22:41 hqnl0246134 sshd[251356]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.198.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 20:22:43,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350963.456088, 'message': 'Dec  6 20:22:41 hqnl0246134 sshd[251356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:22:43,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.198.42', 'timestamp': 1670350963.4563792, 'message': 'Dec  6 20:22:43 hqnl0246134 sshd[251356]: Failed password for root from 167.71.198.42 port 51852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 20:22:48,289] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:22:48,290] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:22:48,298] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:22:48,311] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 20:22:48,671] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:22:48,672] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:23:03,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350983.4793522, 'message': 'Dec  6 20:23:03 hqnl0246134 sshd[251386]: Invalid user simon from 143.198.222.239 port 48370', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 20:23:03,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350983.4799027, 'message': 'Dec  6 20:23:03 hqnl0246134 sshd[251386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.222.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 20:23:03,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350983.4801319, 'message': 'Dec  6 20:23:03 hqnl0246134 sshd[251386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 20:23:05,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350985.4805408, 'message': 'Dec  6 20:23:05 hqnl0246134 sshd[251386]: Failed password for invalid user simon from 143.198.222.239 port 48370 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 20:23:07,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670350987.4837716, 'message': 'Dec  6 20:23:06 hqnl0246134 sshd[251386]: Disconnected from invalid user simon 143.198.222.239 port 48370 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 20:23:07,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350987.4840927, 'message': 'Dec  6 20:23:07 hqnl0246134 sshd[251389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 20:23:07,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350987.4844425, 'message': 'Dec  6 20:23:07 hqnl0246134 sshd[251389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:23:09,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350989.485654, 'message': 'Dec  6 20:23:08 hqnl0246134 sshd[251389]: Failed password for root from 61.177.173.18 port 12719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
WARNING [2022-12-06 20:23:10,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:23:10,125] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-06 20:23:11,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350991.485992, 'message': 'Dec  6 20:23:09 hqnl0246134 sshd[251392]: Invalid user shen from 75.30.64.54 port 57100', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 20:23:11,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350991.4928844, 'message': 'Dec  6 20:23:09 hqnl0246134 sshd[251389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-06 20:23:11,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350991.4932504, 'message': 'Dec  6 20:23:10 hqnl0246134 sshd[251394]: Invalid user minecraft from 152.32.211.250 port 2870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 20:23:11,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350991.4930289, 'message': 'Dec  6 20:23:09 hqnl0246134 sshd[251392]: pam_imunify(sshd:auth): [IM360_RBL] The IP 75.30.64.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-06 20:23:11,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350991.493353, 'message': 'Dec  6 20:23:10 hqnl0246134 sshd[251394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.211.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0657 seconds
INFO    [2022-12-06 20:23:11,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350991.493551, 'message': 'Dec  6 20:23:11 hqnl0246134 sshd[251389]: Failed password for root from 61.177.173.18 port 12719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0661 seconds
INFO    [2022-12-06 20:23:11,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350991.4931347, 'message': 'Dec  6 20:23:09 hqnl0246134 sshd[251392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.30.64.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 20:23:11,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350991.4934518, 'message': 'Dec  6 20:23:10 hqnl0246134 sshd[251394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.211.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 20:23:13,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350993.4885466, 'message': 'Dec  6 20:23:11 hqnl0246134 sshd[251392]: Failed password for invalid user shen from 75.30.64.54 port 57100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0650 seconds
INFO    [2022-12-06 20:23:13,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350993.4888444, 'message': 'Dec  6 20:23:11 hqnl0246134 sshd[251389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0653 seconds
INFO    [2022-12-06 20:23:13,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350993.498865, 'message': 'Dec  6 20:23:12 hqnl0246134 sshd[251394]: Failed password for invalid user minecraft from 152.32.211.250 port 2870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0605 seconds
INFO    [2022-12-06 20:23:13,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670350993.4986405, 'message': 'Dec  6 20:23:12 hqnl0246134 sshd[251392]: Disconnected from invalid user shen 75.30.64.54 port 57100 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:23:15,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670350995.4893413, 'message': 'Dec  6 20:23:13 hqnl0246134 sshd[251389]: Failed password for root from 61.177.173.18 port 12719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0989 seconds
INFO    [2022-12-06 20:23:15,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670350995.4907694, 'message': 'Dec  6 20:23:14 hqnl0246134 sshd[251394]: Disconnected from invalid user minecraft 152.32.211.250 port 2870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0983 seconds
INFO    [2022-12-06 20:23:15,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350995.490951, 'message': 'Dec  6 20:23:14 hqnl0246134 sshd[251398]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.73.44.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0976 seconds
INFO    [2022-12-06 20:23:15,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350995.4911392, 'message': 'Dec  6 20:23:14 hqnl0246134 sshd[251398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.73.44.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 20:23:17,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.73.44.36', 'timestamp': 1670350997.4921966, 'message': 'Dec  6 20:23:16 hqnl0246134 sshd[251398]: Failed password for root from 50.73.44.36 port 43129 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0605 seconds
INFO    [2022-12-06 20:23:19,214] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:23:19,215] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:23:19,224] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:23:19,235] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 20:23:21,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:23:21,835] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:23:21,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:23:21,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 20:23:31,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351011.5409591, 'message': 'Dec  6 20:23:31 hqnl0246134 sshd[251420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.50.255 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0762 seconds
INFO    [2022-12-06 20:23:31,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351011.541457, 'message': 'Dec  6 20:23:31 hqnl0246134 sshd[251420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.50.255  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:23:33,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351013.5124848, 'message': 'Dec  6 20:23:33 hqnl0246134 sshd[251420]: Failed password for root from 167.172.50.255 port 32962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 20:23:48,675] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:23:48,677] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:23:55,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351035.5433006, 'message': 'Dec  6 20:23:54 hqnl0246134 sshd[251437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:23:55,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351035.5437963, 'message': 'Dec  6 20:23:54 hqnl0246134 sshd[251437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:23:57,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351037.5471315, 'message': 'Dec  6 20:23:56 hqnl0246134 sshd[251443]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.194.50.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 20:23:57,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351037.5474486, 'message': 'Dec  6 20:23:56 hqnl0246134 sshd[251437]: Failed password for root from 61.177.173.18 port 31974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:23:57,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351037.547336, 'message': 'Dec  6 20:23:56 hqnl0246134 sshd[251443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.194.50.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:23:59,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351039.5476077, 'message': 'Dec  6 20:23:58 hqnl0246134 sshd[251437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:23:59,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351039.5478418, 'message': 'Dec  6 20:23:58 hqnl0246134 sshd[251443]: Failed password for root from 109.194.50.49 port 34656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 20:24:01,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351041.5515587, 'message': 'Dec  6 20:24:00 hqnl0246134 sshd[251437]: Failed password for root from 61.177.173.18 port 31974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 20:24:01,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351041.5518148, 'message': 'Dec  6 20:24:00 hqnl0246134 sshd[251437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 20:24:03,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351043.5556748, 'message': 'Dec  6 20:24:03 hqnl0246134 sshd[251437]: Failed password for root from 61.177.173.18 port 31974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-06 20:24:10,102] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:24:10,133] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-06 20:24:13,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351053.5757873, 'message': 'Dec  6 20:24:13 hqnl0246134 sshd[251461]: Invalid user ftpuser from 59.127.158.223 port 47938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 20:24:13,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351053.5760758, 'message': 'Dec  6 20:24:13 hqnl0246134 sshd[251461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 20:24:13,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351053.576355, 'message': 'Dec  6 20:24:13 hqnl0246134 sshd[251461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:24:15,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351055.577922, 'message': 'Dec  6 20:24:14 hqnl0246134 sshd[251461]: Failed password for invalid user ftpuser from 59.127.158.223 port 47938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:24:17,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351057.5820355, 'message': 'Dec  6 20:24:16 hqnl0246134 sshd[251461]: Disconnected from invalid user ftpuser 59.127.158.223 port 47938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:24:17,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351057.5823262, 'message': 'Dec  6 20:24:17 hqnl0246134 sshd[251465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.198.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 20:24:17,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351057.5825233, 'message': 'Dec  6 20:24:17 hqnl0246134 sshd[251465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:24:18,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:24:18,128] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:24:18,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:24:18,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 20:24:18,920] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:24:18,920] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:24:18,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:24:18,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:24:19,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351059.5840845, 'message': 'Dec  6 20:24:19 hqnl0246134 sshd[251465]: Failed password for root from 167.71.198.42 port 44086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:24:21,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:24:21,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:24:21,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:24:21,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-06 20:24:25,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670351065.5935285, 'message': 'Dec  6 20:24:25 hqnl0246134 sshd[251441]: Invalid user ubuntu from 186.83.28.210 port 35234', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 20:24:25,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.83.28.210', 'timestamp': 1670351065.593711, 'message': 'Dec  6 20:24:25 hqnl0246134 sshd[251441]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.83.28.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:24:25,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.83.28.210', 'timestamp': 1670351065.593844, 'message': 'Dec  6 20:24:25 hqnl0246134 sshd[251441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.83.28.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:24:27,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670351067.596585, 'message': 'Dec  6 20:24:27 hqnl0246134 sshd[251441]: Failed password for invalid user ubuntu from 186.83.28.210 port 35234 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:24:29,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670351069.5994277, 'message': 'Dec  6 20:24:27 hqnl0246134 sshd[251441]: Disconnected from invalid user ubuntu 186.83.28.210 port 35234 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:24:33,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351073.6049778, 'message': 'Dec  6 20:24:31 hqnl0246134 sshd[251484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.249.50.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:24:33,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351073.6053364, 'message': 'Dec  6 20:24:31 hqnl0246134 sshd[251484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.249.50.242  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:24:35,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351075.6068485, 'message': 'Dec  6 20:24:34 hqnl0246134 sshd[251484]: Failed password for root from 115.249.50.242 port 44566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:24:43,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351083.6261435, 'message': 'Dec  6 20:24:43 hqnl0246134 sshd[251496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 20:24:43,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351083.6266835, 'message': 'Dec  6 20:24:43 hqnl0246134 sshd[251496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 20:24:45,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351085.629421, 'message': 'Dec  6 20:24:45 hqnl0246134 sshd[251496]: Failed password for root from 61.177.173.18 port 13016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:24:47,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351087.632899, 'message': 'Dec  6 20:24:45 hqnl0246134 sshd[251496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 20:24:47,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351087.6330786, 'message': 'Dec  6 20:24:47 hqnl0246134 sshd[251496]: Failed password for root from 61.177.173.18 port 13016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 20:24:48,681] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:24:48,682] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:24:49,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351089.6365783, 'message': 'Dec  6 20:24:48 hqnl0246134 sshd[251496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:24:51,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351091.639519, 'message': 'Dec  6 20:24:50 hqnl0246134 sshd[251496]: Failed password for root from 61.177.173.18 port 13016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:25:09,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '83.40.33.56', 'timestamp': 1670351109.6643164, 'message': 'Dec  6 20:25:09 hqnl0246134 sshd[251530]: pam_imunify(sshd:auth): [IM360_RBL] The IP 83.40.33.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 20:25:09,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '83.40.33.56', 'timestamp': 1670351109.665135, 'message': 'Dec  6 20:25:09 hqnl0246134 sshd[251530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.40.33.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
WARNING [2022-12-06 20:25:10,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:25:10,153] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0559 seconds
INFO    [2022-12-06 20:25:11,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '83.40.33.56', 'timestamp': 1670351111.6655066, 'message': 'Dec  6 20:25:11 hqnl0246134 sshd[251530]: Failed password for root from 83.40.33.56 port 55118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:25:17,856] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:25:17,857] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:25:17,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:25:17,877] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 20:25:20,516] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:25:20,517] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:25:20,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:25:20,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 20:25:27,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351127.686859, 'message': 'Dec  6 20:25:26 hqnl0246134 sshd[251556]: Invalid user tiago from 75.30.64.54 port 47596', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 20:25:27,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.210.117.90', 'timestamp': 1670351127.6877599, 'message': 'Dec  6 20:25:27 hqnl0246134 sshd[251554]: Invalid user admin from 210.210.117.90 port 39049', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 20:25:27,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351127.6870477, 'message': 'Dec  6 20:25:26 hqnl0246134 sshd[251556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 75.30.64.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:25:27,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351127.6874633, 'message': 'Dec  6 20:25:26 hqnl0246134 sshd[251556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.30.64.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:25:29,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.210.117.90', 'timestamp': 1670351129.689778, 'message': 'Dec  6 20:25:27 hqnl0246134 sshd[251554]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.210.117.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 20:25:29,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351129.6900635, 'message': 'Dec  6 20:25:28 hqnl0246134 sshd[251556]: Failed password for invalid user tiago from 75.30.64.54 port 47596 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 20:25:29,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.210.117.90', 'timestamp': 1670351129.6899467, 'message': 'Dec  6 20:25:27 hqnl0246134 sshd[251554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.210.117.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:25:31,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351131.6933503, 'message': 'Dec  6 20:25:30 hqnl0246134 sshd[251556]: Disconnected from invalid user tiago 75.30.64.54 port 47596 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 20:25:31,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.210.117.90', 'timestamp': 1670351131.6936975, 'message': 'Dec  6 20:25:30 hqnl0246134 sshd[251554]: Failed password for invalid user admin from 210.210.117.90 port 39049 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 20:25:31,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351131.6947572, 'message': 'Dec  6 20:25:30 hqnl0246134 sshd[251559]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0760 seconds
INFO    [2022-12-06 20:25:31,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351131.6949039, 'message': 'Dec  6 20:25:30 hqnl0246134 sshd[251559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:25:32,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:25:32,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:25:32,798] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:25:32,810] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 20:25:33,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351133.695577, 'message': 'Dec  6 20:25:33 hqnl0246134 sshd[251559]: Failed password for root from 61.177.173.18 port 31263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:25:35,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351135.6984272, 'message': 'Dec  6 20:25:34 hqnl0246134 sshd[251558]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.82.89.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:25:35,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.221.11.21', 'timestamp': 1670351135.6987824, 'message': 'Dec  6 20:25:34 hqnl0246134 sshd[251574]: Invalid user admin from 45.221.11.21 port 58413', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:25:35,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351135.698627, 'message': 'Dec  6 20:25:34 hqnl0246134 sshd[251558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.82.89.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 20:25:35,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351135.6991153, 'message': 'Dec  6 20:25:35 hqnl0246134 sshd[251559]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 20:25:35,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.221.11.21', 'timestamp': 1670351135.698911, 'message': 'Dec  6 20:25:34 hqnl0246134 sshd[251574]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.221.11.21 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 20:25:35,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.221.11.21', 'timestamp': 1670351135.6990147, 'message': 'Dec  6 20:25:34 hqnl0246134 sshd[251574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.221.11.21 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:25:37,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351137.7009141, 'message': 'Dec  6 20:25:36 hqnl0246134 sshd[251558]: Failed password for root from 124.82.89.207 port 59274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 20:25:37,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.221.11.21', 'timestamp': 1670351137.7011242, 'message': 'Dec  6 20:25:37 hqnl0246134 sshd[251574]: Failed password for invalid user admin from 45.221.11.21 port 58413 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 20:25:37,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351137.701265, 'message': 'Dec  6 20:25:37 hqnl0246134 sshd[251559]: Failed password for root from 61.177.173.18 port 31263 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 20:25:39,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351139.702301, 'message': 'Dec  6 20:25:39 hqnl0246134 sshd[251559]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:25:43,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351143.70838, 'message': 'Dec  6 20:25:41 hqnl0246134 sshd[251559]: Failed password for root from 61.177.173.18 port 31263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 20:25:48,685] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:25:48,685] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:25:51,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351151.7181807, 'message': 'Dec  6 20:25:51 hqnl0246134 sshd[251603]: Invalid user mobile from 103.179.198.14 port 33198', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 20:25:53,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351153.7185745, 'message': 'Dec  6 20:25:51 hqnl0246134 sshd[251603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.179.198.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0605 seconds
INFO    [2022-12-06 20:25:53,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351153.718952, 'message': 'Dec  6 20:25:51 hqnl0246134 sshd[251603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.198.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0677 seconds
INFO    [2022-12-06 20:25:55,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351155.7211847, 'message': 'Dec  6 20:25:54 hqnl0246134 sshd[251603]: Failed password for invalid user mobile from 103.179.198.14 port 33198 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 20:25:57,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351157.7237606, 'message': 'Dec  6 20:25:57 hqnl0246134 sshd[251603]: Disconnected from invalid user mobile 103.179.198.14 port 33198 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 20:26:01,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351161.7361274, 'message': 'Dec  6 20:26:00 hqnl0246134 sshd[251608]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.211.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 20:26:01,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351161.7366247, 'message': 'Dec  6 20:26:00 hqnl0246134 sshd[251608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.211.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 20:26:03,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351163.7389772, 'message': 'Dec  6 20:26:02 hqnl0246134 sshd[251610]: Invalid user deploy from 167.71.198.42 port 36316', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-06 20:26:03,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351163.740848, 'message': 'Dec  6 20:26:02 hqnl0246134 sshd[251608]: Failed password for root from 152.32.211.250 port 48052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 20:26:03,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351163.7394333, 'message': 'Dec  6 20:26:02 hqnl0246134 sshd[251610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.198.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 20:26:03,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351163.7396739, 'message': 'Dec  6 20:26:02 hqnl0246134 sshd[251610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:26:05,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351165.7453003, 'message': 'Dec  6 20:26:04 hqnl0246134 sshd[251610]: Failed password for invalid user deploy from 167.71.198.42 port 36316 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 20:26:07,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351167.7520325, 'message': 'Dec  6 20:26:06 hqnl0246134 sshd[251627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.73.44.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 20:26:07,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.198.42', 'timestamp': 1670351167.7531378, 'message': 'Dec  6 20:26:06 hqnl0246134 sshd[251610]: Disconnected from invalid user deploy 167.71.198.42 port 36316 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 20:26:07,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351167.7523792, 'message': 'Dec  6 20:26:06 hqnl0246134 sshd[251627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.73.44.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:26:09,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351169.7623336, 'message': 'Dec  6 20:26:08 hqnl0246134 sshd[251627]: Failed password for root from 50.73.44.36 port 37664 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 20:26:10,110] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:26:10,149] defence360agent.internals.the_sink: SensorIncidentList(<29 item(s)>) processed in 0.0480 seconds
INFO    [2022-12-06 20:26:13,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351173.7725391, 'message': 'Dec  6 20:26:13 hqnl0246134 sshd[251630]: Invalid user gmodserver from 143.198.222.239 port 54630', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 20:26:13,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351173.773266, 'message': 'Dec  6 20:26:13 hqnl0246134 sshd[251630]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.222.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:26:13,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351173.7734618, 'message': 'Dec  6 20:26:13 hqnl0246134 sshd[251630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:26:15,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351175.7735672, 'message': 'Dec  6 20:26:15 hqnl0246134 sshd[251630]: Failed password for invalid user gmodserver from 143.198.222.239 port 54630 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 20:26:15,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351175.7738004, 'message': 'Dec  6 20:26:15 hqnl0246134 sshd[251630]: Disconnected from invalid user gmodserver 143.198.222.239 port 54630 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 20:26:17,906] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:26:17,906] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:26:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:26:17,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:26:19,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351179.7812645, 'message': 'Dec  6 20:26:19 hqnl0246134 sshd[251637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 20:26:19,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351179.7822618, 'message': 'Dec  6 20:26:19 hqnl0246134 sshd[251642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.50.255 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 20:26:19,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351179.7821267, 'message': 'Dec  6 20:26:19 hqnl0246134 sshd[251637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 20:26:19,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351179.782379, 'message': 'Dec  6 20:26:19 hqnl0246134 sshd[251642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.50.255  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 20:26:20,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:26:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:26:20,585] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:26:20,598] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 20:26:21,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351181.786438, 'message': 'Dec  6 20:26:20 hqnl0246134 sshd[251637]: Failed password for root from 61.177.173.18 port 63460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 20:26:21,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.172.50.255', 'timestamp': 1670351181.7867236, 'message': 'Dec  6 20:26:21 hqnl0246134 sshd[251642]: Failed password for root from 167.172.50.255 port 50160 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 20:26:21,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351181.7869055, 'message': 'Dec  6 20:26:21 hqnl0246134 sshd[251637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 20:26:25,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351185.7940102, 'message': 'Dec  6 20:26:24 hqnl0246134 sshd[251637]: Failed password for root from 61.177.173.18 port 63460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:26:27,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351187.797651, 'message': 'Dec  6 20:26:25 hqnl0246134 sshd[251637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 20:26:27,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351187.797833, 'message': 'Dec  6 20:26:26 hqnl0246134 sshd[251648]: Invalid user martin from 95.103.229.174 port 48818', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-06 20:26:27,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351187.798149, 'message': 'Dec  6 20:26:27 hqnl0246134 sshd[251637]: Failed password for root from 61.177.173.18 port 63460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 20:26:27,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351187.7979417, 'message': 'Dec  6 20:26:26 hqnl0246134 sshd[251648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.103.229.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 20:26:27,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351187.7980459, 'message': 'Dec  6 20:26:26 hqnl0246134 sshd[251648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.103.229.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:26:29,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351189.8023808, 'message': 'Dec  6 20:26:28 hqnl0246134 sshd[251648]: Failed password for invalid user martin from 95.103.229.174 port 48818 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:26:31,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351191.804807, 'message': 'Dec  6 20:26:30 hqnl0246134 sshd[251648]: Disconnected from invalid user martin 95.103.229.174 port 48818 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:26:42,426] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:26:42,493] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:26:42,494] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:26:42,494] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:26:42,494] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:26:42,495] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:26:42,511] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:26:42,528] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0319 seconds
WARNING [2022-12-06 20:26:42,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:26:42,537] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:26:42,554] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-06 20:26:42,555] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0301 seconds
INFO    [2022-12-06 20:26:43,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351203.8248053, 'message': 'Dec  6 20:26:41 hqnl0246134 sshd[251662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.194.50.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:26:43,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351203.8250399, 'message': 'Dec  6 20:26:41 hqnl0246134 sshd[251662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.194.50.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 20:26:43,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '109.194.50.49', 'timestamp': 1670351203.8252559, 'message': 'Dec  6 20:26:43 hqnl0246134 sshd[251662]: Failed password for root from 109.194.50.49 port 37472 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:26:46,599] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:26:46,600] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:26:46,616] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:26:46,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0370 seconds
WARNING [2022-12-06 20:26:48,688] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:26:48,691] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:27:07,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351227.8504584, 'message': 'Dec  6 20:27:06 hqnl0246134 sshd[251704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 20:27:07,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351227.8510635, 'message': 'Dec  6 20:27:06 hqnl0246134 sshd[251704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:27:09,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351229.8508377, 'message': 'Dec  6 20:27:08 hqnl0246134 sshd[251704]: Failed password for root from 61.177.173.18 port 39834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 20:27:09,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351229.8511055, 'message': 'Dec  6 20:27:08 hqnl0246134 sshd[251704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-06 20:27:10,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:27:10,144] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0402 seconds
INFO    [2022-12-06 20:27:11,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351231.8523893, 'message': 'Dec  6 20:27:11 hqnl0246134 sshd[251704]: Failed password for root from 61.177.173.18 port 39834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:27:13,139] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:27:13,140] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:27:13,141] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 20:27:13,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351233.8536446, 'message': 'Dec  6 20:27:13 hqnl0246134 sshd[251704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:27:15,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351235.8565235, 'message': 'Dec  6 20:27:14 hqnl0246134 sshd[251710]: Invalid user big from 59.127.158.223 port 37100', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0710 seconds
INFO    [2022-12-06 20:27:15,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351235.8569593, 'message': 'Dec  6 20:27:14 hqnl0246134 sshd[251704]: Failed password for root from 61.177.173.18 port 39834 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0711 seconds
INFO    [2022-12-06 20:27:15,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351235.856741, 'message': 'Dec  6 20:27:14 hqnl0246134 sshd[251710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 20:27:16,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351235.8568532, 'message': 'Dec  6 20:27:14 hqnl0246134 sshd[251710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 20:27:17,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351237.8578491, 'message': 'Dec  6 20:27:16 hqnl0246134 sshd[251710]: Failed password for invalid user big from 59.127.158.223 port 37100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 20:27:17,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351237.8580332, 'message': 'Dec  6 20:27:17 hqnl0246134 sshd[251710]: Disconnected from invalid user big 59.127.158.223 port 37100 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:27:18,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:27:18,501] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:27:18,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:27:18,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 20:27:21,232] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:27:21,232] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:27:21,239] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:27:21,250] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 20:27:39,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351259.8934562, 'message': 'Dec  6 20:27:38 hqnl0246134 sshd[251746]: Invalid user 3456! from 75.30.64.54 port 37810', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 20:27:39,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351259.8971128, 'message': 'Dec  6 20:27:38 hqnl0246134 sshd[251746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 75.30.64.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 20:27:39,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351259.8972528, 'message': 'Dec  6 20:27:38 hqnl0246134 sshd[251746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.30.64.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:27:41,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351261.8959475, 'message': 'Dec  6 20:27:40 hqnl0246134 sshd[251746]: Failed password for invalid user 3456! from 75.30.64.54 port 37810 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:27:41,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351261.8962338, 'message': 'Dec  6 20:27:41 hqnl0246134 sshd[251746]: Disconnected from invalid user 3456! 75.30.64.54 port 37810 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 20:27:48,697] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:27:48,699] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:27:55,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351275.917505, 'message': 'Dec  6 20:27:54 hqnl0246134 sshd[251755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:27:55,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351275.9178665, 'message': 'Dec  6 20:27:54 hqnl0246134 sshd[251755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 20:27:57,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351277.9222987, 'message': 'Dec  6 20:27:55 hqnl0246134 sshd[251757]: Invalid user test from 115.249.50.242 port 48940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 20:27:57,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351277.9231505, 'message': 'Dec  6 20:27:56 hqnl0246134 sshd[251755]: Failed password for root from 61.177.173.18 port 11496 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 20:27:58,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351277.922779, 'message': 'Dec  6 20:27:56 hqnl0246134 sshd[251757]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.249.50.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:27:58,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351277.9229593, 'message': 'Dec  6 20:27:56 hqnl0246134 sshd[251757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.249.50.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 20:27:59,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351279.9258857, 'message': 'Dec  6 20:27:57 hqnl0246134 sshd[251757]: Failed password for invalid user test from 115.249.50.242 port 48940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 20:27:59,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351279.9290078, 'message': 'Dec  6 20:27:58 hqnl0246134 sshd[251755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 20:27:59,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.249.50.242', 'timestamp': 1670351279.9291985, 'message': 'Dec  6 20:27:58 hqnl0246134 sshd[251757]: Disconnected from invalid user test 115.249.50.242 port 48940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:28:01,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351281.9298227, 'message': 'Dec  6 20:28:00 hqnl0246134 sshd[251755]: Failed password for root from 61.177.173.18 port 11496 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 20:28:03,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351283.9341342, 'message': 'Dec  6 20:28:02 hqnl0246134 sshd[251755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 20:28:05,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351285.9365847, 'message': 'Dec  6 20:28:04 hqnl0246134 sshd[251755]: Failed password for root from 61.177.173.18 port 11496 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-06 20:28:10,118] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:28:10,146] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-06 20:28:18,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:28:18,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:28:18,480] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:28:18,509] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0350 seconds
INFO    [2022-12-06 20:28:22,298] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:28:22,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:28:22,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:28:22,341] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0418 seconds
INFO    [2022-12-06 20:28:42,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351321.9806645, 'message': 'Dec  6 20:28:41 hqnl0246134 sshd[251803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:28:42,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351321.98103, 'message': 'Dec  6 20:28:41 hqnl0246134 sshd[251803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:28:44,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351323.9844267, 'message': 'Dec  6 20:28:43 hqnl0246134 sshd[251803]: Failed password for root from 61.177.173.18 port 47367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:28:48,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351327.9909704, 'message': 'Dec  6 20:28:46 hqnl0246134 sshd[251803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:28:48,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351327.9913185, 'message': 'Dec  6 20:28:46 hqnl0246134 sshd[251808]: Invalid user ubuntu from 152.32.211.250 port 29262', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 20:28:48,037] defence360agent.files: Updating all files
INFO    [2022-12-06 20:28:48,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351327.9917355, 'message': 'Dec  6 20:28:47 hqnl0246134 sshd[251803]: Failed password for root from 61.177.173.18 port 47367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 20:28:48,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351327.9915051, 'message': 'Dec  6 20:28:46 hqnl0246134 sshd[251808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.211.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 20:28:48,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351327.991612, 'message': 'Dec  6 20:28:46 hqnl0246134 sshd[251808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.211.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 20:28:48,387] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:48,388] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 20:28:48,690] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:48,690] defence360agent.files: static-whitelist files update finished (not updated)
WARNING [2022-12-06 20:28:48,700] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:28:48,701] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:28:48,942] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:48,943] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 20:28:49,281] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:49,282] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 20:28:49,282] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 20:28:49,545] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 18:28:49 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E47AF2DB42704'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 20:28:49,546] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 20:28:49,547] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 20:28:50,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351329.9932036, 'message': 'Dec  6 20:28:48 hqnl0246134 sshd[251808]: Failed password for invalid user ubuntu from 152.32.211.250 port 29262 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1059 seconds
INFO    [2022-12-06 20:28:50,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351329.9935548, 'message': 'Dec  6 20:28:48 hqnl0246134 sshd[251803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1070 seconds
INFO    [2022-12-06 20:28:50,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351329.9939153, 'message': 'Dec  6 20:28:49 hqnl0246134 sshd[251810]: Invalid user jeff from 50.73.44.36 port 60429', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1069 seconds
INFO    [2022-12-06 20:28:50,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.211.250', 'timestamp': 1670351329.993739, 'message': 'Dec  6 20:28:48 hqnl0246134 sshd[251808]: Disconnected from invalid user ubuntu 152.32.211.250 port 29262 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-06 20:28:50,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351329.9940908, 'message': 'Dec  6 20:28:49 hqnl0246134 sshd[251810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.73.44.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 20:28:50,180] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:50,181] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 20:28:50,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351329.9942832, 'message': 'Dec  6 20:28:49 hqnl0246134 sshd[251810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.73.44.36 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 20:28:50,444] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:50,445] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 20:28:50,765] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:50,766] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 20:28:51,165] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:51,165] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 20:28:51,664] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:28:51,664] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 20:28:51,665] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 20:28:51,667] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 20:28:51,677] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:28:51,695] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-06 20:28:52,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351331.9956725, 'message': 'Dec  6 20:28:50 hqnl0246134 sshd[251803]: Failed password for root from 61.177.173.18 port 47367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 20:28:52,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351331.9958577, 'message': 'Dec  6 20:28:51 hqnl0246134 sshd[251810]: Failed password for invalid user jeff from 50.73.44.36 port 60429 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 20:28:52,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.73.44.36', 'timestamp': 1670351331.9959798, 'message': 'Dec  6 20:28:51 hqnl0246134 sshd[251810]: Disconnected from invalid user jeff 50.73.44.36 port 60429 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:29:02,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351342.0170274, 'message': 'Dec  6 20:29:01 hqnl0246134 sshd[251819]: Invalid user steve from 103.179.198.14 port 33044', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:29:02,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351342.0175042, 'message': 'Dec  6 20:29:01 hqnl0246134 sshd[251819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.179.198.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:29:02,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351342.0176568, 'message': 'Dec  6 20:29:01 hqnl0246134 sshd[251819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.198.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:29:04,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351344.0227463, 'message': 'Dec  6 20:29:02 hqnl0246134 sshd[251819]: Failed password for invalid user steve from 103.179.198.14 port 33044 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:29:04,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.179.198.14', 'timestamp': 1670351344.0231147, 'message': 'Dec  6 20:29:03 hqnl0246134 sshd[251819]: Disconnected from invalid user steve 103.179.198.14 port 33044 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 20:29:10,129] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:29:10,201] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0865 seconds
INFO    [2022-12-06 20:29:14,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351354.0363212, 'message': 'Dec  6 20:29:13 hqnl0246134 sshd[251843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.222.239 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 20:29:14,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351354.0365984, 'message': 'Dec  6 20:29:13 hqnl0246134 sshd[251843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:29:16,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.222.239', 'timestamp': 1670351356.038463, 'message': 'Dec  6 20:29:14 hqnl0246134 sshd[251843]: Failed password for root from 143.198.222.239 port 33404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 20:29:18,295] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:29:18,296] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:29:18,307] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:29:18,339] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0419 seconds
INFO    [2022-12-06 20:29:21,245] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:29:21,245] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:29:21,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:29:21,263] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 20:29:30,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351370.059274, 'message': 'Dec  6 20:29:28 hqnl0246134 sshd[251856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:29:30,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351370.0595536, 'message': 'Dec  6 20:29:28 hqnl0246134 sshd[251856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 20:29:32,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351372.0651505, 'message': 'Dec  6 20:29:30 hqnl0246134 sshd[251856]: Failed password for root from 61.177.173.18 port 13493 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:29:34,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351374.0702016, 'message': 'Dec  6 20:29:32 hqnl0246134 sshd[251856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 20:29:36,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351376.0716429, 'message': 'Dec  6 20:29:34 hqnl0246134 sshd[251856]: Failed password for root from 61.177.173.18 port 13493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 20:29:36,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351376.071922, 'message': 'Dec  6 20:29:34 hqnl0246134 sshd[251856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:29:38,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351378.074025, 'message': 'Dec  6 20:29:37 hqnl0246134 sshd[251856]: Failed password for root from 61.177.173.18 port 13493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 20:29:48,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351388.0865815, 'message': 'Dec  6 20:29:46 hqnl0246134 sshd[251890]: Invalid user user from 75.30.64.54 port 37438', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 20:29:48,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351388.0869458, 'message': 'Dec  6 20:29:46 hqnl0246134 sshd[251890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 75.30.64.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 20:29:48,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351388.0870926, 'message': 'Dec  6 20:29:46 hqnl0246134 sshd[251890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.30.64.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0463 seconds
WARNING [2022-12-06 20:29:48,703] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:29:48,704] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:29:50,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351390.0900803, 'message': 'Dec  6 20:29:49 hqnl0246134 sshd[251890]: Failed password for invalid user user from 75.30.64.54 port 37438 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:29:52,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '75.30.64.54', 'timestamp': 1670351392.0936275, 'message': 'Dec  6 20:29:50 hqnl0246134 sshd[251890]: Disconnected from invalid user user 75.30.64.54 port 37438 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:30:06,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351406.1110113, 'message': 'Dec  6 20:30:06 hqnl0246134 sshd[251924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.127.158.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 20:30:06,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351406.1114466, 'message': 'Dec  6 20:30:06 hqnl0246134 sshd[251924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.158.223  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0400 seconds
WARNING [2022-12-06 20:30:10,173] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:30:10,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '59.127.158.223', 'timestamp': 1670351410.1133358, 'message': 'Dec  6 20:30:08 hqnl0246134 sshd[251924]: Failed password for root from 59.127.158.223 port 54492 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1426 seconds
INFO    [2022-12-06 20:30:10,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670351410.1136775, 'message': 'Dec  6 20:30:08 hqnl0246134 sshd[251931]: Invalid user david from 200.60.92.170 port 60308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1416 seconds
INFO    [2022-12-06 20:30:10,259] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.1415 seconds
INFO    [2022-12-06 20:30:10,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.60.92.170', 'timestamp': 1670351410.1139026, 'message': 'Dec  6 20:30:08 hqnl0246134 sshd[251931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.60.92.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 20:30:10,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.60.92.170', 'timestamp': 1670351410.1141558, 'message': 'Dec  6 20:30:08 hqnl0246134 sshd[251931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.60.92.170 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 20:30:12,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670351412.1154025, 'message': 'Dec  6 20:30:10 hqnl0246134 sshd[251931]: Failed password for invalid user david from 200.60.92.170 port 60308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 20:30:12,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670351412.11577, 'message': 'Dec  6 20:30:11 hqnl0246134 sshd[251931]: Disconnected from invalid user david 200.60.92.170 port 60308 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 20:30:13,191] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:30:13,191] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:30:13,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:30:13,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0333 seconds
INFO    [2022-12-06 20:30:16,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351416.1157744, 'message': 'Dec  6 20:30:15 hqnl0246134 sshd[251946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:30:16,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351416.116019, 'message': 'Dec  6 20:30:16 hqnl0246134 sshd[251946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:30:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:30:17,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:30:17,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:30:17,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:30:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670351418.1178331, 'message': 'Dec  6 20:30:16 hqnl0246134 sshd[251950]: Invalid user sysadmin from 72.165.240.194 port 41576', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 20:30:18,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351418.1184077, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251937]: Invalid user gerencia from 124.82.89.207 port 51260', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 20:30:18,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351418.1189647, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251946]: Failed password for root from 61.177.173.18 port 39764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 20:30:18,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '72.165.240.194', 'timestamp': 1670351418.1180785, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 72.165.240.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:30:18,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351418.1191247, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251937]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.82.89.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 20:30:18,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '72.165.240.194', 'timestamp': 1670351418.1182644, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.165.240.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:30:18,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351418.1193204, 'message': 'Dec  6 20:30:17 hqnl0246134 sshd[251937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.82.89.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 20:30:20,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351420.1192756, 'message': 'Dec  6 20:30:18 hqnl0246134 sshd[251946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-06 20:30:20,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670351420.119442, 'message': 'Dec  6 20:30:19 hqnl0246134 sshd[251950]: Failed password for invalid user sysadmin from 72.165.240.194 port 41576 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-06 20:30:20,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351420.124849, 'message': 'Dec  6 20:30:20 hqnl0246134 sshd[251937]: Failed password for invalid user gerencia from 124.82.89.207 port 51260 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 20:30:20,358] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:30:20,359] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:30:20,373] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:30:20,394] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
INFO    [2022-12-06 20:30:22,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670351422.1223035, 'message': 'Dec  6 20:30:20 hqnl0246134 sshd[251950]: Disconnected from invalid user sysadmin 72.165.240.194 port 41576 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 20:30:22,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351422.12249, 'message': 'Dec  6 20:30:20 hqnl0246134 sshd[251946]: Failed password for root from 61.177.173.18 port 39764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 20:30:22,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351422.123217, 'message': 'Dec  6 20:30:22 hqnl0246134 sshd[251937]: Disconnected from invalid user gerencia 124.82.89.207 port 51260 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 20:30:24,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351424.12554, 'message': 'Dec  6 20:30:22 hqnl0246134 sshd[251946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:30:26,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351426.1283405, 'message': 'Dec  6 20:30:24 hqnl0246134 sshd[251946]: Failed password for root from 61.177.173.18 port 39764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 20:30:48,709] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:30:48,711] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:30:58,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351458.1937242, 'message': 'Dec  6 20:30:57 hqnl0246134 sshd[251978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.103.229.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 20:30:58,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351458.1944995, 'message': 'Dec  6 20:30:57 hqnl0246134 sshd[251978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.103.229.174  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:31:00,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.103.229.174', 'timestamp': 1670351460.1955874, 'message': 'Dec  6 20:30:59 hqnl0246134 sshd[251978]: Failed password for root from 95.103.229.174 port 53594 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 20:31:06,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351466.205035, 'message': 'Dec  6 20:31:04 hqnl0246134 sshd[251989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 20:31:06,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351466.205388, 'message': 'Dec  6 20:31:04 hqnl0246134 sshd[251989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:31:08,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351468.2069461, 'message': 'Dec  6 20:31:06 hqnl0246134 sshd[251989]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:31:08,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351468.2071393, 'message': 'Dec  6 20:31:06 hqnl0246134 sshd[251989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-06 20:31:10,132] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:31:10,157] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-06 20:31:10,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351470.2081094, 'message': 'Dec  6 20:31:09 hqnl0246134 sshd[251989]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:31:12,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351472.2097082, 'message': 'Dec  6 20:31:11 hqnl0246134 sshd[251989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0645 seconds
INFO    [2022-12-06 20:31:14,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351474.2109811, 'message': 'Dec  6 20:31:13 hqnl0246134 sshd[251989]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:31:16,121] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:31:16,122] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:31:16,129] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:31:16,144] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 20:31:18,100] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:31:18,101] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:31:18,111] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:31:18,129] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 20:31:20,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:31:20,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:31:20,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:31:20,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 20:31:24,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.104.25.215', 'timestamp': 1670351484.2180648, 'message': 'Dec  6 20:31:22 hqnl0246134 sshd[252020]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.104.25.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 20:31:24,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.104.25.215', 'timestamp': 1670351484.2182982, 'message': 'Dec  6 20:31:22 hqnl0246134 sshd[252020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.25.215  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:31:26,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.104.25.215', 'timestamp': 1670351486.2198727, 'message': 'Dec  6 20:31:24 hqnl0246134 sshd[252020]: Failed password for root from 190.104.25.215 port 40846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 20:31:48,714] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:31:48,718] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:31:53,897] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 20:31:54,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351514.2544582, 'message': 'Dec  6 20:31:53 hqnl0246134 sshd[252038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 20:31:54,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351514.2556539, 'message': 'Dec  6 20:31:53 hqnl0246134 sshd[252038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:31:56,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351516.2621422, 'message': 'Dec  6 20:31:55 hqnl0246134 sshd[252038]: Failed password for root from 61.177.173.18 port 38199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 20:31:58,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351518.2537827, 'message': 'Dec  6 20:31:57 hqnl0246134 sshd[252038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 20:32:00,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351520.2557967, 'message': 'Dec  6 20:31:59 hqnl0246134 sshd[252038]: Failed password for root from 61.177.173.18 port 38199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:32:00,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351520.2559812, 'message': 'Dec  6 20:32:00 hqnl0246134 sshd[252038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 20:32:04,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351524.2619565, 'message': 'Dec  6 20:32:02 hqnl0246134 sshd[252038]: Failed password for root from 61.177.173.18 port 38199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 20:32:06,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351526.2649717, 'message': 'Dec  6 20:32:04 hqnl0246134 sshd[252059]: Invalid user xia from 210.19.254.6 port 47823', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:32:06,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351526.265249, 'message': 'Dec  6 20:32:04 hqnl0246134 sshd[252059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:32:06,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351526.2664125, 'message': 'Dec  6 20:32:04 hqnl0246134 sshd[252059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:32:08,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351528.2676468, 'message': 'Dec  6 20:32:06 hqnl0246134 sshd[252059]: Failed password for invalid user xia from 210.19.254.6 port 47823 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 20:32:10,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:32:10,179] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0531 seconds
INFO    [2022-12-06 20:32:10,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351530.2687018, 'message': 'Dec  6 20:32:08 hqnl0246134 sshd[252059]: Disconnected from invalid user xia 210.19.254.6 port 47823 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:32:18,221] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:32:18,222] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:32:18,238] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:32:18,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-06 20:32:21,247] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:32:21,248] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:32:21,255] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:32:21,266] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 20:32:33,491] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:32:33,560] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:32:33,561] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:32:33,561] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:32:33,561] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:32:33,562] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:32:33,573] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:32:33,589] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0265 seconds
WARNING [2022-12-06 20:32:33,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:32:33,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:32:33,615] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-06 20:32:33,617] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0300 seconds
INFO    [2022-12-06 20:32:42,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351562.310806, 'message': 'Dec  6 20:32:41 hqnl0246134 sshd[252097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 20:32:42,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351562.311733, 'message': 'Dec  6 20:32:41 hqnl0246134 sshd[252097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:32:44,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351564.3100257, 'message': 'Dec  6 20:32:42 hqnl0246134 sshd[252097]: Failed password for root from 61.177.173.18 port 63872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 20:32:44,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351564.3103786, 'message': 'Dec  6 20:32:43 hqnl0246134 sshd[252097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:32:46,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351566.312474, 'message': 'Dec  6 20:32:45 hqnl0246134 sshd[252097]: Failed password for root from 61.177.173.18 port 63872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 20:32:46,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351566.3128924, 'message': 'Dec  6 20:32:46 hqnl0246134 sshd[252097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 20:32:48,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351568.3172975, 'message': 'Dec  6 20:32:47 hqnl0246134 sshd[252097]: Failed password for root from 61.177.173.18 port 63872 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0272 seconds
WARNING [2022-12-06 20:32:48,720] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:32:48,721] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:32:52,026] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:32:52,026] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:32:52,039] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:32:52,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 20:33:04,107] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:33:04,108] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:33:04,110] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 20:33:10,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:33:10,161] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0306 seconds
INFO    [2022-12-06 20:33:18,021] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:33:18,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:33:18,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:33:18,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:33:20,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:33:20,776] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:33:20,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:33:20,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 20:33:28,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351608.384385, 'message': 'Dec  6 20:33:28 hqnl0246134 sshd[252157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 20:33:28,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351608.3846767, 'message': 'Dec  6 20:33:28 hqnl0246134 sshd[252157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 20:33:30,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351610.3858197, 'message': 'Dec  6 20:33:29 hqnl0246134 sshd[252157]: Failed password for root from 61.177.173.18 port 34574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 20:33:30,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351610.3863468, 'message': 'Dec  6 20:33:30 hqnl0246134 sshd[252157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 20:33:32,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351612.3890905, 'message': 'Dec  6 20:33:32 hqnl0246134 sshd[252157]: Failed password for root from 61.177.173.18 port 34574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 20:33:34,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351614.3906796, 'message': 'Dec  6 20:33:32 hqnl0246134 sshd[252157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 20:33:36,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351616.3923156, 'message': 'Dec  6 20:33:34 hqnl0246134 sshd[252157]: Failed password for root from 61.177.173.18 port 34574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:33:38,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670351618.395436, 'message': 'Dec  6 20:33:38 hqnl0246134 sshd[252170]: Invalid user user14 from 110.93.245.190 port 39539', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:33:40,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.93.245.190', 'timestamp': 1670351620.3961926, 'message': 'Dec  6 20:33:38 hqnl0246134 sshd[252170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.93.245.190 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:33:40,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.93.245.190', 'timestamp': 1670351620.3965359, 'message': 'Dec  6 20:33:38 hqnl0246134 sshd[252170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.93.245.190 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 20:33:40,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670351620.3966954, 'message': 'Dec  6 20:33:40 hqnl0246134 sshd[252170]: Failed password for invalid user user14 from 110.93.245.190 port 39539 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:33:42,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670351622.4036627, 'message': 'Dec  6 20:33:40 hqnl0246134 sshd[252170]: Disconnected from invalid user user14 110.93.245.190 port 39539 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 20:33:48,726] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:33:48,728] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:34:10,144] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:34:10,174] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0396 seconds
INFO    [2022-12-06 20:34:16,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351656.4746292, 'message': 'Dec  6 20:34:15 hqnl0246134 sshd[252194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:34:16,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351656.4749393, 'message': 'Dec  6 20:34:15 hqnl0246134 sshd[252194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:34:18,049] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:34:18,050] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:34:18,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:34:18,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 20:34:18,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351658.477007, 'message': 'Dec  6 20:34:17 hqnl0246134 sshd[252194]: Failed password for root from 61.177.173.18 port 63131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:34:20,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351660.4774647, 'message': 'Dec  6 20:34:19 hqnl0246134 sshd[252194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:34:20,748] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:34:20,748] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:34:20,761] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:34:20,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
INFO    [2022-12-06 20:34:22,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351662.4802806, 'message': 'Dec  6 20:34:21 hqnl0246134 sshd[252194]: Failed password for root from 61.177.173.18 port 63131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:34:22,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351662.48048, 'message': 'Dec  6 20:34:21 hqnl0246134 sshd[252194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:34:24,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351664.484806, 'message': 'Dec  6 20:34:23 hqnl0246134 sshd[252194]: Failed password for root from 61.177.173.18 port 63131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:34:28,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:34:28,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:34:28,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:34:28,820] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 20:34:48,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351688.5288842, 'message': 'Dec  6 20:34:47 hqnl0246134 sshd[252223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 124.82.89.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-06 20:34:48,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351688.5307531, 'message': 'Dec  6 20:34:47 hqnl0246134 sshd[252223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.82.89.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0395 seconds
WARNING [2022-12-06 20:34:48,732] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:34:48,733] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:34:50,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '124.82.89.207', 'timestamp': 1670351690.5308945, 'message': 'Dec  6 20:34:48 hqnl0246134 sshd[252223]: Failed password for root from 124.82.89.207 port 49608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:34:54,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.181.148.162', 'timestamp': 1670351694.5398986, 'message': 'Dec  6 20:34:54 hqnl0246134 sshd[252226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.181.148.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 20:34:54,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.181.148.162', 'timestamp': 1670351694.5404146, 'message': 'Dec  6 20:34:54 hqnl0246134 sshd[252226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.181.148.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:34:56,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.181.148.162', 'timestamp': 1670351696.5444207, 'message': 'Dec  6 20:34:55 hqnl0246134 sshd[252226]: Failed password for root from 168.181.148.162 port 39094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:35:04,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351704.553126, 'message': 'Dec  6 20:35:02 hqnl0246134 sshd[252230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 20:35:04,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351704.5534966, 'message': 'Dec  6 20:35:02 hqnl0246134 sshd[252230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 20:35:06,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351706.5536716, 'message': 'Dec  6 20:35:04 hqnl0246134 sshd[252230]: Failed password for root from 61.177.173.18 port 37137 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 20:35:08,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351708.5569682, 'message': 'Dec  6 20:35:06 hqnl0246134 sshd[252230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 20:35:10,147] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:35:10,170] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0309 seconds
INFO    [2022-12-06 20:35:10,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351710.5615897, 'message': 'Dec  6 20:35:08 hqnl0246134 sshd[252230]: Failed password for root from 61.177.173.18 port 37137 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 20:35:10,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351710.5618844, 'message': 'Dec  6 20:35:09 hqnl0246134 sshd[252230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 20:35:12,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351712.573744, 'message': 'Dec  6 20:35:11 hqnl0246134 sshd[252230]: Failed password for root from 61.177.173.18 port 37137 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 20:35:12,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670351712.5739899, 'message': 'Dec  6 20:35:12 hqnl0246134 sshd[252266]: Invalid user user from 122.160.62.57 port 55512', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 20:35:14,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.160.62.57', 'timestamp': 1670351714.569128, 'message': 'Dec  6 20:35:12 hqnl0246134 sshd[252266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.160.62.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 20:35:14,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.160.62.57', 'timestamp': 1670351714.5693393, 'message': 'Dec  6 20:35:12 hqnl0246134 sshd[252266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.160.62.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:35:14,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670351714.5694642, 'message': 'Dec  6 20:35:14 hqnl0246134 sshd[252266]: Failed password for invalid user user from 122.160.62.57 port 55512 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:35:14,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670351714.5695684, 'message': 'Dec  6 20:35:14 hqnl0246134 sshd[252266]: Disconnected from invalid user user 122.160.62.57 port 55512 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:35:16,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351716.5709925, 'message': 'Dec  6 20:35:14 hqnl0246134 sshd[252272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:35:16,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351716.5713282, 'message': 'Dec  6 20:35:14 hqnl0246134 sshd[252272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 20:35:17,947] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:35:17,948] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:35:17,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:35:17,966] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 20:35:18,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351718.5736182, 'message': 'Dec  6 20:35:16 hqnl0246134 sshd[252272]: Failed password for root from 210.19.254.6 port 41531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 20:35:20,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:35:20,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:35:20,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:35:20,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-06 20:35:48,736] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:35:48,738] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:35:50,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351750.619424, 'message': 'Dec  6 20:35:49 hqnl0246134 sshd[252299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:35:50,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351750.6212473, 'message': 'Dec  6 20:35:49 hqnl0246134 sshd[252299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1272 seconds
INFO    [2022-12-06 20:35:52,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351752.6180284, 'message': 'Dec  6 20:35:51 hqnl0246134 sshd[252299]: Failed password for root from 61.177.173.18 port 63080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:35:52,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351752.6182437, 'message': 'Dec  6 20:35:52 hqnl0246134 sshd[252299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:35:54,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351754.6226852, 'message': 'Dec  6 20:35:54 hqnl0246134 sshd[252299]: Failed password for root from 61.177.173.18 port 63080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:35:56,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351756.6252496, 'message': 'Dec  6 20:35:56 hqnl0246134 sshd[252299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:35:58,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351758.6308112, 'message': 'Dec  6 20:35:58 hqnl0246134 sshd[252299]: Failed password for root from 61.177.173.18 port 63080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 20:36:03,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:36:03,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:36:03,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:36:03,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 20:36:10,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:36:10,173] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-06 20:36:17,750] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:36:17,751] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:36:17,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:36:17,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 20:36:20,447] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:36:20,449] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:36:20,458] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:36:20,469] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 20:36:38,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351798.667857, 'message': 'Dec  6 20:36:37 hqnl0246134 sshd[252350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 20:36:38,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351798.668891, 'message': 'Dec  6 20:36:37 hqnl0246134 sshd[252350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 20:36:40,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351800.6662314, 'message': 'Dec  6 20:36:38 hqnl0246134 sshd[252350]: Failed password for root from 61.177.173.18 port 28978 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0696 seconds
INFO    [2022-12-06 20:36:40,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351800.666462, 'message': 'Dec  6 20:36:39 hqnl0246134 sshd[252350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 20:36:42,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351802.6689866, 'message': 'Dec  6 20:36:41 hqnl0246134 sshd[252350]: Failed password for root from 61.177.173.18 port 28978 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 20:36:42,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351802.6693158, 'message': 'Dec  6 20:36:41 hqnl0246134 sshd[252350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:36:44,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351804.6715872, 'message': 'Dec  6 20:36:43 hqnl0246134 sshd[252350]: Failed password for root from 61.177.173.18 port 28978 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 20:36:48,742] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:36:48,743] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:37:10,161] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:37:10,182] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-06 20:37:17,808] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:37:17,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:37:17,816] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:37:17,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 20:37:20,442] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:37:20,443] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:37:20,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:37:20,473] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-06 20:37:22,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.174.45.29', 'timestamp': 1670351842.710814, 'message': 'Dec  6 20:37:20 hqnl0246134 sshd[252413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.174.45.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:37:22,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.174.45.29', 'timestamp': 1670351842.7110286, 'message': 'Dec  6 20:37:20 hqnl0246134 sshd[252413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.45.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1518 seconds
INFO    [2022-12-06 20:37:24,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '118.174.45.29', 'timestamp': 1670351844.7128236, 'message': 'Dec  6 20:37:23 hqnl0246134 sshd[252413]: Failed password for root from 118.174.45.29 port 33310 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:37:26,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351846.7175426, 'message': 'Dec  6 20:37:26 hqnl0246134 sshd[252419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 20:37:26,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670351846.7178605, 'message': 'Dec  6 20:37:26 hqnl0246134 sshd[252421]: Invalid user elk from 128.199.123.93 port 48876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 20:37:26,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351846.717734, 'message': 'Dec  6 20:37:26 hqnl0246134 sshd[252419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 20:37:27,781] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:37:27,782] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:37:27,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:37:27,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 20:37:28,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.123.93', 'timestamp': 1670351848.7213435, 'message': 'Dec  6 20:37:26 hqnl0246134 sshd[252421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.123.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 20:37:28,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351848.7217062, 'message': 'Dec  6 20:37:27 hqnl0246134 sshd[252419]: Failed password for root from 61.177.173.18 port 61207 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 20:37:28,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.123.93', 'timestamp': 1670351848.721528, 'message': 'Dec  6 20:37:26 hqnl0246134 sshd[252421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.123.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:37:28,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351848.7218106, 'message': 'Dec  6 20:37:28 hqnl0246134 sshd[252419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 20:37:28,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670351848.7219267, 'message': 'Dec  6 20:37:28 hqnl0246134 sshd[252421]: Failed password for invalid user elk from 128.199.123.93 port 48876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:37:30,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670351850.7250676, 'message': 'Dec  6 20:37:30 hqnl0246134 sshd[252421]: Disconnected from invalid user elk 128.199.123.93 port 48876 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 20:37:32,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351852.7278013, 'message': 'Dec  6 20:37:31 hqnl0246134 sshd[252419]: Failed password for root from 61.177.173.18 port 61207 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:37:34,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351854.7308164, 'message': 'Dec  6 20:37:32 hqnl0246134 sshd[252419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 20:37:36,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351856.7329235, 'message': 'Dec  6 20:37:35 hqnl0246134 sshd[252419]: Failed password for root from 61.177.173.18 port 61207 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-06 20:37:48,745] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:37:48,747] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:38:06,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351886.789571, 'message': 'Dec  6 20:38:05 hqnl0246134 sshd[252454]: Invalid user admin from 210.19.254.6 port 34020', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 20:38:06,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351886.7900321, 'message': 'Dec  6 20:38:05 hqnl0246134 sshd[252454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:38:06,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351886.7902527, 'message': 'Dec  6 20:38:05 hqnl0246134 sshd[252454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:38:08,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351888.790043, 'message': 'Dec  6 20:38:08 hqnl0246134 sshd[252454]: Failed password for invalid user admin from 210.19.254.6 port 34020 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 20:38:10,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:38:10,194] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 20:38:10,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670351890.7915144, 'message': 'Dec  6 20:38:09 hqnl0246134 sshd[252454]: Disconnected from invalid user admin 210.19.254.6 port 34020 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 20:38:14,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351894.7956538, 'message': 'Dec  6 20:38:14 hqnl0246134 sshd[252468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 20:38:14,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351894.7960286, 'message': 'Dec  6 20:38:14 hqnl0246134 sshd[252468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:38:18,173] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:38:18,174] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:38:18,185] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:38:18,197] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 20:38:18,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351898.7978306, 'message': 'Dec  6 20:38:16 hqnl0246134 sshd[252468]: Failed password for root from 61.177.173.18 port 32733 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:38:18,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351898.7980018, 'message': 'Dec  6 20:38:18 hqnl0246134 sshd[252468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:38:20,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351900.7990665, 'message': 'Dec  6 20:38:20 hqnl0246134 sshd[252468]: Failed password for root from 61.177.173.18 port 32733 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:38:20,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:38:20,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:38:20,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:38:20,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-06 20:38:22,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351902.8031297, 'message': 'Dec  6 20:38:20 hqnl0246134 sshd[252468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 20:38:24,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351904.8077066, 'message': 'Dec  6 20:38:22 hqnl0246134 sshd[252468]: Failed password for root from 61.177.173.18 port 32733 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:38:44,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670351924.8393323, 'message': 'Dec  6 20:38:43 hqnl0246134 sshd[252501]: Invalid user dev from 103.187.146.200 port 53222', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 20:38:44,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.200', 'timestamp': 1670351924.8401716, 'message': 'Dec  6 20:38:44 hqnl0246134 sshd[252501]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:38:44,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.200', 'timestamp': 1670351924.8403912, 'message': 'Dec  6 20:38:44 hqnl0246134 sshd[252501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.200 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:38:46,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670351926.8382475, 'message': 'Dec  6 20:38:46 hqnl0246134 sshd[252501]: Failed password for invalid user dev from 103.187.146.200 port 53222 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 20:38:46,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670351926.8384836, 'message': 'Dec  6 20:38:46 hqnl0246134 sshd[252501]: Disconnected from invalid user dev 103.187.146.200 port 53222 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 20:38:48,751] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:38:48,752] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:38:49,406] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:38:49,406] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:38:49,414] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:38:49,426] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 20:39:04,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351944.8588414, 'message': 'Dec  6 20:39:03 hqnl0246134 sshd[252648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:39:04,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351944.8593423, 'message': 'Dec  6 20:39:03 hqnl0246134 sshd[252648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:39:06,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351946.8619673, 'message': 'Dec  6 20:39:05 hqnl0246134 sshd[252648]: Failed password for root from 61.177.173.18 port 10567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 20:39:08,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351948.865278, 'message': 'Dec  6 20:39:07 hqnl0246134 sshd[252648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
WARNING [2022-12-06 20:39:10,168] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:39:10,188] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0276 seconds
INFO    [2022-12-06 20:39:10,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351950.8693745, 'message': 'Dec  6 20:39:09 hqnl0246134 sshd[252648]: Failed password for root from 61.177.173.18 port 10567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 20:39:10,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351950.869565, 'message': 'Dec  6 20:39:09 hqnl0246134 sshd[252648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 20:39:12,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351952.8743052, 'message': 'Dec  6 20:39:11 hqnl0246134 sshd[252648]: Failed password for root from 61.177.173.18 port 10567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 20:39:17,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:39:17,795] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:39:17,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:39:17,814] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 20:39:20,487] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:39:20,487] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:39:20,494] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:39:20,505] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 20:39:46,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670351986.9476523, 'message': 'Dec  6 20:39:46 hqnl0246134 sshd[252682]: Invalid user el from 168.138.7.117 port 36362', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:39:46,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.138.7.117', 'timestamp': 1670351986.9485269, 'message': 'Dec  6 20:39:46 hqnl0246134 sshd[252682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.7.117 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 20:39:48,756] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:39:48,757] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:39:50,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670351990.9572868, 'message': 'Dec  6 20:39:48 hqnl0246134 sshd[252682]: Failed password for invalid user el from 168.138.7.117 port 36362 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:39:50,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351990.9575741, 'message': 'Dec  6 20:39:49 hqnl0246134 sshd[252686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 20:39:51,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670351990.9585493, 'message': 'Dec  6 20:39:50 hqnl0246134 sshd[252682]: Disconnected from invalid user el 168.138.7.117 port 36362 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 20:39:51,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351990.958431, 'message': 'Dec  6 20:39:49 hqnl0246134 sshd[252686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 20:39:52,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351992.959814, 'message': 'Dec  6 20:39:52 hqnl0246134 sshd[252686]: Failed password for root from 61.177.173.18 port 32622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 20:39:54,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351994.9625585, 'message': 'Dec  6 20:39:54 hqnl0246134 sshd[252686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 20:39:56,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351996.9652324, 'message': 'Dec  6 20:39:55 hqnl0246134 sshd[252686]: Failed password for root from 61.177.173.18 port 32622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 20:39:57,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351996.9654357, 'message': 'Dec  6 20:39:56 hqnl0246134 sshd[252686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:39:58,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670351998.9693718, 'message': 'Dec  6 20:39:58 hqnl0246134 sshd[252686]: Failed password for root from 61.177.173.18 port 32622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:40:01,211] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:40:01,290] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:40:01,291] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:40:01,291] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:40:01,291] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:40:01,292] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:40:01,319] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:40:01,358] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0658 seconds
WARNING [2022-12-06 20:40:01,370] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:40:01,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:40:01,410] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0618 seconds
INFO    [2022-12-06 20:40:01,413] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0586 seconds
INFO    [2022-12-06 20:40:07,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352007.0003645, 'message': 'Dec  6 20:40:05 hqnl0246134 sshd[252708]: Invalid user admin from 210.19.254.6 port 49686', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 20:40:07,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352007.0008843, 'message': 'Dec  6 20:40:05 hqnl0246134 sshd[252708]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:40:07,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352007.001097, 'message': 'Dec  6 20:40:05 hqnl0246134 sshd[252708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:40:07,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352007.001316, 'message': 'Dec  6 20:40:06 hqnl0246134 sshd[252708]: Failed password for invalid user admin from 210.19.254.6 port 49686 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:40:09,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352009.0021806, 'message': 'Dec  6 20:40:07 hqnl0246134 sshd[252708]: Disconnected from invalid user admin 210.19.254.6 port 49686 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 20:40:10,170] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:40:10,191] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0278 seconds
INFO    [2022-12-06 20:40:17,793] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:40:17,793] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:40:17,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:40:17,811] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 20:40:20,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:40:20,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:40:20,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:40:20,440] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 20:40:37,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352037.0660024, 'message': 'Dec  6 20:40:36 hqnl0246134 sshd[252743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 20:40:37,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352037.0663726, 'message': 'Dec  6 20:40:36 hqnl0246134 sshd[252743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:40:39,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352039.0683246, 'message': 'Dec  6 20:40:38 hqnl0246134 sshd[252743]: Failed password for root from 61.177.173.18 port 59209 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:40:39,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352039.068688, 'message': 'Dec  6 20:40:39 hqnl0246134 sshd[252743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 20:40:39,428] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:40:39,428] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:40:39,429] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 20:40:41,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352041.0675173, 'message': 'Dec  6 20:40:40 hqnl0246134 sshd[252776]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.227.16.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 20:40:41,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352041.068042, 'message': 'Dec  6 20:40:40 hqnl0246134 sshd[252743]: Failed password for root from 61.177.173.18 port 59209 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 20:40:41,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352041.0678935, 'message': 'Dec  6 20:40:40 hqnl0246134 sshd[252776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.227.16.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:40:43,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352043.0698235, 'message': 'Dec  6 20:40:41 hqnl0246134 sshd[252743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-06 20:40:43,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352043.070253, 'message': 'Dec  6 20:40:42 hqnl0246134 sshd[252776]: Failed password for root from 193.227.16.23 port 42278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-06 20:40:43,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352043.0704412, 'message': 'Dec  6 20:40:42 hqnl0246134 sshd[252743]: Failed password for root from 61.177.173.18 port 59209 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:40:46,243] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:40:46,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:40:46,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:40:46,265] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
WARNING [2022-12-06 20:40:48,760] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:40:48,761] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:40:57,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.237.179', 'timestamp': 1670352057.1057127, 'message': 'Dec  6 20:40:55 hqnl0246134 sshd[252785]: Invalid user pedro from 115.246.237.179 port 41068', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 20:40:57,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.246.237.179', 'timestamp': 1670352057.1060715, 'message': 'Dec  6 20:40:55 hqnl0246134 sshd[252785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.246.237.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:40:57,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.246.237.179', 'timestamp': 1670352057.1062584, 'message': 'Dec  6 20:40:55 hqnl0246134 sshd[252785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.246.237.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:40:59,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.237.179', 'timestamp': 1670352059.105847, 'message': 'Dec  6 20:40:57 hqnl0246134 sshd[252785]: Failed password for invalid user pedro from 115.246.237.179 port 41068 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:40:59,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.246.237.179', 'timestamp': 1670352059.1063008, 'message': 'Dec  6 20:40:59 hqnl0246134 sshd[252785]: Disconnected from invalid user pedro 115.246.237.179 port 41068 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 20:41:10,181] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:41:10,205] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0336 seconds
INFO    [2022-12-06 20:41:15,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352075.1308782, 'message': 'Dec  6 20:41:13 hqnl0246134 sshd[252805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.69.161.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:41:15,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352075.1313007, 'message': 'Dec  6 20:41:13 hqnl0246134 sshd[252805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.69.161.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 20:41:17,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352077.1332133, 'message': 'Dec  6 20:41:15 hqnl0246134 sshd[252805]: Failed password for root from 151.69.161.84 port 41900 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 20:41:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:41:17,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:41:17,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:41:17,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 20:41:20,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:41:20,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:41:20,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:41:20,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-06 20:41:25,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352085.141098, 'message': 'Dec  6 20:41:25 hqnl0246134 sshd[252822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:41:25,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352085.1488907, 'message': 'Dec  6 20:41:25 hqnl0246134 sshd[252822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:41:27,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352087.1423173, 'message': 'Dec  6 20:41:27 hqnl0246134 sshd[252822]: Failed password for root from 61.177.173.18 port 45453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:41:29,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352089.144823, 'message': 'Dec  6 20:41:27 hqnl0246134 sshd[252822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 20:41:31,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352091.1488895, 'message': 'Dec  6 20:41:29 hqnl0246134 sshd[252822]: Failed password for root from 61.177.173.18 port 45453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 20:41:31,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352091.1494744, 'message': 'Dec  6 20:41:30 hqnl0246134 sshd[252826]: Invalid user user from 168.181.148.162 port 60858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 20:41:31,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352091.1492991, 'message': 'Dec  6 20:41:29 hqnl0246134 sshd[252822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 20:41:31,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352091.1495829, 'message': 'Dec  6 20:41:30 hqnl0246134 sshd[252826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.181.148.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 20:41:31,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352091.149862, 'message': 'Dec  6 20:41:30 hqnl0246134 sshd[252822]: Failed password for root from 61.177.173.18 port 45453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 20:41:31,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352091.1497164, 'message': 'Dec  6 20:41:30 hqnl0246134 sshd[252826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.181.148.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 20:41:33,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352093.1513045, 'message': 'Dec  6 20:41:32 hqnl0246134 sshd[252826]: Failed password for invalid user user from 168.181.148.162 port 60858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 20:41:33,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352093.1515973, 'message': 'Dec  6 20:41:32 hqnl0246134 sshd[252826]: Disconnected from invalid user user 168.181.148.162 port 60858 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-06 20:41:48,766] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:41:48,768] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:41:53,981] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 20:41:59,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.183.75.88', 'timestamp': 1670352119.2057579, 'message': 'Dec  6 20:41:57 hqnl0246134 sshd[252869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.183.75.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:41:59,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.183.75.88', 'timestamp': 1670352119.2063925, 'message': 'Dec  6 20:41:57 hqnl0246134 sshd[252869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.183.75.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:42:01,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.183.75.88', 'timestamp': 1670352121.2063012, 'message': 'Dec  6 20:41:59 hqnl0246134 sshd[252869]: Failed password for root from 103.183.75.88 port 50498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 20:42:01,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352121.2064722, 'message': 'Dec  6 20:42:00 hqnl0246134 sshd[252879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-06 20:42:01,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352121.2065837, 'message': 'Dec  6 20:42:00 hqnl0246134 sshd[252879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 20:42:03,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352123.2099304, 'message': 'Dec  6 20:42:01 hqnl0246134 sshd[252879]: Failed password for root from 210.19.254.6 port 36836 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 20:42:04,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:42:04,503] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:42:04,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:42:04,530] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-06 20:42:07,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352127.2141035, 'message': 'Dec  6 20:42:06 hqnl0246134 sshd[252895]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.60.92.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 20:42:07,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352127.2146015, 'message': 'Dec  6 20:42:06 hqnl0246134 sshd[252895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.60.92.170  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 20:42:09,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352129.2145152, 'message': 'Dec  6 20:42:07 hqnl0246134 sshd[252895]: Failed password for root from 200.60.92.170 port 54018 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 20:42:10,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:42:10,213] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0381 seconds
INFO    [2022-12-06 20:42:11,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352131.2176592, 'message': 'Dec  6 20:42:10 hqnl0246134 sshd[252905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:42:11,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352131.2178392, 'message': 'Dec  6 20:42:10 hqnl0246134 sshd[252905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:42:13,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352133.221406, 'message': 'Dec  6 20:42:12 hqnl0246134 sshd[252905]: Failed password for root from 61.177.173.18 port 55172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 20:42:15,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352135.2217805, 'message': 'Dec  6 20:42:14 hqnl0246134 sshd[252905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 20:42:17,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352137.2244065, 'message': 'Dec  6 20:42:16 hqnl0246134 sshd[252905]: Failed password for root from 61.177.173.18 port 55172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:42:17,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352137.2246141, 'message': 'Dec  6 20:42:17 hqnl0246134 sshd[252905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:42:17,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:42:17,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:42:17,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:42:17,862] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 20:42:19,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352139.2257307, 'message': 'Dec  6 20:42:18 hqnl0246134 sshd[252905]: Failed password for root from 61.177.173.18 port 55172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:42:20,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:42:20,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:42:20,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:42:20,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-06 20:42:48,771] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:42:48,772] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:42:59,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352179.2751317, 'message': 'Dec  6 20:42:58 hqnl0246134 sshd[252935]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 20:42:59,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352179.2757363, 'message': 'Dec  6 20:42:58 hqnl0246134 sshd[252935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:43:03,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352183.2779155, 'message': 'Dec  6 20:43:01 hqnl0246134 sshd[252935]: Failed password for root from 61.177.173.18 port 26374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:43:03,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352183.2781, 'message': 'Dec  6 20:43:03 hqnl0246134 sshd[252935]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:43:07,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352187.2818673, 'message': 'Dec  6 20:43:05 hqnl0246134 sshd[252935]: Failed password for root from 61.177.173.18 port 26374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 20:43:09,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352189.2856305, 'message': 'Dec  6 20:43:07 hqnl0246134 sshd[252935]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-06 20:43:10,190] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:43:10,222] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0428 seconds
INFO    [2022-12-06 20:43:11,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352191.288091, 'message': 'Dec  6 20:43:09 hqnl0246134 sshd[252935]: Failed password for root from 61.177.173.18 port 26374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:43:12,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:43:12,336] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:43:12,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:43:12,356] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 20:43:13,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352193.2918344, 'message': 'Dec  6 20:43:12 hqnl0246134 sshd[252956]: Invalid user elk from 110.93.245.190 port 37504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:43:13,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352193.2920702, 'message': 'Dec  6 20:43:12 hqnl0246134 sshd[252956]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.93.245.190 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:43:13,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352193.2923129, 'message': 'Dec  6 20:43:12 hqnl0246134 sshd[252956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.93.245.190 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:43:15,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352195.29421, 'message': 'Dec  6 20:43:14 hqnl0246134 sshd[252956]: Failed password for invalid user elk from 110.93.245.190 port 37504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 20:43:15,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352195.294446, 'message': 'Dec  6 20:43:14 hqnl0246134 sshd[252956]: Disconnected from invalid user elk 110.93.245.190 port 37504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:43:17,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352197.297599, 'message': 'Dec  6 20:43:16 hqnl0246134 sshd[252961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.123.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:43:17,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352197.2978222, 'message': 'Dec  6 20:43:16 hqnl0246134 sshd[252961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.123.93  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 20:43:17,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:43:17,841] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:43:17,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:43:17,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
INFO    [2022-12-06 20:43:19,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352199.2985878, 'message': 'Dec  6 20:43:18 hqnl0246134 sshd[252961]: Failed password for root from 128.199.123.93 port 46344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:43:20,454] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:43:20,455] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:43:20,462] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:43:20,474] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 20:43:47,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352227.3293512, 'message': 'Dec  6 20:43:47 hqnl0246134 sshd[252983]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:43:47,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352227.329871, 'message': 'Dec  6 20:43:47 hqnl0246134 sshd[252983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 20:43:48,774] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:43:48,775] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:43:51,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352231.3329697, 'message': 'Dec  6 20:43:49 hqnl0246134 sshd[252983]: Failed password for root from 61.177.173.18 port 52005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:43:53,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352233.3335137, 'message': 'Dec  6 20:43:51 hqnl0246134 sshd[252983]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 20:43:55,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352235.3360305, 'message': 'Dec  6 20:43:53 hqnl0246134 sshd[252983]: Failed password for root from 61.177.173.18 port 52005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:43:57,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352237.3406756, 'message': 'Dec  6 20:43:55 hqnl0246134 sshd[252983]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 20:43:59,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352239.343716, 'message': 'Dec  6 20:43:57 hqnl0246134 sshd[252983]: Failed password for root from 61.177.173.18 port 52005 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 20:44:07,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352247.3519785, 'message': 'Dec  6 20:44:05 hqnl0246134 sshd[253024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.69.161.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 20:44:07,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352247.3523917, 'message': 'Dec  6 20:44:05 hqnl0246134 sshd[253024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.69.161.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:44:09,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352249.3536181, 'message': 'Dec  6 20:44:07 hqnl0246134 sshd[253024]: Failed password for root from 151.69.161.84 port 60388 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 20:44:10,201] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:10,241] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0563 seconds
INFO    [2022-12-06 20:44:18,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:44:18,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:44:18,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:18,094] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 20:44:19,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352259.3651109, 'message': 'Dec  6 20:44:18 hqnl0246134 sshd[253039]: Invalid user Justin from 168.181.148.162 port 43222', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 20:44:19,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352259.3654752, 'message': 'Dec  6 20:44:18 hqnl0246134 sshd[253039]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.181.148.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:44:19,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352259.365624, 'message': 'Dec  6 20:44:18 hqnl0246134 sshd[253039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.181.148.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:44:20,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:44:20,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:44:20,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:20,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0386 seconds
INFO    [2022-12-06 20:44:21,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352261.3680167, 'message': 'Dec  6 20:44:20 hqnl0246134 sshd[253039]: Failed password for invalid user Justin from 168.181.148.162 port 43222 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:44:21,636] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:44:21,708] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:44:21,708] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:44:21,708] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:44:21,709] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:44:21,709] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:44:21,723] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:44:21,739] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0297 seconds
WARNING [2022-12-06 20:44:21,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:44:21,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:21,764] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0302 seconds
INFO    [2022-12-06 20:44:21,765] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0280 seconds
INFO    [2022-12-06 20:44:23,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352263.3703134, 'message': 'Dec  6 20:44:21 hqnl0246134 sshd[253039]: Disconnected from invalid user Justin 168.181.148.162 port 43222 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:44:24,594] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:44:24,595] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:44:24,606] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:24,619] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 20:44:37,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352277.3835266, 'message': 'Dec  6 20:44:36 hqnl0246134 sshd[253058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:44:37,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352277.385028, 'message': 'Dec  6 20:44:36 hqnl0246134 sshd[253058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:44:39,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352279.3837037, 'message': 'Dec  6 20:44:38 hqnl0246134 sshd[253058]: Failed password for root from 61.177.173.18 port 31059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:44:39,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352279.383972, 'message': 'Dec  6 20:44:38 hqnl0246134 sshd[253058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:44:41,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352281.3859684, 'message': 'Dec  6 20:44:40 hqnl0246134 sshd[253058]: Failed password for root from 61.177.173.18 port 31059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:44:41,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352281.3862753, 'message': 'Dec  6 20:44:40 hqnl0246134 sshd[253058]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:44:45,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352285.3910587, 'message': 'Dec  6 20:44:43 hqnl0246134 sshd[253058]: Failed password for root from 61.177.173.18 port 31059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 20:44:48,778] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:44:48,779] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:44:50,633] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:44:50,633] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:44:50,641] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:44:50,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 20:44:52,379] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:44:52,379] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:44:52,380] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 20:45:07,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352307.4199407, 'message': 'Dec  6 20:45:05 hqnl0246134 sshd[253112]: Invalid user elk from 72.165.240.194 port 35010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:45:07,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352307.420519, 'message': 'Dec  6 20:45:05 hqnl0246134 sshd[253112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 72.165.240.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 20:45:07,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352307.42079, 'message': 'Dec  6 20:45:05 hqnl0246134 sshd[253112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.165.240.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:45:09,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352309.4204671, 'message': 'Dec  6 20:45:08 hqnl0246134 sshd[253112]: Failed password for invalid user elk from 72.165.240.194 port 35010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 20:45:09,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352309.4206882, 'message': 'Dec  6 20:45:09 hqnl0246134 sshd[253112]: Disconnected from invalid user elk 72.165.240.194 port 35010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 20:45:10,196] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:45:10,215] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0262 seconds
INFO    [2022-12-06 20:45:15,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352315.4317071, 'message': 'Dec  6 20:45:14 hqnl0246134 sshd[253130]: Invalid user admin from 200.60.92.170 port 43242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 20:45:15,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352315.4319477, 'message': 'Dec  6 20:45:14 hqnl0246134 sshd[253130]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.60.92.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:45:15,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352315.432103, 'message': 'Dec  6 20:45:14 hqnl0246134 sshd[253130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.60.92.170 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:45:17,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352317.4344392, 'message': 'Dec  6 20:45:16 hqnl0246134 sshd[253130]: Failed password for invalid user admin from 200.60.92.170 port 43242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 20:45:17,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352317.434787, 'message': 'Dec  6 20:45:17 hqnl0246134 sshd[253135]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.174.45.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 20:45:17,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352317.4346547, 'message': 'Dec  6 20:45:16 hqnl0246134 sshd[253130]: Disconnected from invalid user admin 200.60.92.170 port 43242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 20:45:17,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352317.43493, 'message': 'Dec  6 20:45:17 hqnl0246134 sshd[253135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.45.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 20:45:17,873] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:45:17,874] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:45:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:45:17,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 20:45:19,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352319.434325, 'message': 'Dec  6 20:45:19 hqnl0246134 sshd[253135]: Failed password for root from 118.174.45.29 port 60292 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 20:45:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:45:20,610] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:45:20,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:45:20,628] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 20:45:25,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352325.4408822, 'message': 'Dec  6 20:45:23 hqnl0246134 sshd[253152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:45:25,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352325.4413655, 'message': 'Dec  6 20:45:23 hqnl0246134 sshd[253152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:45:25,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352325.4414945, 'message': 'Dec  6 20:45:25 hqnl0246134 sshd[253152]: Failed password for root from 61.177.173.18 port 49322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:45:27,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352327.4431832, 'message': 'Dec  6 20:45:25 hqnl0246134 sshd[253152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 20:45:27,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352327.4435966, 'message': 'Dec  6 20:45:27 hqnl0246134 sshd[253152]: Failed password for root from 61.177.173.18 port 49322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1133 seconds
INFO    [2022-12-06 20:45:29,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352329.446857, 'message': 'Dec  6 20:45:28 hqnl0246134 sshd[253152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:45:31,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352331.4516401, 'message': 'Dec  6 20:45:30 hqnl0246134 sshd[253152]: Failed password for root from 61.177.173.18 port 49322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 20:45:48,781] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:45:48,782] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:46:05,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352365.5013354, 'message': 'Dec  6 20:46:04 hqnl0246134 sshd[253186]: Invalid user user14 from 128.199.123.93 port 57352', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 20:46:05,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352365.5017657, 'message': 'Dec  6 20:46:04 hqnl0246134 sshd[253186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.123.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 20:46:05,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352365.5019364, 'message': 'Dec  6 20:46:04 hqnl0246134 sshd[253186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.123.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:46:07,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352367.5022924, 'message': 'Dec  6 20:46:07 hqnl0246134 sshd[253186]: Failed password for invalid user user14 from 128.199.123.93 port 57352 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 20:46:07,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352367.502621, 'message': 'Dec  6 20:46:07 hqnl0246134 sshd[253186]: Disconnected from invalid user user14 128.199.123.93 port 57352 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 20:46:10,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:46:10,227] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-06 20:46:10,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:46:10,332] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:46:10,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:46:10,353] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 20:46:11,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352371.5091012, 'message': 'Dec  6 20:46:10 hqnl0246134 sshd[253199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 20:46:11,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352371.5094047, 'message': 'Dec  6 20:46:10 hqnl0246134 sshd[253199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 20:46:13,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352373.5115826, 'message': 'Dec  6 20:46:13 hqnl0246134 sshd[253199]: Failed password for root from 61.177.173.18 port 17540 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:46:15,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '66.43.250.3', 'timestamp': 1670352375.5143168, 'message': 'Dec  6 20:46:13 hqnl0246134 sshd[253175]: Invalid user michael from 66.43.250.3 port 60441', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 20:46:15,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352375.521187, 'message': 'Dec  6 20:46:15 hqnl0246134 sshd[253199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 20:46:15,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '66.43.250.3', 'timestamp': 1670352375.5146003, 'message': 'Dec  6 20:46:14 hqnl0246134 sshd[253175]: pam_imunify(sshd:auth): [IM360_RBL] The IP 66.43.250.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:46:15,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '66.43.250.3', 'timestamp': 1670352375.5210469, 'message': 'Dec  6 20:46:14 hqnl0246134 sshd[253175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.43.250.3 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:46:17,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '66.43.250.3', 'timestamp': 1670352377.517874, 'message': 'Dec  6 20:46:16 hqnl0246134 sshd[253175]: Failed password for invalid user michael from 66.43.250.3 port 60441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:46:17,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:46:17,832] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:46:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:46:17,853] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 20:46:19,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '66.43.250.3', 'timestamp': 1670352379.5209334, 'message': 'Dec  6 20:46:17 hqnl0246134 sshd[253175]: Disconnected from invalid user michael 66.43.250.3 port 60441 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1002 seconds
INFO    [2022-12-06 20:46:19,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352379.521332, 'message': 'Dec  6 20:46:17 hqnl0246134 sshd[253199]: Failed password for root from 61.177.173.18 port 17540 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1005 seconds
INFO    [2022-12-06 20:46:20,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:46:20,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:46:20,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:46:20,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 20:46:21,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352381.5252976, 'message': 'Dec  6 20:46:19 hqnl0246134 sshd[253199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:46:21,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352381.5255954, 'message': 'Dec  6 20:46:21 hqnl0246134 sshd[253199]: Failed password for root from 61.177.173.18 port 17540 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:46:31,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352391.5428605, 'message': 'Dec  6 20:46:31 hqnl0246134 sshd[253220]: Invalid user sysadmin from 110.93.245.190 port 59920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 20:46:33,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352393.5455003, 'message': 'Dec  6 20:46:31 hqnl0246134 sshd[253220]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.93.245.190 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 20:46:33,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352393.5457563, 'message': 'Dec  6 20:46:31 hqnl0246134 sshd[253220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.93.245.190 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 20:46:33,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352393.5458872, 'message': 'Dec  6 20:46:33 hqnl0246134 sshd[253220]: Failed password for invalid user sysadmin from 110.93.245.190 port 59920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:46:35,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352395.5486166, 'message': 'Dec  6 20:46:35 hqnl0246134 sshd[253220]: Disconnected from invalid user sysadmin 110.93.245.190 port 59920 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 20:46:45,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352405.5700638, 'message': 'Dec  6 20:46:43 hqnl0246134 sshd[253230]: Invalid user cloud from 190.104.25.215 port 55700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 20:46:45,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352405.5704343, 'message': 'Dec  6 20:46:44 hqnl0246134 sshd[253230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.104.25.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:46:45,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352405.5705814, 'message': 'Dec  6 20:46:44 hqnl0246134 sshd[253230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.25.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:46:47,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352407.5719867, 'message': 'Dec  6 20:46:45 hqnl0246134 sshd[253230]: Failed password for invalid user cloud from 190.104.25.215 port 55700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-06 20:46:48,785] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:46:48,786] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:46:49,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352409.5735407, 'message': 'Dec  6 20:46:47 hqnl0246134 sshd[253230]: Disconnected from invalid user cloud 190.104.25.215 port 55700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:46:53,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352413.5840688, 'message': 'Dec  6 20:46:53 hqnl0246134 sshd[253234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.69.161.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:46:53,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352413.5845256, 'message': 'Dec  6 20:46:53 hqnl0246134 sshd[253234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.69.161.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 20:46:55,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352415.5881145, 'message': 'Dec  6 20:46:55 hqnl0246134 sshd[253234]: Failed password for root from 151.69.161.84 port 49826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 20:46:59,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352419.6003757, 'message': 'Dec  6 20:46:57 hqnl0246134 sshd[253236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 20:46:59,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352419.6008244, 'message': 'Dec  6 20:46:57 hqnl0246134 sshd[253236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:47:01,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352421.6021094, 'message': 'Dec  6 20:46:59 hqnl0246134 sshd[253236]: Failed password for root from 61.177.173.18 port 45237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:47:01,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352421.6023238, 'message': 'Dec  6 20:47:00 hqnl0246134 sshd[253236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 20:47:03,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352423.6090245, 'message': 'Dec  6 20:47:01 hqnl0246134 sshd[253236]: Failed password for root from 61.177.173.18 port 45237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 20:47:03,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352423.6092408, 'message': 'Dec  6 20:47:02 hqnl0246134 sshd[253246]: Invalid user ubuntu from 168.181.148.162 port 53818', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 20:47:03,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352423.6098025, 'message': 'Dec  6 20:47:02 hqnl0246134 sshd[253236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:47:03,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352423.6093535, 'message': 'Dec  6 20:47:02 hqnl0246134 sshd[253246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.181.148.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 20:47:03,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352423.6096995, 'message': 'Dec  6 20:47:02 hqnl0246134 sshd[253246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.181.148.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 20:47:05,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352425.613501, 'message': 'Dec  6 20:47:04 hqnl0246134 sshd[253246]: Failed password for invalid user ubuntu from 168.181.148.162 port 53818 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 20:47:05,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352425.6137683, 'message': 'Dec  6 20:47:04 hqnl0246134 sshd[253236]: Failed password for root from 61.177.173.18 port 45237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 20:47:05,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.181.148.162', 'timestamp': 1670352425.6139262, 'message': 'Dec  6 20:47:04 hqnl0246134 sshd[253246]: Disconnected from invalid user ubuntu 168.181.148.162 port 53818 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 20:47:10,215] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:47:10,267] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0692 seconds
INFO    [2022-12-06 20:47:18,056] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:47:18,056] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:47:18,070] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:47:18,090] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
INFO    [2022-12-06 20:47:21,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352441.6324015, 'message': 'Dec  6 20:47:20 hqnl0246134 sshd[253284]: Invalid user ftp_test from 103.187.146.200 port 50948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 20:47:21,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352441.6326258, 'message': 'Dec  6 20:47:20 hqnl0246134 sshd[253284]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 20:47:21,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352441.635133, 'message': 'Dec  6 20:47:20 hqnl0246134 sshd[253284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.200 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 20:47:21,877] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:47:21,877] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:47:21,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:47:21,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 20:47:23,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352443.6352985, 'message': 'Dec  6 20:47:22 hqnl0246134 sshd[253284]: Failed password for invalid user ftp_test from 103.187.146.200 port 50948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:47:23,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352443.6355958, 'message': 'Dec  6 20:47:22 hqnl0246134 sshd[253284]: Disconnected from invalid user ftp_test 103.187.146.200 port 50948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:47:25,044] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:47:25,044] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:47:25,166] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:47:25,178] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1329 seconds
INFO    [2022-12-06 20:47:41,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670352461.6551013, 'message': 'Dec  6 20:47:39 hqnl0246134 sshd[253265]: Invalid user mc from 186.83.28.210 port 33932', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 20:47:41,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.83.28.210', 'timestamp': 1670352461.65592, 'message': 'Dec  6 20:47:40 hqnl0246134 sshd[253265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.83.28.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:47:41,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.83.28.210', 'timestamp': 1670352461.6562092, 'message': 'Dec  6 20:47:40 hqnl0246134 sshd[253265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.83.28.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:47:43,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670352463.6557937, 'message': 'Dec  6 20:47:42 hqnl0246134 sshd[253265]: Failed password for invalid user mc from 186.83.28.210 port 33932 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:47:45,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.83.28.210', 'timestamp': 1670352465.6577768, 'message': 'Dec  6 20:47:44 hqnl0246134 sshd[253265]: Disconnected from invalid user mc 186.83.28.210 port 33932 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:47:47,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352467.6604433, 'message': 'Dec  6 20:47:45 hqnl0246134 sshd[253304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:47:47,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352467.6607592, 'message': 'Dec  6 20:47:45 hqnl0246134 sshd[253304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 20:47:48,789] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:47:48,790] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:47:49,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352469.6627338, 'message': 'Dec  6 20:47:48 hqnl0246134 sshd[253304]: Failed password for root from 61.177.173.18 port 29727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:47:51,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352471.665066, 'message': 'Dec  6 20:47:50 hqnl0246134 sshd[253304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-06 20:47:53,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352473.668198, 'message': 'Dec  6 20:47:52 hqnl0246134 sshd[253304]: Failed password for root from 61.177.173.18 port 29727 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:47:55,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352475.6723845, 'message': 'Dec  6 20:47:54 hqnl0246134 sshd[253304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:47:57,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352477.673594, 'message': 'Dec  6 20:47:56 hqnl0246134 sshd[253304]: Failed password for root from 61.177.173.18 port 29727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:47:59,019] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:47:59,089] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:47:59,090] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:47:59,090] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:47:59,090] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:47:59,090] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:47:59,105] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:47:59,133] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0417 seconds
WARNING [2022-12-06 20:47:59,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:47:59,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:47:59,176] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0532 seconds
INFO    [2022-12-06 20:47:59,178] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0495 seconds
INFO    [2022-12-06 20:48:03,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352483.6857555, 'message': 'Dec  6 20:48:02 hqnl0246134 sshd[253334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 72.165.240.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:48:03,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352483.6859512, 'message': 'Dec  6 20:48:02 hqnl0246134 sshd[253334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.165.240.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:48:05,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352485.6876209, 'message': 'Dec  6 20:48:04 hqnl0246134 sshd[253334]: Failed password for root from 72.165.240.194 port 43262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0590 seconds
WARNING [2022-12-06 20:48:10,212] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:48:10,240] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 20:48:17,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:48:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:48:17,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:48:17,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 20:48:20,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:48:20,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:48:20,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:48:20,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0473 seconds
INFO    [2022-12-06 20:48:23,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352503.7103865, 'message': 'Dec  6 20:48:21 hqnl0246134 sshd[253372]: Invalid user admin from 200.60.92.170 port 60722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 20:48:23,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352503.710665, 'message': 'Dec  6 20:48:21 hqnl0246134 sshd[253372]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.60.92.170 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 20:48:23,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352503.7108016, 'message': 'Dec  6 20:48:22 hqnl0246134 sshd[253372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.60.92.170 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 20:48:25,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352505.7121172, 'message': 'Dec  6 20:48:24 hqnl0246134 sshd[253372]: Failed password for invalid user admin from 200.60.92.170 port 60722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 20:48:27,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.60.92.170', 'timestamp': 1670352507.7152176, 'message': 'Dec  6 20:48:25 hqnl0246134 sshd[253372]: Disconnected from invalid user admin 200.60.92.170 port 60722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 20:48:27,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352507.7154422, 'message': 'Dec  6 20:48:27 hqnl0246134 sshd[253375]: Invalid user cloud from 118.174.45.29 port 48808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 20:48:29,218] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:48:29,218] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:48:29,219] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 20:48:29,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352509.7205062, 'message': 'Dec  6 20:48:27 hqnl0246134 sshd[253375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.174.45.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:48:29,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352509.7207854, 'message': 'Dec  6 20:48:27 hqnl0246134 sshd[253375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.45.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:48:31,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352511.7220542, 'message': 'Dec  6 20:48:30 hqnl0246134 sshd[253375]: Failed password for invalid user cloud from 118.174.45.29 port 48808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 20:48:31,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352511.7222903, 'message': 'Dec  6 20:48:31 hqnl0246134 sshd[253375]: Disconnected from invalid user cloud 118.174.45.29 port 48808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:48:33,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352513.7262979, 'message': 'Dec  6 20:48:32 hqnl0246134 sshd[253377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:48:33,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352513.7265267, 'message': 'Dec  6 20:48:32 hqnl0246134 sshd[253377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 20:48:35,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352515.7285695, 'message': 'Dec  6 20:48:34 hqnl0246134 sshd[253377]: Failed password for root from 61.177.173.18 port 42416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:48:37,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352517.7298462, 'message': 'Dec  6 20:48:36 hqnl0246134 sshd[253377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 20:48:39,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352519.7335546, 'message': 'Dec  6 20:48:38 hqnl0246134 sshd[253377]: Failed password for root from 61.177.173.18 port 42416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:48:39,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352519.7337651, 'message': 'Dec  6 20:48:38 hqnl0246134 sshd[253377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 20:48:41,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352521.736989, 'message': 'Dec  6 20:48:40 hqnl0246134 sshd[253377]: Failed password for root from 61.177.173.18 port 42416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:48:43,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352523.7408774, 'message': 'Dec  6 20:48:42 hqnl0246134 sshd[253389]: Invalid user sysadmin from 128.199.123.93 port 40126', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 20:48:43,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352523.7421348, 'message': 'Dec  6 20:48:42 hqnl0246134 sshd[253389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.123.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:48:43,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352523.7423453, 'message': 'Dec  6 20:48:42 hqnl0246134 sshd[253389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.123.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:48:45,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352525.7419991, 'message': 'Dec  6 20:48:44 hqnl0246134 sshd[253389]: Failed password for invalid user sysadmin from 128.199.123.93 port 40126 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 20:48:45,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.123.93', 'timestamp': 1670352525.7422035, 'message': 'Dec  6 20:48:44 hqnl0246134 sshd[253389]: Disconnected from invalid user sysadmin 128.199.123.93 port 40126 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:48:46,708] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:48:46,709] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:48:46,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:48:46,730] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 20:48:47,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352527.7448175, 'message': 'Dec  6 20:48:45 hqnl0246134 sshd[253394]: Invalid user ms from 193.227.16.23 port 55328', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:48:47,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352527.7450063, 'message': 'Dec  6 20:48:45 hqnl0246134 sshd[253394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.227.16.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:48:47,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352527.7451198, 'message': 'Dec  6 20:48:45 hqnl0246134 sshd[253394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.227.16.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 20:48:48,794] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:48:48,794] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:48:49,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352529.747871, 'message': 'Dec  6 20:48:47 hqnl0246134 sshd[253394]: Failed password for invalid user ms from 193.227.16.23 port 55328 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:48:49,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352529.7480693, 'message': 'Dec  6 20:48:48 hqnl0246134 sshd[253394]: Disconnected from invalid user ms 193.227.16.23 port 55328 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 20:49:10,216] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:49:10,241] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-06 20:49:18,289] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:49:18,290] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:49:18,298] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:49:18,310] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 20:49:21,086] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:49:21,086] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:49:21,095] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:49:21,107] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 20:49:21,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352561.7803283, 'message': 'Dec  6 20:49:20 hqnl0246134 sshd[253438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 20:49:21,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352561.7805521, 'message': 'Dec  6 20:49:20 hqnl0246134 sshd[253438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:49:23,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352563.7818396, 'message': 'Dec  6 20:49:22 hqnl0246134 sshd[253438]: Failed password for root from 61.177.173.18 port 15658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:49:23,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352563.782082, 'message': 'Dec  6 20:49:22 hqnl0246134 sshd[253438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:49:25,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352565.784943, 'message': 'Dec  6 20:49:25 hqnl0246134 sshd[253438]: Failed password for root from 61.177.173.18 port 15658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:49:27,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352567.7879772, 'message': 'Dec  6 20:49:27 hqnl0246134 sshd[253438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:49:29,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352569.79096, 'message': 'Dec  6 20:49:29 hqnl0246134 sshd[253438]: Failed password for root from 61.177.173.18 port 15658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 20:49:39,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352579.7990863, 'message': 'Dec  6 20:49:38 hqnl0246134 sshd[253452]: Invalid user mmk from 151.69.161.84 port 39284', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 20:49:39,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352579.799648, 'message': 'Dec  6 20:49:38 hqnl0246134 sshd[253452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.69.161.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:49:39,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352579.7998984, 'message': 'Dec  6 20:49:38 hqnl0246134 sshd[253452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.69.161.84 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:49:41,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352581.8039217, 'message': 'Dec  6 20:49:40 hqnl0246134 sshd[253452]: Failed password for invalid user mmk from 151.69.161.84 port 39284 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 20:49:41,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352581.8042579, 'message': 'Dec  6 20:49:41 hqnl0246134 sshd[253454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.93.245.190 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 20:49:41,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352581.8050642, 'message': 'Dec  6 20:49:41 hqnl0246134 sshd[253454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.93.245.190  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:49:43,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.69.161.84', 'timestamp': 1670352583.8082569, 'message': 'Dec  6 20:49:43 hqnl0246134 sshd[253452]: Disconnected from invalid user mmk 151.69.161.84 port 39284 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:49:45,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '110.93.245.190', 'timestamp': 1670352585.816053, 'message': 'Dec  6 20:49:43 hqnl0246134 sshd[253454]: Failed password for root from 110.93.245.190 port 54111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
WARNING [2022-12-06 20:49:48,798] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:49:48,800] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:49:55,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352595.9126089, 'message': 'Dec  6 20:49:55 hqnl0246134 sshd[253457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.104.25.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-06 20:49:55,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352595.9128056, 'message': 'Dec  6 20:49:55 hqnl0246134 sshd[253457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.25.215  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 20:49:57,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352597.8383112, 'message': 'Dec  6 20:49:56 hqnl0246134 sshd[253457]: Failed password for root from 190.104.25.215 port 42928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:50:00,099] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:50:00,100] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:50:00,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:50:00,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 20:50:09,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352609.8694806, 'message': 'Dec  6 20:50:09 hqnl0246134 sshd[253489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:50:09,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352609.8699934, 'message': 'Dec  6 20:50:09 hqnl0246134 sshd[253489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 20:50:10,216] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:50:10,241] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-06 20:50:11,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352611.8699307, 'message': 'Dec  6 20:50:11 hqnl0246134 sshd[253489]: Failed password for root from 61.177.173.18 port 38659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:50:13,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352613.8728802, 'message': 'Dec  6 20:50:13 hqnl0246134 sshd[253489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:50:15,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352615.8737168, 'message': 'Dec  6 20:50:15 hqnl0246134 sshd[253489]: Failed password for root from 61.177.173.18 port 38659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:50:17,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352617.876297, 'message': 'Dec  6 20:50:17 hqnl0246134 sshd[253489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-06 20:50:18,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:50:18,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:50:18,621] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:50:18,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 20:50:21,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:50:21,405] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:50:21,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:50:21,425] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 20:50:21,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352621.8805149, 'message': 'Dec  6 20:50:19 hqnl0246134 sshd[253489]: Failed password for root from 61.177.173.18 port 38659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 20:50:27,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352627.88692, 'message': 'Dec  6 20:50:27 hqnl0246134 sshd[253526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 20:50:27,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352627.8871317, 'message': 'Dec  6 20:50:27 hqnl0246134 sshd[253526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.200  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:50:29,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352629.8889785, 'message': 'Dec  6 20:50:28 hqnl0246134 sshd[253528]: Invalid user mgeweb from 210.19.254.6 port 37303', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 20:50:29,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352629.8894405, 'message': 'Dec  6 20:50:29 hqnl0246134 sshd[253526]: Failed password for root from 103.187.146.200 port 51702 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 20:50:29,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352629.8891742, 'message': 'Dec  6 20:50:29 hqnl0246134 sshd[253528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:50:29,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352629.8893344, 'message': 'Dec  6 20:50:29 hqnl0246134 sshd[253528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:50:31,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352631.8915274, 'message': 'Dec  6 20:50:31 hqnl0246134 sshd[253528]: Failed password for invalid user mgeweb from 210.19.254.6 port 37303 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 20:50:33,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352633.8937988, 'message': 'Dec  6 20:50:33 hqnl0246134 sshd[253528]: Disconnected from invalid user mgeweb 210.19.254.6 port 37303 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0643 seconds
WARNING [2022-12-06 20:50:48,803] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:50:48,804] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:50:56,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.138.7.117', 'timestamp': 1670352656.03186, 'message': 'Dec  6 20:50:53 hqnl0246134 sshd[253541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.138.7.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:50:56,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.138.7.117', 'timestamp': 1670352656.0324554, 'message': 'Dec  6 20:50:53 hqnl0246134 sshd[253541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.7.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:50:57,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.138.7.117', 'timestamp': 1670352657.9411325, 'message': 'Dec  6 20:50:56 hqnl0246134 sshd[253541]: Failed password for root from 168.138.7.117 port 36718 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 20:50:59,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352659.9453897, 'message': 'Dec  6 20:50:58 hqnl0246134 sshd[253543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 20:50:59,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352659.9456608, 'message': 'Dec  6 20:50:58 hqnl0246134 sshd[253543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:51:01,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352661.9494407, 'message': 'Dec  6 20:51:00 hqnl0246134 sshd[253543]: Failed password for root from 61.177.173.18 port 14227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 20:51:03,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352663.950156, 'message': 'Dec  6 20:51:02 hqnl0246134 sshd[253543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:51:05,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352665.9536262, 'message': 'Dec  6 20:51:04 hqnl0246134 sshd[253543]: Failed password for root from 61.177.173.18 port 14227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 20:51:08,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352667.9554114, 'message': 'Dec  6 20:51:07 hqnl0246134 sshd[253543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-06 20:51:08,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352667.9558365, 'message': 'Dec  6 20:51:07 hqnl0246134 sshd[253558]: Invalid user user14 from 72.165.240.194 port 51454', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-06 20:51:08,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352667.9579864, 'message': 'Dec  6 20:51:07 hqnl0246134 sshd[253558]: pam_imunify(sshd:auth): [IM360_RBL] The IP 72.165.240.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 20:51:08,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352667.9581642, 'message': 'Dec  6 20:51:07 hqnl0246134 sshd[253558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.165.240.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:51:09,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352669.95732, 'message': 'Dec  6 20:51:09 hqnl0246134 sshd[253543]: Failed password for root from 61.177.173.18 port 14227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 20:51:09,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352669.9576497, 'message': 'Dec  6 20:51:09 hqnl0246134 sshd[253558]: Failed password for invalid user user14 from 72.165.240.194 port 51454 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 20:51:10,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '72.165.240.194', 'timestamp': 1670352669.9577956, 'message': 'Dec  6 20:51:09 hqnl0246134 sshd[253558]: Disconnected from invalid user user14 72.165.240.194 port 51454 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 20:51:10,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:51:10,245] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 20:51:17,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:51:17,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:51:17,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:51:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-06 20:51:20,601] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:51:20,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:51:20,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:51:20,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 20:51:36,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352695.9908433, 'message': 'Dec  6 20:51:34 hqnl0246134 sshd[253581]: Invalid user fuckyou from 122.160.68.57 port 23690', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 20:51:36,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352695.9915533, 'message': 'Dec  6 20:51:35 hqnl0246134 sshd[253581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.160.68.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:51:36,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352695.9917262, 'message': 'Dec  6 20:51:35 hqnl0246134 sshd[253581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.160.68.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:51:38,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352697.992939, 'message': 'Dec  6 20:51:37 hqnl0246134 sshd[253581]: Failed password for invalid user fuckyou from 122.160.68.57 port 23690 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 20:51:40,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352699.9937153, 'message': 'Dec  6 20:51:39 hqnl0246134 sshd[253581]: Disconnected from invalid user fuckyou 122.160.68.57 port 23690 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 20:51:40,109] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 20:51:40,110] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 20:51:41,057] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 20:51:41,698] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:51:41,698] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:51:41,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:51:41,740] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0401 seconds
INFO    [2022-12-06 20:51:46,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352706.0028992, 'message': 'Dec  6 20:51:45 hqnl0246134 sshd[253610]: Invalid user hxeadm from 193.227.16.23 port 44436', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:51:46,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352706.003513, 'message': 'Dec  6 20:51:45 hqnl0246134 sshd[253610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.227.16.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:51:46,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352706.0037704, 'message': 'Dec  6 20:51:45 hqnl0246134 sshd[253610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.227.16.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:51:48,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352708.004982, 'message': 'Dec  6 20:51:46 hqnl0246134 sshd[253612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-06 20:51:48,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352708.005456, 'message': 'Dec  6 20:51:47 hqnl0246134 sshd[253610]: Failed password for invalid user hxeadm from 193.227.16.23 port 44436 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-06 20:51:48,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352708.005263, 'message': 'Dec  6 20:51:46 hqnl0246134 sshd[253612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 20:51:48,807] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:51:48,808] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:51:50,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352710.006233, 'message': 'Dec  6 20:51:48 hqnl0246134 sshd[253610]: Disconnected from invalid user hxeadm 193.227.16.23 port 44436 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 20:51:50,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352710.0064154, 'message': 'Dec  6 20:51:48 hqnl0246134 sshd[253614]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.174.45.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 20:51:50,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352710.006662, 'message': 'Dec  6 20:51:48 hqnl0246134 sshd[253612]: Failed password for root from 61.177.173.18 port 40082 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 20:51:50,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352710.0065303, 'message': 'Dec  6 20:51:48 hqnl0246134 sshd[253614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.45.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:51:52,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '118.174.45.29', 'timestamp': 1670352712.0085993, 'message': 'Dec  6 20:51:50 hqnl0246134 sshd[253614]: Failed password for root from 118.174.45.29 port 37324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 20:51:52,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352712.0087962, 'message': 'Dec  6 20:51:50 hqnl0246134 sshd[253612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
WARNING [2022-12-06 20:51:53,984] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 20:51:54,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352714.0108664, 'message': 'Dec  6 20:51:52 hqnl0246134 sshd[253612]: Failed password for root from 61.177.173.18 port 40082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:51:54,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352714.0111685, 'message': 'Dec  6 20:51:53 hqnl0246134 sshd[253612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 20:51:56,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352716.015192, 'message': 'Dec  6 20:51:55 hqnl0246134 sshd[253612]: Failed password for root from 61.177.173.18 port 40082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 20:52:10,228] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:52:10,255] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-06 20:52:18,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:52:18,085] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:52:18,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:52:18,105] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 20:52:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:52:20,734] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:52:20,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:52:20,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 20:52:36,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352756.066888, 'message': 'Dec  6 20:52:34 hqnl0246134 sshd[253677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 20:52:36,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352756.0675194, 'message': 'Dec  6 20:52:34 hqnl0246134 sshd[253677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:52:38,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352758.0656192, 'message': 'Dec  6 20:52:36 hqnl0246134 sshd[253677]: Failed password for root from 61.177.173.18 port 13046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 20:52:40,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352760.0707636, 'message': 'Dec  6 20:52:39 hqnl0246134 sshd[253677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 20:52:42,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352762.073073, 'message': 'Dec  6 20:52:41 hqnl0246134 sshd[253677]: Failed password for root from 61.177.173.18 port 13046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:52:42,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352762.0732758, 'message': 'Dec  6 20:52:41 hqnl0246134 sshd[253677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:52:46,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352766.079415, 'message': 'Dec  6 20:52:44 hqnl0246134 sshd[253677]: Failed password for root from 61.177.173.18 port 13046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 20:52:48,812] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:52:48,813] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:53:10,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352790.1046183, 'message': 'Dec  6 20:53:09 hqnl0246134 sshd[253703]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.104.25.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 20:53:10,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352790.1051054, 'message': 'Dec  6 20:53:09 hqnl0246134 sshd[253703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.25.215  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 20:53:10,228] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:53:10,252] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-06 20:53:12,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.104.25.215', 'timestamp': 1670352792.1063805, 'message': 'Dec  6 20:53:11 hqnl0246134 sshd[253703]: Failed password for root from 190.104.25.215 port 58388 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:53:14,490] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:53:14,491] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:53:14,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:53:14,510] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 20:53:17,698] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:53:17,699] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:53:17,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:53:17,717] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 20:53:20,342] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:53:20,342] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:53:20,350] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:53:20,362] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 20:53:22,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352802.1142957, 'message': 'Dec  6 20:53:21 hqnl0246134 sshd[253729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:53:22,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352802.1145108, 'message': 'Dec  6 20:53:21 hqnl0246134 sshd[253729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 20:53:24,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352804.1172144, 'message': 'Dec  6 20:53:23 hqnl0246134 sshd[253729]: Failed password for root from 61.177.173.18 port 32121 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 20:53:24,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352804.1175783, 'message': 'Dec  6 20:53:23 hqnl0246134 sshd[253729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:53:26,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352806.1178658, 'message': 'Dec  6 20:53:25 hqnl0246134 sshd[253729]: Failed password for root from 61.177.173.18 port 32121 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:53:26,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352806.1181736, 'message': 'Dec  6 20:53:25 hqnl0246134 sshd[253729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:53:28,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352808.1204326, 'message': 'Dec  6 20:53:27 hqnl0246134 sshd[253729]: Failed password for root from 61.177.173.18 port 32121 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:53:34,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352814.1237268, 'message': 'Dec  6 20:53:33 hqnl0246134 sshd[253736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:53:34,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352814.1240637, 'message': 'Dec  6 20:53:33 hqnl0246134 sshd[253736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.200  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:53:36,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.187.146.200', 'timestamp': 1670352816.1259117, 'message': 'Dec  6 20:53:35 hqnl0246134 sshd[253736]: Failed password for root from 103.187.146.200 port 35952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 20:53:48,816] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:53:48,817] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:53:58,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670352838.1544652, 'message': 'Dec  6 20:53:57 hqnl0246134 sshd[253748]: Invalid user max from 122.160.62.57 port 57062', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 20:53:58,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.160.62.57', 'timestamp': 1670352838.1553593, 'message': 'Dec  6 20:53:57 hqnl0246134 sshd[253748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.160.62.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 20:53:58,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.160.62.57', 'timestamp': 1670352838.1555324, 'message': 'Dec  6 20:53:57 hqnl0246134 sshd[253748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.160.62.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:54:00,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670352840.1570132, 'message': 'Dec  6 20:53:59 hqnl0246134 sshd[253748]: Failed password for invalid user max from 122.160.62.57 port 57062 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:54:00,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.62.57', 'timestamp': 1670352840.157211, 'message': 'Dec  6 20:53:59 hqnl0246134 sshd[253748]: Disconnected from invalid user max 122.160.62.57 port 57062 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:54:08,656] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:54:08,723] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:54:08,724] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:54:08,724] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:54:08,724] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:54:08,725] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:54:08,734] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:54:08,750] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0248 seconds
WARNING [2022-12-06 20:54:08,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:54:08,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:54:08,897] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.1534 seconds
INFO    [2022-12-06 20:54:08,898] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.1511 seconds
INFO    [2022-12-06 20:54:10,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352850.1704755, 'message': 'Dec  6 20:54:08 hqnl0246134 sshd[253762]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 20:54:10,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352850.1709604, 'message': 'Dec  6 20:54:08 hqnl0246134 sshd[253762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
WARNING [2022-12-06 20:54:10,234] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:54:10,271] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0491 seconds
INFO    [2022-12-06 20:54:12,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352852.1705484, 'message': 'Dec  6 20:54:10 hqnl0246134 sshd[253762]: Failed password for root from 61.177.173.18 port 58600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 20:54:12,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352852.1707447, 'message': 'Dec  6 20:54:10 hqnl0246134 sshd[253762]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:54:14,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352854.1718607, 'message': 'Dec  6 20:54:12 hqnl0246134 sshd[253762]: Failed password for root from 61.177.173.18 port 58600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 20:54:14,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352854.1720724, 'message': 'Dec  6 20:54:13 hqnl0246134 sshd[253762]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:54:16,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352856.1739233, 'message': 'Dec  6 20:54:14 hqnl0246134 sshd[253762]: Failed password for root from 61.177.173.18 port 58600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 20:54:19,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:54:19,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:54:19,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:54:19,861] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0162 seconds
INFO    [2022-12-06 20:54:24,273] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:54:24,273] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:54:24,282] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:54:24,293] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 20:54:32,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352872.1960847, 'message': 'Dec  6 20:54:30 hqnl0246134 sshd[253784]: Invalid user support from 193.227.16.23 port 33540', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 20:54:32,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352872.196481, 'message': 'Dec  6 20:54:30 hqnl0246134 sshd[253784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.227.16.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:54:32,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352872.1966174, 'message': 'Dec  6 20:54:30 hqnl0246134 sshd[253784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.227.16.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 20:54:34,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352874.196595, 'message': 'Dec  6 20:54:32 hqnl0246134 sshd[253784]: Failed password for invalid user support from 193.227.16.23 port 33540 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:54:34,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.227.16.23', 'timestamp': 1670352874.1968992, 'message': 'Dec  6 20:54:32 hqnl0246134 sshd[253784]: Disconnected from invalid user support 193.227.16.23 port 33540 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:54:36,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:54:36,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:54:36,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:54:36,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0761 seconds
INFO    [2022-12-06 20:54:38,966] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:54:38,966] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:54:38,967] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 20:54:48,821] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:54:48,823] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:54:54,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670352894.2190702, 'message': 'Dec  6 20:54:53 hqnl0246134 sshd[253808]: Invalid user kevin from 182.253.82.154 port 58300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 20:54:54,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.82.154', 'timestamp': 1670352894.219741, 'message': 'Dec  6 20:54:53 hqnl0246134 sshd[253808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.82.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 20:54:54,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.82.154', 'timestamp': 1670352894.2199526, 'message': 'Dec  6 20:54:53 hqnl0246134 sshd[253808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.82.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:54:56,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352896.22064, 'message': 'Dec  6 20:54:55 hqnl0246134 sshd[253810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 20:54:56,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670352896.2210093, 'message': 'Dec  6 20:54:55 hqnl0246134 sshd[253808]: Failed password for invalid user kevin from 182.253.82.154 port 58300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 20:54:56,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352896.2208848, 'message': 'Dec  6 20:54:55 hqnl0246134 sshd[253810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 20:54:58,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352898.223917, 'message': 'Dec  6 20:54:57 hqnl0246134 sshd[253810]: Failed password for root from 61.177.173.18 port 24392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 20:54:58,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670352898.2241826, 'message': 'Dec  6 20:54:57 hqnl0246134 sshd[253808]: Disconnected from invalid user kevin 182.253.82.154 port 58300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 20:54:58,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352898.2243679, 'message': 'Dec  6 20:54:57 hqnl0246134 sshd[253810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 20:55:00,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352900.225541, 'message': 'Dec  6 20:54:59 hqnl0246134 sshd[253810]: Failed password for root from 61.177.173.18 port 24392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:55:02,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352902.2350562, 'message': 'Dec  6 20:55:02 hqnl0246134 sshd[253810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 20:55:04,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352904.2329001, 'message': 'Dec  6 20:55:03 hqnl0246134 sshd[253810]: Failed password for root from 61.177.173.18 port 24392 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 20:55:10,236] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:55:10,261] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-06 20:55:18,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:55:18,344] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:55:18,358] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:55:18,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0262 seconds
INFO    [2022-12-06 20:55:23,028] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:55:23,028] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:55:23,035] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:55:23,046] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 20:55:24,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670352924.2584789, 'message': 'Dec  6 20:55:22 hqnl0246134 sshd[253886]: Invalid user ubnt from 152.89.196.123 port 49376', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 20:55:24,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670352924.258793, 'message': 'Dec  6 20:55:22 hqnl0246134 sshd[253886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 20:55:24,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670352924.258928, 'message': 'Dec  6 20:55:22 hqnl0246134 sshd[253886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:55:26,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670352926.2607958, 'message': 'Dec  6 20:55:24 hqnl0246134 sshd[253886]: Failed password for invalid user ubnt from 152.89.196.123 port 49376 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 20:55:26,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670352926.2610784, 'message': 'Dec  6 20:55:24 hqnl0246134 sshd[253886]: Disconnected from invalid user ubnt 152.89.196.123 port 49376 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 20:55:42,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352942.2812834, 'message': 'Dec  6 20:55:41 hqnl0246134 sshd[253902]: Invalid user test from 210.19.254.6 port 45496', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 20:55:42,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352942.2819495, 'message': 'Dec  6 20:55:41 hqnl0246134 sshd[253902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 20:55:42,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352942.2821674, 'message': 'Dec  6 20:55:41 hqnl0246134 sshd[253902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 20:55:44,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352944.286051, 'message': 'Dec  6 20:55:43 hqnl0246134 sshd[253902]: Failed password for invalid user test from 210.19.254.6 port 45496 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 20:55:44,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352944.2862754, 'message': 'Dec  6 20:55:43 hqnl0246134 sshd[253904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 20:55:44,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670352944.2866068, 'message': 'Dec  6 20:55:43 hqnl0246134 sshd[253902]: Disconnected from invalid user test 210.19.254.6 port 45496 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 20:55:44,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352944.2864604, 'message': 'Dec  6 20:55:43 hqnl0246134 sshd[253904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 20:55:46,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352946.2892306, 'message': 'Dec  6 20:55:45 hqnl0246134 sshd[253904]: Failed password for root from 61.177.173.18 port 52229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:55:48,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352948.2897153, 'message': 'Dec  6 20:55:48 hqnl0246134 sshd[253904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 20:55:48,837] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:55:48,838] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:55:50,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352950.2923853, 'message': 'Dec  6 20:55:49 hqnl0246134 sshd[253904]: Failed password for root from 61.177.173.18 port 52229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 20:55:52,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352952.295834, 'message': 'Dec  6 20:55:50 hqnl0246134 sshd[253904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 20:55:54,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352954.2978513, 'message': 'Dec  6 20:55:52 hqnl0246134 sshd[253904]: Failed password for root from 61.177.173.18 port 52229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0435 seconds
WARNING [2022-12-06 20:56:10,240] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:56:10,266] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0375 seconds
INFO    [2022-12-06 20:56:17,877] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:56:17,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:56:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:56:17,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 20:56:20,452] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:56:20,453] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:56:20,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:56:20,471] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 20:56:22,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352982.3424594, 'message': 'Dec  6 20:56:21 hqnl0246134 sshd[253939]: Invalid user nick from 122.160.68.57 port 33934', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 20:56:22,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352982.342752, 'message': 'Dec  6 20:56:21 hqnl0246134 sshd[253939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.160.68.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:56:22,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352982.342913, 'message': 'Dec  6 20:56:21 hqnl0246134 sshd[253939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.160.68.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 20:56:24,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352984.3444014, 'message': 'Dec  6 20:56:23 hqnl0246134 sshd[253939]: Failed password for invalid user nick from 122.160.68.57 port 33934 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 20:56:24,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.160.68.57', 'timestamp': 1670352984.344603, 'message': 'Dec  6 20:56:23 hqnl0246134 sshd[253939]: Disconnected from invalid user nick 122.160.68.57 port 33934 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 20:56:26,623] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:56:26,624] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:56:26,640] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:56:26,674] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0409 seconds
INFO    [2022-12-06 20:56:32,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352992.3519745, 'message': 'Dec  6 20:56:32 hqnl0246134 sshd[253952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 20:56:32,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352992.35235, 'message': 'Dec  6 20:56:32 hqnl0246134 sshd[253952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 20:56:36,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352996.3567624, 'message': 'Dec  6 20:56:34 hqnl0246134 sshd[253952]: Failed password for root from 61.177.173.18 port 29969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 20:56:38,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352998.361513, 'message': 'Dec  6 20:56:36 hqnl0246134 sshd[253952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:56:38,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670352998.361768, 'message': 'Dec  6 20:56:38 hqnl0246134 sshd[253952]: Failed password for root from 61.177.173.18 port 29969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 20:56:40,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353000.359448, 'message': 'Dec  6 20:56:38 hqnl0246134 sshd[253952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 20:56:42,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353002.3653715, 'message': 'Dec  6 20:56:40 hqnl0246134 sshd[253952]: Failed password for root from 61.177.173.18 port 29969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 20:56:48,842] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:56:48,843] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 20:57:10,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:57:10,283] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0502 seconds
INFO    [2022-12-06 20:57:17,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:57:17,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:57:17,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:57:17,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0278 seconds
INFO    [2022-12-06 20:57:20,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353040.4113355, 'message': 'Dec  6 20:57:19 hqnl0246134 sshd[254006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 20:57:20,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670353040.411694, 'message': 'Dec  6 20:57:20 hqnl0246134 sshd[254009]: Accepted publickey for root from 188.32.176.34 port 47356 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 20:57:20,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353040.4115512, 'message': 'Dec  6 20:57:19 hqnl0246134 sshd[254006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 20:57:20,599] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:57:20,599] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:57:20,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:57:20,618] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 20:57:22,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353042.4128249, 'message': 'Dec  6 20:57:20 hqnl0246134 sshd[254006]: Failed password for root from 61.177.173.18 port 41754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 20:57:22,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353042.4130995, 'message': 'Dec  6 20:57:21 hqnl0246134 sshd[254006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-06 20:57:24,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353044.4178882, 'message': 'Dec  6 20:57:23 hqnl0246134 sshd[254006]: Failed password for root from 61.177.173.18 port 41754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 20:57:26,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353046.4247756, 'message': 'Dec  6 20:57:25 hqnl0246134 sshd[254006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 20:57:28,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353048.4260833, 'message': 'Dec  6 20:57:27 hqnl0246134 sshd[254006]: Failed password for root from 61.177.173.18 port 41754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:57:42,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353062.4432948, 'message': 'Dec  6 20:57:40 hqnl0246134 sshd[254079]: Invalid user reese from 103.250.11.181 port 49122', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 20:57:42,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353062.443852, 'message': 'Dec  6 20:57:40 hqnl0246134 sshd[254079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 20:57:42,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353062.4440017, 'message': 'Dec  6 20:57:40 hqnl0246134 sshd[254079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 20:57:44,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353064.4450915, 'message': 'Dec  6 20:57:42 hqnl0246134 sshd[254079]: Failed password for invalid user reese from 103.250.11.181 port 49122 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 20:57:46,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353066.4463775, 'message': 'Dec  6 20:57:44 hqnl0246134 sshd[254079]: Disconnected from invalid user reese 103.250.11.181 port 49122 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 20:57:47,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:57:47,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:57:47,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:57:47,058] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-06 20:57:48,845] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:57:48,846] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:57:50,541] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 20:57:50,606] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 20:57:50,606] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 20:57:50,607] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 20:57:50,607] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 20:57:50,607] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 20:57:50,617] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 20:57:50,637] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-06 20:57:50,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 20:57:50,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:57:50,674] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0470 seconds
INFO    [2022-12-06 20:57:50,677] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0444 seconds
INFO    [2022-12-06 20:58:08,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353088.4828982, 'message': 'Dec  6 20:58:06 hqnl0246134 sshd[254124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 20:58:08,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353088.4831228, 'message': 'Dec  6 20:58:06 hqnl0246134 sshd[254124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 20:58:08,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353088.4833014, 'message': 'Dec  6 20:58:08 hqnl0246134 sshd[254124]: Failed password for root from 61.177.173.18 port 14158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 20:58:10,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:58:10,312] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0757 seconds
INFO    [2022-12-06 20:58:10,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353090.484678, 'message': 'Dec  6 20:58:09 hqnl0246134 sshd[254124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-06 20:58:12,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353092.4904292, 'message': 'Dec  6 20:58:11 hqnl0246134 sshd[254124]: Failed password for root from 61.177.173.18 port 14158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 20:58:14,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353094.4969497, 'message': 'Dec  6 20:58:13 hqnl0246134 sshd[254124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 20:58:16,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353096.4979088, 'message': 'Dec  6 20:58:15 hqnl0246134 sshd[254124]: Failed password for root from 61.177.173.18 port 14158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 20:58:17,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:58:17,855] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:58:17,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:58:17,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 20:58:20,441] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:58:20,441] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:58:20,457] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:58:20,479] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0363 seconds
INFO    [2022-12-06 20:58:20,812] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 20:58:20,812] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 20:58:20,813] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 20:58:48,848] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:58:48,850] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:58:51,670] defence360agent.files: Updating all files
INFO    [2022-12-06 20:58:51,961] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:51,962] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 20:58:52,321] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:52,322] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 20:58:52,638] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:52,639] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 20:58:52,906] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:52,907] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 20:58:52,907] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 20:58:53,227] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 18:58:53 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4953218CCDBD'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 20:58:53,229] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 20:58:53,230] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 20:58:53,786] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:53,786] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 20:58:54,104] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:54,104] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 20:58:54,419] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:54,420] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 20:58:54,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353134.5615852, 'message': 'Dec  6 20:58:54 hqnl0246134 sshd[254179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 20:58:54,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353134.5620642, 'message': 'Dec  6 20:58:54 hqnl0246134 sshd[254179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 20:58:54,789] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:54,790] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 20:58:55,268] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 20:58:55,269] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 20:58:56,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353136.5644393, 'message': 'Dec  6 20:58:56 hqnl0246134 sshd[254179]: Failed password for root from 61.177.173.18 port 38919 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 20:58:58,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353138.5673027, 'message': 'Dec  6 20:58:58 hqnl0246134 sshd[254179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 20:59:00,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353140.5698104, 'message': 'Dec  6 20:59:00 hqnl0246134 sshd[254181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.138.7.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 20:59:00,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353140.5700107, 'message': 'Dec  6 20:59:00 hqnl0246134 sshd[254181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.7.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 20:59:02,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353142.573007, 'message': 'Dec  6 20:59:00 hqnl0246134 sshd[254179]: Failed password for root from 61.177.173.18 port 38919 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 20:59:02,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353142.5788522, 'message': 'Dec  6 20:59:01 hqnl0246134 sshd[254181]: Failed password for root from 168.138.7.117 port 36938 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 20:59:04,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353144.5753298, 'message': 'Dec  6 20:59:02 hqnl0246134 sshd[254179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 20:59:04,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353144.5766652, 'message': 'Dec  6 20:59:04 hqnl0246134 sshd[254179]: Failed password for root from 61.177.173.18 port 38919 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-06 20:59:10,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:59:10,277] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-06 20:59:18,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:59:18,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:59:18,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:59:18,645] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-06 20:59:21,303] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:59:21,303] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:59:21,310] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:59:21,321] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 20:59:42,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353182.6200726, 'message': 'Dec  6 20:59:41 hqnl0246134 sshd[254257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:59:42,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353182.6206336, 'message': 'Dec  6 20:59:41 hqnl0246134 sshd[254257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 20:59:44,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353184.620451, 'message': 'Dec  6 20:59:44 hqnl0246134 sshd[254257]: Failed password for root from 61.177.173.18 port 15221 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 20:59:46,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353186.6226935, 'message': 'Dec  6 20:59:45 hqnl0246134 sshd[254257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 20:59:48,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353188.6253798, 'message': 'Dec  6 20:59:47 hqnl0246134 sshd[254257]: Failed password for root from 61.177.173.18 port 15221 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 20:59:48,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353188.6255715, 'message': 'Dec  6 20:59:47 hqnl0246134 sshd[254257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-06 20:59:48,854] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 20:59:48,855] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 20:59:50,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353190.6267493, 'message': 'Dec  6 20:59:49 hqnl0246134 sshd[254257]: Failed password for root from 61.177.173.18 port 15221 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 20:59:52,681] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 20:59:52,682] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 20:59:52,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 20:59:52,702] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 21:00:06,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353206.6535757, 'message': 'Dec  6 21:00:06 hqnl0246134 sshd[254305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.146.28.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 21:00:06,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353206.6543121, 'message': 'Dec  6 21:00:06 hqnl0246134 sshd[254305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.146.28.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 21:00:08,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353208.6538973, 'message': 'Dec  6 21:00:07 hqnl0246134 sshd[254305]: Failed password for root from 129.146.28.20 port 47876 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 21:00:10,301] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:00:10,333] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0865 seconds
INFO    [2022-12-06 21:00:17,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:00:17,954] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:00:17,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:00:18,000] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0355 seconds
INFO    [2022-12-06 21:00:20,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:00:20,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:00:20,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:00:20,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 21:00:28,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353228.6835532, 'message': 'Dec  6 21:00:28 hqnl0246134 sshd[254337]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:00:28,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353228.6839025, 'message': 'Dec  6 21:00:28 hqnl0246134 sshd[254337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 21:00:30,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353230.68645, 'message': 'Dec  6 21:00:30 hqnl0246134 sshd[254337]: Failed password for root from 61.177.173.18 port 42206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:00:32,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353232.6890025, 'message': 'Dec  6 21:00:32 hqnl0246134 sshd[254337]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:00:34,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353234.6961222, 'message': 'Dec  6 21:00:34 hqnl0246134 sshd[254337]: Failed password for root from 61.177.173.18 port 42206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:00:36,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353236.6959808, 'message': 'Dec  6 21:00:34 hqnl0246134 sshd[254337]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 21:00:36,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353236.6962051, 'message': 'Dec  6 21:00:36 hqnl0246134 sshd[254337]: Failed password for root from 61.177.173.18 port 42206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 21:00:48,859] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:00:48,860] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:00:54,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670353254.722068, 'message': 'Dec  6 21:00:53 hqnl0246134 sshd[254357]: Invalid user online from 210.19.254.6 port 58131', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 21:00:54,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.19.254.6', 'timestamp': 1670353254.7237809, 'message': 'Dec  6 21:00:53 hqnl0246134 sshd[254357]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.19.254.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:00:54,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.19.254.6', 'timestamp': 1670353254.7239125, 'message': 'Dec  6 21:00:53 hqnl0246134 sshd[254357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.19.254.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 21:00:56,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670353256.7299461, 'message': 'Dec  6 21:00:55 hqnl0246134 sshd[254357]: Failed password for invalid user online from 210.19.254.6 port 58131 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:00:56,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.19.254.6', 'timestamp': 1670353256.730142, 'message': 'Dec  6 21:00:56 hqnl0246134 sshd[254357]: Disconnected from invalid user online 210.19.254.6 port 58131 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-06 21:00:58,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:00:58,674] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:00:58,682] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:00:58,693] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-06 21:01:10,260] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:01:10,284] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-06 21:01:10,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353270.754926, 'message': 'Dec  6 21:01:10 hqnl0246134 sshd[254376]: Invalid user postgres from 182.253.82.154 port 59346', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 21:01:10,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353270.7553, 'message': 'Dec  6 21:01:10 hqnl0246134 sshd[254376]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.82.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:01:10,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353270.755464, 'message': 'Dec  6 21:01:10 hqnl0246134 sshd[254376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.82.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:01:12,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353272.7568715, 'message': 'Dec  6 21:01:12 hqnl0246134 sshd[254376]: Failed password for invalid user postgres from 182.253.82.154 port 59346 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:01:16,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353276.762752, 'message': 'Dec  6 21:01:14 hqnl0246134 sshd[254376]: Disconnected from invalid user postgres 182.253.82.154 port 59346 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 21:01:16,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353276.7682621, 'message': 'Dec  6 21:01:14 hqnl0246134 sshd[254387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 21:01:16,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353276.7685232, 'message': 'Dec  6 21:01:14 hqnl0246134 sshd[254387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 21:01:18,149] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:01:18,150] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:01:18,165] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:01:18,188] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0341 seconds
INFO    [2022-12-06 21:01:18,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353278.7643328, 'message': 'Dec  6 21:01:16 hqnl0246134 sshd[254387]: Failed password for root from 61.177.173.18 port 57991 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:01:18,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353278.7645438, 'message': 'Dec  6 21:01:17 hqnl0246134 sshd[254387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 21:01:20,931] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:01:20,932] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 21:01:20,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353280.7710392, 'message': 'Dec  6 21:01:19 hqnl0246134 sshd[254387]: Failed password for root from 61.177.173.18 port 57991 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1794 seconds
WARNING [2022-12-06 21:01:20,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:01:20,972] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0378 seconds
INFO    [2022-12-06 21:01:22,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353282.7756786, 'message': 'Dec  6 21:01:21 hqnl0246134 sshd[254387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:01:24,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353284.780311, 'message': 'Dec  6 21:01:23 hqnl0246134 sshd[254387]: Failed password for root from 61.177.173.18 port 57991 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 21:01:48,864] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:01:48,866] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:01:53,988] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 21:02:04,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353324.9022472, 'message': 'Dec  6 21:02:04 hqnl0246134 sshd[254431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:02:04,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353324.9026744, 'message': 'Dec  6 21:02:04 hqnl0246134 sshd[254431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:02:06,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353326.9055648, 'message': 'Dec  6 21:02:06 hqnl0246134 sshd[254431]: Failed password for root from 61.177.173.18 port 38687 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 21:02:08,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353328.9088519, 'message': 'Dec  6 21:02:08 hqnl0246134 sshd[254431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 21:02:10,266] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:02:10,299] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-06 21:02:10,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353330.910243, 'message': 'Dec  6 21:02:10 hqnl0246134 sshd[254431]: Failed password for root from 61.177.173.18 port 38687 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:02:10,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353330.9105778, 'message': 'Dec  6 21:02:10 hqnl0246134 sshd[254431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:02:12,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353332.9127045, 'message': 'Dec  6 21:02:12 hqnl0246134 sshd[254431]: Failed password for root from 61.177.173.18 port 38687 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:02:17,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:02:17,883] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:02:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:02:17,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 21:02:22,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:02:22,883] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:02:22,890] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:02:22,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-06 21:02:48,868] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:02:48,870] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:02:55,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353374.9676468, 'message': 'Dec  6 21:02:54 hqnl0246134 sshd[254467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 21:02:55,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353374.9686253, 'message': 'Dec  6 21:02:54 hqnl0246134 sshd[254467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:02:58,957] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:02:59,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353378.971497, 'message': 'Dec  6 21:02:57 hqnl0246134 sshd[254467]: Failed password for root from 61.177.173.18 port 16165 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:02:59,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353378.9727254, 'message': 'Dec  6 21:02:58 hqnl0246134 sshd[254467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:02:59,025] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:02:59,025] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:02:59,025] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:02:59,026] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:02:59,026] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:02:59,034] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:02:59,050] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0236 seconds
WARNING [2022-12-06 21:02:59,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:02:59,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:02:59,078] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0341 seconds
INFO    [2022-12-06 21:02:59,080] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0328 seconds
INFO    [2022-12-06 21:03:00,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353380.9738224, 'message': 'Dec  6 21:03:00 hqnl0246134 sshd[254467]: Failed password for root from 61.177.173.18 port 16165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:03:04,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353384.9779632, 'message': 'Dec  6 21:03:03 hqnl0246134 sshd[254467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:03:07,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353386.980094, 'message': 'Dec  6 21:03:05 hqnl0246134 sshd[254467]: Failed password for root from 61.177.173.18 port 16165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 21:03:10,277] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:03:10,305] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0444 seconds
INFO    [2022-12-06 21:03:10,647] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:03:10,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:03:10,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:03:10,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 21:03:17,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:03:17,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:03:17,767] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:03:17,779] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 21:03:20,493] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:03:20,494] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:03:20,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:03:20,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 21:03:25,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353405.0067866, 'message': 'Dec  6 21:03:23 hqnl0246134 sshd[254533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 21:03:25,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353405.0071619, 'message': 'Dec  6 21:03:23 hqnl0246134 sshd[254533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 21:03:27,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353407.0095186, 'message': 'Dec  6 21:03:25 hqnl0246134 sshd[254533]: Failed password for root from 103.250.11.181 port 52090 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:03:29,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353409.0163908, 'message': 'Dec  6 21:03:27 hqnl0246134 sshd[254537]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.82.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:03:29,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353409.0166564, 'message': 'Dec  6 21:03:27 hqnl0246134 sshd[254537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.82.154  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:03:29,154] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:03:29,155] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:03:29,156] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 21:03:31,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353411.0205898, 'message': 'Dec  6 21:03:29 hqnl0246134 sshd[254537]: Failed password for root from 182.253.82.154 port 54304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:03:45,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353425.0436306, 'message': 'Dec  6 21:03:43 hqnl0246134 sshd[254550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 21:03:45,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353425.0444279, 'message': 'Dec  6 21:03:43 hqnl0246134 sshd[254550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:03:47,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353427.0465302, 'message': 'Dec  6 21:03:45 hqnl0246134 sshd[254550]: Failed password for root from 61.177.173.18 port 37026 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:03:47,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353427.0467136, 'message': 'Dec  6 21:03:45 hqnl0246134 sshd[254550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-06 21:03:48,873] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:03:48,874] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:03:49,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353429.0545082, 'message': 'Dec  6 21:03:47 hqnl0246134 sshd[254550]: Failed password for root from 61.177.173.18 port 37026 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:03:49,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353429.0547915, 'message': 'Dec  6 21:03:47 hqnl0246134 sshd[254550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 21:03:51,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353431.061772, 'message': 'Dec  6 21:03:50 hqnl0246134 sshd[254550]: Failed password for root from 61.177.173.18 port 37026 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 21:04:10,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:04:10,291] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0271 seconds
INFO    [2022-12-06 21:04:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:04:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:04:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:04:17,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 21:04:20,348] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:04:20,349] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:04:20,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:04:20,367] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 21:04:27,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '66.43.250.3', 'timestamp': 1670353467.1188223, 'message': 'Dec  6 21:04:26 hqnl0246134 sshd[254568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 66.43.250.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:04:27,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '66.43.250.3', 'timestamp': 1670353467.1190789, 'message': 'Dec  6 21:04:26 hqnl0246134 sshd[254568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.43.250.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:04:29,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '66.43.250.3', 'timestamp': 1670353469.1205332, 'message': 'Dec  6 21:04:28 hqnl0246134 sshd[254568]: Failed password for root from 66.43.250.3 port 56190 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:04:33,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353473.1244304, 'message': 'Dec  6 21:04:32 hqnl0246134 sshd[254585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:04:33,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353473.124669, 'message': 'Dec  6 21:04:32 hqnl0246134 sshd[254585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:04:35,120] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:04:35,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:04:35,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:04:35,172] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0513 seconds
INFO    [2022-12-06 21:04:35,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353475.125833, 'message': 'Dec  6 21:04:33 hqnl0246134 sshd[254585]: Failed password for root from 61.177.173.18 port 60385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 21:04:35,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353475.126038, 'message': 'Dec  6 21:04:34 hqnl0246134 sshd[254585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:04:37,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353477.1288505, 'message': 'Dec  6 21:04:36 hqnl0246134 sshd[254585]: Failed password for root from 61.177.173.18 port 60385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:04:39,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353479.1301684, 'message': 'Dec  6 21:04:38 hqnl0246134 sshd[254585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:04:41,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353481.131915, 'message': 'Dec  6 21:04:41 hqnl0246134 sshd[254585]: Failed password for root from 61.177.173.18 port 60385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 21:04:48,879] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:04:48,881] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:05:10,277] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:05:10,301] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-06 21:05:13,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353513.1747978, 'message': 'Dec  6 21:05:11 hqnl0246134 sshd[254624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 21:05:13,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353513.1751752, 'message': 'Dec  6 21:05:11 hqnl0246134 sshd[254624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:05:15,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353515.1763873, 'message': 'Dec  6 21:05:13 hqnl0246134 sshd[254624]: Failed password for root from 103.250.11.181 port 49260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:05:17,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:05:17,914] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:05:17,920] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:05:17,931] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 21:05:20,516] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:05:20,517] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:05:20,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:05:20,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 21:05:21,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353521.1841917, 'message': 'Dec  6 21:05:19 hqnl0246134 sshd[254648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:05:21,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353521.1844685, 'message': 'Dec  6 21:05:19 hqnl0246134 sshd[254648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0159 seconds
INFO    [2022-12-06 21:05:21,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353521.1846352, 'message': 'Dec  6 21:05:20 hqnl0246134 sshd[254648]: Failed password for root from 61.177.173.18 port 21945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:05:23,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353523.1862612, 'message': 'Dec  6 21:05:21 hqnl0246134 sshd[254648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 21:05:25,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353525.1891022, 'message': 'Dec  6 21:05:23 hqnl0246134 sshd[254648]: Failed password for root from 61.177.173.18 port 21945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:05:27,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353527.1917133, 'message': 'Dec  6 21:05:25 hqnl0246134 sshd[254648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:05:29,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353529.2335644, 'message': 'Dec  6 21:05:27 hqnl0246134 sshd[254648]: Failed password for root from 61.177.173.18 port 21945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:05:43,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353543.2063344, 'message': 'Dec  6 21:05:43 hqnl0246134 sshd[254657]: Invalid user b from 182.253.82.154 port 41670', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 21:05:45,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353545.20911, 'message': 'Dec  6 21:05:43 hqnl0246134 sshd[254657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.82.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 21:05:45,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353545.2095063, 'message': 'Dec  6 21:05:43 hqnl0246134 sshd[254657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.82.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 21:05:45,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353545.209808, 'message': 'Dec  6 21:05:44 hqnl0246134 sshd[254657]: Failed password for invalid user b from 182.253.82.154 port 41670 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:05:47,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.82.154', 'timestamp': 1670353547.2100892, 'message': 'Dec  6 21:05:45 hqnl0246134 sshd[254657]: Disconnected from invalid user b 182.253.82.154 port 41670 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-06 21:05:48,884] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:05:48,885] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:05:50,225] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:05:50,225] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:05:50,235] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:05:50,247] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 21:06:07,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353567.2350678, 'message': 'Dec  6 21:06:06 hqnl0246134 sshd[254684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:06:07,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353567.2353852, 'message': 'Dec  6 21:06:06 hqnl0246134 sshd[254684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:06:09,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353569.2388098, 'message': 'Dec  6 21:06:08 hqnl0246134 sshd[254684]: Failed password for root from 61.177.173.18 port 44692 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:06:09,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353569.2390223, 'message': 'Dec  6 21:06:08 hqnl0246134 sshd[254684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 21:06:10,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:06:10,865] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.5929 seconds
INFO    [2022-12-06 21:06:11,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353571.2421763, 'message': 'Dec  6 21:06:10 hqnl0246134 sshd[254684]: Failed password for root from 61.177.173.18 port 44692 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:06:11,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353571.2424219, 'message': 'Dec  6 21:06:11 hqnl0246134 sshd[254684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:06:13,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353573.2468953, 'message': 'Dec  6 21:06:13 hqnl0246134 sshd[254684]: Failed password for root from 61.177.173.18 port 44692 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 21:06:17,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:06:17,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:06:17,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:06:17,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 21:06:20,735] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:06:20,735] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:06:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:06:20,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 21:06:47,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353607.288991, 'message': 'Dec  6 21:06:45 hqnl0246134 sshd[254741]: Invalid user xu from 59.120.103.230 port 41482', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 21:06:47,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353607.2898078, 'message': 'Dec  6 21:06:46 hqnl0246134 sshd[254741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.120.103.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:06:47,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353607.289995, 'message': 'Dec  6 21:06:46 hqnl0246134 sshd[254741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.103.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 21:06:48,889] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:06:48,890] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:06:49,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353609.2900078, 'message': 'Dec  6 21:06:48 hqnl0246134 sshd[254741]: Failed password for invalid user xu from 59.120.103.230 port 41482 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 21:06:49,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353609.290381, 'message': 'Dec  6 21:06:48 hqnl0246134 sshd[254741]: Disconnected from invalid user xu 59.120.103.230 port 41482 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:06:55,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353615.3035574, 'message': 'Dec  6 21:06:53 hqnl0246134 sshd[254743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:06:55,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353615.3039043, 'message': 'Dec  6 21:06:53 hqnl0246134 sshd[254743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:06:57,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353617.3071313, 'message': 'Dec  6 21:06:55 hqnl0246134 sshd[254743]: Failed password for root from 61.177.173.18 port 12568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 21:06:57,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353617.3074143, 'message': 'Dec  6 21:06:55 hqnl0246134 sshd[254745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.250.11.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:06:57,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353617.3075619, 'message': 'Dec  6 21:06:55 hqnl0246134 sshd[254745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.11.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:06:59,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.250.11.181', 'timestamp': 1670353619.3096952, 'message': 'Dec  6 21:06:57 hqnl0246134 sshd[254745]: Failed password for root from 103.250.11.181 port 46434 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 21:06:59,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353619.310059, 'message': 'Dec  6 21:06:58 hqnl0246134 sshd[254743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:07:01,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353621.3095906, 'message': 'Dec  6 21:06:59 hqnl0246134 sshd[254743]: Failed password for root from 61.177.173.18 port 12568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 21:07:01,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353621.3097568, 'message': 'Dec  6 21:07:00 hqnl0246134 sshd[254743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 21:07:03,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353623.3127055, 'message': 'Dec  6 21:07:02 hqnl0246134 sshd[254743]: Failed password for root from 61.177.173.18 port 12568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 21:07:09,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353629.3190715, 'message': 'Dec  6 21:07:07 hqnl0246134 sshd[254755]: Invalid user traffic from 168.138.7.117 port 37164', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:07:09,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353629.3193247, 'message': 'Dec  6 21:07:07 hqnl0246134 sshd[254755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.138.7.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:07:09,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353629.3194451, 'message': 'Dec  6 21:07:07 hqnl0246134 sshd[254755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.7.117 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-06 21:07:10,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:07:10,308] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 21:07:11,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353631.3220894, 'message': 'Dec  6 21:07:09 hqnl0246134 sshd[254755]: Failed password for invalid user traffic from 168.138.7.117 port 37164 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 21:07:11,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.138.7.117', 'timestamp': 1670353631.322293, 'message': 'Dec  6 21:07:10 hqnl0246134 sshd[254755]: Disconnected from invalid user traffic 168.138.7.117 port 37164 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:07:17,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:07:17,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:07:17,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:07:17,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 21:07:20,622] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:07:20,622] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:07:20,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:07:20,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 21:07:43,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353663.361275, 'message': 'Dec  6 21:07:41 hqnl0246134 sshd[254806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 21:07:43,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353663.3616421, 'message': 'Dec  6 21:07:41 hqnl0246134 sshd[254806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:07:45,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353665.3616872, 'message': 'Dec  6 21:07:44 hqnl0246134 sshd[254806]: Failed password for root from 61.177.173.18 port 42235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:07:47,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353667.3640423, 'message': 'Dec  6 21:07:46 hqnl0246134 sshd[254806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 21:07:48,896] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:07:48,897] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:07:49,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353669.3657167, 'message': 'Dec  6 21:07:48 hqnl0246134 sshd[254806]: Failed password for root from 61.177.173.18 port 42235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:07:49,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353669.3659184, 'message': 'Dec  6 21:07:48 hqnl0246134 sshd[254806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:07:51,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353671.369079, 'message': 'Dec  6 21:07:51 hqnl0246134 sshd[254806]: Failed password for root from 61.177.173.18 port 42235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:07:55,184] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:07:55,185] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:07:55,192] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:07:55,203] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 21:08:10,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:08:10,311] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-06 21:08:17,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:08:17,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:08:17,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:08:17,820] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 21:08:20,459] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:08:20,460] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:08:20,467] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:08:20,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 21:08:31,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353711.4167378, 'message': 'Dec  6 21:08:29 hqnl0246134 sshd[254852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:08:31,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353711.4170082, 'message': 'Dec  6 21:08:29 hqnl0246134 sshd[254852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:08:31,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353711.4171722, 'message': 'Dec  6 21:08:31 hqnl0246134 sshd[254852]: Failed password for root from 61.177.173.18 port 60850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 21:08:33,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353713.4188335, 'message': 'Dec  6 21:08:31 hqnl0246134 sshd[254852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 21:08:35,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353715.423361, 'message': 'Dec  6 21:08:33 hqnl0246134 sshd[254852]: Failed password for root from 61.177.173.18 port 60850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:08:37,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353717.4272282, 'message': 'Dec  6 21:08:36 hqnl0246134 sshd[254852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:08:39,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353719.4303188, 'message': 'Dec  6 21:08:38 hqnl0246134 sshd[254852]: Failed password for root from 61.177.173.18 port 60850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 21:08:48,905] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:08:48,906] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:09:10,293] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:09:10,314] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 21:09:17,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353757.475184, 'message': 'Dec  6 21:09:16 hqnl0246134 sshd[255014]: Invalid user xu from 129.146.28.20 port 43722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 21:09:17,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353757.4757066, 'message': 'Dec  6 21:09:16 hqnl0246134 sshd[255014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.146.28.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:09:17,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353757.4758725, 'message': 'Dec  6 21:09:16 hqnl0246134 sshd[255014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.146.28.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 21:09:17,817] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:09:17,818] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:09:17,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:09:17,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-06 21:09:19,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353759.4755538, 'message': 'Dec  6 21:09:18 hqnl0246134 sshd[255014]: Failed password for invalid user xu from 129.146.28.20 port 43722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-06 21:09:19,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353759.4758563, 'message': 'Dec  6 21:09:18 hqnl0246134 sshd[255019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 21:09:19,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670353759.476236, 'message': 'Dec  6 21:09:19 hqnl0246134 sshd[255014]: Disconnected from invalid user xu 129.146.28.20 port 43722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 21:09:19,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353759.4760277, 'message': 'Dec  6 21:09:18 hqnl0246134 sshd[255019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 21:09:20,616] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:09:20,616] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:09:20,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:09:20,634] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 21:09:21,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353761.4755461, 'message': 'Dec  6 21:09:21 hqnl0246134 sshd[255019]: Failed password for root from 61.177.173.18 port 39856 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 21:09:21,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:09:21,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:09:21,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:09:21,862] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 21:09:23,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353763.4784718, 'message': 'Dec  6 21:09:23 hqnl0246134 sshd[255019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:09:25,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353765.4794903, 'message': 'Dec  6 21:09:25 hqnl0246134 sshd[255019]: Failed password for root from 61.177.173.18 port 39856 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:09:25,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353765.4797747, 'message': 'Dec  6 21:09:25 hqnl0246134 sshd[255019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:09:27,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353767.4805336, 'message': 'Dec  6 21:09:27 hqnl0246134 sshd[255019]: Failed password for root from 61.177.173.18 port 39856 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 21:09:48,909] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:09:48,910] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:09:49,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353789.5042498, 'message': 'Dec  6 21:09:48 hqnl0246134 sshd[255047]: Invalid user ss from 59.120.103.230 port 58278', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 21:09:49,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353789.5048046, 'message': 'Dec  6 21:09:48 hqnl0246134 sshd[255047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.120.103.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:09:49,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353789.5050282, 'message': 'Dec  6 21:09:48 hqnl0246134 sshd[255047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.103.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:09:51,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353791.5053673, 'message': 'Dec  6 21:09:50 hqnl0246134 sshd[255047]: Failed password for invalid user ss from 59.120.103.230 port 58278 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:09:53,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353793.5084193, 'message': 'Dec  6 21:09:52 hqnl0246134 sshd[255047]: Disconnected from invalid user ss 59.120.103.230 port 58278 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:10:07,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353807.5252957, 'message': 'Dec  6 21:10:06 hqnl0246134 sshd[255079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:10:07,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353807.5256736, 'message': 'Dec  6 21:10:06 hqnl0246134 sshd[255079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 21:10:09,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353809.5257103, 'message': 'Dec  6 21:10:08 hqnl0246134 sshd[255079]: Failed password for root from 61.177.173.18 port 53779 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
WARNING [2022-12-06 21:10:10,295] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:10:10,317] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0290 seconds
INFO    [2022-12-06 21:10:11,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353811.5266743, 'message': 'Dec  6 21:10:10 hqnl0246134 sshd[255079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 21:10:13,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353813.5280144, 'message': 'Dec  6 21:10:12 hqnl0246134 sshd[255079]: Failed password for root from 61.177.173.18 port 53779 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 21:10:13,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353813.5297813, 'message': 'Dec  6 21:10:13 hqnl0246134 sshd[255079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 21:10:15,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353815.530229, 'message': 'Dec  6 21:10:14 hqnl0246134 sshd[255079]: Failed password for root from 61.177.173.18 port 53779 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:10:17,809] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:10:17,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:10:17,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:10:17,829] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 21:10:20,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:10:20,479] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:10:20,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:10:20,498] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 21:10:39,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.83.28.210', 'timestamp': 1670353839.5615745, 'message': 'Dec  6 21:10:38 hqnl0246134 sshd[255087]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.83.28.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:10:39,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.83.28.210', 'timestamp': 1670353839.5619245, 'message': 'Dec  6 21:10:38 hqnl0246134 sshd[255087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.83.28.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:10:41,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.83.28.210', 'timestamp': 1670353841.563072, 'message': 'Dec  6 21:10:41 hqnl0246134 sshd[255087]: Failed password for root from 186.83.28.210 port 60500 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:10:45,416] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:10:45,486] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:10:45,487] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:10:45,487] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:10:45,488] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:10:45,488] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:10:45,534] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:10:45,568] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0777 seconds
WARNING [2022-12-06 21:10:45,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:10:45,583] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:10:45,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:10:45,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 21:10:45,714] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.1566 seconds
INFO    [2022-12-06 21:10:45,717] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.1535 seconds
WARNING [2022-12-06 21:10:45,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:10:45,732] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
WARNING [2022-12-06 21:10:48,912] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:10:48,913] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:10:55,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353855.5765913, 'message': 'Dec  6 21:10:55 hqnl0246134 sshd[255158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:10:55,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353855.5768604, 'message': 'Dec  6 21:10:55 hqnl0246134 sshd[255158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:10:59,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353859.5788918, 'message': 'Dec  6 21:10:57 hqnl0246134 sshd[255158]: Failed password for root from 61.177.173.18 port 26647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:10:59,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353859.5790932, 'message': 'Dec  6 21:10:59 hqnl0246134 sshd[255158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:11:01,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353861.5824018, 'message': 'Dec  6 21:11:01 hqnl0246134 sshd[255158]: Failed password for root from 61.177.173.18 port 26647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:11:03,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353863.5836546, 'message': 'Dec  6 21:11:01 hqnl0246134 sshd[255158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:11:05,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353865.585647, 'message': 'Dec  6 21:11:03 hqnl0246134 sshd[255158]: Failed password for root from 61.177.173.18 port 26647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 21:11:10,300] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:11:10,322] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-06 21:11:15,615] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:11:15,616] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:11:15,617] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 21:11:19,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:11:19,829] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:11:19,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:11:19,852] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 21:11:22,752] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:11:22,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:11:22,760] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:11:22,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 21:11:43,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353903.622497, 'message': 'Dec  6 21:11:42 hqnl0246134 sshd[255196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 21:11:43,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353903.622988, 'message': 'Dec  6 21:11:42 hqnl0246134 sshd[255196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:11:45,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353905.6247294, 'message': 'Dec  6 21:11:44 hqnl0246134 sshd[255196]: Failed password for root from 61.177.173.18 port 50976 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 21:11:45,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353905.624946, 'message': 'Dec  6 21:11:44 hqnl0246134 sshd[255196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:11:47,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353907.6276062, 'message': 'Dec  6 21:11:46 hqnl0246134 sshd[255196]: Failed password for root from 61.177.173.18 port 50976 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:11:47,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353907.627802, 'message': 'Dec  6 21:11:47 hqnl0246134 sshd[255196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 21:11:48,914] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:11:48,915] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:11:51,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353911.6327798, 'message': 'Dec  6 21:11:49 hqnl0246134 sshd[255196]: Failed password for root from 61.177.173.18 port 50976 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 21:11:53,995] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 21:12:10,304] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:12:10,323] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0270 seconds
INFO    [2022-12-06 21:12:17,958] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:12:17,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:12:17,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:12:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 21:12:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:12:20,556] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:12:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:12:20,574] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 21:12:29,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353949.691095, 'message': 'Dec  6 21:12:28 hqnl0246134 sshd[255246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:12:29,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353949.691555, 'message': 'Dec  6 21:12:28 hqnl0246134 sshd[255246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:12:31,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353951.6955297, 'message': 'Dec  6 21:12:30 hqnl0246134 sshd[255246]: Failed password for root from 61.177.173.18 port 21112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 21:12:31,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353951.6957722, 'message': 'Dec  6 21:12:31 hqnl0246134 sshd[255246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:12:33,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353953.698009, 'message': 'Dec  6 21:12:32 hqnl0246134 sshd[255246]: Failed password for root from 61.177.173.18 port 21112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 21:12:33,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353953.6984065, 'message': 'Dec  6 21:12:33 hqnl0246134 sshd[255246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:12:37,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353957.7022395, 'message': 'Dec  6 21:12:35 hqnl0246134 sshd[255246]: Failed password for root from 61.177.173.18 port 21112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:12:40,133] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:12:40,134] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:12:40,141] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:12:40,158] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0235 seconds
INFO    [2022-12-06 21:12:41,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353961.707218, 'message': 'Dec  6 21:12:40 hqnl0246134 sshd[255253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.120.103.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 21:12:41,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353961.7074528, 'message': 'Dec  6 21:12:40 hqnl0246134 sshd[255253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.103.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:12:43,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '59.120.103.230', 'timestamp': 1670353963.70868, 'message': 'Dec  6 21:12:42 hqnl0246134 sshd[255253]: Failed password for root from 59.120.103.230 port 46676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
WARNING [2022-12-06 21:12:48,917] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:12:48,918] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:13:02,302] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 21:13:02,309] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:13:02,320] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0171 seconds
WARNING [2022-12-06 21:13:10,309] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:13:10,328] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0264 seconds
INFO    [2022-12-06 21:13:17,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353997.7520213, 'message': 'Dec  6 21:13:15 hqnl0246134 sshd[255305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 21:13:17,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353997.7526639, 'message': 'Dec  6 21:13:15 hqnl0246134 sshd[255305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:13:17,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353997.7529383, 'message': 'Dec  6 21:13:17 hqnl0246134 sshd[255305]: Failed password for root from 61.177.173.18 port 48517 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:13:19,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670353999.7530575, 'message': 'Dec  6 21:13:18 hqnl0246134 sshd[255305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:13:19,893] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:13:19,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:13:19,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:13:19,912] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 21:13:21,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354001.754972, 'message': 'Dec  6 21:13:20 hqnl0246134 sshd[255305]: Failed password for root from 61.177.173.18 port 48517 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:13:22,565] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:13:22,566] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:13:22,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:13:22,583] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 21:13:23,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354003.7559783, 'message': 'Dec  6 21:13:22 hqnl0246134 sshd[255305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 21:13:25,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354005.7572384, 'message': 'Dec  6 21:13:24 hqnl0246134 sshd[255305]: Failed password for root from 61.177.173.18 port 48517 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 21:13:48,922] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:13:48,924] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:13:55,021] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:13:55,088] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:13:55,089] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:13:55,089] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:13:55,089] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:13:55,090] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:13:55,107] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:13:55,126] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0351 seconds
WARNING [2022-12-06 21:13:55,133] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:13:55,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:13:55,152] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0326 seconds
INFO    [2022-12-06 21:13:55,154] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0297 seconds
INFO    [2022-12-06 21:14:03,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354043.797767, 'message': 'Dec  6 21:14:02 hqnl0246134 sshd[255345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:14:03,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354043.798076, 'message': 'Dec  6 21:14:02 hqnl0246134 sshd[255345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:14:05,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354045.8014748, 'message': 'Dec  6 21:14:04 hqnl0246134 sshd[255345]: Failed password for root from 61.177.173.18 port 14931 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:14:05,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354045.8024266, 'message': 'Dec  6 21:14:04 hqnl0246134 sshd[255345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:14:07,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354047.8016021, 'message': 'Dec  6 21:14:06 hqnl0246134 sshd[255345]: Failed password for root from 61.177.173.18 port 14931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:14:07,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354047.8019018, 'message': 'Dec  6 21:14:07 hqnl0246134 sshd[255345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 21:14:09,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354049.8021007, 'message': 'Dec  6 21:14:09 hqnl0246134 sshd[255345]: Failed password for root from 61.177.173.18 port 14931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 21:14:10,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:14:10,335] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0296 seconds
INFO    [2022-12-06 21:14:12,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:14:12,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:14:12,134] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:14:12,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 21:14:18,605] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:14:18,605] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:14:18,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:14:18,625] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 21:14:21,305] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:14:21,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:14:21,312] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:14:21,323] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 21:14:25,216] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:14:25,217] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:14:25,217] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-06 21:14:48,927] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:14:48,928] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:14:51,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354091.844328, 'message': 'Dec  6 21:14:51 hqnl0246134 sshd[255413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:14:51,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354091.8451498, 'message': 'Dec  6 21:14:51 hqnl0246134 sshd[255413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:14:53,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354093.8473074, 'message': 'Dec  6 21:14:53 hqnl0246134 sshd[255413]: Failed password for root from 61.177.173.18 port 38304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:14:53,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354093.8475423, 'message': 'Dec  6 21:14:53 hqnl0246134 sshd[255413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:14:55,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354095.8544219, 'message': 'Dec  6 21:14:54 hqnl0246134 sshd[255411]: Invalid user ss from 129.146.28.20 port 57492', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 21:14:55,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354095.8551269, 'message': 'Dec  6 21:14:55 hqnl0246134 sshd[255413]: Failed password for root from 61.177.173.18 port 38304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0518 seconds
INFO    [2022-12-06 21:14:55,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354095.8547342, 'message': 'Dec  6 21:14:54 hqnl0246134 sshd[255411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.146.28.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:14:55,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354095.854927, 'message': 'Dec  6 21:14:54 hqnl0246134 sshd[255411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.146.28.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:14:57,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354097.8569565, 'message': 'Dec  6 21:14:55 hqnl0246134 sshd[255413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 21:14:57,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354097.8572547, 'message': 'Dec  6 21:14:56 hqnl0246134 sshd[255411]: Failed password for invalid user ss from 129.146.28.20 port 57492 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 21:14:57,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354097.8574162, 'message': 'Dec  6 21:14:56 hqnl0246134 sshd[255411]: Disconnected from invalid user ss 129.146.28.20 port 57492 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:14:59,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354099.857778, 'message': 'Dec  6 21:14:58 hqnl0246134 sshd[255413]: Failed password for root from 61.177.173.18 port 38304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 21:15:10,318] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:15:10,338] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-06 21:15:17,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:15:17,896] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:15:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:15:17,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 21:15:20,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:15:20,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:15:20,713] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:15:20,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 21:15:31,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '59.120.103.230', 'timestamp': 1670354131.89431, 'message': 'Dec  6 21:15:31 hqnl0246134 sshd[255472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 59.120.103.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:15:31,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '59.120.103.230', 'timestamp': 1670354131.8945315, 'message': 'Dec  6 21:15:31 hqnl0246134 sshd[255472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.103.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:15:35,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '59.120.103.230', 'timestamp': 1670354135.9007373, 'message': 'Dec  6 21:15:34 hqnl0246134 sshd[255472]: Failed password for root from 59.120.103.230 port 35072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:15:38,703] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:15:38,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:15:38,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:15:38,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 21:15:41,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354141.911239, 'message': 'Dec  6 21:15:40 hqnl0246134 sshd[255479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 21:15:41,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354141.9118707, 'message': 'Dec  6 21:15:40 hqnl0246134 sshd[255479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:15:43,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354143.912231, 'message': 'Dec  6 21:15:42 hqnl0246134 sshd[255479]: Failed password for root from 61.177.173.18 port 62927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 21:15:45,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354145.9142826, 'message': 'Dec  6 21:15:44 hqnl0246134 sshd[255479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 21:15:47,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354147.9161808, 'message': 'Dec  6 21:15:47 hqnl0246134 sshd[255479]: Failed password for root from 61.177.173.18 port 62927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-06 21:15:48,933] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:15:48,934] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:15:49,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354149.917819, 'message': 'Dec  6 21:15:49 hqnl0246134 sshd[255479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 21:15:51,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354151.9234586, 'message': 'Dec  6 21:15:51 hqnl0246134 sshd[255479]: Failed password for root from 61.177.173.18 port 62927 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-06 21:16:10,323] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:16:10,345] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-06 21:16:13,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354173.9580212, 'message': 'Dec  6 21:16:13 hqnl0246134 sshd[255506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 21:16:15,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354175.9573317, 'message': 'Dec  6 21:16:15 hqnl0246134 sshd[255506]: Failed password for root from 165.227.166.207 port 43412 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:16:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:16:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:16:17,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:16:17,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 21:16:20,453] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:16:20,454] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:16:20,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:16:20,472] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 21:16:29,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354189.9771793, 'message': 'Dec  6 21:16:28 hqnl0246134 sshd[255528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:16:30,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354189.977401, 'message': 'Dec  6 21:16:28 hqnl0246134 sshd[255528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:16:31,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354191.9777787, 'message': 'Dec  6 21:16:31 hqnl0246134 sshd[255528]: Failed password for root from 61.177.173.18 port 21261 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:16:34,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354193.9798658, 'message': 'Dec  6 21:16:32 hqnl0246134 sshd[255528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 21:16:36,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354195.9818227, 'message': 'Dec  6 21:16:35 hqnl0246134 sshd[255528]: Failed password for root from 61.177.173.18 port 21261 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 21:16:38,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354197.9847028, 'message': 'Dec  6 21:16:37 hqnl0246134 sshd[255528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:16:40,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354199.9879918, 'message': 'Dec  6 21:16:38 hqnl0246134 sshd[255528]: Failed password for root from 61.177.173.18 port 21261 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 21:16:48,937] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:16:48,937] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:17:10,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:17:10,351] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 21:17:17,767] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:17:17,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:17:17,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:17:17,792] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 21:17:18,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354238.030158, 'message': 'Dec  6 21:17:17 hqnl0246134 sshd[255573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:17:18,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354238.0303833, 'message': 'Dec  6 21:17:17 hqnl0246134 sshd[255573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:17:20,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354240.0336912, 'message': 'Dec  6 21:17:19 hqnl0246134 sshd[255573]: Failed password for root from 61.177.173.18 port 54862 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:17:20,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354240.0339906, 'message': 'Dec  6 21:17:19 hqnl0246134 sshd[255573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:17:20,431] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:17:20,432] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:17:20,439] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:17:20,451] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 21:17:22,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354242.0363429, 'message': 'Dec  6 21:17:21 hqnl0246134 sshd[255573]: Failed password for root from 61.177.173.18 port 54862 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:17:24,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354244.038756, 'message': 'Dec  6 21:17:22 hqnl0246134 sshd[255573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:17:26,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354246.0428631, 'message': 'Dec  6 21:17:24 hqnl0246134 sshd[255573]: Failed password for root from 61.177.173.18 port 54862 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:17:28,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:17:28,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:17:29,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:17:29,021] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
WARNING [2022-12-06 21:17:48,940] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:17:48,941] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:18:06,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354286.0904484, 'message': 'Dec  6 21:18:05 hqnl0246134 sshd[255636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 21:18:06,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354286.0910661, 'message': 'Dec  6 21:18:05 hqnl0246134 sshd[255638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 21:18:06,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354286.0908904, 'message': 'Dec  6 21:18:05 hqnl0246134 sshd[255636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 21:18:08,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354288.0927799, 'message': 'Dec  6 21:18:06 hqnl0246134 sshd[255636]: Failed password for root from 61.177.173.18 port 17302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:18:08,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354288.0929813, 'message': 'Dec  6 21:18:07 hqnl0246134 sshd[255638]: Failed password for root from 165.227.166.207 port 53698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 21:18:08,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354288.0930943, 'message': 'Dec  6 21:18:07 hqnl0246134 sshd[255636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:18:10,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354290.0937293, 'message': 'Dec  6 21:18:08 hqnl0246134 sshd[255636]: Failed password for root from 61.177.173.18 port 17302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 21:18:10,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354290.0939035, 'message': 'Dec  6 21:18:09 hqnl0246134 sshd[255636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 21:18:10,331] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:18:10,351] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-06 21:18:12,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354292.0975223, 'message': 'Dec  6 21:18:11 hqnl0246134 sshd[255636]: Failed password for root from 61.177.173.18 port 17302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:18:15,920] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:18:15,987] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:18:15,987] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:18:15,988] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:18:15,988] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:18:15,989] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:18:16,002] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:18:16,022] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0318 seconds
WARNING [2022-12-06 21:18:16,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:18:16,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:18:16,051] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0362 seconds
INFO    [2022-12-06 21:18:16,053] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0349 seconds
INFO    [2022-12-06 21:18:17,899] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:18:17,900] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:18:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:18:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 21:18:20,525] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:18:20,526] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:18:20,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:18:20,545] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
WARNING [2022-12-06 21:18:48,946] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:18:48,948] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:18:54,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354334.1470447, 'message': 'Dec  6 21:18:52 hqnl0246134 sshd[255679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 21:18:54,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354334.1479545, 'message': 'Dec  6 21:18:52 hqnl0246134 sshd[255679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:18:56,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354336.147319, 'message': 'Dec  6 21:18:54 hqnl0246134 sshd[255679]: Failed password for root from 61.177.173.18 port 41499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:18:57,160] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:18:57,160] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:18:57,161] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 21:18:58,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354338.1503007, 'message': 'Dec  6 21:18:56 hqnl0246134 sshd[255679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 21:19:00,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354340.153102, 'message': 'Dec  6 21:18:58 hqnl0246134 sshd[255679]: Failed password for root from 61.177.173.18 port 41499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:19:00,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354340.1533175, 'message': 'Dec  6 21:18:59 hqnl0246134 sshd[255679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:19:02,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354342.154341, 'message': 'Dec  6 21:19:00 hqnl0246134 sshd[255679]: Failed password for root from 61.177.173.18 port 41499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:19:04,175] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:19:04,176] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:19:04,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:19:04,197] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-06 21:19:10,337] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:19:10,357] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0291 seconds
INFO    [2022-12-06 21:19:17,737] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:19:17,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:19:17,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:19:17,760] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 21:19:20,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:19:20,539] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:19:20,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:19:20,559] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 21:19:40,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354380.2013965, 'message': 'Dec  6 21:19:39 hqnl0246134 sshd[255723]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 21:19:40,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354380.2019072, 'message': 'Dec  6 21:19:39 hqnl0246134 sshd[255723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 21:19:42,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354382.2019782, 'message': 'Dec  6 21:19:41 hqnl0246134 sshd[255723]: Failed password for root from 61.177.173.18 port 12089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:19:42,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354382.2022262, 'message': 'Dec  6 21:19:41 hqnl0246134 sshd[255723]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:19:44,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354384.2043786, 'message': 'Dec  6 21:19:43 hqnl0246134 sshd[255723]: Failed password for root from 61.177.173.18 port 12089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:19:46,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354386.205944, 'message': 'Dec  6 21:19:44 hqnl0246134 sshd[255723]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 21:19:48,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354388.2080576, 'message': 'Dec  6 21:19:46 hqnl0246134 sshd[255723]: Failed password for root from 61.177.173.18 port 12089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 21:19:48,951] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:19:48,952] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:19:56,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354396.2203434, 'message': 'Dec  6 21:19:55 hqnl0246134 sshd[255735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:19:58,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354398.2221591, 'message': 'Dec  6 21:19:57 hqnl0246134 sshd[255735]: Failed password for root from 165.227.166.207 port 35736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:20:04,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354404.2405481, 'message': 'Dec  6 21:20:02 hqnl0246134 sshd[255740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.146.28.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0969 seconds
INFO    [2022-12-06 21:20:04,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354404.2408288, 'message': 'Dec  6 21:20:02 hqnl0246134 sshd[255740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.146.28.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 21:20:04,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '129.146.28.20', 'timestamp': 1670354404.2410648, 'message': 'Dec  6 21:20:04 hqnl0246134 sshd[255740]: Failed password for root from 129.146.28.20 port 40984 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 21:20:07,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:20:07,489] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:20:07,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:20:07,508] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
WARNING [2022-12-06 21:20:10,340] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:20:10,362] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 21:20:14,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.228.27', 'timestamp': 1670354414.2356656, 'message': 'Dec  6 21:20:13 hqnl0246134 sshd[255777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.228.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:20:14,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.228.27', 'timestamp': 1670354414.2360666, 'message': 'Dec  6 21:20:13 hqnl0246134 sshd[255777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.228.27  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:20:16,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.230.228.27', 'timestamp': 1670354416.2362633, 'message': 'Dec  6 21:20:15 hqnl0246134 sshd[255777]: Failed password for root from 157.230.228.27 port 47692 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 21:20:19,857] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:20:19,858] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:20:19,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:20:19,877] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 21:20:22,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:20:22,494] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:20:22,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:20:22,514] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 21:20:28,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354428.2439516, 'message': 'Dec  6 21:20:27 hqnl0246134 sshd[255803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 21:20:28,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354428.2444174, 'message': 'Dec  6 21:20:27 hqnl0246134 sshd[255803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:20:30,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354430.2456088, 'message': 'Dec  6 21:20:29 hqnl0246134 sshd[255803]: Failed password for root from 61.177.173.18 port 34356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:20:30,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354430.2500458, 'message': 'Dec  6 21:20:29 hqnl0246134 sshd[255803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:20:32,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354432.2483597, 'message': 'Dec  6 21:20:31 hqnl0246134 sshd[255803]: Failed password for root from 61.177.173.18 port 34356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:20:34,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354434.249529, 'message': 'Dec  6 21:20:33 hqnl0246134 sshd[255803]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:20:36,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354436.2512314, 'message': 'Dec  6 21:20:35 hqnl0246134 sshd[255803]: Failed password for root from 61.177.173.18 port 34356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-06 21:20:48,954] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:20:48,955] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:20:52,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354452.2715669, 'message': 'Dec  6 21:20:51 hqnl0246134 sshd[255818]: Invalid user info from 49.50.230.198 port 50298', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 21:20:52,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354452.272418, 'message': 'Dec  6 21:20:51 hqnl0246134 sshd[255818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.50.230.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:20:52,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354452.2725673, 'message': 'Dec  6 21:20:51 hqnl0246134 sshd[255818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.50.230.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:20:54,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354454.2735698, 'message': 'Dec  6 21:20:53 hqnl0246134 sshd[255818]: Failed password for invalid user info from 49.50.230.198 port 50298 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 21:20:56,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354456.2767403, 'message': 'Dec  6 21:20:55 hqnl0246134 sshd[255818]: Disconnected from invalid user info 49.50.230.198 port 50298 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-06 21:21:10,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:21:10,366] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0296 seconds
INFO    [2022-12-06 21:21:16,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354476.2981818, 'message': 'Dec  6 21:21:15 hqnl0246134 sshd[255831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 21:21:16,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354476.2985668, 'message': 'Dec  6 21:21:15 hqnl0246134 sshd[255831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:21:18,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354478.3014214, 'message': 'Dec  6 21:21:17 hqnl0246134 sshd[255831]: Failed password for root from 61.177.173.18 port 57847 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 21:21:19,723] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:21:19,724] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:21:19,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:21:19,744] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 21:21:20,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354480.304923, 'message': 'Dec  6 21:21:19 hqnl0246134 sshd[255831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1820 seconds
INFO    [2022-12-06 21:21:22,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354482.3075213, 'message': 'Dec  6 21:21:20 hqnl0246134 sshd[255831]: Failed password for root from 61.177.173.18 port 57847 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-06 21:21:22,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354482.3079212, 'message': 'Dec  6 21:21:21 hqnl0246134 sshd[255831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 21:21:22,623] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:21:22,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:21:22,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:21:22,688] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0512 seconds
INFO    [2022-12-06 21:21:24,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354484.3099203, 'message': 'Dec  6 21:21:23 hqnl0246134 sshd[255831]: Failed password for root from 61.177.173.18 port 57847 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 21:21:26,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.21.236.151', 'timestamp': 1670354486.3102393, 'message': 'Dec  6 21:21:24 hqnl0246134 sshd[255856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.21.236.151 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 21:21:26,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.21.236.151', 'timestamp': 1670354486.3105068, 'message': 'Dec  6 21:21:24 hqnl0246134 sshd[255856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.21.236.151  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:21:28,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:21:28,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:21:28,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:21:28,401] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-06 21:21:28,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.21.236.151', 'timestamp': 1670354488.3701828, 'message': 'Dec  6 21:21:27 hqnl0246134 sshd[255856]: Failed password for root from 201.21.236.151 port 34796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:21:36,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670354496.3267665, 'message': 'Dec  6 21:21:34 hqnl0246134 sshd[255868]: Invalid user ns from 23.224.81.32 port 45662', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:21:36,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '23.224.81.32', 'timestamp': 1670354496.3273113, 'message': 'Dec  6 21:21:34 hqnl0246134 sshd[255868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.224.81.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:21:38,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670354498.3294036, 'message': 'Dec  6 21:21:37 hqnl0246134 sshd[255868]: Failed password for invalid user ns from 23.224.81.32 port 45662 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 21:21:40,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670354500.3313928, 'message': 'Dec  6 21:21:39 hqnl0246134 sshd[255868]: Disconnected from invalid user ns 23.224.81.32 port 45662 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:21:48,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354508.3410485, 'message': 'Dec  6 21:21:47 hqnl0246134 sshd[255879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0378 seconds
WARNING [2022-12-06 21:21:48,958] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:21:48,958] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:21:50,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354510.341654, 'message': 'Dec  6 21:21:49 hqnl0246134 sshd[255879]: Failed password for root from 165.227.166.207 port 46096 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 21:21:53,999] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 21:22:04,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354524.364996, 'message': 'Dec  6 21:22:04 hqnl0246134 sshd[255919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 21:22:04,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354524.365335, 'message': 'Dec  6 21:22:04 hqnl0246134 sshd[255919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:22:06,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354526.3667507, 'message': 'Dec  6 21:22:06 hqnl0246134 sshd[255919]: Failed password for root from 61.177.173.18 port 33645 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
WARNING [2022-12-06 21:22:10,348] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:22:10,378] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-06 21:22:10,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354530.3699427, 'message': 'Dec  6 21:22:08 hqnl0246134 sshd[255919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 21:22:12,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354532.372424, 'message': 'Dec  6 21:22:10 hqnl0246134 sshd[255919]: Failed password for root from 61.177.173.18 port 33645 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:22:14,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354534.3768158, 'message': 'Dec  6 21:22:12 hqnl0246134 sshd[255919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:22:16,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354536.37937, 'message': 'Dec  6 21:22:14 hqnl0246134 sshd[255919]: Failed password for root from 61.177.173.18 port 33645 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 21:22:18,217] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:22:18,218] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:22:18,239] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:22:18,270] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0372 seconds
INFO    [2022-12-06 21:22:20,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:22:20,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:22:20,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:22:20,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 21:22:32,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '66.43.250.3', 'timestamp': 1670354552.3932848, 'message': 'Dec  6 21:22:31 hqnl0246134 sshd[255953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 66.43.250.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 21:22:32,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '66.43.250.3', 'timestamp': 1670354552.3938887, 'message': 'Dec  6 21:22:31 hqnl0246134 sshd[255953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.43.250.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 21:22:34,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '66.43.250.3', 'timestamp': 1670354554.39146, 'message': 'Dec  6 21:22:33 hqnl0246134 sshd[255953]: Failed password for root from 66.43.250.3 port 51935 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 21:22:37,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:22:37,954] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:22:37,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:22:37,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-06 21:22:48,963] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:22:48,965] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:22:52,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354572.4117105, 'message': 'Dec  6 21:22:52 hqnl0246134 sshd[255988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 21:22:52,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354572.4122653, 'message': 'Dec  6 21:22:52 hqnl0246134 sshd[255988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:22:56,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354576.4162486, 'message': 'Dec  6 21:22:54 hqnl0246134 sshd[255988]: Failed password for root from 61.177.173.18 port 52912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:22:56,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354576.4166079, 'message': 'Dec  6 21:22:54 hqnl0246134 sshd[255988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:22:58,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354578.4190183, 'message': 'Dec  6 21:22:56 hqnl0246134 sshd[255988]: Failed password for root from 61.177.173.18 port 52912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 21:22:58,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354578.4193997, 'message': 'Dec  6 21:22:56 hqnl0246134 sshd[255988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 21:23:00,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354580.4210908, 'message': 'Dec  6 21:22:59 hqnl0246134 sshd[255988]: Failed password for root from 61.177.173.18 port 52912 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 21:23:10,350] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:23:10,371] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0281 seconds
INFO    [2022-12-06 21:23:17,809] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:23:17,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:23:17,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:23:17,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 21:23:20,329] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:23:20,329] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:23:20,337] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:23:20,348] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 21:23:24,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670354604.4979968, 'message': 'Dec  6 21:23:23 hqnl0246134 sshd[256019]: Invalid user tibero6 from 46.101.123.135 port 49666', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:23:24,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670354604.4982574, 'message': 'Dec  6 21:23:23 hqnl0246134 sshd[256019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:23:24,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670354604.5009036, 'message': 'Dec  6 21:23:23 hqnl0246134 sshd[256019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:23:26,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670354606.4981925, 'message': 'Dec  6 21:23:25 hqnl0246134 sshd[256019]: Failed password for invalid user tibero6 from 46.101.123.135 port 49666 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 21:23:26,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670354606.4985025, 'message': 'Dec  6 21:23:25 hqnl0246134 sshd[256019]: Disconnected from invalid user tibero6 46.101.123.135 port 49666 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 21:23:42,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354622.5514302, 'message': 'Dec  6 21:23:40 hqnl0246134 sshd[256028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 21:23:42,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354622.5521042, 'message': 'Dec  6 21:23:41 hqnl0246134 sshd[256030]: Invalid user root2 from 165.227.166.207 port 56412', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 21:23:42,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354622.5519702, 'message': 'Dec  6 21:23:40 hqnl0246134 sshd[256028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:23:42,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354622.5522463, 'message': 'Dec  6 21:23:41 hqnl0246134 sshd[256030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:23:44,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354624.5528073, 'message': 'Dec  6 21:23:43 hqnl0246134 sshd[256030]: Failed password for invalid user root2 from 165.227.166.207 port 56412 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 21:23:44,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354624.553132, 'message': 'Dec  6 21:23:43 hqnl0246134 sshd[256028]: Failed password for root from 61.177.173.18 port 24726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 21:23:44,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354624.5532646, 'message': 'Dec  6 21:23:43 hqnl0246134 sshd[256030]: Disconnected from invalid user root2 165.227.166.207 port 56412 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:23:46,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354626.5543594, 'message': 'Dec  6 21:23:45 hqnl0246134 sshd[256028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 21:23:48,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354628.555323, 'message': 'Dec  6 21:23:47 hqnl0246134 sshd[256028]: Failed password for root from 61.177.173.18 port 24726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 21:23:48,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354628.5556011, 'message': 'Dec  6 21:23:47 hqnl0246134 sshd[256028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 21:23:48,969] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:23:48,970] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:23:50,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354630.5573242, 'message': 'Dec  6 21:23:48 hqnl0246134 sshd[256028]: Failed password for root from 61.177.173.18 port 24726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
WARNING [2022-12-06 21:24:10,353] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:24:10,401] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0559 seconds
INFO    [2022-12-06 21:24:18,094] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:24:18,095] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:24:18,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:24:18,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0243 seconds
INFO    [2022-12-06 21:24:20,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:24:20,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:24:20,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:24:20,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 21:24:30,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354670.6122844, 'message': 'Dec  6 21:24:28 hqnl0246134 sshd[256080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 21:24:30,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354670.6129727, 'message': 'Dec  6 21:24:28 hqnl0246134 sshd[256080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 21:24:32,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354672.612874, 'message': 'Dec  6 21:24:30 hqnl0246134 sshd[256080]: Failed password for root from 61.177.173.18 port 51035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:24:34,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354674.6154156, 'message': 'Dec  6 21:24:32 hqnl0246134 sshd[256080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:24:36,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354676.6224751, 'message': 'Dec  6 21:24:35 hqnl0246134 sshd[256080]: Failed password for root from 61.177.173.18 port 51035 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:24:38,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354678.6231253, 'message': 'Dec  6 21:24:37 hqnl0246134 sshd[256080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:24:40,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354680.6254625, 'message': 'Dec  6 21:24:39 hqnl0246134 sshd[256080]: Failed password for root from 61.177.173.18 port 51035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:24:42,134] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:24:42,135] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:24:42,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:24:42,162] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-06 21:24:42,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354682.6277316, 'message': 'Dec  6 21:24:42 hqnl0246134 sshd[256108]: Invalid user ubuntu from 49.50.230.198 port 37000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:24:42,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354682.6279962, 'message': 'Dec  6 21:24:42 hqnl0246134 sshd[256108]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.50.230.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:24:42,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354682.6284788, 'message': 'Dec  6 21:24:42 hqnl0246134 sshd[256108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.50.230.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:24:44,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354684.6315658, 'message': 'Dec  6 21:24:44 hqnl0246134 sshd[256108]: Failed password for invalid user ubuntu from 49.50.230.198 port 37000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 21:24:46,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354686.6348507, 'message': 'Dec  6 21:24:45 hqnl0246134 sshd[256108]: Disconnected from invalid user ubuntu 49.50.230.198 port 37000 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-06 21:24:48,973] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:24:48,974] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:25:10,358] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:25:10,379] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0309 seconds
INFO    [2022-12-06 21:25:10,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354710.7051575, 'message': 'Dec  6 21:25:09 hqnl0246134 sshd[256148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.246.240.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:25:10,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354710.7054193, 'message': 'Dec  6 21:25:09 hqnl0246134 sshd[256148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.246.240.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:25:12,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354712.7163508, 'message': 'Dec  6 21:25:11 hqnl0246134 sshd[256148]: Failed password for root from 103.246.240.28 port 34042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 21:25:16,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354716.7254064, 'message': 'Dec  6 21:25:14 hqnl0246134 sshd[256155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 21:25:16,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354716.725743, 'message': 'Dec  6 21:25:14 hqnl0246134 sshd[256155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:25:17,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:25:17,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:25:17,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:25:17,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 21:25:18,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354718.7306643, 'message': 'Dec  6 21:25:17 hqnl0246134 sshd[256155]: Failed password for root from 61.177.173.18 port 16449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 21:25:20,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:25:20,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:25:20,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:25:20,614] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 21:25:20,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354720.7358923, 'message': 'Dec  6 21:25:19 hqnl0246134 sshd[256155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 21:25:22,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354722.74031, 'message': 'Dec  6 21:25:21 hqnl0246134 sshd[256155]: Failed password for root from 61.177.173.18 port 16449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 21:25:22,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354722.7407498, 'message': 'Dec  6 21:25:21 hqnl0246134 sshd[256155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 21:25:24,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354724.7426274, 'message': 'Dec  6 21:25:23 hqnl0246134 sshd[256155]: Failed password for root from 61.177.173.18 port 16449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:25:34,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354734.7525313, 'message': 'Dec  6 21:25:33 hqnl0246134 sshd[256181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 21:25:36,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354736.7541132, 'message': 'Dec  6 21:25:35 hqnl0246134 sshd[256181]: Failed password for root from 165.227.166.207 port 38400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 21:25:42,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.160.145.243', 'timestamp': 1670354742.7637465, 'message': 'Dec  6 21:25:42 hqnl0246134 sshd[256184]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.160.145.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:25:42,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.160.145.243', 'timestamp': 1670354742.7639782, 'message': 'Dec  6 21:25:42 hqnl0246134 sshd[256184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:25:43,575] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:25:43,647] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:25:43,648] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:25:43,648] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:25:43,648] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:25:43,648] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:25:43,657] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:25:43,672] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0233 seconds
WARNING [2022-12-06 21:25:43,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:25:43,681] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:25:43,697] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0304 seconds
INFO    [2022-12-06 21:25:43,698] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0289 seconds
INFO    [2022-12-06 21:25:44,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.160.145.243', 'timestamp': 1670354744.7664487, 'message': 'Dec  6 21:25:44 hqnl0246134 sshd[256184]: Failed password for root from 202.160.145.243 port 35287 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:25:46,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:25:46,680] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:25:46,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:25:46,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0235 seconds
WARNING [2022-12-06 21:25:48,976] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:25:48,977] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:26:02,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354762.8175552, 'message': 'Dec  6 21:26:01 hqnl0246134 sshd[256204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.50.230.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 21:26:02,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354762.8182166, 'message': 'Dec  6 21:26:01 hqnl0246134 sshd[256207]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 21:26:02,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354762.8179514, 'message': 'Dec  6 21:26:01 hqnl0246134 sshd[256204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.50.230.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:26:02,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354762.818409, 'message': 'Dec  6 21:26:01 hqnl0246134 sshd[256207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:26:04,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354764.817686, 'message': 'Dec  6 21:26:03 hqnl0246134 sshd[256204]: Failed password for root from 49.50.230.198 port 54118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:26:04,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354764.8185143, 'message': 'Dec  6 21:26:03 hqnl0246134 sshd[256207]: Failed password for root from 61.177.173.18 port 39296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 21:26:04,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354764.8186388, 'message': 'Dec  6 21:26:04 hqnl0246134 sshd[256207]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:26:06,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354766.822307, 'message': 'Dec  6 21:26:06 hqnl0246134 sshd[256207]: Failed password for root from 61.177.173.18 port 39296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:26:08,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354768.8247755, 'message': 'Dec  6 21:26:08 hqnl0246134 sshd[256207]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0431 seconds
WARNING [2022-12-06 21:26:10,359] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:26:10,384] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 21:26:10,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354770.8319914, 'message': 'Dec  6 21:26:10 hqnl0246134 sshd[256207]: Failed password for root from 61.177.173.18 port 39296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:26:13,777] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:26:13,777] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:26:13,778] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 21:26:17,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:26:17,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:26:17,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:26:17,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 21:26:20,428] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:26:20,429] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:26:20,436] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:26:20,448] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 21:26:32,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670354792.8664029, 'message': 'Dec  6 21:26:32 hqnl0246134 sshd[256245]: Invalid user raj from 134.122.57.194 port 51748', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 21:26:32,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.57.194', 'timestamp': 1670354792.8667817, 'message': 'Dec  6 21:26:32 hqnl0246134 sshd[256245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.57.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 21:26:32,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.57.194', 'timestamp': 1670354792.8670182, 'message': 'Dec  6 21:26:32 hqnl0246134 sshd[256245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.57.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:26:36,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670354796.8685565, 'message': 'Dec  6 21:26:34 hqnl0246134 sshd[256245]: Failed password for invalid user raj from 134.122.57.194 port 51748 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:26:36,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670354796.8687913, 'message': 'Dec  6 21:26:36 hqnl0246134 sshd[256245]: Disconnected from invalid user raj 134.122.57.194 port 51748 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:26:44,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.147.37.68', 'timestamp': 1670354804.8954582, 'message': 'Dec  6 21:26:43 hqnl0246134 sshd[256249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.147.37.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:26:44,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.147.37.68', 'timestamp': 1670354804.8958774, 'message': 'Dec  6 21:26:43 hqnl0246134 sshd[256249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.147.37.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:26:46,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.147.37.68', 'timestamp': 1670354806.9089656, 'message': 'Dec  6 21:26:45 hqnl0246134 sshd[256249]: Failed password for root from 141.147.37.68 port 43464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-06 21:26:48,983] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:26:48,984] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:26:50,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354810.9141097, 'message': 'Dec  6 21:26:50 hqnl0246134 sshd[256262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 21:26:50,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354810.9145253, 'message': 'Dec  6 21:26:50 hqnl0246134 sshd[256262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:26:52,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354812.916395, 'message': 'Dec  6 21:26:52 hqnl0246134 sshd[256262]: Failed password for root from 61.177.173.18 port 13356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:26:52,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354812.9248674, 'message': 'Dec  6 21:26:52 hqnl0246134 sshd[256262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:26:54,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354814.9185736, 'message': 'Dec  6 21:26:54 hqnl0246134 sshd[256262]: Failed password for root from 61.177.173.18 port 13356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:26:56,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354816.919258, 'message': 'Dec  6 21:26:55 hqnl0246134 sshd[256262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0698 seconds
INFO    [2022-12-06 21:26:58,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354818.9235246, 'message': 'Dec  6 21:26:57 hqnl0246134 sshd[256262]: Failed password for root from 61.177.173.18 port 13356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0251 seconds
WARNING [2022-12-06 21:27:10,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:27:10,384] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0291 seconds
INFO    [2022-12-06 21:27:18,193] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:27:18,194] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:27:18,203] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:27:18,215] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 21:27:18,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354838.9497259, 'message': 'Dec  6 21:27:17 hqnl0246134 sshd[256288]: Invalid user 0 from 49.50.230.198 port 43004', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:27:18,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354838.9500792, 'message': 'Dec  6 21:27:17 hqnl0246134 sshd[256288]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.50.230.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 21:27:19,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354838.950229, 'message': 'Dec  6 21:27:17 hqnl0246134 sshd[256288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.50.230.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 21:27:20,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:27:20,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:27:20,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:27:20,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 21:27:20,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354840.9522808, 'message': 'Dec  6 21:27:20 hqnl0246134 sshd[256288]: Failed password for invalid user 0 from 49.50.230.198 port 43004 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:27:22,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354842.9558687, 'message': 'Dec  6 21:27:21 hqnl0246134 sshd[256309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:27:24,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.50.230.198', 'timestamp': 1670354844.9597116, 'message': 'Dec  6 21:27:23 hqnl0246134 sshd[256288]: Disconnected from invalid user 0 49.50.230.198 port 43004 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:27:24,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354844.9599755, 'message': 'Dec  6 21:27:24 hqnl0246134 sshd[256309]: Failed password for root from 165.227.166.207 port 48842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:27:26,447] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:27:26,447] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:27:26,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:27:26,465] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 21:27:37,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354856.984511, 'message': 'Dec  6 21:27:36 hqnl0246134 sshd[256317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:27:37,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354856.9847383, 'message': 'Dec  6 21:27:36 hqnl0246134 sshd[256317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:27:39,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354858.9854867, 'message': 'Dec  6 21:27:38 hqnl0246134 sshd[256317]: Failed password for root from 61.177.173.18 port 21441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:27:41,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354860.9931054, 'message': 'Dec  6 21:27:39 hqnl0246134 sshd[256317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 21:27:43,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354863.0003815, 'message': 'Dec  6 21:27:41 hqnl0246134 sshd[256317]: Failed password for root from 61.177.173.18 port 21441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 21:27:45,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354865.0052946, 'message': 'Dec  6 21:27:43 hqnl0246134 sshd[256317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:27:47,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354867.0102732, 'message': 'Dec  6 21:27:45 hqnl0246134 sshd[256317]: Failed password for root from 61.177.173.18 port 21441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-06 21:27:48,987] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:27:48,987] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:27:49,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670354869.0130472, 'message': 'Dec  6 21:27:47 hqnl0246134 sshd[256328]: Invalid user cs from 192.241.157.126 port 54922', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:27:49,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.241.157.126', 'timestamp': 1670354869.013443, 'message': 'Dec  6 21:27:47 hqnl0246134 sshd[256328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.241.157.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 21:27:49,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.241.157.126', 'timestamp': 1670354869.0136952, 'message': 'Dec  6 21:27:47 hqnl0246134 sshd[256328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:27:51,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670354871.014544, 'message': 'Dec  6 21:27:49 hqnl0246134 sshd[256328]: Failed password for invalid user cs from 192.241.157.126 port 54922 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:27:53,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670354873.0172787, 'message': 'Dec  6 21:27:51 hqnl0246134 sshd[256328]: Disconnected from invalid user cs 192.241.157.126 port 54922 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:27:59,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670354879.0243702, 'message': 'Dec  6 21:27:58 hqnl0246134 sshd[256331]: Invalid user image from 146.59.195.105 port 48768', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:27:59,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.195.105', 'timestamp': 1670354879.0246315, 'message': 'Dec  6 21:27:58 hqnl0246134 sshd[256331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.195.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:27:59,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.195.105', 'timestamp': 1670354879.0247703, 'message': 'Dec  6 21:27:58 hqnl0246134 sshd[256331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.195.105 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:28:01,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670354881.0254605, 'message': 'Dec  6 21:28:00 hqnl0246134 sshd[256331]: Failed password for invalid user image from 146.59.195.105 port 48768 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:28:03,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670354883.0295932, 'message': 'Dec  6 21:28:02 hqnl0246134 sshd[256331]: Disconnected from invalid user image 146.59.195.105 port 48768 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-06 21:28:10,366] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:28:10,392] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0336 seconds
INFO    [2022-12-06 21:28:17,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:28:17,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:28:17,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:28:17,836] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 21:28:20,449] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:28:20,449] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:28:20,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:28:20,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-06 21:28:29,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354909.091395, 'message': 'Dec  6 21:28:27 hqnl0246134 sshd[256362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 21:28:29,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354909.0919304, 'message': 'Dec  6 21:28:27 hqnl0246134 sshd[256362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 21:28:31,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354911.0898266, 'message': 'Dec  6 21:28:29 hqnl0246134 sshd[256362]: Failed password for root from 61.177.173.18 port 56698 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:28:33,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354913.0925927, 'message': 'Dec  6 21:28:31 hqnl0246134 sshd[256362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:28:35,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354915.0939887, 'message': 'Dec  6 21:28:33 hqnl0246134 sshd[256362]: Failed password for root from 61.177.173.18 port 56698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:28:35,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354915.0942981, 'message': 'Dec  6 21:28:34 hqnl0246134 sshd[256362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:28:37,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354917.0968115, 'message': 'Dec  6 21:28:36 hqnl0246134 sshd[256362]: Failed password for root from 61.177.173.18 port 56698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:28:41,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:28:41,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:28:41,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:28:41,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
WARNING [2022-12-06 21:28:48,993] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:28:48,994] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:28:54,837] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:28:54,907] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:28:54,908] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:28:54,908] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:28:54,909] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:28:54,909] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:28:54,928] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:28:54,956] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0457 seconds
WARNING [2022-12-06 21:28:54,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:28:54,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:28:55,002] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0554 seconds
INFO    [2022-12-06 21:28:55,004] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0523 seconds
INFO    [2022-12-06 21:28:55,273] defence360agent.files: Updating all files
INFO    [2022-12-06 21:28:55,626] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 21:28:55,627] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 21:28:55,910] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 21:28:55,910] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 21:28:56,232] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 21:28:56,233] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 21:28:56,559] defence360agent.files: Updating modsec-rules files via file by file download
INFO    [2022-12-06 21:28:57,470] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:57 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '233930'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"1865401378027025239b83e09cd6181e"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF736C30A42'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '73ee3f70-3754-4aa9-8f0a-0ee1d35313ee'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-minimal-nginx.zip'
INFO    [2022-12-06 21:28:57,916] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:57 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '236374'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"baa95d5a7b7d76bec974268c7719d9f3"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:11 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF7515D2917'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a9677ffc-f95e-4e2a-8cbd-a0e44adf9cc8'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-minimal-apache.zip'
INFO    [2022-12-06 21:28:58,359] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:58 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '236761'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"6d5c2ee37c53071bd4af67ccba177c32"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF76BAF9CD6'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '4da86dd3-7d88-4750-a92f-2b75112a2e3c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-minimal-litespeed.zip'
INFO    [2022-12-06 21:28:58,856] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:58 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '281925'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"b7508c20459f76b3c9f43308e485bf62"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF789634360'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ef48f6d1-ba2e-4a0b-b7d0-2ad8099d8826'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-apache.zip'
INFO    [2022-12-06 21:28:59,624] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:59 GMT'), ('Content-Type', 'text/plain'), ('Content-Length', '408'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"6dcd225d9fa69606c5b519be53e8f052"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF7B7382C21'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2ad95ca8-988d-415f-bbf7-e81a38bc5d3c'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/changelog.txt'
INFO    [2022-12-06 21:28:59,938] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:28:59 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '241534'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"a54917e0f663bca991b45a4becfb9baa"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF7C9DEDDF7'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'ad0f2024-c0f3-4ccd-8f6d-221611ef6416'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-minimal-apache.zip'
INFO    [2022-12-06 21:29:00,749] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:00 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '64459'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"c21a65ab1121688893a641093ca808fb"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF7FA3AC030'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'b10cead7-779b-4773-963d-5363a54348f7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-full-openlitespeed.zip'
INFO    [2022-12-06 21:29:01,136] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:01 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '299024'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"b5d14cfb76932006836277f06d4f0642"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF811372059'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'f74d9c5c-7bd3-4c6d-b83a-4b1edc62f1b7'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-full-apache.zip'
INFO    [2022-12-06 21:29:01,950] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:01 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '6737'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"3b28b0c7f8626831154a92866b45492e"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF841D01253'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'c2c2a5b8-abe1-4e4d-90be-9f0de7cbda6a'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-litespeed-generic.zip'
INFO    [2022-12-06 21:29:02,214] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:02 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '6624'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"69c03941b33ca33f5703adc6c1935c01"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF85197CDFF'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '75b0475c-40de-49dc-aed0-f1bf8d7429d3'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-nginx-generic.zip'
INFO    [2022-12-06 21:29:02,528] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:02 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '697'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"a7b0c9fbb6dae60c95617645fbfc6648"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF86458AB1B'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '59ff1954-778b-4499-a144-fa36c12d33b1'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/changelog.json'
INFO    [2022-12-06 21:29:02,847] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:02 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '279140'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"69998db09784dc8c7a6227a086970eac"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF87738FBD2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '08a00cc8-0c35-45dc-b3e6-830f35b6d82e'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-nginx.zip'
INFO    [2022-12-06 21:29:03,346] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:03 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '6839'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"13b37d68a20a447d0f50b83d8a592393"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF89510DC46'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '7ab23a8d-6aaf-4c63-b093-af573007e132'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-openlitespeed-generic.zip'
INFO    [2022-12-06 21:29:04,285] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:04 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '289716'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"ccd9b97a669bea6fba7f1329b19f4b74"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF8CCF158EC'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', '2db413c1-dd8f-4cb0-8f5f-28e79d7992aa'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-full-litespeed.zip'
INFO    [2022-12-06 21:29:04,787] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:04 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '6651'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"fbace57f9daf2cb2320e6aa76044bac0"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4AF8EAFBE819'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'a09125ff-0532-461b-97b1-c6ab82cb03d0'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-modsec3-full-apache-generic.zip'
INFO    [2022-12-06 21:29:05,687] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:05 GMT'), ('Content-Type', 'binary/octet-stream'), ('Content-Length', '58335'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"b6f9f777cec733eb789883f85e0cf3dc"'), ('Last-Modified', 'Tue, 06 Dec 2022 19:16:10 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF9208B200F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-version-id', 'e0292031-aa9b-4521-905f-44e5e4aac609'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/modsec/v2/imunify360-minimal-openlitespeed.zip'
INFO    [2022-12-06 21:29:05,748] defence360agent.files: Validating [modsec-rules]: /var/imunify360/files/modsec/v2_2022-12-06T192856.922447Z
INFO    [2022-12-06 21:29:05,765] defence360agent.files: Removing old path on file by file update: /var/imunify360/files/modsec/v2_2022-12-06T084944.629983Z
INFO    [2022-12-06 21:29:05,770] defence360agent.files: Updated modsec-rules using file by file download
ERROR   [2022-12-06 21:29:05,794] defence360agent.files: hook <function update_vendors at 0x7f80fa94ae50> error: Integration config is missing server_type field
Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 376, in _get_web_server_type
    web_server = IntegrationConfig.to_dict()["web_server"]["server_type"]
  File "/opt/alt/python38/lib/python3.8/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'web_server'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/alt/python38/lib/python3.8/dist-packages/defence360agent/files/__init__.py", line 946, in _run_hooks
    await hook(self, is_updated)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/update_hooks.py", line 32, in update_vendors
    await hp.apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 311, in apply_modsec_files_update
    await cls._apply_modsec_files_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 196, in _apply_modsec_files_update
    await GenericFilesVendorList.install_or_update()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/base.py", line 556, in install_or_update
    compatible_name = cls._get_compatible_name(installed_vendors)
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 363, in _get_compatible_name
    web_server = _get_web_server_type()
  File "/opt/alt/python38/lib/python3.8/dist-packages/im360/subsys/panels/generic/mod_security.py", line 378, in _get_web_server_type
    raise GenericPanelModSecException(
im360.subsys.panels.generic.mod_security.GenericPanelModSecException: Integration config is missing server_type field
INFO    [2022-12-06 21:29:05,825] defence360agent.files: modsec-rules files update finished
INFO    [2022-12-06 21:29:05,825] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 21:29:05,906] defence360agent.internals.the_sink: FilesUpdated({'files_type':'modsec-rules', 'files_index':<Index(type_=modsec-rules) is_blank=False, json={<26 item(s)>}>}) processed in 0.1140 seconds
INFO    [2022-12-06 21:29:06,123] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:29:06 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E4AF93A99112E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 21:29:06,125] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 21:29:06,125] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 21:29:06,649] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 21:29:06,649] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 21:29:06,961] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 21:29:06,961] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 21:29:07,227] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 21:29:07,227] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 21:29:07,631] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 21:29:07,631] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 21:29:08,081] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 21:29:08,083] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-06 21:29:10,369] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:29:10,400] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0384 seconds
INFO    [2022-12-06 21:29:11,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354951.1395702, 'message': 'Dec  6 21:29:09 hqnl0246134 sshd[256411]: Invalid user sunshine from 103.246.240.28 port 46528', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 21:29:11,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354951.140307, 'message': 'Dec  6 21:29:10 hqnl0246134 sshd[256413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 21:29:11,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354951.1399345, 'message': 'Dec  6 21:29:09 hqnl0246134 sshd[256411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.246.240.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:29:11,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354951.1401188, 'message': 'Dec  6 21:29:09 hqnl0246134 sshd[256411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.246.240.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:29:13,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354953.137632, 'message': 'Dec  6 21:29:11 hqnl0246134 sshd[256411]: Failed password for invalid user sunshine from 103.246.240.28 port 46528 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:29:13,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670354953.1378155, 'message': 'Dec  6 21:29:12 hqnl0246134 sshd[256413]: Failed password for root from 165.227.166.207 port 58952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:29:15,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670354955.1408317, 'message': 'Dec  6 21:29:13 hqnl0246134 sshd[256411]: Disconnected from invalid user sunshine 103.246.240.28 port 46528 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:29:17,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670354957.142894, 'message': 'Dec  6 21:29:15 hqnl0246134 sshd[256421]: Invalid user admin from 152.89.196.123 port 34274', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-06 21:29:17,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354957.1438448, 'message': 'Dec  6 21:29:16 hqnl0246134 sshd[256417]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 21:29:17,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670354957.143438, 'message': 'Dec  6 21:29:15 hqnl0246134 sshd[256421]: Failed none for invalid user admin from 152.89.196.123 port 34274 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 21:29:17,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354957.1440148, 'message': 'Dec  6 21:29:16 hqnl0246134 sshd[256417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-06 21:29:17,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.123', 'timestamp': 1670354957.1436677, 'message': 'Dec  6 21:29:15 hqnl0246134 sshd[256421]: Disconnected from invalid user admin 152.89.196.123 port 34274 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 21:29:18,047] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:29:18,048] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:29:18,057] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:29:18,069] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 21:29:19,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354959.1442568, 'message': 'Dec  6 21:29:18 hqnl0246134 sshd[256417]: Failed password for root from 61.177.173.18 port 20920 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:29:20,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:29:20,837] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:29:20,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:29:20,854] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 21:29:21,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354961.1459086, 'message': 'Dec  6 21:29:20 hqnl0246134 sshd[256417]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 21:29:23,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354963.1486208, 'message': 'Dec  6 21:29:22 hqnl0246134 sshd[256417]: Failed password for root from 61.177.173.18 port 20920 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0767 seconds
INFO    [2022-12-06 21:29:23,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354963.1488988, 'message': 'Dec  6 21:29:22 hqnl0246134 sshd[256417]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0642 seconds
INFO    [2022-12-06 21:29:25,035] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:29:25,036] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:29:25,037] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 21:29:25,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670354965.1526287, 'message': 'Dec  6 21:29:24 hqnl0246134 sshd[256417]: Failed password for root from 61.177.173.18 port 20920 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 21:29:48,998] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:29:48,999] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:30:03,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355003.2020454, 'message': 'Dec  6 21:30:02 hqnl0246134 sshd[256476]: Invalid user spider from 157.230.228.27 port 40310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 21:30:03,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355003.202453, 'message': 'Dec  6 21:30:02 hqnl0246134 sshd[256476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.228.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 21:30:03,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355003.202598, 'message': 'Dec  6 21:30:02 hqnl0246134 sshd[256476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.228.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 21:30:05,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355005.2037647, 'message': 'Dec  6 21:30:04 hqnl0246134 sshd[256478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 21:30:05,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355005.2045794, 'message': 'Dec  6 21:30:04 hqnl0246134 sshd[256476]: Failed password for invalid user spider from 157.230.228.27 port 40310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 21:30:05,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355005.2041755, 'message': 'Dec  6 21:30:04 hqnl0246134 sshd[256478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:30:07,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355007.2061079, 'message': 'Dec  6 21:30:05 hqnl0246134 sshd[256476]: Disconnected from invalid user spider 157.230.228.27 port 40310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 21:30:07,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355007.2063565, 'message': 'Dec  6 21:30:06 hqnl0246134 sshd[256478]: Failed password for root from 61.177.173.18 port 42837 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:30:07,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355007.2064714, 'message': 'Dec  6 21:30:06 hqnl0246134 sshd[256478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:30:08,088] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:30:08,089] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:30:08,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:30:08,108] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 21:30:09,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355009.2118354, 'message': 'Dec  6 21:30:08 hqnl0246134 sshd[256478]: Failed password for root from 61.177.173.18 port 42837 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:30:09,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355009.2121446, 'message': 'Dec  6 21:30:08 hqnl0246134 sshd[256478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 21:30:10,373] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:30:10,395] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-06 21:30:13,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355013.218025, 'message': 'Dec  6 21:30:11 hqnl0246134 sshd[256478]: Failed password for root from 61.177.173.18 port 42837 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 21:30:17,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:30:17,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:30:18,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:30:18,015] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 21:30:20,665] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:30:20,665] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:30:20,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:30:20,687] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
WARNING [2022-12-06 21:30:49,006] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:30:49,007] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:30:55,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355055.275187, 'message': 'Dec  6 21:30:53 hqnl0246134 sshd[256527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 21:30:55,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355055.2758229, 'message': 'Dec  6 21:30:53 hqnl0246134 sshd[256527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 21:30:57,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355057.276465, 'message': 'Dec  6 21:30:56 hqnl0246134 sshd[256527]: Failed password for root from 61.177.173.18 port 22329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 21:30:57,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355057.2766628, 'message': 'Dec  6 21:30:57 hqnl0246134 sshd[256529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 21:30:59,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355059.279577, 'message': 'Dec  6 21:30:57 hqnl0246134 sshd[256527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 21:30:59,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355059.279775, 'message': 'Dec  6 21:30:59 hqnl0246134 sshd[256529]: Failed password for root from 165.227.166.207 port 41016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 21:31:01,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355061.283344, 'message': 'Dec  6 21:30:59 hqnl0246134 sshd[256527]: Failed password for root from 61.177.173.18 port 22329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:31:01,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355061.2835321, 'message': 'Dec  6 21:31:00 hqnl0246134 sshd[256527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:31:03,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355063.2873232, 'message': 'Dec  6 21:31:01 hqnl0246134 sshd[256527]: Failed password for root from 61.177.173.18 port 22329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:31:03,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355063.2875795, 'message': 'Dec  6 21:31:02 hqnl0246134 sshd[256531]: Invalid user vision from 103.246.240.28 port 45214', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:31:03,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355063.2878106, 'message': 'Dec  6 21:31:02 hqnl0246134 sshd[256531]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.246.240.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:31:03,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355063.2880037, 'message': 'Dec  6 21:31:02 hqnl0246134 sshd[256531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.246.240.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:31:05,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355065.2892194, 'message': 'Dec  6 21:31:04 hqnl0246134 sshd[256531]: Failed password for invalid user vision from 103.246.240.28 port 45214 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:31:07,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355067.291786, 'message': 'Dec  6 21:31:05 hqnl0246134 sshd[256531]: Disconnected from invalid user vision 103.246.240.28 port 45214 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 21:31:10,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:31:10,426] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0566 seconds
INFO    [2022-12-06 21:31:17,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:31:17,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:31:17,855] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:31:17,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 21:31:20,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:31:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:31:20,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:31:20,511] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-06 21:31:39,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355099.3315241, 'message': 'Dec  6 21:31:38 hqnl0246134 sshd[256565]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 21:31:39,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355099.332063, 'message': 'Dec  6 21:31:38 hqnl0246134 sshd[256565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:31:41,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355101.3327715, 'message': 'Dec  6 21:31:40 hqnl0246134 sshd[256565]: Failed password for root from 61.177.173.18 port 35034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:31:43,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355103.3336565, 'message': 'Dec  6 21:31:43 hqnl0246134 sshd[256565]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:31:45,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355105.3360493, 'message': 'Dec  6 21:31:45 hqnl0246134 sshd[256565]: Failed password for root from 61.177.173.18 port 35034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:31:45,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355105.3369396, 'message': 'Dec  6 21:31:45 hqnl0246134 sshd[256565]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:31:47,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355107.3385365, 'message': 'Dec  6 21:31:47 hqnl0246134 sshd[256565]: Failed password for root from 61.177.173.18 port 35034 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0252 seconds
WARNING [2022-12-06 21:31:49,010] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:31:49,011] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:31:50,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:31:50,324] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:31:50,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:31:50,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-06 21:31:54,001] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 21:32:01,750] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:32:01,820] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:32:01,821] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:32:01,821] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:32:01,821] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:32:01,822] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:32:01,842] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:32:01,862] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0385 seconds
WARNING [2022-12-06 21:32:01,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:32:01,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:32:01,894] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0387 seconds
INFO    [2022-12-06 21:32:01,896] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0367 seconds
INFO    [2022-12-06 21:32:07,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355127.3766918, 'message': 'Dec  6 21:32:05 hqnl0246134 sshd[256619]: Invalid user janice from 134.122.57.194 port 57814', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 21:32:07,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355127.3769646, 'message': 'Dec  6 21:32:05 hqnl0246134 sshd[256619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.57.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:32:07,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355127.3771312, 'message': 'Dec  6 21:32:05 hqnl0246134 sshd[256619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.57.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:32:09,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355129.3827472, 'message': 'Dec  6 21:32:07 hqnl0246134 sshd[256619]: Failed password for invalid user janice from 134.122.57.194 port 57814 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:32:09,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355129.3829482, 'message': 'Dec  6 21:32:07 hqnl0246134 sshd[256619]: Disconnected from invalid user janice 134.122.57.194 port 57814 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 21:32:10,386] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:32:10,412] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0385 seconds
INFO    [2022-12-06 21:32:17,895] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:32:17,896] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:32:17,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:32:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 21:32:20,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:32:20,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:32:20,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:32:20,561] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 21:32:27,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355147.42667, 'message': 'Dec  6 21:32:26 hqnl0246134 sshd[256641]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:32:27,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355147.4270763, 'message': 'Dec  6 21:32:26 hqnl0246134 sshd[256641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:32:29,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355149.4280412, 'message': 'Dec  6 21:32:28 hqnl0246134 sshd[256641]: Failed password for root from 61.177.173.18 port 63611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 21:32:29,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355149.4284182, 'message': 'Dec  6 21:32:28 hqnl0246134 sshd[256641]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:32:31,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355151.4363174, 'message': 'Dec  6 21:32:31 hqnl0246134 sshd[256641]: Failed password for root from 61.177.173.18 port 63611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:32:31,946] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:32:31,947] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:32:31,948] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 21:32:33,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355153.4404778, 'message': 'Dec  6 21:32:32 hqnl0246134 sshd[256641]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 21:32:35,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355155.4444904, 'message': 'Dec  6 21:32:34 hqnl0246134 sshd[256647]: Invalid user cs from 157.230.228.27 port 57038', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 21:32:35,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355155.445186, 'message': 'Dec  6 21:32:34 hqnl0246134 sshd[256641]: Failed password for root from 61.177.173.18 port 63611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 21:32:35,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355155.4447887, 'message': 'Dec  6 21:32:34 hqnl0246134 sshd[256647]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.228.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:32:35,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355155.444939, 'message': 'Dec  6 21:32:34 hqnl0246134 sshd[256647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.228.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:32:37,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355157.4456882, 'message': 'Dec  6 21:32:36 hqnl0246134 sshd[256647]: Failed password for invalid user cs from 157.230.228.27 port 57038 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0731 seconds
INFO    [2022-12-06 21:32:39,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355159.452946, 'message': 'Dec  6 21:32:38 hqnl0246134 sshd[256647]: Disconnected from invalid user cs 157.230.228.27 port 57038 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 21:32:41,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355161.4616184, 'message': 'Dec  6 21:32:40 hqnl0246134 sshd[256651]: Invalid user support from 192.241.157.126 port 36122', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:32:41,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355161.461917, 'message': 'Dec  6 21:32:40 hqnl0246134 sshd[256651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.241.157.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:32:41,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355161.4621255, 'message': 'Dec  6 21:32:40 hqnl0246134 sshd[256651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:32:43,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355163.4689136, 'message': 'Dec  6 21:32:42 hqnl0246134 sshd[256651]: Failed password for invalid user support from 192.241.157.126 port 36122 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:32:45,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355165.4773037, 'message': 'Dec  6 21:32:44 hqnl0246134 sshd[256651]: Disconnected from invalid user support 192.241.157.126 port 36122 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 21:32:47,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355167.499473, 'message': 'Dec  6 21:32:47 hqnl0246134 sshd[256653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-06 21:32:49,019] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:32:49,019] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:32:49,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355169.4858015, 'message': 'Dec  6 21:32:49 hqnl0246134 sshd[256663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.246.240.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:32:49,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355169.4893756, 'message': 'Dec  6 21:32:49 hqnl0246134 sshd[256663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.246.240.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 21:32:51,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355171.485938, 'message': 'Dec  6 21:32:49 hqnl0246134 sshd[256653]: Failed password for root from 165.227.166.207 port 51304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 21:32:51,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.246.240.28', 'timestamp': 1670355171.4862185, 'message': 'Dec  6 21:32:51 hqnl0246134 sshd[256663]: Failed password for root from 103.246.240.28 port 43908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 21:32:53,837] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:32:53,837] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:32:53,844] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:32:53,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-06 21:33:10,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:33:10,412] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0349 seconds
INFO    [2022-12-06 21:33:15,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355195.5379672, 'message': 'Dec  6 21:33:14 hqnl0246134 sshd[256684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 21:33:15,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355195.538256, 'message': 'Dec  6 21:33:14 hqnl0246134 sshd[256684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 21:33:17,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:33:17,800] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:33:17,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:33:17,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355197.6762333, 'message': 'Dec  6 21:33:16 hqnl0246134 sshd[256684]: Failed password for root from 61.177.173.18 port 34697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1468 seconds
INFO    [2022-12-06 21:33:17,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0335 seconds
INFO    [2022-12-06 21:33:17,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355197.6765954, 'message': 'Dec  6 21:33:16 hqnl0246134 sshd[256684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 21:33:19,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355199.5409796, 'message': 'Dec  6 21:33:18 hqnl0246134 sshd[256684]: Failed password for root from 61.177.173.18 port 34697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:33:19,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355199.5412114, 'message': 'Dec  6 21:33:18 hqnl0246134 sshd[256684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 21:33:20,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:33:20,773] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:33:20,780] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:33:20,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
INFO    [2022-12-06 21:33:21,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355201.5423455, 'message': 'Dec  6 21:33:20 hqnl0246134 sshd[256684]: Failed password for root from 61.177.173.18 port 34697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:33:25,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355205.5615122, 'message': 'Dec  6 21:33:24 hqnl0246134 sshd[256705]: Invalid user sasaki from 23.224.81.32 port 48248', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 21:33:25,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355205.561914, 'message': 'Dec  6 21:33:24 hqnl0246134 sshd[256705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 23.224.81.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 21:33:25,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355205.5621006, 'message': 'Dec  6 21:33:24 hqnl0246134 sshd[256705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.224.81.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:33:27,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355207.568603, 'message': 'Dec  6 21:33:26 hqnl0246134 sshd[256705]: Failed password for invalid user sasaki from 23.224.81.32 port 48248 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:33:29,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355209.5772696, 'message': 'Dec  6 21:33:28 hqnl0246134 sshd[256705]: Disconnected from invalid user sasaki 23.224.81.32 port 48248 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:33:37,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.45.94.71', 'timestamp': 1670355217.5989583, 'message': 'Dec  6 21:33:35 hqnl0246134 sshd[256681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.45.94.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 21:33:37,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.45.94.71', 'timestamp': 1670355217.5993702, 'message': 'Dec  6 21:33:35 hqnl0246134 sshd[256681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.45.94.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:33:39,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.45.94.71', 'timestamp': 1670355219.6010153, 'message': 'Dec  6 21:33:37 hqnl0246134 sshd[256681]: Failed password for root from 104.45.94.71 port 50138 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 21:33:49,024] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:33:49,025] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:34:03,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355243.6425104, 'message': 'Dec  6 21:34:03 hqnl0246134 sshd[256734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 21:34:03,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355243.6432033, 'message': 'Dec  6 21:34:03 hqnl0246134 sshd[256734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:34:05,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355245.6439743, 'message': 'Dec  6 21:34:05 hqnl0246134 sshd[256734]: Failed password for root from 61.177.173.18 port 61036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 21:34:07,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355247.6468961, 'message': 'Dec  6 21:34:05 hqnl0246134 sshd[256734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 21:34:09,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355249.649075, 'message': 'Dec  6 21:34:08 hqnl0246134 sshd[256734]: Failed password for root from 61.177.173.18 port 61036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
WARNING [2022-12-06 21:34:10,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:34:10,410] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0305 seconds
INFO    [2022-12-06 21:34:11,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355251.6498377, 'message': 'Dec  6 21:34:09 hqnl0246134 sshd[256734]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:34:13,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355253.6525815, 'message': 'Dec  6 21:34:12 hqnl0246134 sshd[256734]: Failed password for root from 61.177.173.18 port 61036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:34:16,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:34:16,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:34:17,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:34:17,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 21:34:18,310] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:34:18,310] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:34:18,319] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:34:18,332] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 21:34:21,093] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:34:21,094] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:34:21,104] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:34:21,118] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-06 21:34:39,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355279.7046206, 'message': 'Dec  6 21:34:38 hqnl0246134 sshd[256769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 21:34:41,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355281.707032, 'message': 'Dec  6 21:34:40 hqnl0246134 sshd[256769]: Failed password for root from 165.227.166.207 port 33376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 21:34:47,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355287.718722, 'message': 'Dec  6 21:34:46 hqnl0246134 sshd[256771]: Invalid user dev from 141.147.37.68 port 34590', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:34:47,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355287.7190337, 'message': 'Dec  6 21:34:46 hqnl0246134 sshd[256771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.147.37.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:34:47,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355287.7194211, 'message': 'Dec  6 21:34:46 hqnl0246134 sshd[256771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.147.37.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 21:34:49,028] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:34:49,029] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:34:49,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355289.720811, 'message': 'Dec  6 21:34:48 hqnl0246134 sshd[256771]: Failed password for invalid user dev from 141.147.37.68 port 34590 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-06 21:34:49,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355289.7211695, 'message': 'Dec  6 21:34:48 hqnl0246134 sshd[256783]: Invalid user xl from 46.101.123.135 port 39214', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-06 21:34:49,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355289.7216103, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256785]: Invalid user oracle from 134.122.57.194 port 34432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 21:34:49,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355289.721335, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 21:34:49,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355289.7217257, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.57.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 21:34:49,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355289.7219837, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256771]: Disconnected from invalid user dev 141.147.37.68 port 34590 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 21:34:49,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355289.7214823, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:34:49,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355289.7218394, 'message': 'Dec  6 21:34:49 hqnl0246134 sshd[256785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.57.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:34:51,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355291.7222316, 'message': 'Dec  6 21:34:51 hqnl0246134 sshd[256783]: Failed password for invalid user xl from 46.101.123.135 port 39214 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-06 21:34:51,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355291.7225604, 'message': 'Dec  6 21:34:51 hqnl0246134 sshd[256785]: Failed password for invalid user oracle from 134.122.57.194 port 34432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 21:34:51,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355291.7226665, 'message': 'Dec  6 21:34:51 hqnl0246134 sshd[256787]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 21:34:51,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355291.7224169, 'message': 'Dec  6 21:34:51 hqnl0246134 sshd[256783]: Disconnected from invalid user xl 46.101.123.135 port 39214 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 21:34:51,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355291.7227955, 'message': 'Dec  6 21:34:51 hqnl0246134 sshd[256787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:34:53,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355293.726524, 'message': 'Dec  6 21:34:52 hqnl0246134 sshd[256785]: Disconnected from invalid user oracle 134.122.57.194 port 34432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:34:55,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355295.7295644, 'message': 'Dec  6 21:34:53 hqnl0246134 sshd[256787]: Failed password for root from 61.177.173.18 port 23430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 21:34:57,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355297.7311502, 'message': 'Dec  6 21:34:55 hqnl0246134 sshd[256787]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:34:57,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355297.7313745, 'message': 'Dec  6 21:34:57 hqnl0246134 sshd[256787]: Failed password for root from 61.177.173.18 port 23430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:34:59,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355299.7337558, 'message': 'Dec  6 21:34:58 hqnl0246134 sshd[256787]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 21:35:01,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355301.7362266, 'message': 'Dec  6 21:34:59 hqnl0246134 sshd[256787]: Failed password for root from 61.177.173.18 port 23430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
WARNING [2022-12-06 21:35:10,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:35:10,419] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-06 21:35:13,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355313.7459385, 'message': 'Dec  6 21:35:12 hqnl0246134 sshd[256817]: Invalid user support from 157.230.228.27 port 40760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:35:13,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355313.7461538, 'message': 'Dec  6 21:35:12 hqnl0246134 sshd[256817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.228.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 21:35:13,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355313.7462733, 'message': 'Dec  6 21:35:12 hqnl0246134 sshd[256817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.228.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:35:15,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355315.7482898, 'message': 'Dec  6 21:35:14 hqnl0246134 sshd[256817]: Failed password for invalid user support from 157.230.228.27 port 40760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:35:17,838] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:35:17,838] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 21:35:17,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.228.27', 'timestamp': 1670355317.7502549, 'message': 'Dec  6 21:35:16 hqnl0246134 sshd[256817]: Disconnected from invalid user support 157.230.228.27 port 40760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0920 seconds
WARNING [2022-12-06 21:35:17,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:35:17,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 21:35:18,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:35:18,831] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:35:18,840] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:35:18,851] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 21:35:20,572] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:35:20,572] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:35:20,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:35:20,590] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 21:35:21,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355321.7546968, 'message': 'Dec  6 21:35:20 hqnl0246134 sshd[256845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.241.157.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:35:21,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355321.7549202, 'message': 'Dec  6 21:35:20 hqnl0246134 sshd[256845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 21:35:23,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355323.7577462, 'message': 'Dec  6 21:35:22 hqnl0246134 sshd[256845]: Failed password for root from 192.241.157.126 port 53166 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:35:41,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355341.7709181, 'message': 'Dec  6 21:35:40 hqnl0246134 sshd[256854]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 21:35:41,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355341.771447, 'message': 'Dec  6 21:35:40 hqnl0246134 sshd[256854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:35:43,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355343.7724626, 'message': 'Dec  6 21:35:42 hqnl0246134 sshd[256854]: Failed password for root from 61.177.173.18 port 50649 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 21:35:45,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355345.7737818, 'message': 'Dec  6 21:35:44 hqnl0246134 sshd[256854]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:35:47,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355347.7797806, 'message': 'Dec  6 21:35:46 hqnl0246134 sshd[256854]: Failed password for root from 61.177.173.18 port 50649 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 21:35:47,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355347.780115, 'message': 'Dec  6 21:35:47 hqnl0246134 sshd[256858]: Invalid user svn from 146.59.195.105 port 59722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 21:35:47,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355347.7799716, 'message': 'Dec  6 21:35:47 hqnl0246134 sshd[256854]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 21:35:47,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355347.780221, 'message': 'Dec  6 21:35:47 hqnl0246134 sshd[256858]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.195.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:35:47,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355347.7803833, 'message': 'Dec  6 21:35:47 hqnl0246134 sshd[256858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.195.105 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-06 21:35:49,038] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:35:49,039] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:35:49,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355349.7850165, 'message': 'Dec  6 21:35:49 hqnl0246134 sshd[256854]: Failed password for root from 61.177.173.18 port 50649 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 21:35:51,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355351.790917, 'message': 'Dec  6 21:35:50 hqnl0246134 sshd[256858]: Failed password for invalid user svn from 146.59.195.105 port 59722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:35:51,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355351.7911882, 'message': 'Dec  6 21:35:51 hqnl0246134 sshd[256858]: Disconnected from invalid user svn 146.59.195.105 port 59722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-06 21:36:10,403] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:36:10,431] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0381 seconds
INFO    [2022-12-06 21:36:17,786] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:36:17,787] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:36:17,794] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:36:17,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 21:36:20,448] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:36:20,449] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:36:20,463] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:36:20,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
INFO    [2022-12-06 21:36:29,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355389.839075, 'message': 'Dec  6 21:36:28 hqnl0246134 sshd[256922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:36:29,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355389.8394494, 'message': 'Dec  6 21:36:28 hqnl0246134 sshd[256922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:36:31,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355391.8400033, 'message': 'Dec  6 21:36:30 hqnl0246134 sshd[256922]: Failed password for root from 61.177.173.18 port 15735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:36:33,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355393.8437386, 'message': 'Dec  6 21:36:32 hqnl0246134 sshd[256922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:36:35,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355395.8466978, 'message': 'Dec  6 21:36:34 hqnl0246134 sshd[256922]: Failed password for root from 61.177.173.18 port 15735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:36:35,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355395.8469648, 'message': 'Dec  6 21:36:34 hqnl0246134 sshd[256922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:36:37,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355397.8498573, 'message': 'Dec  6 21:36:36 hqnl0246134 sshd[256929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 21:36:37,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355397.8502843, 'message': 'Dec  6 21:36:37 hqnl0246134 sshd[256922]: Failed password for root from 61.177.173.18 port 15735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 21:36:39,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355399.8557293, 'message': 'Dec  6 21:36:38 hqnl0246134 sshd[256929]: Failed password for root from 165.227.166.207 port 43630 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 21:36:40,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:36:40,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:36:40,954] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:36:40,966] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-06 21:36:49,042] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:36:49,043] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 21:37:10,409] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:37:10,433] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0348 seconds
INFO    [2022-12-06 21:37:13,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355433.8960302, 'message': 'Dec  6 21:37:12 hqnl0246134 sshd[256968]: Invalid user steam from 23.224.81.32 port 59916', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:37:13,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355433.896328, 'message': 'Dec  6 21:37:12 hqnl0246134 sshd[256968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 23.224.81.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:37:13,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355433.8965235, 'message': 'Dec  6 21:37:12 hqnl0246134 sshd[256968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.224.81.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:37:15,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355435.8978703, 'message': 'Dec  6 21:37:14 hqnl0246134 sshd[256968]: Failed password for invalid user steam from 23.224.81.32 port 59916 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:37:15,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355435.898077, 'message': 'Dec  6 21:37:15 hqnl0246134 sshd[256968]: Disconnected from invalid user steam 23.224.81.32 port 59916 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:37:17,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:37:17,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:37:17,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:37:17,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0286 seconds
INFO    [2022-12-06 21:37:17,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355437.9498177, 'message': 'Dec  6 21:37:16 hqnl0246134 sshd[256970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 21:37:17,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355437.949963, 'message': 'Dec  6 21:37:16 hqnl0246134 sshd[256970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:37:18,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355437.9500856, 'message': 'Dec  6 21:37:17 hqnl0246134 sshd[256970]: Failed password for root from 61.177.173.18 port 36858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:37:19,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355439.9025922, 'message': 'Dec  6 21:37:18 hqnl0246134 sshd[256970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 21:37:20,676] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:37:20,677] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:37:20,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:37:20,696] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 21:37:21,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355441.9051206, 'message': 'Dec  6 21:37:19 hqnl0246134 sshd[256970]: Failed password for root from 61.177.173.18 port 36858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:37:21,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355441.9053323, 'message': 'Dec  6 21:37:20 hqnl0246134 sshd[256970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:37:23,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355443.9083269, 'message': 'Dec  6 21:37:22 hqnl0246134 sshd[256992]: Invalid user zy from 46.101.123.135 port 57134', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 21:37:23,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355443.9088457, 'message': 'Dec  6 21:37:22 hqnl0246134 sshd[256970]: Failed password for root from 61.177.173.18 port 36858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 21:37:23,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355443.9085584, 'message': 'Dec  6 21:37:22 hqnl0246134 sshd[256992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:37:23,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355443.9087358, 'message': 'Dec  6 21:37:22 hqnl0246134 sshd[256992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:37:25,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355445.9144177, 'message': 'Dec  6 21:37:24 hqnl0246134 sshd[256992]: Failed password for invalid user zy from 46.101.123.135 port 57134 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 21:37:25,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355445.914652, 'message': 'Dec  6 21:37:24 hqnl0246134 sshd[256994]: Invalid user feng from 134.122.57.194 port 45056', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:37:25,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355445.914766, 'message': 'Dec  6 21:37:25 hqnl0246134 sshd[256994]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.122.57.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 21:37:25,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355445.915094, 'message': 'Dec  6 21:37:25 hqnl0246134 sshd[256994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.57.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 21:37:27,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355447.9197328, 'message': 'Dec  6 21:37:25 hqnl0246134 sshd[256992]: Disconnected from invalid user zy 46.101.123.135 port 57134 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 21:37:27,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355447.9201026, 'message': 'Dec  6 21:37:26 hqnl0246134 sshd[256994]: Failed password for invalid user feng from 134.122.57.194 port 45056 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:37:27,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.122.57.194', 'timestamp': 1670355447.9202898, 'message': 'Dec  6 21:37:26 hqnl0246134 sshd[256994]: Disconnected from invalid user feng 134.122.57.194 port 45056 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 21:37:49,046] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:37:49,047] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:37:51,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355471.9605517, 'message': 'Dec  6 21:37:51 hqnl0246134 sshd[257010]: Invalid user spider from 192.241.157.126 port 41960', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 21:37:52,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355471.961205, 'message': 'Dec  6 21:37:51 hqnl0246134 sshd[257010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 192.241.157.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:37:52,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355471.9613934, 'message': 'Dec  6 21:37:51 hqnl0246134 sshd[257010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:37:53,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355473.9619014, 'message': 'Dec  6 21:37:52 hqnl0246134 sshd[257010]: Failed password for invalid user spider from 192.241.157.126 port 41960 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:37:56,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '192.241.157.126', 'timestamp': 1670355475.9622862, 'message': 'Dec  6 21:37:54 hqnl0246134 sshd[257010]: Disconnected from invalid user spider 192.241.157.126 port 41960 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 21:37:57,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:37:57,119] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:37:57,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:37:57,140] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 21:38:06,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355486.0943687, 'message': 'Dec  6 21:38:04 hqnl0246134 sshd[257026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:38:06,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355486.0945444, 'message': 'Dec  6 21:38:04 hqnl0246134 sshd[257026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:38:08,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355487.9757535, 'message': 'Dec  6 21:38:05 hqnl0246134 sshd[257026]: Failed password for root from 61.177.173.18 port 10392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:38:08,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355487.9760923, 'message': 'Dec  6 21:38:06 hqnl0246134 sshd[257026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 21:38:08,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355487.976481, 'message': 'Dec  6 21:38:07 hqnl0246134 sshd[257026]: Failed password for root from 61.177.173.18 port 10392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:38:09,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355489.978119, 'message': 'Dec  6 21:38:08 hqnl0246134 sshd[257026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 21:38:10,410] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:38:10,435] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0320 seconds
INFO    [2022-12-06 21:38:11,685] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:38:11,752] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:38:11,753] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:38:11,753] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:38:11,753] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:38:11,753] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:38:11,762] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:38:11,778] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0239 seconds
WARNING [2022-12-06 21:38:11,785] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:38:11,787] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:38:11,805] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0335 seconds
INFO    [2022-12-06 21:38:11,807] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0318 seconds
INFO    [2022-12-06 21:38:12,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355491.9831617, 'message': 'Dec  6 21:38:10 hqnl0246134 sshd[257026]: Failed password for root from 61.177.173.18 port 10392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:38:17,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:38:17,715] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:38:17,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:38:17,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 21:38:20,322] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:38:20,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:38:20,333] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:38:20,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 21:38:24,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355503.9945154, 'message': 'Dec  6 21:38:22 hqnl0246134 sshd[257049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.195.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 21:38:24,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355503.9948108, 'message': 'Dec  6 21:38:22 hqnl0246134 sshd[257049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.195.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:38:24,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355503.9950407, 'message': 'Dec  6 21:38:23 hqnl0246134 sshd[257049]: Failed password for root from 146.59.195.105 port 48670 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:38:30,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355510.0021813, 'message': 'Dec  6 21:38:29 hqnl0246134 sshd[257051]: Invalid user claudia from 202.160.145.243 port 39512', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 21:38:30,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355510.0036833, 'message': 'Dec  6 21:38:29 hqnl0246134 sshd[257051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.160.145.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 21:38:30,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355510.0038981, 'message': 'Dec  6 21:38:29 hqnl0246134 sshd[257051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:38:32,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355512.0037794, 'message': 'Dec  6 21:38:31 hqnl0246134 sshd[257053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 21:38:32,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355512.0039465, 'message': 'Dec  6 21:38:31 hqnl0246134 sshd[257051]: Failed password for invalid user claudia from 202.160.145.243 port 39512 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 21:38:34,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355514.0068524, 'message': 'Dec  6 21:38:33 hqnl0246134 sshd[257053]: Failed password for root from 165.227.166.207 port 53958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 21:38:36,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355516.0089374, 'message': 'Dec  6 21:38:34 hqnl0246134 sshd[257051]: Disconnected from invalid user claudia 202.160.145.243 port 39512 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.3306 seconds
INFO    [2022-12-06 21:38:42,495] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:38:42,496] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:38:42,497] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-06 21:38:49,049] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:38:49,050] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:38:52,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355532.0269496, 'message': 'Dec  6 21:38:50 hqnl0246134 sshd[257070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 21:38:52,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355532.0276968, 'message': 'Dec  6 21:38:50 hqnl0246134 sshd[257070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:38:54,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355534.0285633, 'message': 'Dec  6 21:38:53 hqnl0246134 sshd[257070]: Failed password for root from 61.177.173.18 port 29449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:38:56,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355536.03085, 'message': 'Dec  6 21:38:55 hqnl0246134 sshd[257070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:38:58,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355538.0338671, 'message': 'Dec  6 21:38:56 hqnl0246134 sshd[257070]: Failed password for root from 61.177.173.18 port 29449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:38:58,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355538.0341296, 'message': 'Dec  6 21:38:57 hqnl0246134 sshd[257070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:39:00,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355540.0364664, 'message': 'Dec  6 21:38:59 hqnl0246134 sshd[257070]: Failed password for root from 61.177.173.18 port 29449 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 21:39:10,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:39:10,440] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-06 21:39:18,357] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:39:18,358] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:39:18,365] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:39:18,376] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 21:39:21,362] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:39:21,363] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:39:21,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:39:21,423] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0592 seconds
INFO    [2022-12-06 21:39:40,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355580.0845113, 'message': 'Dec  6 21:39:38 hqnl0246134 sshd[257225]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:39:40,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355580.0848427, 'message': 'Dec  6 21:39:38 hqnl0246134 sshd[257225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 21:39:40,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355580.0850477, 'message': 'Dec  6 21:39:39 hqnl0246134 sshd[257225]: Failed password for root from 61.177.173.18 port 46008 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 21:39:42,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355582.0845108, 'message': 'Dec  6 21:39:40 hqnl0246134 sshd[257225]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:39:44,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355584.0863523, 'message': 'Dec  6 21:39:42 hqnl0246134 sshd[257225]: Failed password for root from 61.177.173.18 port 46008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:39:46,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355586.0903761, 'message': 'Dec  6 21:39:44 hqnl0246134 sshd[257225]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:39:48,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355588.0925171, 'message': 'Dec  6 21:39:46 hqnl0246134 sshd[257225]: Failed password for root from 61.177.173.18 port 46008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 21:39:48,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355588.0927882, 'message': 'Dec  6 21:39:47 hqnl0246134 sshd[257253]: Invalid user sg from 46.101.123.135 port 46606', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:39:48,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355588.0929515, 'message': 'Dec  6 21:39:47 hqnl0246134 sshd[257253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:39:48,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355588.0930772, 'message': 'Dec  6 21:39:47 hqnl0246134 sshd[257253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 21:39:49,055] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:39:49,056] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:39:49,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:39:49,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:39:49,570] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:39:49,582] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 21:39:50,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355590.0937996, 'message': 'Dec  6 21:39:49 hqnl0246134 sshd[257253]: Failed password for invalid user sg from 46.101.123.135 port 46606 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:39:52,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670355592.09729, 'message': 'Dec  6 21:39:50 hqnl0246134 sshd[257253]: Disconnected from invalid user sg 46.101.123.135 port 46606 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 21:40:10,419] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:40:10,440] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-06 21:40:18,191] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:40:18,191] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:40:18,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:40:18,230] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0376 seconds
INFO    [2022-12-06 21:40:20,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355620.128812, 'message': 'Dec  6 21:40:19 hqnl0246134 sshd[257306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 21:40:21,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:40:21,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:40:21,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:40:21,422] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 21:40:22,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355622.1297424, 'message': 'Dec  6 21:40:21 hqnl0246134 sshd[257306]: Failed password for root from 165.227.166.207 port 35988 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:40:28,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355628.1399395, 'message': 'Dec  6 21:40:27 hqnl0246134 sshd[257319]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:40:28,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355628.1401315, 'message': 'Dec  6 21:40:27 hqnl0246134 sshd[257319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 21:40:30,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355630.1420019, 'message': 'Dec  6 21:40:29 hqnl0246134 sshd[257319]: Failed password for root from 61.177.173.18 port 20304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:40:30,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355630.142215, 'message': 'Dec  6 21:40:29 hqnl0246134 sshd[257319]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:40:32,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355632.1445115, 'message': 'Dec  6 21:40:31 hqnl0246134 sshd[257319]: Failed password for root from 61.177.173.18 port 20304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 21:40:34,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355634.1458957, 'message': 'Dec  6 21:40:32 hqnl0246134 sshd[257319]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 21:40:34,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355634.1461716, 'message': 'Dec  6 21:40:34 hqnl0246134 sshd[257319]: Failed password for root from 61.177.173.18 port 20304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0514 seconds
WARNING [2022-12-06 21:40:49,059] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:40:49,061] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:40:52,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355652.1657827, 'message': 'Dec  6 21:40:50 hqnl0246134 sshd[257323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 23.224.81.32 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 21:40:52,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355652.1663797, 'message': 'Dec  6 21:40:50 hqnl0246134 sshd[257323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.224.81.32  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:40:52,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '23.224.81.32', 'timestamp': 1670355652.1665614, 'message': 'Dec  6 21:40:52 hqnl0246134 sshd[257323]: Failed password for root from 23.224.81.32 port 43356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:40:55,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:40:55,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:40:55,013] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:40:55,025] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 21:41:00,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355660.1792972, 'message': 'Dec  6 21:40:58 hqnl0246134 sshd[257339]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.195.105 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:41:00,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355660.1795325, 'message': 'Dec  6 21:40:58 hqnl0246134 sshd[257339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.195.105  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:41:02,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '146.59.195.105', 'timestamp': 1670355662.182099, 'message': 'Dec  6 21:41:00 hqnl0246134 sshd[257339]: Failed password for root from 146.59.195.105 port 37626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 21:41:10,425] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:41:10,467] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0498 seconds
INFO    [2022-12-06 21:41:17,797] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:41:17,798] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:41:17,809] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:41:17,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
INFO    [2022-12-06 21:41:18,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355678.2001028, 'message': 'Dec  6 21:41:16 hqnl0246134 sshd[257350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:41:18,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355678.200319, 'message': 'Dec  6 21:41:16 hqnl0246134 sshd[257350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:41:20,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355680.2024412, 'message': 'Dec  6 21:41:18 hqnl0246134 sshd[257350]: Failed password for root from 61.177.173.18 port 42045 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:41:22,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355682.2050464, 'message': 'Dec  6 21:41:20 hqnl0246134 sshd[257350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 21:41:22,408] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:41:22,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:41:22,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:41:22,430] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 21:41:24,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355684.205756, 'message': 'Dec  6 21:41:22 hqnl0246134 sshd[257350]: Failed password for root from 61.177.173.18 port 42045 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:41:26,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355686.2082045, 'message': 'Dec  6 21:41:24 hqnl0246134 sshd[257350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 21:41:28,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355688.2096968, 'message': 'Dec  6 21:41:27 hqnl0246134 sshd[257350]: Failed password for root from 61.177.173.18 port 42045 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 21:41:49,063] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:41:49,065] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:41:52,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355712.2357202, 'message': 'Dec  6 21:41:51 hqnl0246134 sshd[257384]: Invalid user git from 202.160.145.243 port 60643', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 21:41:52,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355712.236345, 'message': 'Dec  6 21:41:51 hqnl0246134 sshd[257384]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.160.145.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:41:52,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355712.236534, 'message': 'Dec  6 21:41:51 hqnl0246134 sshd[257384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
WARNING [2022-12-06 21:41:54,007] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 21:41:56,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355716.2419, 'message': 'Dec  6 21:41:54 hqnl0246134 sshd[257384]: Failed password for invalid user git from 202.160.145.243 port 60643 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:41:58,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355718.2415917, 'message': 'Dec  6 21:41:56 hqnl0246134 sshd[257384]: Disconnected from invalid user git 202.160.145.243 port 60643 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:42:06,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355726.252395, 'message': 'Dec  6 21:42:04 hqnl0246134 sshd[257404]: Invalid user jenkins from 201.21.236.151 port 57392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 21:42:06,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355726.2538562, 'message': 'Dec  6 21:42:05 hqnl0246134 sshd[257408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-06 21:42:06,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355726.2532692, 'message': 'Dec  6 21:42:04 hqnl0246134 sshd[257404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.21.236.151 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:42:06,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355726.2541518, 'message': 'Dec  6 21:42:05 hqnl0246134 sshd[257408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:42:06,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355726.2536013, 'message': 'Dec  6 21:42:04 hqnl0246134 sshd[257404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.21.236.151 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 21:42:08,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355728.252509, 'message': 'Dec  6 21:42:06 hqnl0246134 sshd[257404]: Failed password for invalid user jenkins from 201.21.236.151 port 57392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 21:42:08,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355728.252703, 'message': 'Dec  6 21:42:08 hqnl0246134 sshd[257408]: Failed password for root from 61.177.173.18 port 63930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 21:42:08,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355728.252814, 'message': 'Dec  6 21:42:08 hqnl0246134 sshd[257404]: Disconnected from invalid user jenkins 201.21.236.151 port 57392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:42:10,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355730.2547076, 'message': 'Dec  6 21:42:09 hqnl0246134 sshd[257408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 21:42:10,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355730.2567127, 'message': 'Dec  6 21:42:10 hqnl0246134 sshd[257414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
WARNING [2022-12-06 21:42:10,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:42:10,456] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-06 21:42:10,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:42:10,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:42:10,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:42:10,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 21:42:12,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355732.2576685, 'message': 'Dec  6 21:42:11 hqnl0246134 sshd[257408]: Failed password for root from 61.177.173.18 port 63930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 21:42:12,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355732.2580342, 'message': 'Dec  6 21:42:12 hqnl0246134 sshd[257414]: Failed password for root from 165.227.166.207 port 46280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:42:12,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355732.2578485, 'message': 'Dec  6 21:42:11 hqnl0246134 sshd[257408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:42:14,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355734.2610123, 'message': 'Dec  6 21:42:12 hqnl0246134 sshd[257419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.98.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 21:42:14,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355734.2613497, 'message': 'Dec  6 21:42:13 hqnl0246134 sshd[257408]: Failed password for root from 61.177.173.18 port 63930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:42:14,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355734.2611978, 'message': 'Dec  6 21:42:12 hqnl0246134 sshd[257419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.98.7  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:42:16,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355736.2630377, 'message': 'Dec  6 21:42:15 hqnl0246134 sshd[257419]: Failed password for root from 43.153.98.7 port 43356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:42:17,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:42:17,771] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:42:17,782] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:42:17,794] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 21:42:20,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:42:20,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:42:20,370] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:42:20,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 21:42:42,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.208.48.167', 'timestamp': 1670355762.2941518, 'message': 'Dec  6 21:42:41 hqnl0246134 sshd[257445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.208.48.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 21:42:42,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.208.48.167', 'timestamp': 1670355762.2944443, 'message': 'Dec  6 21:42:41 hqnl0246134 sshd[257445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.48.167  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:42:44,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.208.48.167', 'timestamp': 1670355764.2960274, 'message': 'Dec  6 21:42:44 hqnl0246134 sshd[257445]: Failed password for root from 85.208.48.167 port 53084 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-06 21:42:49,068] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:42:49,069] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:42:54,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355774.3106322, 'message': 'Dec  6 21:42:53 hqnl0246134 sshd[257457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 21:42:54,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355774.3110979, 'message': 'Dec  6 21:42:53 hqnl0246134 sshd[257457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 21:42:56,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355776.3131623, 'message': 'Dec  6 21:42:55 hqnl0246134 sshd[257457]: Failed password for root from 61.177.173.18 port 34430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 21:42:56,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355776.3134954, 'message': 'Dec  6 21:42:55 hqnl0246134 sshd[257457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:42:58,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355778.3158977, 'message': 'Dec  6 21:42:57 hqnl0246134 sshd[257457]: Failed password for root from 61.177.173.18 port 34430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:42:58,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.141.81.226', 'timestamp': 1670355778.316397, 'message': 'Dec  6 21:42:58 hqnl0246134 sshd[257459]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.141.81.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 21:42:58,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355778.3162317, 'message': 'Dec  6 21:42:58 hqnl0246134 sshd[257457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 21:42:58,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.141.81.226', 'timestamp': 1670355778.3165574, 'message': 'Dec  6 21:42:58 hqnl0246134 sshd[257459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 21:43:00,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.141.81.226', 'timestamp': 1670355780.320325, 'message': 'Dec  6 21:42:59 hqnl0246134 sshd[257459]: Failed password for root from 5.141.81.226 port 53586 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 21:43:00,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355780.320814, 'message': 'Dec  6 21:42:59 hqnl0246134 sshd[257457]: Failed password for root from 61.177.173.18 port 34430 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0368 seconds
WARNING [2022-12-06 21:43:10,433] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:43:10,457] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 21:43:17,853] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:43:17,853] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:43:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:43:17,874] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 21:43:20,624] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:43:20,625] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:43:20,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:43:20,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 21:43:30,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670355810.3491833, 'message': 'Dec  6 21:43:29 hqnl0246134 sshd[257512]: Invalid user root01 from 211.216.105.176 port 48342', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:43:30,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '211.216.105.176', 'timestamp': 1670355810.3494654, 'message': 'Dec  6 21:43:29 hqnl0246134 sshd[257512]: pam_imunify(sshd:auth): [IM360_RBL] The IP 211.216.105.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:43:30,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '211.216.105.176', 'timestamp': 1670355810.3496263, 'message': 'Dec  6 21:43:29 hqnl0246134 sshd[257512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.216.105.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:43:32,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670355812.3495033, 'message': 'Dec  6 21:43:31 hqnl0246134 sshd[257512]: Failed password for invalid user root01 from 211.216.105.176 port 48342 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:43:34,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670355814.3499575, 'message': 'Dec  6 21:43:33 hqnl0246134 sshd[257512]: Disconnected from invalid user root01 211.216.105.176 port 48342 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:43:36,552] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:43:36,553] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:43:36,560] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:43:36,571] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 21:43:38,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670355818.353385, 'message': 'Dec  6 21:43:36 hqnl0246134 sshd[257520]: Invalid user joe from 110.49.17.96 port 45366', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:43:38,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.49.17.96', 'timestamp': 1670355818.353656, 'message': 'Dec  6 21:43:36 hqnl0246134 sshd[257520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.49.17.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:43:38,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.49.17.96', 'timestamp': 1670355818.353831, 'message': 'Dec  6 21:43:36 hqnl0246134 sshd[257520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.17.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:43:40,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670355820.355688, 'message': 'Dec  6 21:43:39 hqnl0246134 sshd[257520]: Failed password for invalid user joe from 110.49.17.96 port 45366 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:43:40,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355820.3558936, 'message': 'Dec  6 21:43:40 hqnl0246134 sshd[257527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:43:40,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355820.3560717, 'message': 'Dec  6 21:43:40 hqnl0246134 sshd[257527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:43:42,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.226.210.53', 'timestamp': 1670355822.3581197, 'message': 'Dec  6 21:43:40 hqnl0246134 sshd[257525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.226.210.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 21:43:42,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670355822.3582962, 'message': 'Dec  6 21:43:40 hqnl0246134 sshd[257520]: Disconnected from invalid user joe 110.49.17.96 port 45366 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 21:43:42,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355822.3585138, 'message': 'Dec  6 21:43:41 hqnl0246134 sshd[257527]: Failed password for root from 61.177.173.18 port 49397 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 21:43:42,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.226.210.53', 'timestamp': 1670355822.35841, 'message': 'Dec  6 21:43:40 hqnl0246134 sshd[257525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.210.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 21:43:42,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355822.3588188, 'message': 'Dec  6 21:43:42 hqnl0246134 sshd[257527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 21:43:42,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '129.226.210.53', 'timestamp': 1670355822.3586729, 'message': 'Dec  6 21:43:42 hqnl0246134 sshd[257525]: Failed password for root from 129.226.210.53 port 44890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:43:44,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670355824.3614595, 'message': 'Dec  6 21:43:44 hqnl0246134 sshd[257530]: Invalid user test2 from 103.159.223.158 port 48192', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 21:43:46,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.159.223.158', 'timestamp': 1670355826.3620684, 'message': 'Dec  6 21:43:44 hqnl0246134 sshd[257530]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.159.223.158 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 21:43:46,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355826.3624656, 'message': 'Dec  6 21:43:44 hqnl0246134 sshd[257527]: Failed password for root from 61.177.173.18 port 49397 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 21:43:46,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.159.223.158', 'timestamp': 1670355826.3622935, 'message': 'Dec  6 21:43:44 hqnl0246134 sshd[257530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.223.158 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:43:46,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670355826.3625755, 'message': 'Dec  6 21:43:45 hqnl0246134 sshd[257530]: Failed password for invalid user test2 from 103.159.223.158 port 48192 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:43:48,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670355828.3646069, 'message': 'Dec  6 21:43:46 hqnl0246134 sshd[257530]: Disconnected from invalid user test2 103.159.223.158 port 48192 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1066 seconds
INFO    [2022-12-06 21:43:48,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355828.3648002, 'message': 'Dec  6 21:43:46 hqnl0246134 sshd[257527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1157 seconds
INFO    [2022-12-06 21:43:48,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355828.3649864, 'message': 'Dec  6 21:43:47 hqnl0246134 sshd[257534]: Invalid user usuario from 201.21.236.151 port 54900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1159 seconds
INFO    [2022-12-06 21:43:48,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355828.3651154, 'message': 'Dec  6 21:43:47 hqnl0246134 sshd[257534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.21.236.151 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0663 seconds
INFO    [2022-12-06 21:43:48,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355828.3652647, 'message': 'Dec  6 21:43:47 hqnl0246134 sshd[257534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.21.236.151 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0724 seconds
WARNING [2022-12-06 21:43:49,073] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:43:49,074] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:43:50,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355830.36802, 'message': 'Dec  6 21:43:49 hqnl0246134 sshd[257527]: Failed password for root from 61.177.173.18 port 49397 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1313 seconds
INFO    [2022-12-06 21:43:50,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355830.3683734, 'message': 'Dec  6 21:43:49 hqnl0246134 sshd[257534]: Failed password for invalid user usuario from 201.21.236.151 port 54900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1316 seconds
INFO    [2022-12-06 21:43:52,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355832.3728368, 'message': 'Dec  6 21:43:51 hqnl0246134 sshd[257534]: Disconnected from invalid user usuario 201.21.236.151 port 54900 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:43:58,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355838.382565, 'message': 'Dec  6 21:43:57 hqnl0246134 sshd[257548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 21:44:00,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355840.3869686, 'message': 'Dec  6 21:43:59 hqnl0246134 sshd[257548]: Failed password for root from 165.227.166.207 port 56564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0433 seconds
WARNING [2022-12-06 21:44:10,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:44:10,470] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0428 seconds
INFO    [2022-12-06 21:44:16,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.241.56', 'timestamp': 1670355856.4112992, 'message': 'Dec  6 21:44:16 hqnl0246134 sshd[257562]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.241.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 21:44:16,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.241.56', 'timestamp': 1670355856.4117627, 'message': 'Dec  6 21:44:16 hqnl0246134 sshd[257562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.241.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:44:17,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:44:17,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:44:17,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:44:17,832] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 21:44:18,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.110.241.56', 'timestamp': 1670355858.4119892, 'message': 'Dec  6 21:44:18 hqnl0246134 sshd[257562]: Failed password for root from 143.110.241.56 port 52022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 21:44:20,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:44:20,536] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:44:20,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:44:20,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1259 seconds
INFO    [2022-12-06 21:44:28,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355868.4258924, 'message': 'Dec  6 21:44:26 hqnl0246134 sshd[257585]: Invalid user kiosk from 43.153.98.7 port 39942', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:44:28,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.87.33.100', 'timestamp': 1670355868.4266114, 'message': 'Dec  6 21:44:27 hqnl0246134 sshd[257583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.87.33.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:44:28,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355868.4262877, 'message': 'Dec  6 21:44:26 hqnl0246134 sshd[257585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.98.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-06 21:44:28,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355868.426891, 'message': 'Dec  6 21:44:27 hqnl0246134 sshd[257587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 21:44:28,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.87.33.100', 'timestamp': 1670355868.4267826, 'message': 'Dec  6 21:44:27 hqnl0246134 sshd[257583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 21:44:28,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355868.4264743, 'message': 'Dec  6 21:44:26 hqnl0246134 sshd[257585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.98.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 21:44:28,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355868.427079, 'message': 'Dec  6 21:44:27 hqnl0246134 sshd[257587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 21:44:28,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '80.87.33.100', 'timestamp': 1670355868.4272795, 'message': 'Dec  6 21:44:28 hqnl0246134 sshd[257583]: Failed password for root from 80.87.33.100 port 57376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 21:44:28,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355868.4271808, 'message': 'Dec  6 21:44:28 hqnl0246134 sshd[257585]: Failed password for invalid user kiosk from 43.153.98.7 port 39942 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:44:30,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355870.426456, 'message': 'Dec  6 21:44:29 hqnl0246134 sshd[257585]: Disconnected from invalid user kiosk 43.153.98.7 port 39942 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 21:44:30,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355870.4267528, 'message': 'Dec  6 21:44:29 hqnl0246134 sshd[257587]: Failed password for root from 61.177.173.18 port 21183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 21:44:30,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355870.4269574, 'message': 'Dec  6 21:44:30 hqnl0246134 sshd[257587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:44:32,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355872.4284494, 'message': 'Dec  6 21:44:32 hqnl0246134 sshd[257587]: Failed password for root from 61.177.173.18 port 21183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:44:32,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355872.4286246, 'message': 'Dec  6 21:44:32 hqnl0246134 sshd[257587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:44:34,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355874.431076, 'message': 'Dec  6 21:44:34 hqnl0246134 sshd[257587]: Failed password for root from 61.177.173.18 port 21183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 21:44:46,970] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:44:47,037] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:44:47,037] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:44:47,037] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:44:47,038] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:44:47,038] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:44:47,053] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:44:47,078] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0397 seconds
WARNING [2022-12-06 21:44:47,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:44:47,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:44:47,239] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.1689 seconds
INFO    [2022-12-06 21:44:47,240] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.1656 seconds
WARNING [2022-12-06 21:44:49,078] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:44:49,079] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:45:06,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355906.4694257, 'message': 'Dec  6 21:45:05 hqnl0246134 sshd[257623]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.160.145.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 21:45:06,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355906.4702091, 'message': 'Dec  6 21:45:05 hqnl0246134 sshd[257625]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.147.37.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 21:45:06,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355906.470054, 'message': 'Dec  6 21:45:05 hqnl0246134 sshd[257623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 21:45:06,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355906.470331, 'message': 'Dec  6 21:45:05 hqnl0246134 sshd[257625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.147.37.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:45:08,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.160.145.243', 'timestamp': 1670355908.4698803, 'message': 'Dec  6 21:45:07 hqnl0246134 sshd[257623]: Failed password for root from 202.160.145.243 port 53554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 21:45:08,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.147.37.68', 'timestamp': 1670355908.47011, 'message': 'Dec  6 21:45:07 hqnl0246134 sshd[257625]: Failed password for root from 141.147.37.68 port 50532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 21:45:10,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:45:10,438] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:45:10,457] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:45:10,458] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:45:10,517] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0787 seconds
INFO    [2022-12-06 21:45:10,518] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0768 seconds
INFO    [2022-12-06 21:45:10,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355910.4906318, 'message': 'Dec  6 21:45:10 hqnl0246134 sshd[257632]: Invalid user shawn from 43.153.98.7 port 48050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 21:45:10,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355910.4908454, 'message': 'Dec  6 21:45:10 hqnl0246134 sshd[257632]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.98.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:45:10,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355910.4910066, 'message': 'Dec  6 21:45:10 hqnl0246134 sshd[257632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.98.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-06 21:45:12,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355912.4761636, 'message': 'Dec  6 21:45:12 hqnl0246134 sshd[257632]: Failed password for invalid user shawn from 43.153.98.7 port 48050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 21:45:14,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355914.4779198, 'message': 'Dec  6 21:45:14 hqnl0246134 sshd[257632]: Disconnected from invalid user shawn 43.153.98.7 port 48050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:45:16,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355916.48125, 'message': 'Dec  6 21:45:15 hqnl0246134 sshd[257644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 21:45:16,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355916.4815292, 'message': 'Dec  6 21:45:15 hqnl0246134 sshd[257644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:45:17,182] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:45:17,183] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:45:17,184] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-06 21:45:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:45:17,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:45:17,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:45:17,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 21:45:18,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355918.482351, 'message': 'Dec  6 21:45:17 hqnl0246134 sshd[257644]: Failed password for root from 61.177.173.18 port 48076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 21:45:18,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355918.4826918, 'message': 'Dec  6 21:45:17 hqnl0246134 sshd[257644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:45:20,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355920.4840863, 'message': 'Dec  6 21:45:19 hqnl0246134 sshd[257644]: Failed password for root from 61.177.173.18 port 48076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 21:45:20,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355920.484389, 'message': 'Dec  6 21:45:19 hqnl0246134 sshd[257644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:45:20,736] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:45:20,737] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:45:20,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:45:20,825] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0875 seconds
INFO    [2022-12-06 21:45:22,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355922.48631, 'message': 'Dec  6 21:45:21 hqnl0246134 sshd[257644]: Failed password for root from 61.177.173.18 port 48076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 21:45:40,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355940.5267978, 'message': 'Dec  6 21:45:39 hqnl0246134 sshd[257669]: Invalid user vnc from 201.21.236.151 port 57814', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:45:40,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355940.5270693, 'message': 'Dec  6 21:45:39 hqnl0246134 sshd[257669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.21.236.151 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:45:40,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355940.527213, 'message': 'Dec  6 21:45:39 hqnl0246134 sshd[257669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.21.236.151 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:45:42,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355942.5286627, 'message': 'Dec  6 21:45:40 hqnl0246134 sshd[257669]: Failed password for invalid user vnc from 201.21.236.151 port 57814 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 21:45:44,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.21.236.151', 'timestamp': 1670355944.5302315, 'message': 'Dec  6 21:45:42 hqnl0246134 sshd[257669]: Disconnected from invalid user vnc 201.21.236.151 port 57814 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 21:45:44,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355944.5304081, 'message': 'Dec  6 21:45:43 hqnl0246134 sshd[257671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 21:45:46,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670355946.5326288, 'message': 'Dec  6 21:45:45 hqnl0246134 sshd[257671]: Failed password for root from 165.227.166.207 port 38622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:45:46,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355946.5328174, 'message': 'Dec  6 21:45:45 hqnl0246134 sshd[257673]: Invalid user lee from 43.153.98.7 port 56132', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 21:45:46,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355946.5329847, 'message': 'Dec  6 21:45:45 hqnl0246134 sshd[257673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.98.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:45:46,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355946.533093, 'message': 'Dec  6 21:45:45 hqnl0246134 sshd[257673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.98.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:45:48,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355948.533605, 'message': 'Dec  6 21:45:47 hqnl0246134 sshd[257673]: Failed password for invalid user lee from 43.153.98.7 port 56132 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-06 21:45:49,082] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:45:49,082] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:45:50,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.98.7', 'timestamp': 1670355950.5363426, 'message': 'Dec  6 21:45:49 hqnl0246134 sshd[257673]: Disconnected from invalid user lee 43.153.98.7 port 56132 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:46:06,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355966.5566907, 'message': 'Dec  6 21:46:04 hqnl0246134 sshd[257693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 21:46:06,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355966.557073, 'message': 'Dec  6 21:46:04 hqnl0246134 sshd[257693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 21:46:08,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355968.557875, 'message': 'Dec  6 21:46:06 hqnl0246134 sshd[257693]: Failed password for root from 61.177.173.18 port 23028 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 21:46:10,453] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:46:10,480] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-06 21:46:10,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355970.560022, 'message': 'Dec  6 21:46:08 hqnl0246134 sshd[257693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:46:12,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355972.5621884, 'message': 'Dec  6 21:46:11 hqnl0246134 sshd[257693]: Failed password for root from 61.177.173.18 port 23028 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:46:12,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355972.5626066, 'message': 'Dec  6 21:46:11 hqnl0246134 sshd[257693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:46:14,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670355974.5646408, 'message': 'Dec  6 21:46:13 hqnl0246134 sshd[257693]: Failed password for root from 61.177.173.18 port 23028 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:46:18,339] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:46:18,340] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:46:18,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:46:18,360] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 21:46:18,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:46:18,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:46:18,717] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:46:18,737] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-06 21:46:21,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:46:21,343] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:46:21,352] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:46:21,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
WARNING [2022-12-06 21:46:49,089] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:46:49,090] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:46:52,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356012.601502, 'message': 'Dec  6 21:46:52 hqnl0246134 sshd[257737]: Invalid user tony from 5.141.81.226 port 39164', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 21:46:52,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356012.6020575, 'message': 'Dec  6 21:46:52 hqnl0246134 sshd[257737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.141.81.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 21:46:52,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356012.6022387, 'message': 'Dec  6 21:46:52 hqnl0246134 sshd[257737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 21:46:54,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356014.604053, 'message': 'Dec  6 21:46:53 hqnl0246134 sshd[257739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:46:54,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356014.6044014, 'message': 'Dec  6 21:46:54 hqnl0246134 sshd[257737]: Failed password for invalid user tony from 5.141.81.226 port 39164 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 21:46:54,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356014.6042879, 'message': 'Dec  6 21:46:53 hqnl0246134 sshd[257739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:46:56,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356016.6067646, 'message': 'Dec  6 21:46:55 hqnl0246134 sshd[257739]: Failed password for root from 61.177.173.18 port 43739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:46:56,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356016.6071153, 'message': 'Dec  6 21:46:56 hqnl0246134 sshd[257737]: Disconnected from invalid user tony 5.141.81.226 port 39164 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:46:56,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356016.6069815, 'message': 'Dec  6 21:46:55 hqnl0246134 sshd[257739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:46:58,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356018.6102781, 'message': 'Dec  6 21:46:57 hqnl0246134 sshd[257739]: Failed password for root from 61.177.173.18 port 43739 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:46:58,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356018.6104667, 'message': 'Dec  6 21:46:57 hqnl0246134 sshd[257739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 21:47:00,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356020.6108577, 'message': 'Dec  6 21:47:00 hqnl0246134 sshd[257739]: Failed password for root from 61.177.173.18 port 43739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 21:47:08,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356028.6223872, 'message': 'Dec  6 21:47:06 hqnl0246134 sshd[257781]: Invalid user contador from 43.153.30.100 port 48662', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 21:47:08,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356028.6228688, 'message': 'Dec  6 21:47:07 hqnl0246134 sshd[257783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.43.241 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 21:47:08,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356028.6225863, 'message': 'Dec  6 21:47:06 hqnl0246134 sshd[257781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 21:47:08,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356028.622991, 'message': 'Dec  6 21:47:07 hqnl0246134 sshd[257783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.43.241  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 21:47:08,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356028.6227503, 'message': 'Dec  6 21:47:06 hqnl0246134 sshd[257781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
WARNING [2022-12-06 21:47:10,456] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:47:10,481] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-06 21:47:10,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356030.624463, 'message': 'Dec  6 21:47:09 hqnl0246134 sshd[257783]: Failed password for root from 143.198.43.241 port 42880 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 21:47:10,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356030.6246727, 'message': 'Dec  6 21:47:09 hqnl0246134 sshd[257781]: Failed password for invalid user contador from 43.153.30.100 port 48662 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 21:47:10,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356030.6248171, 'message': 'Dec  6 21:47:10 hqnl0246134 sshd[257781]: Disconnected from invalid user contador 43.153.30.100 port 48662 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:47:18,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:47:18,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:47:18,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:47:19,011] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 21:47:21,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:47:21,696] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:47:21,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:47:21,719] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-06 21:47:32,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356052.6478744, 'message': 'Dec  6 21:47:31 hqnl0246134 sshd[257809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 21:47:34,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356054.6483319, 'message': 'Dec  6 21:47:33 hqnl0246134 sshd[257809]: Failed password for root from 165.227.166.207 port 48916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 21:47:36,322] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:47:36,323] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:47:36,331] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:47:36,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 21:47:42,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356062.657629, 'message': 'Dec  6 21:47:42 hqnl0246134 sshd[257817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-06 21:47:42,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356062.6579869, 'message': 'Dec  6 21:47:42 hqnl0246134 sshd[257817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 21:47:44,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356064.6582232, 'message': 'Dec  6 21:47:44 hqnl0246134 sshd[257817]: Failed password for root from 61.177.173.18 port 10793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 21:47:48,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356068.662077, 'message': 'Dec  6 21:47:46 hqnl0246134 sshd[257817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0472 seconds
WARNING [2022-12-06 21:47:49,093] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:47:49,093] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:47:50,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356070.664886, 'message': 'Dec  6 21:47:48 hqnl0246134 sshd[257817]: Failed password for root from 61.177.173.18 port 10793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:47:52,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356072.6662383, 'message': 'Dec  6 21:47:51 hqnl0246134 sshd[257817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 21:47:54,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356074.6684217, 'message': 'Dec  6 21:47:53 hqnl0246134 sshd[257817]: Failed password for root from 61.177.173.18 port 10793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:47:56,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356076.6718483, 'message': 'Dec  6 21:47:55 hqnl0246134 sshd[257832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.141.81.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1095 seconds
INFO    [2022-12-06 21:47:56,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356076.6723967, 'message': 'Dec  6 21:47:56 hqnl0246134 sshd[257834]: Invalid user shawn from 85.208.48.167 port 58492', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1101 seconds
INFO    [2022-12-06 21:47:56,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356076.6721306, 'message': 'Dec  6 21:47:55 hqnl0246134 sshd[257832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1192 seconds
INFO    [2022-12-06 21:47:56,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356076.6725926, 'message': 'Dec  6 21:47:56 hqnl0246134 sshd[257834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.208.48.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1187 seconds
INFO    [2022-12-06 21:47:56,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356076.6727848, 'message': 'Dec  6 21:47:56 hqnl0246134 sshd[257834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.48.167 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0624 seconds
INFO    [2022-12-06 21:47:58,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356078.6760638, 'message': 'Dec  6 21:47:57 hqnl0246134 sshd[257832]: Failed password for root from 5.141.81.226 port 54060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 21:47:58,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356078.6764038, 'message': 'Dec  6 21:47:58 hqnl0246134 sshd[257834]: Failed password for invalid user shawn from 85.208.48.167 port 58492 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 21:48:00,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356080.6785548, 'message': 'Dec  6 21:48:00 hqnl0246134 sshd[257834]: Disconnected from invalid user shawn 85.208.48.167 port 58492 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-06 21:48:10,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:48:10,483] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-06 21:48:18,097] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:48:18,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:48:18,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:48:18,116] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 21:48:20,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:48:20,693] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:48:20,701] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:48:20,726] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0317 seconds
INFO    [2022-12-06 21:48:20,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356100.70245, 'message': 'Dec  6 21:48:20 hqnl0246134 sshd[257855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 21:48:20,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356100.7026472, 'message': 'Dec  6 21:48:20 hqnl0246134 sshd[257855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:48:22,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356102.7052736, 'message': 'Dec  6 21:48:22 hqnl0246134 sshd[257855]: Failed password for root from 43.153.30.100 port 33418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 21:48:32,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356112.7140126, 'message': 'Dec  6 21:48:31 hqnl0246134 sshd[257869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 21:48:32,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356112.7143776, 'message': 'Dec  6 21:48:31 hqnl0246134 sshd[257869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:48:34,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356114.7160826, 'message': 'Dec  6 21:48:33 hqnl0246134 sshd[257869]: Failed password for root from 61.177.173.18 port 34120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:48:34,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356114.7163794, 'message': 'Dec  6 21:48:33 hqnl0246134 sshd[257869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:48:36,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356116.7207186, 'message': 'Dec  6 21:48:36 hqnl0246134 sshd[257869]: Failed password for root from 61.177.173.18 port 34120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:48:38,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356118.7240705, 'message': 'Dec  6 21:48:38 hqnl0246134 sshd[257869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:48:40,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356120.7311022, 'message': 'Dec  6 21:48:40 hqnl0246134 sshd[257869]: Failed password for root from 61.177.173.18 port 34120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 21:48:49,097] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:48:49,098] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:48:56,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356136.749174, 'message': 'Dec  6 21:48:56 hqnl0246134 sshd[257883]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.141.81.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 21:48:56,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356136.750037, 'message': 'Dec  6 21:48:56 hqnl0246134 sshd[257883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:48:58,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.141.81.226', 'timestamp': 1670356138.7498431, 'message': 'Dec  6 21:48:58 hqnl0246134 sshd[257883]: Failed password for root from 5.141.81.226 port 40726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 21:49:01,138] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:49:01,139] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:49:01,153] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:49:01,173] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
WARNING [2022-12-06 21:49:10,467] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:49:10,490] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-06 21:49:17,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:49:17,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:49:17,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:49:17,829] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 21:49:18,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356158.7788374, 'message': 'Dec  6 21:49:17 hqnl0246134 sshd[257908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:49:20,443] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:49:20,444] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:49:20,451] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:49:20,464] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 21:49:20,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356160.7854705, 'message': 'Dec  6 21:49:19 hqnl0246134 sshd[257911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 21:49:20,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356160.7860613, 'message': 'Dec  6 21:49:20 hqnl0246134 sshd[257908]: Failed password for root from 165.227.166.207 port 59202 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 21:49:20,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356160.7858062, 'message': 'Dec  6 21:49:19 hqnl0246134 sshd[257911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:49:20,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356160.7862997, 'message': 'Dec  6 21:49:20 hqnl0246134 sshd[257911]: Failed password for root from 61.177.173.18 port 52073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:49:22,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356162.7908745, 'message': 'Dec  6 21:49:21 hqnl0246134 sshd[257911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 21:49:24,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356164.7928169, 'message': 'Dec  6 21:49:23 hqnl0246134 sshd[257911]: Failed password for root from 61.177.173.18 port 52073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:49:24,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356164.7930272, 'message': 'Dec  6 21:49:23 hqnl0246134 sshd[257911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:49:26,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356166.7936234, 'message': 'Dec  6 21:49:25 hqnl0246134 sshd[257925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 21:49:26,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356166.7940066, 'message': 'Dec  6 21:49:26 hqnl0246134 sshd[257911]: Failed password for root from 61.177.173.18 port 52073 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:49:26,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356166.7938578, 'message': 'Dec  6 21:49:25 hqnl0246134 sshd[257925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:49:28,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356168.7963853, 'message': 'Dec  6 21:49:27 hqnl0246134 sshd[257925]: Failed password for root from 43.153.30.100 port 60542 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:49:38,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356178.8079665, 'message': 'Dec  6 21:49:37 hqnl0246134 sshd[257930]: Invalid user lee from 85.208.48.167 port 52638', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:49:38,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356178.808313, 'message': 'Dec  6 21:49:37 hqnl0246134 sshd[257930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.208.48.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:49:38,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356178.8091087, 'message': 'Dec  6 21:49:37 hqnl0246134 sshd[257930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.48.167 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:49:40,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356180.8096335, 'message': 'Dec  6 21:49:39 hqnl0246134 sshd[257932]: Invalid user test2 from 181.204.164.18 port 40242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 21:49:40,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356180.8105779, 'message': 'Dec  6 21:49:39 hqnl0246134 sshd[257930]: Failed password for invalid user lee from 85.208.48.167 port 52638 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 21:49:40,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356180.8098688, 'message': 'Dec  6 21:49:39 hqnl0246134 sshd[257932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.204.164.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:49:40,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356180.8100553, 'message': 'Dec  6 21:49:39 hqnl0246134 sshd[257932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.204.164.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:49:42,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356182.811885, 'message': 'Dec  6 21:49:41 hqnl0246134 sshd[257930]: Disconnected from invalid user lee 85.208.48.167 port 52638 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1116 seconds
INFO    [2022-12-06 21:49:42,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356182.8125184, 'message': 'Dec  6 21:49:41 hqnl0246134 sshd[257932]: Failed password for invalid user test2 from 181.204.164.18 port 40242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1121 seconds
INFO    [2022-12-06 21:49:44,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356184.81594, 'message': 'Dec  6 21:49:43 hqnl0246134 sshd[257932]: Disconnected from invalid user test2 181.204.164.18 port 40242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-06 21:49:49,102] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:49:49,103] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:50:08,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356208.8595502, 'message': 'Dec  6 21:50:07 hqnl0246134 sshd[257967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 21:50:08,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356208.860311, 'message': 'Dec  6 21:50:07 hqnl0246134 sshd[257967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 21:50:10,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:50:10,494] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0361 seconds
INFO    [2022-12-06 21:50:10,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356210.8623815, 'message': 'Dec  6 21:50:09 hqnl0246134 sshd[257967]: Failed password for root from 61.177.173.18 port 24609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:50:10,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356210.86271, 'message': 'Dec  6 21:50:10 hqnl0246134 sshd[257973]: Invalid user bootcamp from 103.100.208.189 port 55354', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 21:50:10,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356210.8625944, 'message': 'Dec  6 21:50:09 hqnl0246134 sshd[257967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:50:12,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356212.863963, 'message': 'Dec  6 21:50:10 hqnl0246134 sshd[257973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.100.208.189 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0772 seconds
INFO    [2022-12-06 21:50:12,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356212.8646257, 'message': 'Dec  6 21:50:11 hqnl0246134 sshd[257967]: Failed password for root from 61.177.173.18 port 24609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 21:50:12,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356212.8643358, 'message': 'Dec  6 21:50:10 hqnl0246134 sshd[257973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.208.189 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 21:50:12,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356212.86491, 'message': 'Dec  6 21:50:12 hqnl0246134 sshd[257967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 21:50:14,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356214.8649778, 'message': 'Dec  6 21:50:12 hqnl0246134 sshd[257973]: Failed password for invalid user bootcamp from 103.100.208.189 port 55354 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 21:50:14,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356214.8653536, 'message': 'Dec  6 21:50:14 hqnl0246134 sshd[257967]: Failed password for root from 61.177.173.18 port 24609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:50:14,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356214.8652263, 'message': 'Dec  6 21:50:13 hqnl0246134 sshd[257973]: Disconnected from invalid user bootcamp 103.100.208.189 port 55354 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:50:17,929] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:50:17,929] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:50:17,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:50:17,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 21:50:22,314] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:50:22,315] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:50:22,324] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:50:22,336] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 21:50:30,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356230.8917427, 'message': 'Dec  6 21:50:29 hqnl0246134 sshd[258002]: Invalid user it from 43.153.30.100 port 34672', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 21:50:30,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356230.892082, 'message': 'Dec  6 21:50:29 hqnl0246134 sshd[258002]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:50:30,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356230.8922663, 'message': 'Dec  6 21:50:29 hqnl0246134 sshd[258002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:50:32,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356232.894675, 'message': 'Dec  6 21:50:31 hqnl0246134 sshd[258002]: Failed password for invalid user it from 43.153.30.100 port 34672 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 21:50:32,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670356232.8948681, 'message': 'Dec  6 21:50:32 hqnl0246134 sshd[258002]: Disconnected from invalid user it 43.153.30.100 port 34672 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:50:34,301] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:50:34,302] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:50:34,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:50:34,323] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 21:50:38,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356238.9173787, 'message': 'Dec  6 21:50:37 hqnl0246134 sshd[258010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.112.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 21:50:38,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356238.9177651, 'message': 'Dec  6 21:50:37 hqnl0246134 sshd[258010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.112.202  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 21:50:40,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356240.931487, 'message': 'Dec  6 21:50:39 hqnl0246134 sshd[258010]: Failed password for root from 139.59.112.202 port 45224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-06 21:50:49,107] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:50:49,109] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:50:52,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356252.9613469, 'message': 'Dec  6 21:50:52 hqnl0246134 sshd[258020]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.230.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 21:50:53,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356252.9619823, 'message': 'Dec  6 21:50:52 hqnl0246134 sshd[258020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.230.251  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:50:55,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356254.9655783, 'message': 'Dec  6 21:50:53 hqnl0246134 sshd[258022]: Invalid user labor from 211.216.105.176 port 58717', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 21:50:55,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356254.9661965, 'message': 'Dec  6 21:50:54 hqnl0246134 sshd[258020]: Failed password for root from 147.182.230.251 port 55324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 21:50:55,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356254.9658675, 'message': 'Dec  6 21:50:53 hqnl0246134 sshd[258022]: pam_imunify(sshd:auth): [IM360_RBL] The IP 211.216.105.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:50:55,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356254.9660552, 'message': 'Dec  6 21:50:53 hqnl0246134 sshd[258022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.216.105.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:50:57,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356256.9703395, 'message': 'Dec  6 21:50:55 hqnl0246134 sshd[258022]: Failed password for invalid user labor from 211.216.105.176 port 58717 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0608 seconds
INFO    [2022-12-06 21:50:57,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356256.9706953, 'message': 'Dec  6 21:50:55 hqnl0246134 sshd[258032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0621 seconds
INFO    [2022-12-06 21:50:57,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356256.9705653, 'message': 'Dec  6 21:50:55 hqnl0246134 sshd[258022]: Disconnected from invalid user labor 211.216.105.176 port 58717 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 21:50:57,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356256.9708254, 'message': 'Dec  6 21:50:55 hqnl0246134 sshd[258032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-06 21:50:59,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356258.985219, 'message': 'Dec  6 21:50:57 hqnl0246134 sshd[258032]: Failed password for root from 61.177.173.18 port 51796 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 21:50:59,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356258.9855347, 'message': 'Dec  6 21:50:58 hqnl0246134 sshd[258032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:51:01,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356260.9910376, 'message': 'Dec  6 21:51:00 hqnl0246134 sshd[258032]: Failed password for root from 61.177.173.18 port 51796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:51:01,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356260.9913044, 'message': 'Dec  6 21:51:00 hqnl0246134 sshd[258032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:51:03,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356263.0056443, 'message': 'Dec  6 21:51:02 hqnl0246134 sshd[258058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 21:51:05,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356265.009435, 'message': 'Dec  6 21:51:03 hqnl0246134 sshd[258032]: Failed password for root from 61.177.173.18 port 51796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 21:51:05,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356265.0096197, 'message': 'Dec  6 21:51:03 hqnl0246134 sshd[258058]: Failed password for root from 165.227.166.207 port 41270 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
WARNING [2022-12-06 21:51:10,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:51:10,497] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0351 seconds
INFO    [2022-12-06 21:51:18,019] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:51:18,020] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:51:18,031] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:51:18,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 21:51:19,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356279.0868576, 'message': 'Dec  6 21:51:18 hqnl0246134 sshd[258071]: Invalid user kiosk from 85.208.48.167 port 46772', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:51:19,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356279.0870974, 'message': 'Dec  6 21:51:18 hqnl0246134 sshd[258071]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.208.48.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:51:19,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356279.08721, 'message': 'Dec  6 21:51:18 hqnl0246134 sshd[258071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.48.167 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 21:51:20,700] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:51:20,701] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:51:20,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:51:20,721] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 21:51:21,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356281.0901182, 'message': 'Dec  6 21:51:21 hqnl0246134 sshd[258071]: Failed password for invalid user kiosk from 85.208.48.167 port 46772 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:51:25,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.208.48.167', 'timestamp': 1670356285.1025324, 'message': 'Dec  6 21:51:23 hqnl0246134 sshd[258071]: Disconnected from invalid user kiosk 85.208.48.167 port 46772 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 21:51:40,113] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 21:51:40,115] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 21:51:40,951] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 21:51:43,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356303.136374, 'message': 'Dec  6 21:51:41 hqnl0246134 sshd[258092]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 21:51:43,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356303.1369612, 'message': 'Dec  6 21:51:41 hqnl0246134 sshd[258092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:51:45,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356305.1399527, 'message': 'Dec  6 21:51:43 hqnl0246134 sshd[258092]: Failed password for root from 61.177.173.18 port 64165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:51:45,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356305.1402102, 'message': 'Dec  6 21:51:43 hqnl0246134 sshd[258092]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:51:47,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356307.144555, 'message': 'Dec  6 21:51:45 hqnl0246134 sshd[258092]: Failed password for root from 61.177.173.18 port 64165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:51:47,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356307.1448178, 'message': 'Dec  6 21:51:46 hqnl0246134 sshd[258092]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 21:51:49,112] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:51:49,113] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:51:49,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356309.1460185, 'message': 'Dec  6 21:51:48 hqnl0246134 sshd[258092]: Failed password for root from 61.177.173.18 port 64165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 21:51:53,608] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:51:53,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:51:53,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:51:53,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0550 seconds
WARNING [2022-12-06 21:51:54,009] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 21:52:10,478] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:52:10,505] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0377 seconds
INFO    [2022-12-06 21:52:18,035] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:52:18,036] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:52:18,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:52:18,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 21:52:20,754] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:52:20,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:52:20,767] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:52:20,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
INFO    [2022-12-06 21:52:29,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356349.2026067, 'message': 'Dec  6 21:52:28 hqnl0246134 sshd[258163]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 21:52:29,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356349.2029996, 'message': 'Dec  6 21:52:28 hqnl0246134 sshd[258163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 21:52:31,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356351.2043898, 'message': 'Dec  6 21:52:30 hqnl0246134 sshd[258163]: Failed password for root from 61.177.173.18 port 25435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:52:33,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356353.2070465, 'message': 'Dec  6 21:52:32 hqnl0246134 sshd[258163]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:52:35,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356355.2098649, 'message': 'Dec  6 21:52:34 hqnl0246134 sshd[258163]: Failed password for root from 61.177.173.18 port 25435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:52:37,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356357.212684, 'message': 'Dec  6 21:52:37 hqnl0246134 sshd[258163]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:52:39,177] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:52:39,243] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:52:39,244] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:52:39,244] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:52:39,245] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:52:39,245] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:52:39,260] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:52:39,276] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0299 seconds
WARNING [2022-12-06 21:52:39,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:52:39,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:52:39,302] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0315 seconds
INFO    [2022-12-06 21:52:39,303] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0299 seconds
INFO    [2022-12-06 21:52:41,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356361.2175574, 'message': 'Dec  6 21:52:39 hqnl0246134 sshd[258163]: Failed password for root from 61.177.173.18 port 25435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 21:52:47,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356367.2273521, 'message': 'Dec  6 21:52:45 hqnl0246134 sshd[258169]: Invalid user test from 211.216.105.176 port 43237', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 21:52:47,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356367.2278032, 'message': 'Dec  6 21:52:45 hqnl0246134 sshd[258171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 21:52:47,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356367.227537, 'message': 'Dec  6 21:52:45 hqnl0246134 sshd[258169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 211.216.105.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:52:47,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356367.2276504, 'message': 'Dec  6 21:52:45 hqnl0246134 sshd[258169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.216.105.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 21:52:49,116] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:52:49,116] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:52:49,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356369.2324255, 'message': 'Dec  6 21:52:47 hqnl0246134 sshd[258169]: Failed password for invalid user test from 211.216.105.176 port 43237 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 21:52:49,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356369.232727, 'message': 'Dec  6 21:52:47 hqnl0246134 sshd[258171]: Failed password for root from 165.227.166.207 port 51522 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 21:52:49,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356369.2329283, 'message': 'Dec  6 21:52:48 hqnl0246134 sshd[258169]: Disconnected from invalid user test 211.216.105.176 port 43237 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 21:53:09,378] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:53:09,379] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:53:09,379] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 21:53:10,480] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:53:10,503] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0306 seconds
INFO    [2022-12-06 21:53:19,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356399.2944565, 'message': 'Dec  6 21:53:18 hqnl0246134 sshd[258197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:53:19,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356399.2948394, 'message': 'Dec  6 21:53:18 hqnl0246134 sshd[258197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:53:20,231] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:53:20,231] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:53:20,238] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:53:20,252] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 21:53:21,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356401.2941847, 'message': 'Dec  6 21:53:21 hqnl0246134 sshd[258197]: Failed password for root from 61.177.173.18 port 60144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0615 seconds
INFO    [2022-12-06 21:53:23,117] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:53:23,118] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:53:23,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:53:23,141] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 21:53:23,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356403.2960267, 'message': 'Dec  6 21:53:23 hqnl0246134 sshd[258197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 21:53:25,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670356405.3044767, 'message': 'Dec  6 21:53:23 hqnl0246134 sshd[258205]: Invalid user test1 from 186.10.125.209 port 32084', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:53:25,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670356405.304864, 'message': 'Dec  6 21:53:23 hqnl0246134 sshd[258205]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 21:53:25,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670356405.305117, 'message': 'Dec  6 21:53:23 hqnl0246134 sshd[258205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:53:27,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356407.3059, 'message': 'Dec  6 21:53:25 hqnl0246134 sshd[258197]: Failed password for root from 61.177.173.18 port 60144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 21:53:27,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670356407.3061872, 'message': 'Dec  6 21:53:26 hqnl0246134 sshd[258205]: Failed password for invalid user test1 from 186.10.125.209 port 32084 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 21:53:27,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670356407.3063245, 'message': 'Dec  6 21:53:26 hqnl0246134 sshd[258205]: Disconnected from invalid user test1 186.10.125.209 port 32084 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:53:29,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356409.3111439, 'message': 'Dec  6 21:53:27 hqnl0246134 sshd[258197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:53:29,448] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:53:29,449] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:53:29,456] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:53:29,468] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 21:53:31,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356411.313474, 'message': 'Dec  6 21:53:29 hqnl0246134 sshd[258197]: Failed password for root from 61.177.173.18 port 60144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 21:53:49,125] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:53:49,126] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:54:09,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356449.368966, 'message': 'Dec  6 21:54:07 hqnl0246134 sshd[258249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:54:09,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356449.369338, 'message': 'Dec  6 21:54:07 hqnl0246134 sshd[258249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 21:54:10,485] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:54:10,506] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0293 seconds
INFO    [2022-12-06 21:54:11,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356451.3720496, 'message': 'Dec  6 21:54:10 hqnl0246134 sshd[258249]: Failed password for root from 61.177.173.18 port 20928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:54:13,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356453.377117, 'message': 'Dec  6 21:54:12 hqnl0246134 sshd[258249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:54:15,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356455.3776536, 'message': 'Dec  6 21:54:14 hqnl0246134 sshd[258249]: Failed password for root from 61.177.173.18 port 20928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:54:17,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356457.3801124, 'message': 'Dec  6 21:54:16 hqnl0246134 sshd[258249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:54:17,858] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:54:17,859] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:54:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:54:17,892] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
INFO    [2022-12-06 21:54:19,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356459.3874583, 'message': 'Dec  6 21:54:17 hqnl0246134 sshd[258249]: Failed password for root from 61.177.173.18 port 20928 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:54:20,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:54:20,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:54:20,449] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:54:20,461] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-06 21:54:31,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356471.4097595, 'message': 'Dec  6 21:54:30 hqnl0246134 sshd[258294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 211.216.105.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 21:54:31,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356471.4107006, 'message': 'Dec  6 21:54:30 hqnl0246134 sshd[258294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.216.105.176  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 21:54:33,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '211.216.105.176', 'timestamp': 1670356473.4128125, 'message': 'Dec  6 21:54:32 hqnl0246134 sshd[258294]: Failed password for root from 211.216.105.176 port 55975 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:54:35,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356475.4150512, 'message': 'Dec  6 21:54:34 hqnl0246134 sshd[258297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:54:37,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356477.41791, 'message': 'Dec  6 21:54:37 hqnl0246134 sshd[258297]: Failed password for root from 165.227.166.207 port 33678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 21:54:37,615] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:54:37,616] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:54:37,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:54:37,635] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 21:54:43,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356483.426437, 'message': 'Dec  6 21:54:43 hqnl0246134 sshd[258306]: Invalid user gmodserver from 167.114.67.95 port 41904', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 21:54:45,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356485.4288735, 'message': 'Dec  6 21:54:43 hqnl0246134 sshd[258306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.67.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:54:45,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356485.429104, 'message': 'Dec  6 21:54:43 hqnl0246134 sshd[258306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.67.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 21:54:47,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356487.4311512, 'message': 'Dec  6 21:54:46 hqnl0246134 sshd[258306]: Failed password for invalid user gmodserver from 167.114.67.95 port 41904 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 21:54:49,129] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:54:49,130] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:54:49,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356489.4324572, 'message': 'Dec  6 21:54:47 hqnl0246134 sshd[258306]: Disconnected from invalid user gmodserver 167.114.67.95 port 41904 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:54:55,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356495.446044, 'message': 'Dec  6 21:54:54 hqnl0246134 sshd[258321]: Invalid user tuxedo from 103.159.223.158 port 56854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 21:54:55,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356495.4491951, 'message': 'Dec  6 21:54:55 hqnl0246134 sshd[258321]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.159.223.158 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 21:54:55,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356495.4494612, 'message': 'Dec  6 21:54:55 hqnl0246134 sshd[258321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.223.158 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:54:59,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356499.4510407, 'message': 'Dec  6 21:54:57 hqnl0246134 sshd[258323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:54:59,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356499.4514332, 'message': 'Dec  6 21:54:57 hqnl0246134 sshd[258321]: Failed password for invalid user tuxedo from 103.159.223.158 port 56854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 21:54:59,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356499.4512863, 'message': 'Dec  6 21:54:57 hqnl0246134 sshd[258323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 21:55:01,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356501.4560955, 'message': 'Dec  6 21:54:59 hqnl0246134 sshd[258321]: Disconnected from invalid user tuxedo 103.159.223.158 port 56854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 21:55:01,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356501.4564195, 'message': 'Dec  6 21:54:59 hqnl0246134 sshd[258323]: Failed password for root from 61.177.173.18 port 50693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 21:55:03,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356503.4580946, 'message': 'Dec  6 21:55:01 hqnl0246134 sshd[258323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 21:55:05,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356505.4606476, 'message': 'Dec  6 21:55:03 hqnl0246134 sshd[258323]: Failed password for root from 61.177.173.18 port 50693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:55:05,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356505.4608605, 'message': 'Dec  6 21:55:04 hqnl0246134 sshd[258323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:55:07,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356507.4624743, 'message': 'Dec  6 21:55:06 hqnl0246134 sshd[258323]: Failed password for root from 61.177.173.18 port 50693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 21:55:10,488] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:55:10,550] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0693 seconds
INFO    [2022-12-06 21:55:19,219] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:55:19,220] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:55:19,228] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:55:19,238] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 21:55:21,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:55:21,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:55:21,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:55:21,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-06 21:55:31,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356531.5095177, 'message': 'Dec  6 21:55:29 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 21:55:31,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356531.509976, 'message': 'Dec  6 21:55:29 hqnl0246134 sshd[258368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:55:33,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356533.5124211, 'message': 'Dec  6 21:55:31 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:55:35,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356535.5150692, 'message': 'Dec  6 21:55:33 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:55:37,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356537.519308, 'message': 'Dec  6 21:55:36 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 21:55:39,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356539.52158, 'message': 'Dec  6 21:55:38 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:55:41,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356541.5247562, 'message': 'Dec  6 21:55:39 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 21:55:41,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356541.5251064, 'message': 'Dec  6 21:55:39 hqnl0246134 sshd[258382]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.226.210.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 21:55:41,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356541.525466, 'message': 'Dec  6 21:55:40 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 21:55:41,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356541.5253136, 'message': 'Dec  6 21:55:39 hqnl0246134 sshd[258382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.210.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 21:55:43,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356543.5248349, 'message': 'Dec  6 21:55:41 hqnl0246134 sshd[258382]: Failed password for root from 129.226.210.53 port 33326 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 21:55:43,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356543.5251262, 'message': 'Dec  6 21:55:43 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 21:55:45,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356545.5264375, 'message': 'Dec  6 21:55:43 hqnl0246134 sshd[258385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 21:55:45,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356545.5269494, 'message': 'Dec  6 21:55:44 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 21:55:45,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356545.5267782, 'message': 'Dec  6 21:55:43 hqnl0246134 sshd[258385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:55:46,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:55:46,612] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:55:46,622] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:55:46,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 21:55:47,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356547.533427, 'message': 'Dec  6 21:55:45 hqnl0246134 sshd[258385]: Failed password for root from 61.177.173.18 port 15341 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 21:55:47,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356547.5336056, 'message': 'Dec  6 21:55:47 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
WARNING [2022-12-06 21:55:49,133] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:55:49,134] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:55:49,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356549.5363023, 'message': 'Dec  6 21:55:47 hqnl0246134 sshd[258385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 21:55:49,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356549.5366306, 'message': 'Dec  6 21:55:49 hqnl0246134 sshd[258368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 21:55:49,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356549.5368366, 'message': 'Dec  6 21:55:49 hqnl0246134 sshd[258385]: Failed password for root from 61.177.173.18 port 15341 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 21:55:51,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356551.5381277, 'message': 'Dec  6 21:55:50 hqnl0246134 sshd[258385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 21:55:51,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356551.5384083, 'message': 'Dec  6 21:55:51 hqnl0246134 sshd[258368]: Failed password for root from 222.168.30.19 port 21993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-06 21:55:51,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356551.5386314, 'message': 'Dec  6 21:55:51 hqnl0246134 sshd[258385]: Failed password for root from 61.177.173.18 port 15341 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 21:55:53,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5758, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356553.5425386, 'message': 'Dec  6 21:55:53 hqnl0246134 sshd[258368]: error: maximum authentication attempts exceeded for root from 222.168.30.19 port 21993 ssh2 [preauth]', 'severity': 3, 'name': 'Maximum authentication attempts exceeded.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 21:55:59,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356559.5587027, 'message': 'Dec  6 21:55:57 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 21:55:59,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356559.5592742, 'message': 'Dec  6 21:55:57 hqnl0246134 sshd[258400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:55:59,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356559.5595002, 'message': 'Dec  6 21:55:59 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:56:01,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356561.5617046, 'message': 'Dec  6 21:56:00 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-06 21:56:03,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356563.566459, 'message': 'Dec  6 21:56:02 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:56:03,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356563.5667477, 'message': 'Dec  6 21:56:02 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:56:05,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356565.5689874, 'message': 'Dec  6 21:56:03 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:56:05,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356565.569187, 'message': 'Dec  6 21:56:04 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 21:56:07,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356567.572027, 'message': 'Dec  6 21:56:07 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:56:09,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356569.5819926, 'message': 'Dec  6 21:56:09 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 21:56:10,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:56:10,513] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0284 seconds
INFO    [2022-12-06 21:56:11,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356571.5774748, 'message': 'Dec  6 21:56:10 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:56:13,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356573.5840044, 'message': 'Dec  6 21:56:11 hqnl0246134 sshd[258400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:56:15,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356575.588054, 'message': 'Dec  6 21:56:13 hqnl0246134 sshd[258400]: Failed password for root from 222.168.30.19 port 35246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:56:17,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5758, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356577.5905497, 'message': 'Dec  6 21:56:15 hqnl0246134 sshd[258400]: error: maximum authentication attempts exceeded for root from 222.168.30.19 port 35246 ssh2 [preauth]', 'severity': 3, 'name': 'Maximum authentication attempts exceeded.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 21:56:17,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356577.5907896, 'message': 'Dec  6 21:56:17 hqnl0246134 sshd[258414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 21:56:17,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356577.590933, 'message': 'Dec  6 21:56:17 hqnl0246134 sshd[258414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 21:56:17,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:56:17,997] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:56:18,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:56:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 21:56:19,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356579.592392, 'message': 'Dec  6 21:56:18 hqnl0246134 sshd[258421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0883 seconds
INFO    [2022-12-06 21:56:19,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356579.5925896, 'message': 'Dec  6 21:56:18 hqnl0246134 sshd[258423]: Invalid user hassan from 143.198.43.241 port 46786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0935 seconds
INFO    [2022-12-06 21:56:19,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356579.592702, 'message': 'Dec  6 21:56:18 hqnl0246134 sshd[258423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.43.241 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0666 seconds
INFO    [2022-12-06 21:56:19,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356579.5928051, 'message': 'Dec  6 21:56:18 hqnl0246134 sshd[258423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.43.241 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0676 seconds
INFO    [2022-12-06 21:56:21,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356581.5943813, 'message': 'Dec  6 21:56:19 hqnl0246134 sshd[258414]: Failed password for root from 222.168.30.19 port 44476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-06 21:56:21,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356581.59456, 'message': 'Dec  6 21:56:20 hqnl0246134 sshd[258421]: Failed password for root from 165.227.166.207 port 43884 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 21:56:21,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356581.594713, 'message': 'Dec  6 21:56:20 hqnl0246134 sshd[258423]: Failed password for invalid user hassan from 143.198.43.241 port 46786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-06 21:56:23,338] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:56:23,339] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:56:23,442] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:56:23,457] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1180 seconds
INFO    [2022-12-06 21:56:23,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356583.5981345, 'message': 'Dec  6 21:56:21 hqnl0246134 sshd[258414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1872 seconds
INFO    [2022-12-06 21:56:23,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356583.598433, 'message': 'Dec  6 21:56:22 hqnl0246134 sshd[258423]: Disconnected from invalid user hassan 143.198.43.241 port 46786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1881 seconds
INFO    [2022-12-06 21:56:23,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356583.5986068, 'message': 'Dec  6 21:56:23 hqnl0246134 sshd[258414]: Failed password for root from 222.168.30.19 port 44476 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 21:56:25,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356585.6010716, 'message': 'Dec  6 21:56:24 hqnl0246134 sshd[258414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:56:27,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356587.6019251, 'message': 'Dec  6 21:56:26 hqnl0246134 sshd[258414]: Failed password for root from 222.168.30.19 port 44476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:56:29,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356589.6038108, 'message': 'Dec  6 21:56:27 hqnl0246134 sshd[258463]: Invalid user admin from 222.168.30.19 port 48726', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 21:56:29,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356589.6043386, 'message': 'Dec  6 21:56:28 hqnl0246134 sshd[258466]: Invalid user manager1 from 143.110.241.56 port 40528', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 21:56:29,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356589.6040702, 'message': 'Dec  6 21:56:27 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 21:56:29,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356589.6044397, 'message': 'Dec  6 21:56:28 hqnl0246134 sshd[258466]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.241.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 21:56:29,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356589.604211, 'message': 'Dec  6 21:56:27 hqnl0246134 sshd[258463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 21:56:29,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356589.604539, 'message': 'Dec  6 21:56:28 hqnl0246134 sshd[258466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.241.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 21:56:31,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356591.6073363, 'message': 'Dec  6 21:56:30 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 21:56:31,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356591.607512, 'message': 'Dec  6 21:56:30 hqnl0246134 sshd[258466]: Failed password for invalid user manager1 from 143.110.241.56 port 40528 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 21:56:31,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356591.6076229, 'message': 'Dec  6 21:56:31 hqnl0246134 sshd[258466]: Disconnected from invalid user manager1 143.110.241.56 port 40528 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:56:33,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356593.6125844, 'message': 'Dec  6 21:56:31 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:56:35,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356595.6137846, 'message': 'Dec  6 21:56:34 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:56:37,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356597.6160543, 'message': 'Dec  6 21:56:35 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:56:39,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356599.6645367, 'message': 'Dec  6 21:56:37 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:56:39,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356599.6647794, 'message': 'Dec  6 21:56:38 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:56:41,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356601.6213312, 'message': 'Dec  6 21:56:39 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 21:56:41,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356601.6216497, 'message': 'Dec  6 21:56:41 hqnl0246134 sshd[258471]: Invalid user test from 147.182.230.251 port 36584', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 21:56:41,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356601.6215365, 'message': 'Dec  6 21:56:40 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 21:56:41,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356601.6217673, 'message': 'Dec  6 21:56:41 hqnl0246134 sshd[258471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.230.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 21:56:41,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356601.6218827, 'message': 'Dec  6 21:56:41 hqnl0246134 sshd[258471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.230.251 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 21:56:43,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356603.621896, 'message': 'Dec  6 21:56:41 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:56:43,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356603.6221263, 'message': 'Dec  6 21:56:42 hqnl0246134 sshd[258463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:56:45,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356605.6258192, 'message': 'Dec  6 21:56:43 hqnl0246134 sshd[258471]: Failed password for invalid user test from 147.182.230.251 port 36584 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 21:56:45,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356605.6262617, 'message': 'Dec  6 21:56:43 hqnl0246134 sshd[258463]: Failed password for invalid user admin from 222.168.30.19 port 48726 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-06 21:56:45,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356605.6260812, 'message': 'Dec  6 21:56:43 hqnl0246134 sshd[258471]: Disconnected from invalid user test 147.182.230.251 port 36584 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-06 21:56:45,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356605.6268618, 'message': 'Dec  6 21:56:44 hqnl0246134 sshd[258475]: Invalid user roots from 110.49.17.96 port 38938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 21:56:45,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356605.6264942, 'message': 'Dec  6 21:56:44 hqnl0246134 sshd[258463]: error: maximum authentication attempts exceeded for invalid user admin from 222.168.30.19 port 48726 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-06 21:56:45,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356605.6270561, 'message': 'Dec  6 21:56:44 hqnl0246134 sshd[258475]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.49.17.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 21:56:45,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356605.6266775, 'message': 'Dec  6 21:56:44 hqnl0246134 sshd[258463]: Disconnecting invalid user admin 222.168.30.19 port 48726: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 21:56:45,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356605.6272352, 'message': 'Dec  6 21:56:44 hqnl0246134 sshd[258475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.17.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 21:56:47,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356607.6283522, 'message': 'Dec  6 21:56:45 hqnl0246134 sshd[258475]: Failed password for invalid user roots from 110.49.17.96 port 38938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 21:56:47,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356607.628605, 'message': 'Dec  6 21:56:46 hqnl0246134 sshd[258477]: Invalid user admin from 222.168.30.19 port 55556', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 21:56:47,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356607.62906, 'message': 'Dec  6 21:56:47 hqnl0246134 sshd[258475]: Disconnected from invalid user roots 110.49.17.96 port 38938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 21:56:47,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356607.628769, 'message': 'Dec  6 21:56:46 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 21:56:47,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356607.6289098, 'message': 'Dec  6 21:56:46 hqnl0246134 sshd[258477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 21:56:49,135] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:56:49,136] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:56:49,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356609.6293557, 'message': 'Dec  6 21:56:47 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:56:51,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356611.6337912, 'message': 'Dec  6 21:56:50 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:56:53,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356613.6370826, 'message': 'Dec  6 21:56:52 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:56:55,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356615.6411502, 'message': 'Dec  6 21:56:54 hqnl0246134 sshd[258481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.100.208.189 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 21:56:55,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356615.6417065, 'message': 'Dec  6 21:56:54 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 21:56:55,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356615.6414735, 'message': 'Dec  6 21:56:54 hqnl0246134 sshd[258481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.208.189  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 21:56:57,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356617.642086, 'message': 'Dec  6 21:56:56 hqnl0246134 sshd[258481]: Failed password for root from 103.100.208.189 port 40486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 21:56:57,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356617.642294, 'message': 'Dec  6 21:56:56 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-06 21:56:59,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356619.6445816, 'message': 'Dec  6 21:56:58 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0604 seconds
INFO    [2022-12-06 21:57:01,328] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:57:01,328] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:57:01,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:57:01,356] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 21:57:01,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356621.6458344, 'message': 'Dec  6 21:57:00 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:57:03,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356623.6489925, 'message': 'Dec  6 21:57:02 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:57:05,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356625.649652, 'message': 'Dec  6 21:57:04 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:57:05,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356625.649864, 'message': 'Dec  6 21:57:04 hqnl0246134 sshd[258477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:57:07,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356627.6535637, 'message': 'Dec  6 21:57:06 hqnl0246134 sshd[258477]: Failed password for invalid user admin from 222.168.30.19 port 55556 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:57:09,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356629.7509873, 'message': 'Dec  6 21:57:08 hqnl0246134 sshd[258477]: error: maximum authentication attempts exceeded for invalid user admin from 222.168.30.19 port 55556 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 21:57:09,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356629.7511547, 'message': 'Dec  6 21:57:08 hqnl0246134 sshd[258477]: Disconnecting invalid user admin 222.168.30.19 port 55556: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 21:57:10,496] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:57:10,531] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0430 seconds
INFO    [2022-12-06 21:57:11,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356631.6605918, 'message': 'Dec  6 21:57:10 hqnl0246134 sshd[258517]: Invalid user admin from 222.168.30.19 port 64151', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 21:57:11,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356631.6608503, 'message': 'Dec  6 21:57:10 hqnl0246134 sshd[258517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 21:57:11,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356631.660991, 'message': 'Dec  6 21:57:10 hqnl0246134 sshd[258517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 21:57:13,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356633.6627927, 'message': 'Dec  6 21:57:12 hqnl0246134 sshd[258517]: Failed password for invalid user admin from 222.168.30.19 port 64151 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:57:15,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356635.665964, 'message': 'Dec  6 21:57:14 hqnl0246134 sshd[258517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:57:17,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356637.6687636, 'message': 'Dec  6 21:57:16 hqnl0246134 sshd[258517]: Failed password for invalid user admin from 222.168.30.19 port 64151 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:57:17,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:57:17,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:57:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:57:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 21:57:18,120] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 21:57:18,184] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 21:57:18,185] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 21:57:18,185] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 21:57:18,185] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 21:57:18,186] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 21:57:18,197] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 21:57:18,214] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0274 seconds
WARNING [2022-12-06 21:57:18,220] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 21:57:18,223] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:57:18,241] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0329 seconds
INFO    [2022-12-06 21:57:18,242] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
INFO    [2022-12-06 21:57:19,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356639.6702855, 'message': 'Dec  6 21:57:18 hqnl0246134 sshd[258517]: Disconnected from invalid user admin 222.168.30.19 port 64151 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:57:20,351] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:57:20,351] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:57:20,359] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:57:20,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 21:57:21,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356641.6727285, 'message': 'Dec  6 21:57:19 hqnl0246134 sshd[258529]: Invalid user oracle from 222.168.30.19 port 2896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:57:21,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356641.6729922, 'message': 'Dec  6 21:57:19 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:57:21,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356641.6731055, 'message': 'Dec  6 21:57:19 hqnl0246134 sshd[258529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 21:57:21,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356641.6732213, 'message': 'Dec  6 21:57:21 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:57:23,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356643.6741352, 'message': 'Dec  6 21:57:21 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 21:57:25,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356645.6743283, 'message': 'Dec  6 21:57:23 hqnl0246134 sshd[258534]: Invalid user roots from 181.204.164.18 port 50194', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:57:25,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356645.6755655, 'message': 'Dec  6 21:57:24 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 21:57:25,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356645.675304, 'message': 'Dec  6 21:57:23 hqnl0246134 sshd[258534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.204.164.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:57:25,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356645.6754386, 'message': 'Dec  6 21:57:23 hqnl0246134 sshd[258534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.204.164.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:57:25,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356645.675697, 'message': 'Dec  6 21:57:25 hqnl0246134 sshd[258534]: Failed password for invalid user roots from 181.204.164.18 port 50194 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:57:27,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356647.6780465, 'message': 'Dec  6 21:57:25 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 21:57:27,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356647.678304, 'message': 'Dec  6 21:57:26 hqnl0246134 sshd[258534]: Disconnected from invalid user roots 181.204.164.18 port 50194 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 21:57:29,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356649.6806734, 'message': 'Dec  6 21:57:27 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:57:29,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356649.6809576, 'message': 'Dec  6 21:57:29 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:57:31,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356651.6814592, 'message': 'Dec  6 21:57:31 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:57:31,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356651.6816401, 'message': 'Dec  6 21:57:31 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 21:57:33,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356653.6845675, 'message': 'Dec  6 21:57:33 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:57:35,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356655.6884043, 'message': 'Dec  6 21:57:33 hqnl0246134 sshd[258529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:57:37,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356657.6902583, 'message': 'Dec  6 21:57:35 hqnl0246134 sshd[258529]: Failed password for invalid user oracle from 222.168.30.19 port 2896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 21:57:37,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356657.6905541, 'message': 'Dec  6 21:57:37 hqnl0246134 sshd[258529]: error: maximum authentication attempts exceeded for invalid user oracle from 222.168.30.19 port 2896 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:57:37,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356657.6907206, 'message': 'Dec  6 21:57:37 hqnl0246134 sshd[258529]: Disconnecting invalid user oracle 222.168.30.19 port 2896: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:57:39,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356659.6926954, 'message': 'Dec  6 21:57:38 hqnl0246134 sshd[258547]: Invalid user oracle from 222.168.30.19 port 9236', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:57:39,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356659.6929765, 'message': 'Dec  6 21:57:38 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1443 seconds
INFO    [2022-12-06 21:57:39,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356659.6931157, 'message': 'Dec  6 21:57:38 hqnl0246134 sshd[258547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:57:41,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356661.694255, 'message': 'Dec  6 21:57:40 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 21:57:41,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356661.6945276, 'message': 'Dec  6 21:57:40 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:57:43,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356663.696452, 'message': 'Dec  6 21:57:43 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:57:45,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356665.699046, 'message': 'Dec  6 21:57:44 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 21:57:47,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356667.7018542, 'message': 'Dec  6 21:57:46 hqnl0246134 sshd[258550]: Invalid user psql from 139.59.112.202 port 37976', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:57:47,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356667.7023695, 'message': 'Dec  6 21:57:46 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 21:57:47,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356667.7020457, 'message': 'Dec  6 21:57:46 hqnl0246134 sshd[258550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.112.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 21:57:47,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356667.702204, 'message': 'Dec  6 21:57:46 hqnl0246134 sshd[258550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.112.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 21:57:49,057] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 21:57:49,057] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 21:57:49,058] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 21:57:49,139] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:57:49,140] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:57:49,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356669.7040482, 'message': 'Dec  6 21:57:48 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 21:57:49,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356669.70426, 'message': 'Dec  6 21:57:48 hqnl0246134 sshd[258550]: Failed password for invalid user psql from 139.59.112.202 port 37976 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 21:57:51,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356671.7069929, 'message': 'Dec  6 21:57:49 hqnl0246134 sshd[258550]: Disconnected from invalid user psql 139.59.112.202 port 37976 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 21:57:51,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356671.7072532, 'message': 'Dec  6 21:57:50 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 21:57:53,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356673.7199037, 'message': 'Dec  6 21:57:52 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0651 seconds
INFO    [2022-12-06 21:57:55,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356675.7105231, 'message': 'Dec  6 21:57:54 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 21:57:57,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356677.7130802, 'message': 'Dec  6 21:57:56 hqnl0246134 sshd[258547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 21:57:57,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356677.7133052, 'message': 'Dec  6 21:57:57 hqnl0246134 sshd[258561]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 21:57:57,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356677.7134593, 'message': 'Dec  6 21:57:57 hqnl0246134 sshd[258561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:57:59,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356679.7149055, 'message': 'Dec  6 21:57:57 hqnl0246134 sshd[258547]: Failed password for invalid user oracle from 222.168.30.19 port 9236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 21:57:59,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356679.7150853, 'message': 'Dec  6 21:57:59 hqnl0246134 sshd[258561]: Failed password for root from 61.177.173.18 port 57112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 21:57:59,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356679.715347, 'message': 'Dec  6 21:57:59 hqnl0246134 sshd[258547]: error: maximum authentication attempts exceeded for invalid user oracle from 222.168.30.19 port 9236 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 21:57:59,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356679.7151992, 'message': 'Dec  6 21:57:59 hqnl0246134 sshd[258561]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 21:57:59,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356679.715482, 'message': 'Dec  6 21:57:59 hqnl0246134 sshd[258547]: Disconnecting invalid user oracle 222.168.30.19 port 9236: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 21:58:01,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356681.717627, 'message': 'Dec  6 21:58:01 hqnl0246134 sshd[258561]: Failed password for root from 61.177.173.18 port 57112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 21:58:01,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356681.717996, 'message': 'Dec  6 21:58:01 hqnl0246134 sshd[258566]: Invalid user oracle from 222.168.30.19 port 16266', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:58:01,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356681.717843, 'message': 'Dec  6 21:58:01 hqnl0246134 sshd[258561]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 21:58:01,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356681.7181034, 'message': 'Dec  6 21:58:01 hqnl0246134 sshd[258566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 21:58:01,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356681.718208, 'message': 'Dec  6 21:58:01 hqnl0246134 sshd[258566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 21:58:03,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356683.718106, 'message': 'Dec  6 21:58:03 hqnl0246134 sshd[258561]: Failed password for root from 61.177.173.18 port 57112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 21:58:03,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356683.71833, 'message': 'Dec  6 21:58:03 hqnl0246134 sshd[258566]: Failed password for invalid user oracle from 222.168.30.19 port 16266 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-06 21:58:03,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356683.7184772, 'message': 'Dec  6 21:58:03 hqnl0246134 sshd[258566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 21:58:05,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356685.7205927, 'message': 'Dec  6 21:58:03 hqnl0246134 sshd[258580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 21:58:07,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356687.7230392, 'message': 'Dec  6 21:58:05 hqnl0246134 sshd[258566]: Failed password for invalid user oracle from 222.168.30.19 port 16266 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 21:58:07,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356687.72324, 'message': 'Dec  6 21:58:06 hqnl0246134 sshd[258580]: Failed password for root from 165.227.166.207 port 54154 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 21:58:07,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356687.7233517, 'message': 'Dec  6 21:58:07 hqnl0246134 sshd[258566]: Disconnected from invalid user oracle 222.168.30.19 port 16266 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:58:09,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356689.7259667, 'message': 'Dec  6 21:58:08 hqnl0246134 sshd[258583]: Invalid user usuario from 222.168.30.19 port 18676', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 21:58:09,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356689.7261724, 'message': 'Dec  6 21:58:08 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:58:09,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356689.7262838, 'message': 'Dec  6 21:58:08 hqnl0246134 sshd[258583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 21:58:10,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:58:10,529] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-06 21:58:11,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356691.7280307, 'message': 'Dec  6 21:58:11 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:58:13,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356693.731183, 'message': 'Dec  6 21:58:11 hqnl0246134 sshd[258585]: Invalid user roots from 103.159.223.158 port 49486', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 21:58:13,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356693.732982, 'message': 'Dec  6 21:58:13 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 21:58:13,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356693.732746, 'message': 'Dec  6 21:58:11 hqnl0246134 sshd[258585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.159.223.158 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:58:13,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356693.7328727, 'message': 'Dec  6 21:58:11 hqnl0246134 sshd[258585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.223.158 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:58:15,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356695.7338424, 'message': 'Dec  6 21:58:13 hqnl0246134 sshd[258585]: Failed password for invalid user roots from 103.159.223.158 port 49486 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 21:58:15,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356695.734048, 'message': 'Dec  6 21:58:14 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 21:58:15,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356695.734161, 'message': 'Dec  6 21:58:14 hqnl0246134 sshd[258585]: Disconnected from invalid user roots 103.159.223.158 port 49486 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 21:58:15,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356695.7342696, 'message': 'Dec  6 21:58:15 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 21:58:17,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:58:17,583] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:58:17,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:58:17,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-06 21:58:17,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356697.7361736, 'message': 'Dec  6 21:58:17 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:58:17,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:58:17,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:58:17,929] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:58:17,941] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 21:58:19,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356699.7390742, 'message': 'Dec  6 21:58:19 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 21:58:20,633] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:58:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:58:20,641] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:58:20,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 21:58:21,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356701.7424986, 'message': 'Dec  6 21:58:21 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:58:23,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356703.744736, 'message': 'Dec  6 21:58:23 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 21:58:25,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356705.7461648, 'message': 'Dec  6 21:58:25 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 21:58:25,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356705.7465003, 'message': 'Dec  6 21:58:25 hqnl0246134 sshd[258583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:58:29,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356709.7518008, 'message': 'Dec  6 21:58:27 hqnl0246134 sshd[258583]: Failed password for invalid user usuario from 222.168.30.19 port 18676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 21:58:29,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356709.752081, 'message': 'Dec  6 21:58:29 hqnl0246134 sshd[258583]: error: maximum authentication attempts exceeded for invalid user usuario from 222.168.30.19 port 18676 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 21:58:29,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356709.7522347, 'message': 'Dec  6 21:58:29 hqnl0246134 sshd[258583]: Disconnecting invalid user usuario 222.168.30.19 port 18676: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 21:58:31,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356711.7539577, 'message': 'Dec  6 21:58:31 hqnl0246134 sshd[258612]: Invalid user usuario from 222.168.30.19 port 26053', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 21:58:31,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356711.7542071, 'message': 'Dec  6 21:58:31 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:58:31,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356711.754353, 'message': 'Dec  6 21:58:31 hqnl0246134 sshd[258612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:58:33,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356713.7564125, 'message': 'Dec  6 21:58:33 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:58:35,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356715.757769, 'message': 'Dec  6 21:58:35 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 21:58:37,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356717.7609882, 'message': 'Dec  6 21:58:37 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 21:58:39,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356719.7646701, 'message': 'Dec  6 21:58:37 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 21:58:41,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356721.765886, 'message': 'Dec  6 21:58:39 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 21:58:43,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356723.7684317, 'message': 'Dec  6 21:58:41 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 21:58:43,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356723.768702, 'message': 'Dec  6 21:58:43 hqnl0246134 sshd[258616]: Invalid user user from 129.226.210.53 port 60040', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 21:58:43,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356723.7688215, 'message': 'Dec  6 21:58:43 hqnl0246134 sshd[258616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.226.210.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 21:58:43,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356723.76903, 'message': 'Dec  6 21:58:43 hqnl0246134 sshd[258616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.210.53 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:58:45,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356725.7698762, 'message': 'Dec  6 21:58:44 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0840 seconds
INFO    [2022-12-06 21:58:45,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356725.770147, 'message': 'Dec  6 21:58:45 hqnl0246134 sshd[258616]: Failed password for invalid user user from 129.226.210.53 port 60040 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0844 seconds
INFO    [2022-12-06 21:58:47,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356727.7744174, 'message': 'Dec  6 21:58:46 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 21:58:47,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356727.7746484, 'message': 'Dec  6 21:58:47 hqnl0246134 sshd[258616]: Disconnected from invalid user user 129.226.210.53 port 60040 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-06 21:58:49,145] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:58:49,146] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:58:49,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356729.7775002, 'message': 'Dec  6 21:58:48 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 21:58:51,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356731.7780511, 'message': 'Dec  6 21:58:50 hqnl0246134 sshd[258612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 21:58:51,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356731.778292, 'message': 'Dec  6 21:58:50 hqnl0246134 sshd[258624]: Invalid user supperinspur from 143.198.43.241 port 33908', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 21:58:51,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356731.778414, 'message': 'Dec  6 21:58:50 hqnl0246134 sshd[258624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.43.241 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:58:51,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356731.7785168, 'message': 'Dec  6 21:58:50 hqnl0246134 sshd[258624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.43.241 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:58:53,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356733.7808113, 'message': 'Dec  6 21:58:52 hqnl0246134 sshd[258612]: Failed password for invalid user usuario from 222.168.30.19 port 26053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 21:58:53,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356733.7810528, 'message': 'Dec  6 21:58:52 hqnl0246134 sshd[258624]: Failed password for invalid user supperinspur from 143.198.43.241 port 33908 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 21:58:55,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356735.787329, 'message': 'Dec  6 21:58:53 hqnl0246134 sshd[258624]: Disconnected from invalid user supperinspur 143.198.43.241 port 33908 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 21:58:55,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356735.7877238, 'message': 'Dec  6 21:58:54 hqnl0246134 sshd[258612]: error: maximum authentication attempts exceeded for invalid user usuario from 222.168.30.19 port 26053 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 21:58:55,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356735.7879362, 'message': 'Dec  6 21:58:54 hqnl0246134 sshd[258612]: Disconnecting invalid user usuario 222.168.30.19 port 26053: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 21:58:55,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356735.7880847, 'message': 'Dec  6 21:58:55 hqnl0246134 sshd[258635]: Invalid user usuario from 222.168.30.19 port 34067', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 21:58:57,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356737.805091, 'message': 'Dec  6 21:58:55 hqnl0246134 sshd[258635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 21:58:57,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356737.8054144, 'message': 'Dec  6 21:58:55 hqnl0246134 sshd[258635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 21:58:59,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356739.8134477, 'message': 'Dec  6 21:58:58 hqnl0246134 sshd[258635]: Failed password for invalid user usuario from 222.168.30.19 port 34067 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:59:01,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356741.8215592, 'message': 'Dec  6 21:58:59 hqnl0246134 sshd[258635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 21:59:01,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356741.8217824, 'message': 'Dec  6 21:59:01 hqnl0246134 sshd[258635]: Failed password for invalid user usuario from 222.168.30.19 port 34067 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 21:59:03,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356743.841473, 'message': 'Dec  6 21:59:02 hqnl0246134 sshd[258635]: Disconnected from invalid user usuario 222.168.30.19 port 34067 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 21:59:03,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356743.8417954, 'message': 'Dec  6 21:59:03 hqnl0246134 sshd[258645]: Invalid user test from 222.168.30.19 port 36555', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:59:03,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356743.8420098, 'message': 'Dec  6 21:59:03 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:59:03,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356743.8421896, 'message': 'Dec  6 21:59:03 hqnl0246134 sshd[258645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 21:59:05,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356745.8496904, 'message': 'Dec  6 21:59:05 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:59:07,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356747.8610115, 'message': 'Dec  6 21:59:06 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 21:59:08,087] defence360agent.files: Updating all files
INFO    [2022-12-06 21:59:08,365] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:08,365] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 21:59:08,713] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:08,713] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 21:59:08,975] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:08,975] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 21:59:09,266] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:09,266] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 21:59:09,267] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 21:59:09,576] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 19:59:09 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4C9D20CF2EFD'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 21:59:09,579] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 21:59:09,580] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 21:59:09,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356749.880047, 'message': 'Dec  6 21:59:07 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 21:59:09,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356749.8802624, 'message': 'Dec  6 21:59:08 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 21:59:10,178] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:10,179] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 21:59:10,491] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:10,491] defence360agent.files: ip-record files update finished (not updated)
WARNING [2022-12-06 21:59:10,509] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:59:10,534] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-06 21:59:10,829] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:10,829] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 21:59:11,228] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:11,228] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 21:59:11,699] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 21:59:11,700] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 21:59:11,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356751.8828027, 'message': 'Dec  6 21:59:10 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 21:59:11,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356751.8830042, 'message': 'Dec  6 21:59:11 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 21:59:13,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356753.8850796, 'message': 'Dec  6 21:59:12 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 21:59:13,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356753.885279, 'message': 'Dec  6 21:59:13 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 21:59:15,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356755.8955812, 'message': 'Dec  6 21:59:15 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 21:59:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:59:17,814] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:59:17,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:59:17,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 21:59:17,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356757.9016435, 'message': 'Dec  6 21:59:16 hqnl0246134 sshd[258645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 21:59:19,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356759.9071443, 'message': 'Dec  6 21:59:18 hqnl0246134 sshd[258645]: Failed password for invalid user test from 222.168.30.19 port 36555 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 21:59:20,464] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:59:20,464] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:59:20,471] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:59:20,482] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 21:59:21,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356761.9100797, 'message': 'Dec  6 21:59:20 hqnl0246134 sshd[258645]: error: maximum authentication attempts exceeded for invalid user test from 222.168.30.19 port 36555 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 21:59:21,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356761.9102566, 'message': 'Dec  6 21:59:20 hqnl0246134 sshd[258645]: Disconnecting invalid user test 222.168.30.19 port 36555: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 21:59:23,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356763.9235, 'message': 'Dec  6 21:59:22 hqnl0246134 sshd[258658]: Invalid user test from 222.168.30.19 port 42098', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 21:59:23,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356763.9241998, 'message': 'Dec  6 21:59:22 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 21:59:24,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356763.9245296, 'message': 'Dec  6 21:59:22 hqnl0246134 sshd[258658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1131 seconds
INFO    [2022-12-06 21:59:25,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356765.9279814, 'message': 'Dec  6 21:59:24 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 21:59:25,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356765.928718, 'message': 'Dec  6 21:59:25 hqnl0246134 sshd[258668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.230.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-06 21:59:26,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356765.928488, 'message': 'Dec  6 21:59:25 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:59:26,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356765.928958, 'message': 'Dec  6 21:59:25 hqnl0246134 sshd[258668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.230.251  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 21:59:27,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356767.9310215, 'message': 'Dec  6 21:59:27 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 21:59:27,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356767.9312396, 'message': 'Dec  6 21:59:27 hqnl0246134 sshd[258668]: Failed password for root from 147.182.230.251 port 35880 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 21:59:27,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356767.9313655, 'message': 'Dec  6 21:59:27 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 21:59:29,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356769.9330356, 'message': 'Dec  6 21:59:29 hqnl0246134 sshd[258673]: Invalid user arun from 143.110.241.56 port 57640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:59:29,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356769.9377296, 'message': 'Dec  6 21:59:29 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 21:59:29,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356769.9332466, 'message': 'Dec  6 21:59:29 hqnl0246134 sshd[258673]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.241.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 21:59:30,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356769.9376109, 'message': 'Dec  6 21:59:29 hqnl0246134 sshd[258673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.241.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 21:59:31,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356771.9337666, 'message': 'Dec  6 21:59:30 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 21:59:31,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356771.9340637, 'message': 'Dec  6 21:59:31 hqnl0246134 sshd[258673]: Failed password for invalid user arun from 143.110.241.56 port 57640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 21:59:32,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356771.934194, 'message': 'Dec  6 21:59:31 hqnl0246134 sshd[258673]: Disconnected from invalid user arun 143.110.241.56 port 57640 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 21:59:33,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356773.9360528, 'message': 'Dec  6 21:59:32 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 21:59:34,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356773.9363074, 'message': 'Dec  6 21:59:32 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 21:59:35,379] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 21:59:35,380] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 21:59:35,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 21:59:35,403] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 21:59:35,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356775.9459395, 'message': 'Dec  6 21:59:34 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 21:59:36,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356775.9462404, 'message': 'Dec  6 21:59:35 hqnl0246134 sshd[258658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 21:59:37,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356777.9418, 'message': 'Dec  6 21:59:37 hqnl0246134 sshd[258658]: Failed password for invalid user test from 222.168.30.19 port 42098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 21:59:37,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356777.942046, 'message': 'Dec  6 21:59:37 hqnl0246134 sshd[258658]: error: maximum authentication attempts exceeded for invalid user test from 222.168.30.19 port 42098 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:59:38,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356777.942196, 'message': 'Dec  6 21:59:37 hqnl0246134 sshd[258658]: Disconnecting invalid user test 222.168.30.19 port 42098: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 21:59:39,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356779.942599, 'message': 'Dec  6 21:59:39 hqnl0246134 sshd[258683]: Invalid user test from 222.168.30.19 port 47669', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 21:59:40,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356779.9431198, 'message': 'Dec  6 21:59:39 hqnl0246134 sshd[258683]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 21:59:40,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356779.9440646, 'message': 'Dec  6 21:59:39 hqnl0246134 sshd[258683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 21:59:41,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356781.9457846, 'message': 'Dec  6 21:59:41 hqnl0246134 sshd[258683]: Failed password for invalid user test from 222.168.30.19 port 47669 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:59:45,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356785.9512231, 'message': 'Dec  6 21:59:44 hqnl0246134 sshd[258683]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 21:59:45,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356785.9515347, 'message': 'Dec  6 21:59:45 hqnl0246134 sshd[258686]: Invalid user carla from 103.100.208.189 port 34584', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 21:59:46,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356785.9516594, 'message': 'Dec  6 21:59:45 hqnl0246134 sshd[258686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.100.208.189 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 21:59:46,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356785.951828, 'message': 'Dec  6 21:59:45 hqnl0246134 sshd[258686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.208.189 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 21:59:47,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356787.9546227, 'message': 'Dec  6 21:59:46 hqnl0246134 sshd[258683]: Failed password for invalid user test from 222.168.30.19 port 47669 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 21:59:47,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356787.95504, 'message': 'Dec  6 21:59:47 hqnl0246134 sshd[258686]: Failed password for invalid user carla from 103.100.208.189 port 34584 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 21:59:48,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356787.9548962, 'message': 'Dec  6 21:59:46 hqnl0246134 sshd[258683]: Disconnected from invalid user test 222.168.30.19 port 47669 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 21:59:49,150] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 21:59:49,151] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 21:59:49,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356789.9588852, 'message': 'Dec  6 21:59:48 hqnl0246134 sshd[258689]: Invalid user user from 222.168.30.19 port 50149', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 21:59:49,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356789.9594297, 'message': 'Dec  6 21:59:49 hqnl0246134 sshd[258686]: Disconnected from invalid user carla 103.100.208.189 port 34584 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 21:59:50,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356789.9591818, 'message': 'Dec  6 21:59:48 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 21:59:50,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356789.9593241, 'message': 'Dec  6 21:59:48 hqnl0246134 sshd[258689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 21:59:51,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356791.9609885, 'message': 'Dec  6 21:59:50 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 21:59:51,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356791.9613273, 'message': 'Dec  6 21:59:50 hqnl0246134 sshd[258691]: Invalid user tuxedo from 110.49.17.96 port 56280', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 21:59:52,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356791.9611819, 'message': 'Dec  6 21:59:50 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 21:59:52,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356791.9616523, 'message': 'Dec  6 21:59:51 hqnl0246134 sshd[258694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 21:59:52,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356791.9614456, 'message': 'Dec  6 21:59:50 hqnl0246134 sshd[258691]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.49.17.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-06 21:59:52,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356791.9615498, 'message': 'Dec  6 21:59:50 hqnl0246134 sshd[258691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.17.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 21:59:54,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356793.964172, 'message': 'Dec  6 21:59:52 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 21:59:54,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356793.9644172, 'message': 'Dec  6 21:59:52 hqnl0246134 sshd[258691]: Failed password for invalid user tuxedo from 110.49.17.96 port 56280 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-06 21:59:54,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356793.9645875, 'message': 'Dec  6 21:59:53 hqnl0246134 sshd[258694]: Failed password for root from 165.227.166.207 port 36226 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 21:59:56,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356795.9682546, 'message': 'Dec  6 21:59:54 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-06 21:59:56,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356795.9688222, 'message': 'Dec  6 21:59:55 hqnl0246134 sshd[258691]: Disconnected from invalid user tuxedo 110.49.17.96 port 56280 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 21:59:57,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356797.9696395, 'message': 'Dec  6 21:59:56 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 21:59:59,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356799.9727147, 'message': 'Dec  6 21:59:58 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:00:02,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356801.9947538, 'message': 'Dec  6 22:00:01 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-06 22:00:04,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356803.97678, 'message': 'Dec  6 22:00:02 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 22:00:06,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356805.979605, 'message': 'Dec  6 22:00:05 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 22:00:08,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356807.9825618, 'message': 'Dec  6 22:00:06 hqnl0246134 sshd[258689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:00:10,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356809.9869614, 'message': 'Dec  6 22:00:09 hqnl0246134 sshd[258689]: Failed password for invalid user user from 222.168.30.19 port 50149 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 22:00:10,511] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:00:10,537] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0349 seconds
INFO    [2022-12-06 22:00:12,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356811.9916508, 'message': 'Dec  6 22:00:10 hqnl0246134 sshd[258689]: error: maximum authentication attempts exceeded for invalid user user from 222.168.30.19 port 50149 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:00:12,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356811.9918454, 'message': 'Dec  6 22:00:10 hqnl0246134 sshd[258689]: Disconnecting invalid user user 222.168.30.19 port 50149: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:00:14,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356813.9996533, 'message': 'Dec  6 22:00:12 hqnl0246134 sshd[258746]: Invalid user user from 222.168.30.19 port 57636', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:00:14,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356813.9998965, 'message': 'Dec  6 22:00:12 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:00:14,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356814.000084, 'message': 'Dec  6 22:00:12 hqnl0246134 sshd[258746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:00:16,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356816.0045455, 'message': 'Dec  6 22:00:14 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:00:16,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356816.0047896, 'message': 'Dec  6 22:00:14 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 22:00:17,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:00:17,900] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:00:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:00:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 22:00:18,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356818.006064, 'message': 'Dec  6 22:00:16 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:00:20,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356820.017421, 'message': 'Dec  6 22:00:18 hqnl0246134 sshd[258755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-06 22:00:20,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356820.0179267, 'message': 'Dec  6 22:00:18 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-06 22:00:20,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356820.017711, 'message': 'Dec  6 22:00:18 hqnl0246134 sshd[258755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 22:00:20,576] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:00:20,576] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:00:20,584] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:00:20,595] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:00:22,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356822.017775, 'message': 'Dec  6 22:00:20 hqnl0246134 sshd[258755]: Failed password for root from 61.177.173.18 port 37297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 22:00:22,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356822.0207489, 'message': 'Dec  6 22:00:20 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 22:00:22,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356822.020879, 'message': 'Dec  6 22:00:22 hqnl0246134 sshd[258768]: Invalid user tuxedo from 181.204.164.18 port 38664', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 22:00:22,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356822.0180256, 'message': 'Dec  6 22:00:20 hqnl0246134 sshd[258755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 22:00:24,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356824.022394, 'message': 'Dec  6 22:00:22 hqnl0246134 sshd[258768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.204.164.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-06 22:00:24,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356824.0227664, 'message': 'Dec  6 22:00:23 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 22:00:24,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356824.0229363, 'message': 'Dec  6 22:00:23 hqnl0246134 sshd[258755]: Failed password for root from 61.177.173.18 port 37297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-06 22:00:24,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356824.0226138, 'message': 'Dec  6 22:00:22 hqnl0246134 sshd[258768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.204.164.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:00:26,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356826.023056, 'message': 'Dec  6 22:00:24 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 22:00:26,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356826.0235317, 'message': 'Dec  6 22:00:24 hqnl0246134 sshd[258755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 22:00:26,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356826.0236678, 'message': 'Dec  6 22:00:24 hqnl0246134 sshd[258768]: Failed password for invalid user tuxedo from 181.204.164.18 port 38664 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-06 22:00:26,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356826.023785, 'message': 'Dec  6 22:00:25 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:00:28,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356828.0253935, 'message': 'Dec  6 22:00:26 hqnl0246134 sshd[258755]: Failed password for root from 61.177.173.18 port 37297 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0680 seconds
INFO    [2022-12-06 22:00:28,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356828.0257177, 'message': 'Dec  6 22:00:26 hqnl0246134 sshd[258768]: Disconnected from invalid user tuxedo 181.204.164.18 port 38664 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0688 seconds
INFO    [2022-12-06 22:00:28,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356828.0259273, 'message': 'Dec  6 22:00:27 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0688 seconds
INFO    [2022-12-06 22:00:30,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356830.0277746, 'message': 'Dec  6 22:00:29 hqnl0246134 sshd[258746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:00:32,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356832.0305567, 'message': 'Dec  6 22:00:31 hqnl0246134 sshd[258746]: Failed password for invalid user user from 222.168.30.19 port 57636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 22:00:32,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356832.0309453, 'message': 'Dec  6 22:00:31 hqnl0246134 sshd[258746]: error: maximum authentication attempts exceeded for invalid user user from 222.168.30.19 port 57636 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 22:00:32,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356832.0311215, 'message': 'Dec  6 22:00:31 hqnl0246134 sshd[258746]: Disconnecting invalid user user 222.168.30.19 port 57636: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:00:34,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356834.0325155, 'message': 'Dec  6 22:00:33 hqnl0246134 sshd[258781]: Invalid user user from 222.168.30.19 port 63894', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:00:34,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356834.032761, 'message': 'Dec  6 22:00:33 hqnl0246134 sshd[258781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:00:34,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356834.0328858, 'message': 'Dec  6 22:00:33 hqnl0246134 sshd[258781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:00:36,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356836.0341687, 'message': 'Dec  6 22:00:35 hqnl0246134 sshd[258781]: Failed password for invalid user user from 222.168.30.19 port 63894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:00:38,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356838.037698, 'message': 'Dec  6 22:00:37 hqnl0246134 sshd[258781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:00:40,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356840.0397718, 'message': 'Dec  6 22:00:39 hqnl0246134 sshd[258781]: Failed password for invalid user user from 222.168.30.19 port 63894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:00:42,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356842.042127, 'message': 'Dec  6 22:00:41 hqnl0246134 sshd[258781]: Disconnected from invalid user user 222.168.30.19 port 63894 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:00:44,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356844.0450785, 'message': 'Dec  6 22:00:42 hqnl0246134 sshd[258788]: Invalid user ftpuser from 222.168.30.19 port 2251', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:00:44,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356844.0453417, 'message': 'Dec  6 22:00:42 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:00:44,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356844.0455031, 'message': 'Dec  6 22:00:42 hqnl0246134 sshd[258788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:00:46,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356846.048293, 'message': 'Dec  6 22:00:44 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:00:46,146] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:00:46,146] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:00:46,163] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:00:46,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356846.048566, 'message': 'Dec  6 22:00:45 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1138 seconds
INFO    [2022-12-06 22:00:46,185] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0372 seconds
WARNING [2022-12-06 22:00:49,158] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:00:49,159] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:00:50,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356850.0524094, 'message': 'Dec  6 22:00:48 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:00:50,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356850.052593, 'message': 'Dec  6 22:00:48 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:00:52,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356852.0554366, 'message': 'Dec  6 22:00:50 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:00:52,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356852.0556483, 'message': 'Dec  6 22:00:50 hqnl0246134 sshd[258793]: Invalid user user from 139.59.112.202 port 54816', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:00:52,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356852.0560305, 'message': 'Dec  6 22:00:51 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:00:52,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356852.05577, 'message': 'Dec  6 22:00:51 hqnl0246134 sshd[258793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.112.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:00:52,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356852.0558913, 'message': 'Dec  6 22:00:51 hqnl0246134 sshd[258793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.112.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:00:54,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356854.0577269, 'message': 'Dec  6 22:00:53 hqnl0246134 sshd[258793]: Failed password for invalid user user from 139.59.112.202 port 54816 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:00:54,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356854.057927, 'message': 'Dec  6 22:00:53 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 22:00:56,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.112.202', 'timestamp': 1670356856.0624752, 'message': 'Dec  6 22:00:55 hqnl0246134 sshd[258793]: Disconnected from invalid user user 139.59.112.202 port 54816 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:00:58,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356858.065093, 'message': 'Dec  6 22:00:56 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:01:00,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356860.0654535, 'message': 'Dec  6 22:00:59 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:01:02,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356862.0683613, 'message': 'Dec  6 22:01:02 hqnl0246134 sshd[258788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:01:04,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356864.0697966, 'message': 'Dec  6 22:01:03 hqnl0246134 sshd[258788]: Failed password for invalid user ftpuser from 222.168.30.19 port 2251 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:01:06,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356866.0732505, 'message': 'Dec  6 22:01:04 hqnl0246134 sshd[258788]: error: maximum authentication attempts exceeded for invalid user ftpuser from 222.168.30.19 port 2251 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 22:01:06,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356866.0735517, 'message': 'Dec  6 22:01:04 hqnl0246134 sshd[258788]: Disconnecting invalid user ftpuser 222.168.30.19 port 2251: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:01:08,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356868.0736535, 'message': 'Dec  6 22:01:06 hqnl0246134 sshd[258816]: Invalid user ftpuser from 222.168.30.19 port 8766', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 22:01:08,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356868.073866, 'message': 'Dec  6 22:01:06 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 22:01:08,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356868.0743163, 'message': 'Dec  6 22:01:06 hqnl0246134 sshd[258816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:01:08,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356868.0744317, 'message': 'Dec  6 22:01:07 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:01:10,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356870.0784156, 'message': 'Dec  6 22:01:08 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
WARNING [2022-12-06 22:01:10,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:01:10,610] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0303 seconds
INFO    [2022-12-06 22:01:12,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356872.0810843, 'message': 'Dec  6 22:01:11 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:01:12,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356872.0814035, 'message': 'Dec  6 22:01:11 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:01:14,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356874.0818207, 'message': 'Dec  6 22:01:13 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0732 seconds
INFO    [2022-12-06 22:01:16,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356876.0856934, 'message': 'Dec  6 22:01:14 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:01:18,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356878.0887454, 'message': 'Dec  6 22:01:16 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:01:18,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356878.0890813, 'message': 'Dec  6 22:01:17 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:01:18,241] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:01:18,241] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:01:18,248] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:01:18,260] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 22:01:20,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356880.090122, 'message': 'Dec  6 22:01:18 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:01:20,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356880.0903888, 'message': 'Dec  6 22:01:18 hqnl0246134 sshd[258816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:01:20,880] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:01:20,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:01:20,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:01:20,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 22:01:22,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356882.093361, 'message': 'Dec  6 22:01:20 hqnl0246134 sshd[258816]: Failed password for invalid user ftpuser from 222.168.30.19 port 8766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:01:22,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356882.1004844, 'message': 'Dec  6 22:01:21 hqnl0246134 sshd[258816]: error: maximum authentication attempts exceeded for invalid user ftpuser from 222.168.30.19 port 8766 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 22:01:22,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356882.100659, 'message': 'Dec  6 22:01:21 hqnl0246134 sshd[258816]: Disconnecting invalid user ftpuser 222.168.30.19 port 8766: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:01:24,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356884.0941558, 'message': 'Dec  6 22:01:22 hqnl0246134 sshd[258832]: Invalid user joe from 103.159.223.158 port 41410', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 22:01:24,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356884.0949757, 'message': 'Dec  6 22:01:23 hqnl0246134 sshd[258834]: Invalid user ftpuser from 222.168.30.19 port 13781', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:01:24,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356884.0943987, 'message': 'Dec  6 22:01:22 hqnl0246134 sshd[258832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.159.223.158 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 22:01:24,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356884.0950913, 'message': 'Dec  6 22:01:23 hqnl0246134 sshd[258834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:01:24,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356884.0948677, 'message': 'Dec  6 22:01:22 hqnl0246134 sshd[258832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.223.158 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:01:24,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356884.0952039, 'message': 'Dec  6 22:01:23 hqnl0246134 sshd[258834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:01:26,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356886.0983262, 'message': 'Dec  6 22:01:24 hqnl0246134 sshd[258832]: Failed password for invalid user joe from 103.159.223.158 port 41410 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:01:26,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356886.0987837, 'message': 'Dec  6 22:01:25 hqnl0246134 sshd[258834]: Failed password for invalid user ftpuser from 222.168.30.19 port 13781 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:01:26,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356886.0989957, 'message': 'Dec  6 22:01:25 hqnl0246134 sshd[258844]: Invalid user teste from 143.198.43.241 port 42666', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 22:01:26,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356886.0992541, 'message': 'Dec  6 22:01:25 hqnl0246134 sshd[258844]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.43.241 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:01:26,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356886.099449, 'message': 'Dec  6 22:01:25 hqnl0246134 sshd[258844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.43.241 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:01:28,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356888.0981936, 'message': 'Dec  6 22:01:26 hqnl0246134 sshd[258834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 22:01:28,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.159.223.158', 'timestamp': 1670356888.0984771, 'message': 'Dec  6 22:01:26 hqnl0246134 sshd[258832]: Disconnected from invalid user joe 103.159.223.158 port 41410 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-06 22:01:28,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356888.0986066, 'message': 'Dec  6 22:01:27 hqnl0246134 sshd[258844]: Failed password for invalid user teste from 143.198.43.241 port 42666 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 22:01:28,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.43.241', 'timestamp': 1670356888.0987086, 'message': 'Dec  6 22:01:28 hqnl0246134 sshd[258844]: Disconnected from invalid user teste 143.198.43.241 port 42666 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:01:30,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356890.1011608, 'message': 'Dec  6 22:01:28 hqnl0246134 sshd[258834]: Failed password for invalid user ftpuser from 222.168.30.19 port 13781 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:01:30,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356890.1014454, 'message': 'Dec  6 22:01:28 hqnl0246134 sshd[258834]: Disconnected from invalid user ftpuser 222.168.30.19 port 13781 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:01:32,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356892.104603, 'message': 'Dec  6 22:01:30 hqnl0246134 sshd[258846]: Invalid user test1 from 222.168.30.19 port 15869', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 22:01:32,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356892.1055923, 'message': 'Dec  6 22:01:30 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:01:32,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356892.1057808, 'message': 'Dec  6 22:01:30 hqnl0246134 sshd[258846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:01:34,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356894.1072497, 'message': 'Dec  6 22:01:32 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:01:34,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356894.107598, 'message': 'Dec  6 22:01:33 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 22:01:38,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356898.1117525, 'message': 'Dec  6 22:01:36 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0835 seconds
INFO    [2022-12-06 22:01:38,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356898.1125271, 'message': 'Dec  6 22:01:36 hqnl0246134 sshd[258850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0828 seconds
INFO    [2022-12-06 22:01:38,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356898.1122727, 'message': 'Dec  6 22:01:36 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 22:01:40,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356900.1130702, 'message': 'Dec  6 22:01:38 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 22:01:40,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670356900.1133726, 'message': 'Dec  6 22:01:38 hqnl0246134 sshd[258850]: Failed password for root from 165.227.166.207 port 46484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 22:01:40,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356900.1134858, 'message': 'Dec  6 22:01:40 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:01:42,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356902.1151252, 'message': 'Dec  6 22:01:41 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 22:01:44,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356904.1206293, 'message': 'Dec  6 22:01:43 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:01:44,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356904.1208112, 'message': 'Dec  6 22:01:43 hqnl0246134 sshd[258855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:01:44,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356904.1209567, 'message': 'Dec  6 22:01:43 hqnl0246134 sshd[258855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:01:46,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356906.1218338, 'message': 'Dec  6 22:01:45 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 22:01:46,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356906.1220891, 'message': 'Dec  6 22:01:45 hqnl0246134 sshd[258855]: Failed password for root from 61.177.173.18 port 55521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:01:48,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356908.1246123, 'message': 'Dec  6 22:01:46 hqnl0246134 sshd[258846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:01:48,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356908.1248398, 'message': 'Dec  6 22:01:48 hqnl0246134 sshd[258855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
WARNING [2022-12-06 22:01:49,165] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:01:49,166] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:01:50,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356910.1263025, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258846]: Failed password for invalid user test1 from 222.168.30.19 port 15869 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 22:01:50,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356910.1264977, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258857]: Invalid user psql from 129.226.210.53 port 50018', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-06 22:01:50,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356910.1269197, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258855]: Failed password for root from 61.177.173.18 port 55521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-06 22:01:50,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356910.1266336, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258857]: pam_imunify(sshd:auth): [IM360_RBL] The IP 129.226.210.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0580 seconds
INFO    [2022-12-06 22:01:50,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356910.1270533, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258846]: error: maximum authentication attempts exceeded for invalid user test1 from 222.168.30.19 port 15869 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-06 22:01:50,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356910.1267533, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.210.53 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 22:01:50,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356910.1271563, 'message': 'Dec  6 22:01:49 hqnl0246134 sshd[258846]: Disconnecting invalid user test1 222.168.30.19 port 15869: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-06 22:01:52,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356912.1290495, 'message': 'Dec  6 22:01:50 hqnl0246134 sshd[258855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-06 22:01:52,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356912.1293185, 'message': 'Dec  6 22:01:51 hqnl0246134 sshd[258857]: Failed password for invalid user psql from 129.226.210.53 port 50018 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-06 22:01:52,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356912.1295083, 'message': 'Dec  6 22:01:51 hqnl0246134 sshd[258861]: Invalid user test1 from 222.168.30.19 port 21431', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-06 22:01:52,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356912.1297219, 'message': 'Dec  6 22:01:51 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:01:52,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356912.129948, 'message': 'Dec  6 22:01:51 hqnl0246134 sshd[258861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:01:52,451] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:01:52,452] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:01:52,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:01:52,487] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
WARNING [2022-12-06 22:01:54,020] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 22:01:54,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356914.138268, 'message': 'Dec  6 22:01:52 hqnl0246134 sshd[258855]: Failed password for root from 61.177.173.18 port 55521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 22:01:54,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '129.226.210.53', 'timestamp': 1670356914.1404202, 'message': 'Dec  6 22:01:52 hqnl0246134 sshd[258857]: Disconnected from invalid user psql 129.226.210.53 port 50018 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-06 22:01:54,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356914.140621, 'message': 'Dec  6 22:01:53 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 22:01:56,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356916.142295, 'message': 'Dec  6 22:01:54 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 22:01:58,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356918.1442254, 'message': 'Dec  6 22:01:57 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:01:58,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356918.144438, 'message': 'Dec  6 22:01:58 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:02:02,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356922.1529508, 'message': 'Dec  6 22:02:00 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 22:02:02,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356922.153375, 'message': 'Dec  6 22:02:01 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:02:04,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356924.1556823, 'message': 'Dec  6 22:02:03 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:02:06,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356926.1577663, 'message': 'Dec  6 22:02:04 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:02:08,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356928.1600852, 'message': 'Dec  6 22:02:06 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:02:08,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356928.1602871, 'message': 'Dec  6 22:02:08 hqnl0246134 sshd[258861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:02:10,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356930.1627896, 'message': 'Dec  6 22:02:10 hqnl0246134 sshd[258861]: Failed password for invalid user test1 from 222.168.30.19 port 21431 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 22:02:10,592] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:02:10,622] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0371 seconds
INFO    [2022-12-06 22:02:12,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356932.1657882, 'message': 'Dec  6 22:02:11 hqnl0246134 sshd[258861]: error: maximum authentication attempts exceeded for invalid user test1 from 222.168.30.19 port 21431 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:02:12,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356932.166031, 'message': 'Dec  6 22:02:11 hqnl0246134 sshd[258861]: Disconnecting invalid user test1 222.168.30.19 port 21431: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:02:14,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356934.1704738, 'message': 'Dec  6 22:02:12 hqnl0246134 sshd[258892]: Invalid user test1 from 222.168.30.19 port 27105', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:02:14,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356934.1706765, 'message': 'Dec  6 22:02:12 hqnl0246134 sshd[258892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:02:14,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356934.1707895, 'message': 'Dec  6 22:02:12 hqnl0246134 sshd[258892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:02:14,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356934.1709166, 'message': 'Dec  6 22:02:14 hqnl0246134 sshd[258892]: Failed password for invalid user test1 from 222.168.30.19 port 27105 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:02:16,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356936.1729963, 'message': 'Dec  6 22:02:14 hqnl0246134 sshd[258892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:02:16,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356936.173192, 'message': 'Dec  6 22:02:16 hqnl0246134 sshd[258892]: Failed password for invalid user test1 from 222.168.30.19 port 27105 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 22:02:17,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:02:17,731] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:02:17,740] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:02:17,753] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 22:02:18,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356938.1739452, 'message': 'Dec  6 22:02:17 hqnl0246134 sshd[258892]: Disconnected from invalid user test1 222.168.30.19 port 27105 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 22:02:20,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356940.1776426, 'message': 'Dec  6 22:02:18 hqnl0246134 sshd[258897]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.230.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 22:02:20,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356940.1780362, 'message': 'Dec  6 22:02:19 hqnl0246134 sshd[258902]: Invalid user test2 from 222.168.30.19 port 28998', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-06 22:02:20,306] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:02:20,306] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 22:02:20,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356940.1779184, 'message': 'Dec  6 22:02:18 hqnl0246134 sshd[258897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.230.251  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1066 seconds
WARNING [2022-12-06 22:02:20,322] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:02:20,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356940.178142, 'message': 'Dec  6 22:02:19 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1072 seconds
INFO    [2022-12-06 22:02:20,348] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0406 seconds
INFO    [2022-12-06 22:02:20,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356940.1782458, 'message': 'Dec  6 22:02:19 hqnl0246134 sshd[258902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:02:22,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.230.251', 'timestamp': 1670356942.178577, 'message': 'Dec  6 22:02:20 hqnl0246134 sshd[258897]: Failed password for root from 147.182.230.251 port 54012 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 22:02:22,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356942.1788905, 'message': 'Dec  6 22:02:21 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-06 22:02:22,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356942.179045, 'message': 'Dec  6 22:02:21 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:02:24,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356944.1873407, 'message': 'Dec  6 22:02:23 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:02:26,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356946.1914113, 'message': 'Dec  6 22:02:25 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 22:02:28,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356948.1973035, 'message': 'Dec  6 22:02:27 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 22:02:28,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356948.1975935, 'message': 'Dec  6 22:02:27 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:02:30,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356950.2003434, 'message': 'Dec  6 22:02:29 hqnl0246134 sshd[258917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:02:30,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356950.2008333, 'message': 'Dec  6 22:02:30 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 22:02:30,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356950.2006729, 'message': 'Dec  6 22:02:29 hqnl0246134 sshd[258917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:02:32,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356952.2027051, 'message': 'Dec  6 22:02:31 hqnl0246134 sshd[258917]: Failed password for root from 61.177.173.18 port 22093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 22:02:34,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356954.2055514, 'message': 'Dec  6 22:02:32 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 22:02:34,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670356954.2058077, 'message': 'Dec  6 22:02:32 hqnl0246134 sshd[258919]: Invalid user ubnt from 152.89.196.220 port 17058', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-06 22:02:34,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356954.2061846, 'message': 'Dec  6 22:02:33 hqnl0246134 sshd[258917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-06 22:02:34,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670356954.205938, 'message': 'Dec  6 22:02:33 hqnl0246134 sshd[258919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:02:34,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670356954.2060668, 'message': 'Dec  6 22:02:33 hqnl0246134 sshd[258919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 22:02:36,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356956.2085369, 'message': 'Dec  6 22:02:34 hqnl0246134 sshd[258921]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.241.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-06 22:02:36,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356956.2089975, 'message': 'Dec  6 22:02:34 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-06 22:02:36,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670356956.2091353, 'message': 'Dec  6 22:02:35 hqnl0246134 sshd[258919]: Failed password for invalid user ubnt from 152.89.196.220 port 17058 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-06 22:02:36,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356956.2092807, 'message': 'Dec  6 22:02:35 hqnl0246134 sshd[258917]: Failed password for root from 61.177.173.18 port 22093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0586 seconds
INFO    [2022-12-06 22:02:36,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356956.208808, 'message': 'Dec  6 22:02:34 hqnl0246134 sshd[258921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.241.56  user=news', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 22:02:36,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356956.2094421, 'message': 'Dec  6 22:02:36 hqnl0246134 sshd[258917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:02:38,222] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:02:38,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.110.241.56', 'timestamp': 1670356958.2112303, 'message': 'Dec  6 22:02:36 hqnl0246134 sshd[258921]: Failed password for news from 143.110.241.56 port 46514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-06 22:02:38,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356958.2115343, 'message': 'Dec  6 22:02:36 hqnl0246134 sshd[258902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0641 seconds
INFO    [2022-12-06 22:02:38,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670356958.2116807, 'message': 'Dec  6 22:02:37 hqnl0246134 sshd[258919]: Disconnected from invalid user ubnt 152.89.196.220 port 17058 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-06 22:02:38,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356958.21182, 'message': 'Dec  6 22:02:37 hqnl0246134 sshd[258917]: Failed password for root from 61.177.173.18 port 22093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-06 22:02:38,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356958.2119625, 'message': 'Dec  6 22:02:38 hqnl0246134 sshd[258902]: Failed password for invalid user test2 from 222.168.30.19 port 28998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:02:38,311] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:02:38,312] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:02:38,312] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:02:38,312] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:02:38,312] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:02:38,322] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:02:38,339] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0260 seconds
WARNING [2022-12-06 22:02:38,346] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:02:38,348] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:02:38,386] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0536 seconds
INFO    [2022-12-06 22:02:38,389] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0521 seconds
INFO    [2022-12-06 22:02:40,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356960.214662, 'message': 'Dec  6 22:02:38 hqnl0246134 sshd[258902]: error: maximum authentication attempts exceeded for invalid user test2 from 222.168.30.19 port 28998 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-06 22:02:40,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356960.2152915, 'message': 'Dec  6 22:02:39 hqnl0246134 sshd[258923]: Invalid user vmuser from 103.100.208.189 port 56913', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-06 22:02:40,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356960.21507, 'message': 'Dec  6 22:02:38 hqnl0246134 sshd[258902]: Disconnecting invalid user test2 222.168.30.19 port 28998: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 22:02:40,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356960.2154958, 'message': 'Dec  6 22:02:39 hqnl0246134 sshd[258923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.100.208.189 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 22:02:40,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356960.2156885, 'message': 'Dec  6 22:02:39 hqnl0246134 sshd[258923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.208.189 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:02:42,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356962.2183967, 'message': 'Dec  6 22:02:40 hqnl0246134 sshd[258925]: Invalid user test2 from 222.168.30.19 port 34999', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 22:02:42,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356962.2191432, 'message': 'Dec  6 22:02:41 hqnl0246134 sshd[258923]: Failed password for invalid user vmuser from 103.100.208.189 port 56913 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 22:02:42,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356962.2187402, 'message': 'Dec  6 22:02:40 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:02:42,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356962.2189589, 'message': 'Dec  6 22:02:40 hqnl0246134 sshd[258925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:02:42,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356962.2193246, 'message': 'Dec  6 22:02:42 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:02:44,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356964.2199771, 'message': 'Dec  6 22:02:42 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:02:44,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.100.208.189', 'timestamp': 1670356964.220203, 'message': 'Dec  6 22:02:42 hqnl0246134 sshd[258923]: Disconnected from invalid user vmuser 103.100.208.189 port 56913 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 22:02:46,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356966.2235465, 'message': 'Dec  6 22:02:44 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:02:46,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356966.22376, 'message': 'Dec  6 22:02:44 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:02:48,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356968.2258103, 'message': 'Dec  6 22:02:46 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
WARNING [2022-12-06 22:02:49,172] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:02:49,173] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:02:50,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356970.2305074, 'message': 'Dec  6 22:02:49 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 22:02:52,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356972.233343, 'message': 'Dec  6 22:02:50 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:02:52,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356972.2335246, 'message': 'Dec  6 22:02:51 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:02:54,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356974.237918, 'message': 'Dec  6 22:02:53 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:02:56,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356976.2428918, 'message': 'Dec  6 22:02:55 hqnl0246134 sshd[258925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:02:58,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356978.2451625, 'message': 'Dec  6 22:02:57 hqnl0246134 sshd[258925]: Failed password for invalid user test2 from 222.168.30.19 port 34999 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:02:58,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356978.2453804, 'message': 'Dec  6 22:02:57 hqnl0246134 sshd[258925]: error: maximum authentication attempts exceeded for invalid user test2 from 222.168.30.19 port 34999 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 22:02:58,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356978.245515, 'message': 'Dec  6 22:02:57 hqnl0246134 sshd[258925]: Disconnecting invalid user test2 222.168.30.19 port 34999: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:03:00,398] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:03:00,399] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:03:00,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:03:00,443] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0437 seconds
INFO    [2022-12-06 22:03:00,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356980.4006987, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258939]: Invalid user test2 from 222.168.30.19 port 40129', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 22:03:00,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356980.40119, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258941]: Invalid user test2 from 110.49.17.96 port 45404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 22:03:00,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356980.400956, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 22:03:00,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356980.4012969, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258941]: pam_imunify(sshd:auth): [IM360_RBL] The IP 110.49.17.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 22:03:00,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356980.4010692, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:03:00,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356980.4016736, 'message': 'Dec  6 22:02:59 hqnl0246134 sshd[258941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.17.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:03:02,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356982.2509146, 'message': 'Dec  6 22:03:00 hqnl0246134 sshd[258939]: Failed password for invalid user test2 from 222.168.30.19 port 40129 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 22:03:02,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356982.2511182, 'message': 'Dec  6 22:03:01 hqnl0246134 sshd[258941]: Failed password for invalid user test2 from 110.49.17.96 port 45404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 22:03:02,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356982.2518437, 'message': 'Dec  6 22:03:01 hqnl0246134 sshd[258939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 22:03:02,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '110.49.17.96', 'timestamp': 1670356982.251966, 'message': 'Dec  6 22:03:02 hqnl0246134 sshd[258941]: Disconnected from invalid user test2 110.49.17.96 port 45404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:03:04,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356984.2553828, 'message': 'Dec  6 22:03:02 hqnl0246134 sshd[258939]: Failed password for invalid user test2 from 222.168.30.19 port 40129 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:03:04,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356984.255579, 'message': 'Dec  6 22:03:03 hqnl0246134 sshd[258939]: Disconnected from invalid user test2 222.168.30.19 port 40129 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 22:03:06,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356986.2619274, 'message': 'Dec  6 22:03:05 hqnl0246134 sshd[258955]: Invalid user contador from 222.168.30.19 port 41759', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:03:06,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356986.2623458, 'message': 'Dec  6 22:03:05 hqnl0246134 sshd[258957]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.67.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:03:06,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356986.2621086, 'message': 'Dec  6 22:03:05 hqnl0246134 sshd[258955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 22:03:06,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356986.2624624, 'message': 'Dec  6 22:03:05 hqnl0246134 sshd[258957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.67.95  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 22:03:06,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356986.2622423, 'message': 'Dec  6 22:03:05 hqnl0246134 sshd[258955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:03:08,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356988.2692757, 'message': 'Dec  6 22:03:07 hqnl0246134 sshd[258955]: Failed password for invalid user contador from 222.168.30.19 port 41759 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:03:08,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.114.67.95', 'timestamp': 1670356988.2694798, 'message': 'Dec  6 22:03:07 hqnl0246134 sshd[258957]: Failed password for root from 167.114.67.95 port 38602 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 22:03:08,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356988.2695985, 'message': 'Dec  6 22:03:07 hqnl0246134 sshd[258955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:03:08,462] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:03:08,463] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:03:08,464] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 22:03:10,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356990.2743921, 'message': 'Dec  6 22:03:09 hqnl0246134 sshd[258955]: Failed password for invalid user contador from 222.168.30.19 port 41759 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 22:03:10,597] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:03:10,631] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-06 22:03:12,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356992.2805803, 'message': 'Dec  6 22:03:11 hqnl0246134 sshd[258955]: Disconnected from invalid user contador 222.168.30.19 port 41759 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:03:14,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356994.2883546, 'message': 'Dec  6 22:03:12 hqnl0246134 sshd[258959]: Invalid user duni from 222.168.30.19 port 43786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:03:14,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356994.2886167, 'message': 'Dec  6 22:03:12 hqnl0246134 sshd[258959]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:03:14,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356994.2887297, 'message': 'Dec  6 22:03:12 hqnl0246134 sshd[258959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:03:14,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356994.289599, 'message': 'Dec  6 22:03:13 hqnl0246134 sshd[258959]: Failed password for invalid user duni from 222.168.30.19 port 43786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:03:14,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356994.2897053, 'message': 'Dec  6 22:03:14 hqnl0246134 sshd[258959]: Disconnected from invalid user duni 222.168.30.19 port 43786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:03:16,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356996.289953, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258961]: Invalid user joe from 181.204.164.18 port 55358', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 22:03:16,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356996.290339, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258963]: Invalid user pi from 222.168.30.19 port 44651', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 22:03:16,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356996.2901294, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.204.164.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-06 22:03:16,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356996.2904575, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258963]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 22:03:16,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356996.2906685, 'message': 'Dec  6 22:03:16 hqnl0246134 sshd[258965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 22:03:16,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356996.2902381, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.204.164.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:03:16,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356996.2905571, 'message': 'Dec  6 22:03:15 hqnl0246134 sshd[258963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 22:03:16,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670356996.290781, 'message': 'Dec  6 22:03:16 hqnl0246134 sshd[258965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 22:03:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:03:17,814] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:03:17,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:03:17,833] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 22:03:18,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356998.2956674, 'message': 'Dec  6 22:03:16 hqnl0246134 sshd[258961]: Failed password for invalid user joe from 181.204.164.18 port 55358 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 22:03:18,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356998.29599, 'message': 'Dec  6 22:03:17 hqnl0246134 sshd[258963]: Failed password for invalid user pi from 222.168.30.19 port 44651 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 22:03:18,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.204.164.18', 'timestamp': 1670356998.2958558, 'message': 'Dec  6 22:03:17 hqnl0246134 sshd[258961]: Disconnected from invalid user joe 181.204.164.18 port 55358 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 22:03:18,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670356998.2960987, 'message': 'Dec  6 22:03:18 hqnl0246134 sshd[258963]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 22:03:20,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357000.3003383, 'message': 'Dec  6 22:03:18 hqnl0246134 sshd[258965]: Failed password for root from 61.177.173.18 port 60016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:03:20,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357000.3005166, 'message': 'Dec  6 22:03:19 hqnl0246134 sshd[258963]: Failed password for invalid user pi from 222.168.30.19 port 44651 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:03:20,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:03:20,405] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:03:20,419] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:03:20,432] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-06 22:03:22,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357002.303441, 'message': 'Dec  6 22:03:20 hqnl0246134 sshd[258965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 22:03:22,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357002.3036275, 'message': 'Dec  6 22:03:20 hqnl0246134 sshd[258963]: Disconnected from invalid user pi 222.168.30.19 port 44651 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 22:03:22,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357002.3037374, 'message': 'Dec  6 22:03:22 hqnl0246134 sshd[258977]: Invalid user baikal from 222.168.30.19 port 46528', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 22:03:22,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357002.3040812, 'message': 'Dec  6 22:03:22 hqnl0246134 sshd[258965]: Failed password for root from 61.177.173.18 port 60016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 22:03:22,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357002.3038642, 'message': 'Dec  6 22:03:22 hqnl0246134 sshd[258977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 222.168.30.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:03:22,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357002.3039684, 'message': 'Dec  6 22:03:22 hqnl0246134 sshd[258977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.168.30.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:03:24,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357004.312502, 'message': 'Dec  6 22:03:22 hqnl0246134 sshd[258965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 22:03:24,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357004.3127186, 'message': 'Dec  6 22:03:24 hqnl0246134 sshd[258979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 22:03:26,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357006.3207638, 'message': 'Dec  6 22:03:24 hqnl0246134 sshd[258977]: Failed password for invalid user baikal from 222.168.30.19 port 46528 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-06 22:03:26,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357006.321139, 'message': 'Dec  6 22:03:25 hqnl0246134 sshd[258965]: Failed password for root from 61.177.173.18 port 60016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-06 22:03:26,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357006.3218923, 'message': 'Dec  6 22:03:25 hqnl0246134 sshd[258979]: Failed password for root from 165.227.166.207 port 56810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-06 22:03:26,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '222.168.30.19', 'timestamp': 1670357006.3213084, 'message': 'Dec  6 22:03:25 hqnl0246134 sshd[258977]: Disconnected from invalid user baikal 222.168.30.19 port 46528 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-06 22:03:49,176] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:03:49,178] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:03:52,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.112.202', 'timestamp': 1670357032.3646374, 'message': 'Dec  6 22:03:50 hqnl0246134 sshd[258998]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.112.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 22:03:52,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.112.202', 'timestamp': 1670357032.365212, 'message': 'Dec  6 22:03:50 hqnl0246134 sshd[258998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.112.202  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:03:54,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.112.202', 'timestamp': 1670357034.368448, 'message': 'Dec  6 22:03:52 hqnl0246134 sshd[258998]: Failed password for root from 139.59.112.202 port 43422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:04:00,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357040.3856184, 'message': 'Dec  6 22:03:59 hqnl0246134 sshd[259011]: Invalid user alex from 80.87.33.100 port 37878', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-06 22:04:00,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357040.3864195, 'message': 'Dec  6 22:04:00 hqnl0246134 sshd[259013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 22:04:00,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357040.3861248, 'message': 'Dec  6 22:03:59 hqnl0246134 sshd[259011]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.87.33.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 22:04:00,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357040.3871605, 'message': 'Dec  6 22:04:00 hqnl0246134 sshd[259013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0554 seconds
INFO    [2022-12-06 22:04:00,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357040.3862927, 'message': 'Dec  6 22:03:59 hqnl0246134 sshd[259011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:04:02,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357042.3884482, 'message': 'Dec  6 22:04:01 hqnl0246134 sshd[259013]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 22:04:02,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357042.3887455, 'message': 'Dec  6 22:04:01 hqnl0246134 sshd[259011]: Failed password for invalid user alex from 80.87.33.100 port 37878 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 22:04:02,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357042.3899379, 'message': 'Dec  6 22:04:02 hqnl0246134 sshd[259011]: Disconnected from invalid user alex 80.87.33.100 port 37878 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 22:04:04,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357044.3902009, 'message': 'Dec  6 22:04:02 hqnl0246134 sshd[259013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:04:04,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357044.3904836, 'message': 'Dec  6 22:04:04 hqnl0246134 sshd[259013]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:04:04,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:04:04,841] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:04:04,850] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:04:04,861] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 22:04:06,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357046.397274, 'message': 'Dec  6 22:04:04 hqnl0246134 sshd[259013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:04:08,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357048.3994315, 'message': 'Dec  6 22:04:07 hqnl0246134 sshd[259013]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:04:10,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:04:10,628] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-06 22:04:17,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:04:17,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:04:17,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:04:17,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 22:04:20,307] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:04:20,307] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:04:20,318] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:04:20,335] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-06 22:04:26,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357066.4320836, 'message': 'Dec  6 22:04:26 hqnl0246134 sshd[259042]: Invalid user aaa from 125.129.82.220 port 51538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 22:04:28,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357068.4421165, 'message': 'Dec  6 22:04:26 hqnl0246134 sshd[259042]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.129.82.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:04:28,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357068.4423583, 'message': 'Dec  6 22:04:26 hqnl0246134 sshd[259042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.129.82.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:04:28,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357068.442533, 'message': 'Dec  6 22:04:28 hqnl0246134 sshd[259042]: Failed password for invalid user aaa from 125.129.82.220 port 51538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0160 seconds
INFO    [2022-12-06 22:04:30,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357070.4458442, 'message': 'Dec  6 22:04:30 hqnl0246134 sshd[259042]: Disconnected from invalid user aaa 125.129.82.220 port 51538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:04:44,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357084.479718, 'message': 'Dec  6 22:04:43 hqnl0246134 sshd[259053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:04:44,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357084.4800956, 'message': 'Dec  6 22:04:43 hqnl0246134 sshd[259053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:04:46,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357086.4815774, 'message': 'Dec  6 22:04:45 hqnl0246134 sshd[259053]: Failed password for root from 61.177.173.18 port 35957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:04:46,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357086.481921, 'message': 'Dec  6 22:04:46 hqnl0246134 sshd[259053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-06 22:04:49,182] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:04:49,182] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:04:50,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357090.4861069, 'message': 'Dec  6 22:04:48 hqnl0246134 sshd[259053]: Failed password for root from 61.177.173.18 port 35957 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 22:04:52,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357092.495552, 'message': 'Dec  6 22:04:50 hqnl0246134 sshd[259053]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 22:04:54,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357094.5009267, 'message': 'Dec  6 22:04:52 hqnl0246134 sshd[259053]: Failed password for root from 61.177.173.18 port 35957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:05:00,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357100.5166228, 'message': 'Dec  6 22:04:59 hqnl0246134 sshd[259089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:05:00,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357100.5172048, 'message': 'Dec  6 22:04:59 hqnl0246134 sshd[259089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:05:02,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357102.52042, 'message': 'Dec  6 22:05:01 hqnl0246134 sshd[259089]: Failed password for root from 186.10.125.209 port 25807 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 22:05:06,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357106.5375912, 'message': 'Dec  6 22:05:06 hqnl0246134 sshd[259112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:05:08,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357108.5404668, 'message': 'Dec  6 22:05:08 hqnl0246134 sshd[259112]: Failed password for root from 165.227.166.207 port 38866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-06 22:05:10,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:05:10,631] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-06 22:05:17,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:05:17,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:05:17,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:05:17,965] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:05:20,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:05:20,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:05:20,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:05:20,904] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-06 22:05:24,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357124.5706868, 'message': 'Dec  6 22:05:24 hqnl0246134 sshd[259142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:05:24,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357124.57095, 'message': 'Dec  6 22:05:24 hqnl0246134 sshd[259142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:05:26,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357126.5728545, 'message': 'Dec  6 22:05:26 hqnl0246134 sshd[259142]: Failed password for root from 139.59.80.61 port 45370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 22:05:30,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357130.5783105, 'message': 'Dec  6 22:05:30 hqnl0246134 sshd[259155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 22:05:30,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357130.5788038, 'message': 'Dec  6 22:05:30 hqnl0246134 sshd[259155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:05:30,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:05:30,927] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:05:30,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:05:30,945] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 22:05:32,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357132.5798717, 'message': 'Dec  6 22:05:32 hqnl0246134 sshd[259155]: Failed password for root from 61.177.173.18 port 16997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:05:34,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357134.5825782, 'message': 'Dec  6 22:05:32 hqnl0246134 sshd[259155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:05:34,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357134.582783, 'message': 'Dec  6 22:05:34 hqnl0246134 sshd[259155]: Failed password for root from 61.177.173.18 port 16997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:05:36,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357136.5858393, 'message': 'Dec  6 22:05:34 hqnl0246134 sshd[259155]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 22:05:38,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357138.589522, 'message': 'Dec  6 22:05:37 hqnl0246134 sshd[259155]: Failed password for root from 61.177.173.18 port 16997 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:05:40,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357140.5915747, 'message': 'Dec  6 22:05:40 hqnl0246134 sshd[259160]: Invalid user elk from 167.114.67.95 port 56334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:05:42,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357142.5938945, 'message': 'Dec  6 22:05:40 hqnl0246134 sshd[259160]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.67.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:05:42,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357142.5941553, 'message': 'Dec  6 22:05:40 hqnl0246134 sshd[259160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.67.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:05:44,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357144.5978267, 'message': 'Dec  6 22:05:43 hqnl0246134 sshd[259160]: Failed password for invalid user elk from 167.114.67.95 port 56334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 22:05:44,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357144.5983815, 'message': 'Dec  6 22:05:43 hqnl0246134 sshd[259160]: Disconnected from invalid user elk 167.114.67.95 port 56334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
WARNING [2022-12-06 22:05:49,198] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:05:49,199] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:06:10,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:06:10,656] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0508 seconds
INFO    [2022-12-06 22:06:18,901] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:06:18,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:06:18,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:06:18,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0412 seconds
INFO    [2022-12-06 22:06:20,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357180.6681714, 'message': 'Dec  6 22:06:18 hqnl0246134 sshd[259186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:06:20,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357180.6683958, 'message': 'Dec  6 22:06:18 hqnl0246134 sshd[259186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:06:22,418] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:06:22,418] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:06:22,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:06:22,439] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 22:06:22,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357182.672206, 'message': 'Dec  6 22:06:20 hqnl0246134 sshd[259186]: Failed password for root from 61.177.173.18 port 58846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:06:24,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357184.6754336, 'message': 'Dec  6 22:06:22 hqnl0246134 sshd[259186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 22:06:26,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357186.67842, 'message': 'Dec  6 22:06:25 hqnl0246134 sshd[259186]: Failed password for root from 61.177.173.18 port 58846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:06:28,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357188.6845014, 'message': 'Dec  6 22:06:27 hqnl0246134 sshd[259186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:06:30,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357190.6885808, 'message': 'Dec  6 22:06:29 hqnl0246134 sshd[259186]: Failed password for root from 61.177.173.18 port 58846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 22:06:49,202] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:06:49,204] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:06:50,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357210.7579312, 'message': 'Dec  6 22:06:50 hqnl0246134 sshd[259210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 22:06:52,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357212.759412, 'message': 'Dec  6 22:06:52 hqnl0246134 sshd[259210]: Failed password for root from 165.227.166.207 port 49154 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:06:56,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:06:56,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:06:56,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:06:56,970] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-06 22:07:06,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357226.7761922, 'message': 'Dec  6 22:07:04 hqnl0246134 sshd[259242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 22:07:06,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357226.776758, 'message': 'Dec  6 22:07:04 hqnl0246134 sshd[259242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:07:08,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357228.7798262, 'message': 'Dec  6 22:07:07 hqnl0246134 sshd[259242]: Failed password for root from 61.177.173.18 port 19094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
WARNING [2022-12-06 22:07:11,219] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:07:11,248] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.6351 seconds
INFO    [2022-12-06 22:07:11,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357231.2111015, 'message': 'Dec  6 22:07:09 hqnl0246134 sshd[259242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 22:07:12,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357232.7945533, 'message': 'Dec  6 22:07:11 hqnl0246134 sshd[259242]: Failed password for root from 61.177.173.18 port 19094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:07:12,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357232.7947428, 'message': 'Dec  6 22:07:11 hqnl0246134 sshd[259242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:07:14,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357234.796944, 'message': 'Dec  6 22:07:14 hqnl0246134 sshd[259242]: Failed password for root from 61.177.173.18 port 19094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:07:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:07:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:07:17,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:07:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:07:20,534] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:07:20,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:07:20,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:07:20,554] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 22:07:26,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357246.8153958, 'message': 'Dec  6 22:07:25 hqnl0246134 sshd[259256]: Invalid user seedbox from 183.180.128.204 port 27466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 22:07:26,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357246.8158143, 'message': 'Dec  6 22:07:25 hqnl0246134 sshd[259256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.180.128.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:07:26,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357246.8160486, 'message': 'Dec  6 22:07:25 hqnl0246134 sshd[259256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.180.128.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:07:28,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357248.8167908, 'message': 'Dec  6 22:07:27 hqnl0246134 sshd[259256]: Failed password for invalid user seedbox from 183.180.128.204 port 27466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:07:30,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357250.8181734, 'message': 'Dec  6 22:07:29 hqnl0246134 sshd[259256]: Disconnected from invalid user seedbox 183.180.128.204 port 27466 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 22:07:49,208] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:07:49,209] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:07:52,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357272.8479571, 'message': 'Dec  6 22:07:51 hqnl0246134 sshd[259271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:07:52,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357272.848267, 'message': 'Dec  6 22:07:51 hqnl0246134 sshd[259271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:07:54,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357274.849574, 'message': 'Dec  6 22:07:53 hqnl0246134 sshd[259271]: Failed password for root from 61.177.173.18 port 40857 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:07:56,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357276.850406, 'message': 'Dec  6 22:07:55 hqnl0246134 sshd[259271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:07:58,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357278.8540447, 'message': 'Dec  6 22:07:57 hqnl0246134 sshd[259271]: Failed password for root from 61.177.173.18 port 40857 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 22:07:58,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357278.8544722, 'message': 'Dec  6 22:07:57 hqnl0246134 sshd[259271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:08:00,650] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:08:00,718] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:08:00,718] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:08:00,719] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:08:00,719] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:08:00,719] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:08:00,727] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:08:00,743] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0231 seconds
WARNING [2022-12-06 22:08:00,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:08:00,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:08:00,768] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0310 seconds
INFO    [2022-12-06 22:08:00,776] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0361 seconds
INFO    [2022-12-06 22:08:00,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357280.8571322, 'message': 'Dec  6 22:07:59 hqnl0246134 sshd[259281]: Invalid user vincent from 142.93.145.85 port 52748', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 22:08:00,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357280.8576224, 'message': 'Dec  6 22:07:59 hqnl0246134 sshd[259271]: Failed password for root from 61.177.173.18 port 40857 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 22:08:00,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357280.8573525, 'message': 'Dec  6 22:07:59 hqnl0246134 sshd[259281]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.145.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:08:00,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357280.8574984, 'message': 'Dec  6 22:07:59 hqnl0246134 sshd[259281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.145.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:08:02,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357282.860837, 'message': 'Dec  6 22:08:02 hqnl0246134 sshd[259281]: Failed password for invalid user vincent from 142.93.145.85 port 52748 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:08:04,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357284.8630025, 'message': 'Dec  6 22:08:03 hqnl0246134 sshd[259281]: Disconnected from invalid user vincent 142.93.145.85 port 52748 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
WARNING [2022-12-06 22:08:10,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:08:10,644] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0289 seconds
INFO    [2022-12-06 22:08:17,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:08:17,835] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:08:17,844] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:08:17,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:08:20,450] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:08:20,450] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:08:20,458] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:08:20,469] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 22:08:26,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357306.8905134, 'message': 'Dec  6 22:08:25 hqnl0246134 sshd[259305]: Invalid user testuser from 167.114.67.95 port 45848', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 22:08:26,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357306.8908978, 'message': 'Dec  6 22:08:25 hqnl0246134 sshd[259305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.67.95 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:08:26,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357306.8910844, 'message': 'Dec  6 22:08:25 hqnl0246134 sshd[259305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.67.95 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:08:28,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357308.8930383, 'message': 'Dec  6 22:08:27 hqnl0246134 sshd[259307]: Invalid user lol from 186.10.125.209 port 4920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:08:28,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357308.8935232, 'message': 'Dec  6 22:08:27 hqnl0246134 sshd[259305]: Failed password for invalid user testuser from 167.114.67.95 port 45848 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 22:08:28,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357308.893267, 'message': 'Dec  6 22:08:27 hqnl0246134 sshd[259307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:08:28,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.67.95', 'timestamp': 1670357308.8936586, 'message': 'Dec  6 22:08:28 hqnl0246134 sshd[259305]: Disconnected from invalid user testuser 167.114.67.95 port 45848 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:08:28,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357308.8934166, 'message': 'Dec  6 22:08:27 hqnl0246134 sshd[259307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:08:30,669] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:08:30,669] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:08:30,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:08:30,688] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:08:30,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357310.894128, 'message': 'Dec  6 22:08:29 hqnl0246134 sshd[259307]: Failed password for invalid user lol from 186.10.125.209 port 4920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:08:30,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357310.8943334, 'message': 'Dec  6 22:08:30 hqnl0246134 sshd[259307]: Disconnected from invalid user lol 186.10.125.209 port 4920 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:08:36,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357316.9093935, 'message': 'Dec  6 22:08:36 hqnl0246134 sshd[259322]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:08:36,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357316.9096315, 'message': 'Dec  6 22:08:36 hqnl0246134 sshd[259322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:08:38,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357318.9195766, 'message': 'Dec  6 22:08:37 hqnl0246134 sshd[259322]: Failed password for root from 61.177.173.18 port 60382 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 22:08:38,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357318.9197915, 'message': 'Dec  6 22:08:38 hqnl0246134 sshd[259322]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:08:39,927] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:08:39,927] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:08:39,928] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 22:08:40,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357320.928789, 'message': 'Dec  6 22:08:39 hqnl0246134 sshd[259340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 22:08:40,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357320.92982, 'message': 'Dec  6 22:08:40 hqnl0246134 sshd[259322]: Failed password for root from 61.177.173.18 port 60382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0664 seconds
INFO    [2022-12-06 22:08:41,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357320.9311152, 'message': 'Dec  6 22:08:40 hqnl0246134 sshd[259322]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:08:42,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357322.933898, 'message': 'Dec  6 22:08:41 hqnl0246134 sshd[259340]: Failed password for root from 165.227.166.207 port 59438 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:08:42,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357322.9340847, 'message': 'Dec  6 22:08:42 hqnl0246134 sshd[259322]: Failed password for root from 61.177.173.18 port 60382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-06 22:08:49,214] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:08:49,214] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:09:10,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:09:10,669] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0472 seconds
INFO    [2022-12-06 22:09:17,862] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:09:17,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:09:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:09:17,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 22:09:20,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:09:20,687] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:09:20,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:09:20,710] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 22:09:23,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357363.0115335, 'message': 'Dec  6 22:09:22 hqnl0246134 sshd[259510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:09:23,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357363.0118406, 'message': 'Dec  6 22:09:22 hqnl0246134 sshd[259510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:09:25,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357365.0135128, 'message': 'Dec  6 22:09:24 hqnl0246134 sshd[259510]: Failed password for root from 61.177.173.18 port 34782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:09:27,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357367.0137854, 'message': 'Dec  6 22:09:26 hqnl0246134 sshd[259510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:09:29,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357369.0159268, 'message': 'Dec  6 22:09:28 hqnl0246134 sshd[259510]: Failed password for root from 61.177.173.18 port 34782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:09:29,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357369.016131, 'message': 'Dec  6 22:09:28 hqnl0246134 sshd[259510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:09:31,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357371.018144, 'message': 'Dec  6 22:09:30 hqnl0246134 sshd[259510]: Failed password for root from 61.177.173.18 port 34782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:09:33,572] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:09:33,572] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:09:33,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:09:33,590] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-06 22:09:49,217] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:09:49,218] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:10:09,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357409.0476043, 'message': 'Dec  6 22:10:07 hqnl0246134 sshd[259560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 22:10:09,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357409.0480812, 'message': 'Dec  6 22:10:07 hqnl0246134 sshd[259560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 22:10:10,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:10:10,665] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-06 22:10:11,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357411.0488386, 'message': 'Dec  6 22:10:09 hqnl0246134 sshd[259560]: Failed password for root from 61.177.173.18 port 59307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:10:11,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357411.0490754, 'message': 'Dec  6 22:10:10 hqnl0246134 sshd[259560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:10:13,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357413.049926, 'message': 'Dec  6 22:10:12 hqnl0246134 sshd[259560]: Failed password for root from 61.177.173.18 port 59307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:10:13,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357413.0502193, 'message': 'Dec  6 22:10:12 hqnl0246134 sshd[259560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:10:15,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357415.0536385, 'message': 'Dec  6 22:10:13 hqnl0246134 sshd[259560]: Failed password for root from 61.177.173.18 port 59307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:10:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:10:17,885] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:10:17,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:10:17,904] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 22:10:22,559] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:10:22,559] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:10:22,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:10:22,582] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-06 22:10:29,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357429.0707383, 'message': 'Dec  6 22:10:28 hqnl0246134 sshd[259593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 22:10:33,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357433.0724657, 'message': 'Dec  6 22:10:31 hqnl0246134 sshd[259593]: Failed password for root from 165.227.166.207 port 41546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 22:10:35,733] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:10:35,733] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:10:35,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:10:35,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-06 22:10:49,222] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:10:49,223] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:10:55,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357455.104547, 'message': 'Dec  6 22:10:54 hqnl0246134 sshd[259602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:10:55,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357455.1049166, 'message': 'Dec  6 22:10:54 hqnl0246134 sshd[259602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:10:57,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357457.106356, 'message': 'Dec  6 22:10:55 hqnl0246134 sshd[259602]: Failed password for root from 61.177.173.18 port 41931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 22:10:57,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357457.1066847, 'message': 'Dec  6 22:10:56 hqnl0246134 sshd[259602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:10:59,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357459.1084912, 'message': 'Dec  6 22:10:58 hqnl0246134 sshd[259602]: Failed password for root from 61.177.173.18 port 41931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:10:59,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357459.108668, 'message': 'Dec  6 22:10:58 hqnl0246134 sshd[259602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:11:01,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357461.1118944, 'message': 'Dec  6 22:11:00 hqnl0246134 sshd[259602]: Failed password for root from 61.177.173.18 port 41931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-06 22:11:10,638] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:11:10,660] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-06 22:11:17,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:11:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:11:17,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:11:17,836] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-06 22:11:21,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357481.1361544, 'message': 'Dec  6 22:11:19 hqnl0246134 sshd[259633]: Invalid user test from 183.180.128.204 port 32512', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:11:21,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357481.1365545, 'message': 'Dec  6 22:11:19 hqnl0246134 sshd[259633]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.180.128.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:11:21,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357481.1366868, 'message': 'Dec  6 22:11:19 hqnl0246134 sshd[259633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.180.128.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:11:21,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357481.1368425, 'message': 'Dec  6 22:11:21 hqnl0246134 sshd[259633]: Failed password for invalid user test from 183.180.128.204 port 32512 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:11:22,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:11:22,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:11:22,445] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:11:22,456] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 22:11:23,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357483.136926, 'message': 'Dec  6 22:11:21 hqnl0246134 sshd[259633]: Disconnected from invalid user test 183.180.128.204 port 32512 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:11:41,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357501.1576116, 'message': 'Dec  6 22:11:39 hqnl0246134 sshd[259651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 22:11:41,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357501.1581993, 'message': 'Dec  6 22:11:39 hqnl0246134 sshd[259651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:11:43,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357503.1623976, 'message': 'Dec  6 22:11:41 hqnl0246134 sshd[259651]: Failed password for root from 61.177.173.18 port 60504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:11:43,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357503.162587, 'message': 'Dec  6 22:11:41 hqnl0246134 sshd[259651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:11:45,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357505.1645005, 'message': 'Dec  6 22:11:44 hqnl0246134 sshd[259651]: Failed password for root from 61.177.173.18 port 60504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:11:47,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357507.167701, 'message': 'Dec  6 22:11:45 hqnl0246134 sshd[259651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:11:49,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357509.1734881, 'message': 'Dec  6 22:11:48 hqnl0246134 sshd[259651]: Failed password for root from 61.177.173.18 port 60504 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-06 22:11:49,226] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:11:49,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:11:53,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357513.1739967, 'message': 'Dec  6 22:11:51 hqnl0246134 sshd[259675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.10.125.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:11:53,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357513.1742456, 'message': 'Dec  6 22:11:51 hqnl0246134 sshd[259675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.10.125.209  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1294 seconds
INFO    [2022-12-06 22:11:53,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.10.125.209', 'timestamp': 1670357513.1743617, 'message': 'Dec  6 22:11:53 hqnl0246134 sshd[259675]: Failed password for root from 186.10.125.209 port 5206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 22:11:54,023] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 22:11:55,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357515.1765873, 'message': 'Dec  6 22:11:53 hqnl0246134 sshd[259677]: Invalid user formation from 183.180.128.204 port 34088', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:11:55,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357515.1767612, 'message': 'Dec  6 22:11:53 hqnl0246134 sshd[259677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.180.128.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:11:55,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357515.176874, 'message': 'Dec  6 22:11:53 hqnl0246134 sshd[259677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.180.128.204 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:11:57,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357517.1791284, 'message': 'Dec  6 22:11:55 hqnl0246134 sshd[259677]: Failed password for invalid user formation from 183.180.128.204 port 34088 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 22:11:59,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.180.128.204', 'timestamp': 1670357519.1811488, 'message': 'Dec  6 22:11:58 hqnl0246134 sshd[259677]: Disconnected from invalid user formation 183.180.128.204 port 34088 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0869 seconds
WARNING [2022-12-06 22:12:10,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:12:10,668] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0341 seconds
INFO    [2022-12-06 22:12:17,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:12:17,876] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:12:17,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:12:17,894] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:12:20,445] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:12:20,445] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:12:20,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:12:20,466] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 22:12:23,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357543.2063532, 'message': 'Dec  6 22:12:22 hqnl0246134 sshd[259723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:12:25,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357545.205882, 'message': 'Dec  6 22:12:24 hqnl0246134 sshd[259723]: Failed password for root from 165.227.166.207 port 51838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:12:27,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357547.20981, 'message': 'Dec  6 22:12:25 hqnl0246134 sshd[259725]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 22:12:27,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357547.2102606, 'message': 'Dec  6 22:12:25 hqnl0246134 sshd[259725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:12:28,745] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:12:28,746] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:12:28,756] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:12:28,774] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 22:12:29,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357549.2105055, 'message': 'Dec  6 22:12:27 hqnl0246134 sshd[259725]: Failed password for root from 61.177.173.18 port 26634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:12:29,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357549.2107368, 'message': 'Dec  6 22:12:27 hqnl0246134 sshd[259725]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:12:31,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357551.2131138, 'message': 'Dec  6 22:12:29 hqnl0246134 sshd[259738]: Invalid user cedric from 202.89.73.6 port 56890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-06 22:12:31,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357551.2139142, 'message': 'Dec  6 22:12:30 hqnl0246134 sshd[259725]: Failed password for root from 61.177.173.18 port 26634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-06 22:12:31,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357551.2135024, 'message': 'Dec  6 22:12:29 hqnl0246134 sshd[259738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.89.73.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:12:31,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357551.2137065, 'message': 'Dec  6 22:12:29 hqnl0246134 sshd[259738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:12:33,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357553.214466, 'message': 'Dec  6 22:12:31 hqnl0246134 sshd[259738]: Failed password for invalid user cedric from 202.89.73.6 port 56890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 22:12:33,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357553.2147682, 'message': 'Dec  6 22:12:32 hqnl0246134 sshd[259725]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:12:33,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357553.2148826, 'message': 'Dec  6 22:12:32 hqnl0246134 sshd[259738]: Disconnected from invalid user cedric 202.89.73.6 port 56890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:12:35,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357555.2163603, 'message': 'Dec  6 22:12:34 hqnl0246134 sshd[259725]: Failed password for root from 61.177.173.18 port 26634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
WARNING [2022-12-06 22:12:49,230] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:12:49,231] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:13:02,254] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 22:13:02,264] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:13:02,277] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0213 seconds
WARNING [2022-12-06 22:13:10,644] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:13:10,667] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 22:13:13,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357593.2622395, 'message': 'Dec  6 22:13:12 hqnl0246134 sshd[259780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:13:13,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357593.2624474, 'message': 'Dec  6 22:13:12 hqnl0246134 sshd[259780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:13:15,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357595.2641776, 'message': 'Dec  6 22:13:14 hqnl0246134 sshd[259780]: Failed password for root from 61.177.173.18 port 45553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:13:15,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357595.2643607, 'message': 'Dec  6 22:13:14 hqnl0246134 sshd[259780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:13:17,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357597.2657933, 'message': 'Dec  6 22:13:16 hqnl0246134 sshd[259780]: Failed password for root from 61.177.173.18 port 45553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:13:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:13:18,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:13:18,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:13:18,053] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 22:13:19,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357599.271196, 'message': 'Dec  6 22:13:19 hqnl0246134 sshd[259780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 22:13:19,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357599.2713916, 'message': 'Dec  6 22:13:19 hqnl0246134 sshd[259785]: Invalid user vagrant from 80.87.33.100 port 37062', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 22:13:19,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357599.2715187, 'message': 'Dec  6 22:13:19 hqnl0246134 sshd[259785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.87.33.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:13:19,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357599.2716205, 'message': 'Dec  6 22:13:19 hqnl0246134 sshd[259785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 22:13:19,542] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:13:19,614] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:13:19,615] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:13:19,615] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:13:19,615] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:13:19,616] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:13:19,626] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:13:19,642] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0249 seconds
WARNING [2022-12-06 22:13:19,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:13:19,650] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:13:19,666] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0306 seconds
INFO    [2022-12-06 22:13:19,668] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0280 seconds
INFO    [2022-12-06 22:13:20,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:13:20,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:13:20,600] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:13:20,613] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-06 22:13:21,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357601.2754579, 'message': 'Dec  6 22:13:21 hqnl0246134 sshd[259780]: Failed password for root from 61.177.173.18 port 45553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 22:13:21,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357601.2756593, 'message': 'Dec  6 22:13:21 hqnl0246134 sshd[259785]: Failed password for invalid user vagrant from 80.87.33.100 port 37062 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:13:23,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.87.33.100', 'timestamp': 1670357603.2781234, 'message': 'Dec  6 22:13:21 hqnl0246134 sshd[259785]: Disconnected from invalid user vagrant 80.87.33.100 port 37062 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:13:49,234] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:13:49,235] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:13:49,744] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:13:49,745] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:13:49,746] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 22:14:01,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357641.3445148, 'message': 'Dec  6 22:13:59 hqnl0246134 sshd[259825]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 22:14:01,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357641.3454232, 'message': 'Dec  6 22:13:59 hqnl0246134 sshd[259825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:14:03,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357643.3447118, 'message': 'Dec  6 22:14:02 hqnl0246134 sshd[259825]: Failed password for root from 61.177.173.18 port 14111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:14:05,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357645.3492408, 'message': 'Dec  6 22:14:04 hqnl0246134 sshd[259825]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:14:07,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357647.3527553, 'message': 'Dec  6 22:14:06 hqnl0246134 sshd[259825]: Failed password for root from 61.177.173.18 port 14111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 22:14:09,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357649.3577456, 'message': 'Dec  6 22:14:08 hqnl0246134 sshd[259825]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-06 22:14:10,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:14:10,681] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0374 seconds
INFO    [2022-12-06 22:14:11,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357651.3622236, 'message': 'Dec  6 22:14:10 hqnl0246134 sshd[259825]: Failed password for root from 61.177.173.18 port 14111 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:14:13,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357653.3643003, 'message': 'Dec  6 22:14:12 hqnl0246134 sshd[259837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 22:14:13,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:14:13,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:14:13,554] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:14:13,584] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0397 seconds
INFO    [2022-12-06 22:14:15,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357655.3660722, 'message': 'Dec  6 22:14:14 hqnl0246134 sshd[259837]: Failed password for root from 165.227.166.207 port 33842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0609 seconds
INFO    [2022-12-06 22:14:18,142] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:14:18,142] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:14:18,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:14:18,173] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-06 22:14:20,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:14:20,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:14:20,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:14:20,805] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 22:14:47,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357687.462942, 'message': 'Dec  6 22:14:45 hqnl0246134 sshd[259868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 22:14:47,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357687.463622, 'message': 'Dec  6 22:14:45 hqnl0246134 sshd[259868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:14:47,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357687.4637978, 'message': 'Dec  6 22:14:47 hqnl0246134 sshd[259868]: Failed password for root from 61.177.173.18 port 33952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
WARNING [2022-12-06 22:14:49,242] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:14:49,243] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:14:49,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357689.4651585, 'message': 'Dec  6 22:14:47 hqnl0246134 sshd[259868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:14:51,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357691.4657838, 'message': 'Dec  6 22:14:50 hqnl0246134 sshd[259868]: Failed password for root from 61.177.173.18 port 33952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 22:14:53,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357693.4763744, 'message': 'Dec  6 22:14:52 hqnl0246134 sshd[259868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:14:55,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357695.4890506, 'message': 'Dec  6 22:14:54 hqnl0246134 sshd[259868]: Failed password for root from 61.177.173.18 port 33952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:15:01,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670357701.503732, 'message': 'Dec  6 22:15:00 hqnl0246134 sshd[259885]: Invalid user patrick from 43.157.26.210 port 37538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1062 seconds
INFO    [2022-12-06 22:15:01,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670357701.5045164, 'message': 'Dec  6 22:15:00 hqnl0246134 sshd[259885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-06 22:15:01,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670357701.5047874, 'message': 'Dec  6 22:15:00 hqnl0246134 sshd[259885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0628 seconds
INFO    [2022-12-06 22:15:03,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670357703.5051842, 'message': 'Dec  6 22:15:02 hqnl0246134 sshd[259885]: Failed password for invalid user patrick from 43.157.26.210 port 37538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0706 seconds
INFO    [2022-12-06 22:15:03,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670357703.5054457, 'message': 'Dec  6 22:15:03 hqnl0246134 sshd[259885]: Disconnected from invalid user patrick 43.157.26.210 port 37538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0705 seconds
WARNING [2022-12-06 22:15:10,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:15:10,684] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0361 seconds
INFO    [2022-12-06 22:15:17,908] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:15:17,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:15:17,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:15:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-06 22:15:20,728] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:15:20,729] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:15:20,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:15:20,752] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-06 22:15:23,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357723.544185, 'message': 'Dec  6 22:15:22 hqnl0246134 sshd[259929]: Invalid user ts3 from 139.59.80.61 port 50834', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:15:23,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357723.5444794, 'message': 'Dec  6 22:15:22 hqnl0246134 sshd[259929]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:15:23,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357723.5446155, 'message': 'Dec  6 22:15:22 hqnl0246134 sshd[259929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:15:25,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357725.5491035, 'message': 'Dec  6 22:15:24 hqnl0246134 sshd[259929]: Failed password for invalid user ts3 from 139.59.80.61 port 50834 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:15:27,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357727.5503654, 'message': 'Dec  6 22:15:26 hqnl0246134 sshd[259929]: Disconnected from invalid user ts3 139.59.80.61 port 50834 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-06 22:15:28,781] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:15:28,782] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:15:28,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:15:28,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 22:15:31,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357731.558421, 'message': 'Dec  6 22:15:30 hqnl0246134 sshd[259944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 22:15:31,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357731.5587678, 'message': 'Dec  6 22:15:30 hqnl0246134 sshd[259944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:15:33,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357733.5613034, 'message': 'Dec  6 22:15:32 hqnl0246134 sshd[259944]: Failed password for root from 61.177.173.18 port 55507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:15:33,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357733.5616271, 'message': 'Dec  6 22:15:33 hqnl0246134 sshd[259944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:15:35,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357735.5726566, 'message': 'Dec  6 22:15:35 hqnl0246134 sshd[259944]: Failed password for root from 61.177.173.18 port 55507 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:15:37,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357737.579477, 'message': 'Dec  6 22:15:37 hqnl0246134 sshd[259944]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:15:39,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357739.585383, 'message': 'Dec  6 22:15:38 hqnl0246134 sshd[259944]: Failed password for root from 61.177.173.18 port 55507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 22:15:49,246] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:15:49,247] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:15:57,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357757.6809986, 'message': 'Dec  6 22:15:57 hqnl0246134 sshd[259972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0748 seconds
INFO    [2022-12-06 22:15:59,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357759.6729376, 'message': 'Dec  6 22:15:59 hqnl0246134 sshd[259972]: Failed password for root from 165.227.166.207 port 44108 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:16:07,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357767.7024267, 'message': 'Dec  6 22:16:06 hqnl0246134 sshd[259990]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.145.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:16:07,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357767.7027776, 'message': 'Dec  6 22:16:06 hqnl0246134 sshd[259990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.145.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:16:09,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357769.703966, 'message': 'Dec  6 22:16:08 hqnl0246134 sshd[259990]: Failed password for root from 142.93.145.85 port 38510 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
WARNING [2022-12-06 22:16:10,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:16:10,699] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 22:16:15,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357775.7464745, 'message': 'Dec  6 22:16:15 hqnl0246134 sshd[259992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 22:16:15,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357775.746733, 'message': 'Dec  6 22:16:15 hqnl0246134 sshd[259992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 22:16:17,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357777.7480645, 'message': 'Dec  6 22:16:17 hqnl0246134 sshd[259992]: Failed password for root from 61.177.173.18 port 24581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:16:17,881] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:16:17,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:16:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:16:17,905] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-06 22:16:19,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357779.749952, 'message': 'Dec  6 22:16:17 hqnl0246134 sshd[259992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 22:16:19,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357779.7501307, 'message': 'Dec  6 22:16:19 hqnl0246134 sshd[259992]: Failed password for root from 61.177.173.18 port 24581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:16:20,588] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:16:20,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:16:20,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:16:20,606] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 22:16:21,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357781.752764, 'message': 'Dec  6 22:16:20 hqnl0246134 sshd[259992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:16:23,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357783.75428, 'message': 'Dec  6 22:16:22 hqnl0246134 sshd[259992]: Failed password for root from 61.177.173.18 port 24581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:16:29,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670357789.7616072, 'message': 'Dec  6 22:16:28 hqnl0246134 sshd[260013]: Invalid user seedbox from 217.182.252.168 port 60030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 22:16:29,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.252.168', 'timestamp': 1670357789.762152, 'message': 'Dec  6 22:16:29 hqnl0246134 sshd[260013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.252.168 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:16:29,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.252.168', 'timestamp': 1670357789.7623246, 'message': 'Dec  6 22:16:29 hqnl0246134 sshd[260013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.168 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:16:31,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670357791.7657075, 'message': 'Dec  6 22:16:30 hqnl0246134 sshd[260013]: Failed password for invalid user seedbox from 217.182.252.168 port 60030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:16:31,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670357791.7659419, 'message': 'Dec  6 22:16:30 hqnl0246134 sshd[260013]: Disconnected from invalid user seedbox 217.182.252.168 port 60030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
WARNING [2022-12-06 22:16:49,250] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:16:49,251] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:17:01,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357821.7930272, 'message': 'Dec  6 22:17:00 hqnl0246134 sshd[260038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:17:01,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357821.7937598, 'message': 'Dec  6 22:17:00 hqnl0246134 sshd[260038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 22:17:03,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357823.793854, 'message': 'Dec  6 22:17:01 hqnl0246134 sshd[260038]: Failed password for root from 61.177.173.18 port 54640 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 22:17:03,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357823.7940557, 'message': 'Dec  6 22:17:02 hqnl0246134 sshd[260038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:17:05,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357825.796621, 'message': 'Dec  6 22:17:04 hqnl0246134 sshd[260038]: Failed password for root from 61.177.173.18 port 54640 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:17:05,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357825.796832, 'message': 'Dec  6 22:17:05 hqnl0246134 sshd[260038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:17:07,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357827.7987442, 'message': 'Dec  6 22:17:07 hqnl0246134 sshd[260038]: Failed password for root from 61.177.173.18 port 54640 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 22:17:10,688] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:17:10,711] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-06 22:17:11,810] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:17:11,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:17:11,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:17:11,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 22:17:17,716] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:17:17,716] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:17:17,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:17:17,734] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-06 22:17:20,347] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:17:20,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:17:20,358] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:17:20,375] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0265 seconds
INFO    [2022-12-06 22:17:43,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357863.8370328, 'message': 'Dec  6 22:17:42 hqnl0246134 sshd[260078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 22:17:45,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357865.8398001, 'message': 'Dec  6 22:17:43 hqnl0246134 sshd[260078]: Failed password for root from 165.227.166.207 port 54422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:17:45,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357865.8400378, 'message': 'Dec  6 22:17:45 hqnl0246134 sshd[260080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:17:45,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357865.8402476, 'message': 'Dec  6 22:17:45 hqnl0246134 sshd[260080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:17:47,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357867.8425415, 'message': 'Dec  6 22:17:47 hqnl0246134 sshd[260080]: Failed password for root from 61.177.173.18 port 21600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 22:17:47,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357867.8432775, 'message': 'Dec  6 22:17:47 hqnl0246134 sshd[260080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
WARNING [2022-12-06 22:17:49,254] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:17:49,255] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:17:51,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357871.8452778, 'message': 'Dec  6 22:17:49 hqnl0246134 sshd[260080]: Failed password for root from 61.177.173.18 port 21600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:17:53,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357873.847974, 'message': 'Dec  6 22:17:52 hqnl0246134 sshd[260080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:17:55,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357875.8511593, 'message': 'Dec  6 22:17:54 hqnl0246134 sshd[260080]: Failed password for root from 61.177.173.18 port 21600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 22:18:10,696] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:18:10,724] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-06 22:18:18,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:18:18,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:18:18,086] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:18:18,097] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:18:20,641] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:18:20,641] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:18:20,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:18:20,661] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:18:21,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '136.228.161.67', 'timestamp': 1670357901.8857713, 'message': 'Dec  6 22:18:20 hqnl0246134 sshd[260115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 136.228.161.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:18:21,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '136.228.161.67', 'timestamp': 1670357901.885995, 'message': 'Dec  6 22:18:20 hqnl0246134 sshd[260115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.228.161.67  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:18:21,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '136.228.161.67', 'timestamp': 1670357901.8864, 'message': 'Dec  6 22:18:21 hqnl0246134 sshd[260115]: Failed password for root from 136.228.161.67 port 37518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:18:24,695] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:18:24,696] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:18:24,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:18:24,717] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-06 22:18:25,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357905.8896205, 'message': 'Dec  6 22:18:23 hqnl0246134 sshd[260123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:18:25,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357905.8897948, 'message': 'Dec  6 22:18:23 hqnl0246134 sshd[260123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:18:27,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.80.61', 'timestamp': 1670357907.8904173, 'message': 'Dec  6 22:18:26 hqnl0246134 sshd[260123]: Failed password for root from 139.59.80.61 port 40006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:18:31,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357911.8980384, 'message': 'Dec  6 22:18:31 hqnl0246134 sshd[260137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 22:18:31,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357911.8986642, 'message': 'Dec  6 22:18:31 hqnl0246134 sshd[260137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:18:33,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357913.899978, 'message': 'Dec  6 22:18:32 hqnl0246134 sshd[260137]: Failed password for root from 61.177.173.18 port 44351 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:18:33,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357913.9002388, 'message': 'Dec  6 22:18:33 hqnl0246134 sshd[260137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 22:18:35,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357915.9030035, 'message': 'Dec  6 22:18:35 hqnl0246134 sshd[260137]: Failed password for root from 61.177.173.18 port 44351 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:18:37,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357917.9073682, 'message': 'Dec  6 22:18:37 hqnl0246134 sshd[260140]: Invalid user bbs from 125.129.82.220 port 42828', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:18:37,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357917.9075787, 'message': 'Dec  6 22:18:37 hqnl0246134 sshd[260137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:18:37,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357917.9077532, 'message': 'Dec  6 22:18:37 hqnl0246134 sshd[260140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.129.82.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:18:37,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357917.9078743, 'message': 'Dec  6 22:18:37 hqnl0246134 sshd[260140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.129.82.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:18:39,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357919.9104862, 'message': 'Dec  6 22:18:38 hqnl0246134 sshd[260142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.145.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-06 22:18:39,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357919.9111452, 'message': 'Dec  6 22:18:39 hqnl0246134 sshd[260137]: Failed password for root from 61.177.173.18 port 44351 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-06 22:18:39,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357919.9113693, 'message': 'Dec  6 22:18:39 hqnl0246134 sshd[260140]: Failed password for invalid user bbs from 125.129.82.220 port 42828 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-06 22:18:39,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357919.9109488, 'message': 'Dec  6 22:18:38 hqnl0246134 sshd[260142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.145.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:18:41,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '142.93.145.85', 'timestamp': 1670357921.9137294, 'message': 'Dec  6 22:18:40 hqnl0246134 sshd[260142]: Failed password for root from 142.93.145.85 port 55224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 22:18:41,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670357921.9141176, 'message': 'Dec  6 22:18:41 hqnl0246134 sshd[260140]: Disconnected from invalid user bbs 125.129.82.220 port 42828 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0493 seconds
WARNING [2022-12-06 22:18:49,257] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:18:49,258] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:19:10,707] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:19:10,736] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0431 seconds
INFO    [2022-12-06 22:19:17,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357957.9541445, 'message': 'Dec  6 22:19:17 hqnl0246134 sshd[260169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 22:19:18,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357957.954432, 'message': 'Dec  6 22:19:17 hqnl0246134 sshd[260169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 22:19:19,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:19:19,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:19:19,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:19:19,028] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 22:19:21,545] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:19:21,545] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:19:21,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:19:21,564] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 22:19:21,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357961.9610972, 'message': 'Dec  6 22:19:20 hqnl0246134 sshd[260169]: Failed password for root from 61.177.173.18 port 19923 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:19:23,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357963.9636414, 'message': 'Dec  6 22:19:22 hqnl0246134 sshd[260169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:19:25,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357965.9658358, 'message': 'Dec  6 22:19:24 hqnl0246134 sshd[260169]: Failed password for root from 61.177.173.18 port 19923 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:19:27,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357967.968676, 'message': 'Dec  6 22:19:26 hqnl0246134 sshd[260169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:19:29,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670357969.9708292, 'message': 'Dec  6 22:19:28 hqnl0246134 sshd[260169]: Failed password for root from 61.177.173.18 port 19923 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 22:19:31,174] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:19:31,174] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:19:31,182] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:19:31,194] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 22:19:32,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357971.9725716, 'message': 'Dec  6 22:19:31 hqnl0246134 sshd[260215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 22:19:33,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670357973.973599, 'message': 'Dec  6 22:19:33 hqnl0246134 sshd[260215]: Failed password for root from 165.227.166.207 port 36484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:19:48,360] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:19:48,426] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:19:48,427] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:19:48,427] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:19:48,427] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:19:48,428] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:19:48,440] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:19:48,457] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0284 seconds
WARNING [2022-12-06 22:19:48,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:19:48,467] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:19:48,485] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0330 seconds
INFO    [2022-12-06 22:19:48,486] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0312 seconds
WARNING [2022-12-06 22:19:49,263] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:19:49,264] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:19:50,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357989.9929981, 'message': 'Dec  6 22:19:48 hqnl0246134 sshd[260221]: Invalid user user from 202.89.73.6 port 49516', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:19:50,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357989.9935102, 'message': 'Dec  6 22:19:48 hqnl0246134 sshd[260221]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.89.73.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 22:19:50,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357989.9939277, 'message': 'Dec  6 22:19:48 hqnl0246134 sshd[260221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:19:52,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357991.9936204, 'message': 'Dec  6 22:19:50 hqnl0246134 sshd[260221]: Failed password for invalid user user from 202.89.73.6 port 49516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:19:54,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670357993.9978566, 'message': 'Dec  6 22:19:52 hqnl0246134 sshd[260221]: Disconnected from invalid user user 202.89.73.6 port 49516 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:20:04,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358004.0187602, 'message': 'Dec  6 22:20:03 hqnl0246134 sshd[260251]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:20:04,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358004.0194392, 'message': 'Dec  6 22:20:03 hqnl0246134 sshd[260251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 22:20:06,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358006.0215158, 'message': 'Dec  6 22:20:05 hqnl0246134 sshd[260251]: Failed password for root from 61.177.173.18 port 35006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:20:08,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358008.0228717, 'message': 'Dec  6 22:20:07 hqnl0246134 sshd[260251]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 22:20:10,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358010.02476, 'message': 'Dec  6 22:20:09 hqnl0246134 sshd[260251]: Failed password for root from 61.177.173.18 port 35006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
WARNING [2022-12-06 22:20:10,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:20:10,731] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-06 22:20:12,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358012.0286736, 'message': 'Dec  6 22:20:10 hqnl0246134 sshd[260251]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:20:14,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358014.1368585, 'message': 'Dec  6 22:20:12 hqnl0246134 sshd[260251]: Failed password for root from 61.177.173.18 port 35006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:20:18,069] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:20:18,070] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:20:18,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:20:18,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 22:20:18,553] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:20:18,553] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:20:18,554] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 22:20:20,630] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:20:20,631] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:20:20,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:20:20,649] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 22:20:46,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358046.070747, 'message': 'Dec  6 22:20:45 hqnl0246134 sshd[260287]: Invalid user anish from 43.157.26.210 port 33078', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:20:46,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358046.0712616, 'message': 'Dec  6 22:20:45 hqnl0246134 sshd[260287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:20:46,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358046.0715044, 'message': 'Dec  6 22:20:45 hqnl0246134 sshd[260287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:20:48,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358048.0731695, 'message': 'Dec  6 22:20:47 hqnl0246134 sshd[260287]: Failed password for invalid user anish from 43.157.26.210 port 33078 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 22:20:49,268] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:20:49,268] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:20:50,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358050.0745394, 'message': 'Dec  6 22:20:48 hqnl0246134 sshd[260287]: Disconnected from invalid user anish 43.157.26.210 port 33078 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:20:50,694] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:20:50,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:20:50,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:20:50,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 22:20:52,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358052.0870066, 'message': 'Dec  6 22:20:50 hqnl0246134 sshd[260291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 22:20:52,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358052.087321, 'message': 'Dec  6 22:20:50 hqnl0246134 sshd[260291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:20:54,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358054.0913594, 'message': 'Dec  6 22:20:52 hqnl0246134 sshd[260291]: Failed password for root from 61.177.173.18 port 10232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:20:54,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358054.0915458, 'message': 'Dec  6 22:20:52 hqnl0246134 sshd[260291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:20:56,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358056.0943897, 'message': 'Dec  6 22:20:55 hqnl0246134 sshd[260291]: Failed password for root from 61.177.173.18 port 10232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:20:58,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358058.0980914, 'message': 'Dec  6 22:20:57 hqnl0246134 sshd[260291]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:21:00,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358060.1034925, 'message': 'Dec  6 22:20:58 hqnl0246134 sshd[260291]: Failed password for root from 61.177.173.18 port 10232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-06 22:21:10,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:21:10,731] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0311 seconds
INFO    [2022-12-06 22:21:16,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358076.1403751, 'message': 'Dec  6 22:21:16 hqnl0246134 sshd[260314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:21:18,460] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:21:18,460] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:21:18,467] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:21:18,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:21:20,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358080.1500957, 'message': 'Dec  6 22:21:18 hqnl0246134 sshd[260314]: Failed password for root from 165.227.166.207 port 46744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 22:21:20,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670358080.1503856, 'message': 'Dec  6 22:21:19 hqnl0246134 sshd[260322]: Invalid user feng from 142.93.145.85 port 43700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 22:21:20,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358080.1516516, 'message': 'Dec  6 22:21:20 hqnl0246134 sshd[260324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 22:21:20,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.145.85', 'timestamp': 1670358080.1514332, 'message': 'Dec  6 22:21:19 hqnl0246134 sshd[260322]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.145.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:21:20,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358080.1517537, 'message': 'Dec  6 22:21:20 hqnl0246134 sshd[260324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 22:21:20,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.145.85', 'timestamp': 1670358080.1515405, 'message': 'Dec  6 22:21:19 hqnl0246134 sshd[260322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.145.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:21:21,026] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:21:21,027] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:21:21,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:21:21,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-06 22:21:22,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358082.1600761, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260329]: Invalid user formation from 217.182.252.168 port 37426', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-06 22:21:22,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670358082.1606994, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260322]: Failed password for invalid user feng from 142.93.145.85 port 43700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 22:21:22,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358082.1608245, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260324]: Failed password for root from 45.93.201.82 port 45416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 22:21:22,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358082.1604085, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.252.168 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 22:21:22,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.145.85', 'timestamp': 1670358082.1609266, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260322]: Disconnected from invalid user feng 142.93.145.85 port 43700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:21:22,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358082.160562, 'message': 'Dec  6 22:21:21 hqnl0246134 sshd[260329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.168 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:21:24,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358084.1639879, 'message': 'Dec  6 22:21:22 hqnl0246134 sshd[260329]: Failed password for invalid user formation from 217.182.252.168 port 37426 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:21:24,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358084.164289, 'message': 'Dec  6 22:21:23 hqnl0246134 sshd[260329]: Disconnected from invalid user formation 217.182.252.168 port 37426 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:21:26,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358086.169003, 'message': 'Dec  6 22:21:25 hqnl0246134 sshd[260324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:21:28,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358088.1750038, 'message': 'Dec  6 22:21:26 hqnl0246134 sshd[260331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.129.82.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 22:21:28,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358088.1754386, 'message': 'Dec  6 22:21:27 hqnl0246134 sshd[260324]: Failed password for root from 45.93.201.82 port 45416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 22:21:28,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358088.1752872, 'message': 'Dec  6 22:21:26 hqnl0246134 sshd[260331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.129.82.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:21:30,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358090.1794004, 'message': 'Dec  6 22:21:28 hqnl0246134 sshd[260331]: Failed password for root from 125.129.82.220 port 54192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 22:21:34,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358094.1883447, 'message': 'Dec  6 22:21:32 hqnl0246134 sshd[260324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 22:21:34,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.80.61', 'timestamp': 1670358094.188756, 'message': 'Dec  6 22:21:33 hqnl0246134 sshd[260341]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.80.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 22:21:34,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670358094.1885371, 'message': 'Dec  6 22:21:33 hqnl0246134 sshd[260324]: Failed password for root from 45.93.201.82 port 45416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 22:21:34,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.80.61', 'timestamp': 1670358094.1889093, 'message': 'Dec  6 22:21:33 hqnl0246134 sshd[260341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.80.61  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:21:36,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.80.61', 'timestamp': 1670358096.1914446, 'message': 'Dec  6 22:21:35 hqnl0246134 sshd[260341]: Failed password for root from 139.59.80.61 port 57412 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 22:21:38,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358098.193844, 'message': 'Dec  6 22:21:36 hqnl0246134 sshd[260343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:21:38,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358098.1941113, 'message': 'Dec  6 22:21:36 hqnl0246134 sshd[260343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:21:40,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358100.2048838, 'message': 'Dec  6 22:21:39 hqnl0246134 sshd[260343]: Failed password for root from 61.177.173.18 port 35077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:21:42,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358102.215588, 'message': 'Dec  6 22:21:41 hqnl0246134 sshd[260343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:21:44,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358104.2287693, 'message': 'Dec  6 22:21:43 hqnl0246134 sshd[260343]: Failed password for root from 61.177.173.18 port 35077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:21:46,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358106.2408314, 'message': 'Dec  6 22:21:45 hqnl0246134 sshd[260343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:21:48,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358108.2423043, 'message': 'Dec  6 22:21:47 hqnl0246134 sshd[260343]: Failed password for root from 61.177.173.18 port 35077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 22:21:49,271] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:21:49,272] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:21:54,026] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 22:22:10,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:22:10,851] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.1456 seconds
INFO    [2022-12-06 22:22:17,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:22:17,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:22:17,870] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:22:17,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 22:22:20,378] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:22:20,379] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:22:20,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:22:20,396] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 22:22:22,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358142.3100843, 'message': 'Dec  6 22:22:21 hqnl0246134 sshd[260385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:22:22,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358142.31037, 'message': 'Dec  6 22:22:21 hqnl0246134 sshd[260385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:22:24,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358144.311904, 'message': 'Dec  6 22:22:23 hqnl0246134 sshd[260385]: Failed password for root from 61.177.173.18 port 54630 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:22:24,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358144.3122506, 'message': 'Dec  6 22:22:23 hqnl0246134 sshd[260385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:22:26,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358146.3141766, 'message': 'Dec  6 22:22:26 hqnl0246134 sshd[260385]: Failed password for root from 61.177.173.18 port 54630 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 22:22:28,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358148.318142, 'message': 'Dec  6 22:22:28 hqnl0246134 sshd[260385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:22:30,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358150.3214922, 'message': 'Dec  6 22:22:30 hqnl0246134 sshd[260385]: Failed password for root from 61.177.173.18 port 54630 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:22:33,043] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:22:33,044] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:22:33,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:22:33,074] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
INFO    [2022-12-06 22:22:36,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.87.33.100', 'timestamp': 1670358156.3285675, 'message': 'Dec  6 22:22:34 hqnl0246134 sshd[260419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.87.33.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:22:36,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.87.33.100', 'timestamp': 1670358156.3289, 'message': 'Dec  6 22:22:34 hqnl0246134 sshd[260419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:22:36,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '80.87.33.100', 'timestamp': 1670358156.3290706, 'message': 'Dec  6 22:22:36 hqnl0246134 sshd[260419]: Failed password for root from 80.87.33.100 port 36142 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-06 22:22:49,277] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:22:49,279] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:23:06,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358186.3605676, 'message': 'Dec  6 22:23:04 hqnl0246134 sshd[260448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 22:23:06,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358186.3610246, 'message': 'Dec  6 22:23:06 hqnl0246134 sshd[260448]: Failed password for root from 165.227.166.207 port 57044 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:23:08,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358188.3626623, 'message': 'Dec  6 22:23:07 hqnl0246134 sshd[260450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:23:08,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358188.3628457, 'message': 'Dec  6 22:23:07 hqnl0246134 sshd[260450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 22:23:10,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358190.3645613, 'message': 'Dec  6 22:23:09 hqnl0246134 sshd[260450]: Failed password for root from 61.177.173.18 port 31482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 22:23:10,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358190.3647382, 'message': 'Dec  6 22:23:09 hqnl0246134 sshd[260450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-06 22:23:10,716] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:23:10,752] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-06 22:23:12,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358192.366616, 'message': 'Dec  6 22:23:12 hqnl0246134 sshd[260450]: Failed password for root from 61.177.173.18 port 31482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:23:14,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358194.3711615, 'message': 'Dec  6 22:23:13 hqnl0246134 sshd[260455]: Invalid user tams from 202.89.73.6 port 35676', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 22:23:14,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358194.3713706, 'message': 'Dec  6 22:23:14 hqnl0246134 sshd[260450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 22:23:14,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358194.3715098, 'message': 'Dec  6 22:23:14 hqnl0246134 sshd[260455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.89.73.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:23:14,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358194.3716178, 'message': 'Dec  6 22:23:14 hqnl0246134 sshd[260455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 22:23:16,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358196.373589, 'message': 'Dec  6 22:23:15 hqnl0246134 sshd[260450]: Failed password for root from 61.177.173.18 port 31482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:23:16,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358196.3737853, 'message': 'Dec  6 22:23:16 hqnl0246134 sshd[260455]: Failed password for invalid user tams from 202.89.73.6 port 35676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 22:23:17,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:23:17,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:23:17,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:23:17,886] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 22:23:18,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358198.3765755, 'message': 'Dec  6 22:23:16 hqnl0246134 sshd[260455]: Disconnected from invalid user tams 202.89.73.6 port 35676 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:23:20,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:23:20,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:23:20,519] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:23:20,531] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-06 22:23:22,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358202.3848493, 'message': 'Dec  6 22:23:21 hqnl0246134 sshd[260467]: Invalid user wkiconsole from 43.157.26.210 port 50788', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:23:22,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358202.385121, 'message': 'Dec  6 22:23:21 hqnl0246134 sshd[260467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:23:22,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358202.3852599, 'message': 'Dec  6 22:23:21 hqnl0246134 sshd[260467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:23:24,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358204.3919103, 'message': 'Dec  6 22:23:24 hqnl0246134 sshd[260467]: Failed password for invalid user wkiconsole from 43.157.26.210 port 50788 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:23:26,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358206.3979883, 'message': 'Dec  6 22:23:24 hqnl0246134 sshd[260467]: Disconnected from invalid user wkiconsole 43.157.26.210 port 50788 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
WARNING [2022-12-06 22:23:49,282] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:23:49,284] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:23:54,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358234.4823124, 'message': 'Dec  6 22:23:53 hqnl0246134 sshd[260479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:23:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358234.4830844, 'message': 'Dec  6 22:23:53 hqnl0246134 sshd[260479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:23:56,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358236.4853108, 'message': 'Dec  6 22:23:55 hqnl0246134 sshd[260479]: Failed password for root from 61.177.173.18 port 51677 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:23:58,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358238.4926627, 'message': 'Dec  6 22:23:57 hqnl0246134 sshd[260479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:24:00,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358240.498453, 'message': 'Dec  6 22:23:59 hqnl0246134 sshd[260479]: Failed password for root from 61.177.173.18 port 51677 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:24:00,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358240.4987652, 'message': 'Dec  6 22:23:59 hqnl0246134 sshd[260479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:24:02,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358242.5011199, 'message': 'Dec  6 22:24:01 hqnl0246134 sshd[260479]: Failed password for root from 61.177.173.18 port 51677 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 22:24:02,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358242.501398, 'message': 'Dec  6 22:24:02 hqnl0246134 sshd[260502]: Invalid user admin from 217.182.252.168 port 59760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-06 22:24:02,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358242.5015683, 'message': 'Dec  6 22:24:02 hqnl0246134 sshd[260502]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.252.168 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:24:02,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358242.501724, 'message': 'Dec  6 22:24:02 hqnl0246134 sshd[260502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.168 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:24:04,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358244.502499, 'message': 'Dec  6 22:24:03 hqnl0246134 sshd[260498]: Invalid user user from 125.129.82.220 port 37286', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 22:24:04,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358244.5029197, 'message': 'Dec  6 22:24:04 hqnl0246134 sshd[260502]: Failed password for invalid user admin from 217.182.252.168 port 59760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 22:24:04,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358244.502692, 'message': 'Dec  6 22:24:03 hqnl0246134 sshd[260498]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.129.82.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0551 seconds
INFO    [2022-12-06 22:24:04,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358244.5030525, 'message': 'Dec  6 22:24:04 hqnl0246134 sshd[260502]: Disconnected from invalid user admin 217.182.252.168 port 59760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-06 22:24:04,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358244.5028136, 'message': 'Dec  6 22:24:03 hqnl0246134 sshd[260498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.129.82.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 22:24:04,955] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:24:04,956] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:24:04,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:24:04,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-06 22:24:06,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358246.505954, 'message': 'Dec  6 22:24:05 hqnl0246134 sshd[260498]: Failed password for invalid user user from 125.129.82.220 port 37286 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:24:08,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.129.82.220', 'timestamp': 1670358248.5184562, 'message': 'Dec  6 22:24:07 hqnl0246134 sshd[260498]: Disconnected from invalid user user 125.129.82.220 port 37286 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 22:24:10,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:24:10,760] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0489 seconds
INFO    [2022-12-06 22:24:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:24:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:24:17,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:24:17,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 22:24:20,439] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:24:20,439] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:24:20,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:24:20,458] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 22:24:32,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358272.5961926, 'message': 'Dec  6 22:24:32 hqnl0246134 sshd[260538]: Invalid user master from 136.228.161.67 port 41064', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 22:24:32,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358272.5966837, 'message': 'Dec  6 22:24:32 hqnl0246134 sshd[260538]: pam_imunify(sshd:auth): [IM360_RBL] The IP 136.228.161.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:24:32,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358272.596861, 'message': 'Dec  6 22:24:32 hqnl0246134 sshd[260538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.228.161.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:24:34,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358274.5982196, 'message': 'Dec  6 22:24:33 hqnl0246134 sshd[260538]: Failed password for invalid user master from 136.228.161.67 port 41064 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:24:34,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358274.5986092, 'message': 'Dec  6 22:24:34 hqnl0246134 sshd[260538]: Disconnected from invalid user master 136.228.161.67 port 41064 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:24:40,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358280.6085443, 'message': 'Dec  6 22:24:39 hqnl0246134 sshd[260542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:24:40,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358280.60897, 'message': 'Dec  6 22:24:39 hqnl0246134 sshd[260542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:24:42,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358282.613819, 'message': 'Dec  6 22:24:41 hqnl0246134 sshd[260542]: Failed password for root from 61.177.173.18 port 18903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 22:24:42,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358282.6141937, 'message': 'Dec  6 22:24:42 hqnl0246134 sshd[260542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:24:44,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358284.623174, 'message': 'Dec  6 22:24:44 hqnl0246134 sshd[260542]: Failed password for root from 61.177.173.18 port 18903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:24:46,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358286.6308432, 'message': 'Dec  6 22:24:46 hqnl0246134 sshd[260542]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:24:48,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358288.6411483, 'message': 'Dec  6 22:24:48 hqnl0246134 sshd[260542]: Failed password for root from 61.177.173.18 port 18903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 22:24:49,288] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:24:49,289] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:24:54,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358294.6621997, 'message': 'Dec  6 22:24:53 hqnl0246134 sshd[260545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:24:56,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358296.6655488, 'message': 'Dec  6 22:24:55 hqnl0246134 sshd[260545]: Failed password for root from 165.227.166.207 port 39110 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 22:25:10,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:25:10,750] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-06 22:25:18,003] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:25:18,004] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:25:18,011] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:25:18,022] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:25:20,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:25:20,818] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:25:20,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:25:20,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0274 seconds
INFO    [2022-12-06 22:25:26,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358326.7104604, 'message': 'Dec  6 22:25:26 hqnl0246134 sshd[260602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:25:26,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358326.7107787, 'message': 'Dec  6 22:25:26 hqnl0246134 sshd[260602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:25:28,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358328.7132063, 'message': 'Dec  6 22:25:28 hqnl0246134 sshd[260602]: Failed password for root from 61.177.173.18 port 39704 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 22:25:30,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358330.7194638, 'message': 'Dec  6 22:25:28 hqnl0246134 sshd[260602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:25:32,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358332.7231295, 'message': 'Dec  6 22:25:31 hqnl0246134 sshd[260602]: Failed password for root from 61.177.173.18 port 39704 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:25:34,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358334.7280517, 'message': 'Dec  6 22:25:33 hqnl0246134 sshd[260602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 22:25:36,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358336.7298179, 'message': 'Dec  6 22:25:35 hqnl0246134 sshd[260602]: Failed password for root from 61.177.173.18 port 39704 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 22:25:38,087] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:25:38,088] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:25:38,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:25:38,108] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 22:25:40,628] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:25:41,344] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:25:41,345] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:25:41,345] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:25:41,345] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:25:41,346] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:25:41,356] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:25:41,371] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0246 seconds
WARNING [2022-12-06 22:25:41,378] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:25:41,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:25:41,397] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0317 seconds
INFO    [2022-12-06 22:25:41,399] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0302 seconds
WARNING [2022-12-06 22:25:49,293] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:25:49,294] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:26:00,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358360.756216, 'message': 'Dec  6 22:25:59 hqnl0246134 sshd[260629]: Invalid user gary from 43.157.26.210 port 40280', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 22:26:00,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358360.7567847, 'message': 'Dec  6 22:26:00 hqnl0246134 sshd[260629]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:26:00,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358360.7570348, 'message': 'Dec  6 22:26:00 hqnl0246134 sshd[260629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:26:04,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358364.7619135, 'message': 'Dec  6 22:26:02 hqnl0246134 sshd[260629]: Failed password for invalid user gary from 43.157.26.210 port 40280 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:26:04,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670358364.7621112, 'message': 'Dec  6 22:26:03 hqnl0246134 sshd[260629]: Disconnected from invalid user gary 43.157.26.210 port 40280 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 22:26:10,736] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:26:10,777] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0572 seconds
INFO    [2022-12-06 22:26:12,224] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:26:12,224] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:26:12,225] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 22:26:14,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358374.771234, 'message': 'Dec  6 22:26:12 hqnl0246134 sshd[260649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:26:14,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358374.7714524, 'message': 'Dec  6 22:26:12 hqnl0246134 sshd[260649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:26:16,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358376.7730381, 'message': 'Dec  6 22:26:15 hqnl0246134 sshd[260649]: Failed password for root from 61.177.173.18 port 55037 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:26:18,189] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:26:18,190] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:26:18,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:26:18,211] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:26:18,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358378.7757826, 'message': 'Dec  6 22:26:17 hqnl0246134 sshd[260649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:26:20,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:26:20,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:26:20,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:26:20,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358380.7806766, 'message': 'Dec  6 22:26:19 hqnl0246134 sshd[260649]: Failed password for root from 61.177.173.18 port 55037 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.1112 seconds
INFO    [2022-12-06 22:26:20,898] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-06 22:26:22,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358382.7808454, 'message': 'Dec  6 22:26:21 hqnl0246134 sshd[260649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 22:26:24,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358384.7844849, 'message': 'Dec  6 22:26:23 hqnl0246134 sshd[260649]: Failed password for root from 61.177.173.18 port 55037 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 22:26:34,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358394.7970808, 'message': 'Dec  6 22:26:34 hqnl0246134 sshd[260699]: Invalid user oscar from 202.89.73.6 port 50022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 22:26:34,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358394.7976441, 'message': 'Dec  6 22:26:34 hqnl0246134 sshd[260699]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.89.73.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0607 seconds
INFO    [2022-12-06 22:26:34,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358394.7978039, 'message': 'Dec  6 22:26:34 hqnl0246134 sshd[260699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0651 seconds
INFO    [2022-12-06 22:26:36,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358396.7975473, 'message': 'Dec  6 22:26:36 hqnl0246134 sshd[260699]: Failed password for invalid user oscar from 202.89.73.6 port 50022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:26:38,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358398.8004358, 'message': 'Dec  6 22:26:37 hqnl0246134 sshd[260703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 22:26:38,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.89.73.6', 'timestamp': 1670358398.800754, 'message': 'Dec  6 22:26:38 hqnl0246134 sshd[260699]: Disconnected from invalid user oscar 202.89.73.6 port 50022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:26:40,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358400.8019688, 'message': 'Dec  6 22:26:39 hqnl0246134 sshd[260703]: Failed password for root from 165.227.166.207 port 49406 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:26:40,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:26:40,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:26:41,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:26:41,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 22:26:46,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358406.8168323, 'message': 'Dec  6 22:26:45 hqnl0246134 sshd[260711]: Invalid user test from 217.182.252.168 port 52408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:26:46,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358406.817103, 'message': 'Dec  6 22:26:45 hqnl0246134 sshd[260711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.182.252.168 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:26:46,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358406.8172734, 'message': 'Dec  6 22:26:45 hqnl0246134 sshd[260711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.168 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0160 seconds
INFO    [2022-12-06 22:26:48,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358408.826485, 'message': 'Dec  6 22:26:48 hqnl0246134 sshd[260711]: Failed password for invalid user test from 217.182.252.168 port 52408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 22:26:49,297] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:26:49,298] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:26:50,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.182.252.168', 'timestamp': 1670358410.82923, 'message': 'Dec  6 22:26:50 hqnl0246134 sshd[260711]: Disconnected from invalid user test 217.182.252.168 port 52408 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:27:00,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358420.8443863, 'message': 'Dec  6 22:26:59 hqnl0246134 sshd[260719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-06 22:27:00,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358420.8447726, 'message': 'Dec  6 22:26:59 hqnl0246134 sshd[260719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:27:02,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358422.8489316, 'message': 'Dec  6 22:27:01 hqnl0246134 sshd[260719]: Failed password for root from 61.177.173.18 port 23593 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:27:04,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358424.8530006, 'message': 'Dec  6 22:27:04 hqnl0246134 sshd[260719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:27:06,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358426.8554392, 'message': 'Dec  6 22:27:06 hqnl0246134 sshd[260719]: Failed password for root from 61.177.173.18 port 23593 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 22:27:08,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358428.8583653, 'message': 'Dec  6 22:27:08 hqnl0246134 sshd[260719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 22:27:10,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:27:10,755] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-06 22:27:10,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358430.863755, 'message': 'Dec  6 22:27:10 hqnl0246134 sshd[260719]: Failed password for root from 61.177.173.18 port 23593 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:27:18,076] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:27:18,077] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:27:18,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:27:18,095] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 22:27:20,761] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:27:20,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:27:20,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:27:20,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 22:27:46,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358466.9427688, 'message': 'Dec  6 22:27:45 hqnl0246134 sshd[260769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 22:27:46,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358466.9434485, 'message': 'Dec  6 22:27:45 hqnl0246134 sshd[260769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:27:47,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358466.943654, 'message': 'Dec  6 22:27:46 hqnl0246134 sshd[260769]: Failed password for root from 61.177.173.18 port 44878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:27:48,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358468.9430254, 'message': 'Dec  6 22:27:47 hqnl0246134 sshd[260769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 22:27:49,303] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:27:49,304] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:27:50,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358470.947112, 'message': 'Dec  6 22:27:49 hqnl0246134 sshd[260769]: Failed password for root from 61.177.173.18 port 44878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:27:52,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358472.9523568, 'message': 'Dec  6 22:27:51 hqnl0246134 sshd[260769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 22:27:54,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358474.9596996, 'message': 'Dec  6 22:27:54 hqnl0246134 sshd[260769]: Failed password for root from 61.177.173.18 port 44878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:27:58,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:27:58,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:27:58,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:27:58,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
WARNING [2022-12-06 22:28:10,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:28:10,774] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0472 seconds
INFO    [2022-12-06 22:28:13,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670358492.9871964, 'message': 'Dec  6 22:28:12 hqnl0246134 sshd[260797]: Invalid user admin from 176.31.46.230 port 49944', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:28:13,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '176.31.46.230', 'timestamp': 1670358492.987461, 'message': 'Dec  6 22:28:12 hqnl0246134 sshd[260797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 176.31.46.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:28:13,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '176.31.46.230', 'timestamp': 1670358492.9875948, 'message': 'Dec  6 22:28:12 hqnl0246134 sshd[260797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.46.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:28:15,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358494.9881027, 'message': 'Dec  6 22:28:14 hqnl0246134 sshd[260795]: Invalid user postgres from 136.228.161.67 port 50290', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 22:28:15,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670358494.9886975, 'message': 'Dec  6 22:28:14 hqnl0246134 sshd[260797]: Failed password for invalid user admin from 176.31.46.230 port 49944 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 22:28:15,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358494.988391, 'message': 'Dec  6 22:28:14 hqnl0246134 sshd[260795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 136.228.161.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:28:15,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358494.9885547, 'message': 'Dec  6 22:28:14 hqnl0246134 sshd[260795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.228.161.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:28:17,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670358496.9899359, 'message': 'Dec  6 22:28:16 hqnl0246134 sshd[260797]: Disconnected from invalid user admin 176.31.46.230 port 49944 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 22:28:17,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358496.9902382, 'message': 'Dec  6 22:28:16 hqnl0246134 sshd[260795]: Failed password for invalid user postgres from 136.228.161.67 port 50290 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 22:28:17,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:28:17,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:28:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:28:17,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 22:28:19,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358498.992683, 'message': 'Dec  6 22:28:18 hqnl0246134 sshd[260795]: Disconnected from invalid user postgres 136.228.161.67 port 50290 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:28:20,521] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:28:20,521] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:28:20,528] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:28:20,539] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 22:28:21,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358500.995584, 'message': 'Dec  6 22:28:19 hqnl0246134 sshd[260808]: Invalid user zhangjie from 37.232.43.250 port 63643', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:28:21,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358500.9958653, 'message': 'Dec  6 22:28:19 hqnl0246134 sshd[260808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.232.43.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:28:21,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358500.9960501, 'message': 'Dec  6 22:28:19 hqnl0246134 sshd[260808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.232.43.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:28:23,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358502.9979136, 'message': 'Dec  6 22:28:21 hqnl0246134 sshd[260808]: Failed password for invalid user zhangjie from 37.232.43.250 port 63643 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:28:23,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358502.9980936, 'message': 'Dec  6 22:28:22 hqnl0246134 sshd[260808]: Disconnected from invalid user zhangjie 37.232.43.250 port 63643 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:28:25,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358505.0001066, 'message': 'Dec  6 22:28:24 hqnl0246134 sshd[260813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:28:27,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358507.0019035, 'message': 'Dec  6 22:28:26 hqnl0246134 sshd[260813]: Failed password for root from 165.227.166.207 port 59686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 22:28:31,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358511.0053127, 'message': 'Dec  6 22:28:29 hqnl0246134 sshd[260819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:28:31,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358511.0056715, 'message': 'Dec  6 22:28:29 hqnl0246134 sshd[260819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:28:33,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358513.0143979, 'message': 'Dec  6 22:28:31 hqnl0246134 sshd[260819]: Failed password for root from 61.177.173.18 port 60735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:28:35,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358515.0240755, 'message': 'Dec  6 22:28:33 hqnl0246134 sshd[260819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:28:37,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358517.025164, 'message': 'Dec  6 22:28:35 hqnl0246134 sshd[260819]: Failed password for root from 61.177.173.18 port 60735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:28:37,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358517.0253897, 'message': 'Dec  6 22:28:36 hqnl0246134 sshd[260819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:28:39,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358519.0358465, 'message': 'Dec  6 22:28:38 hqnl0246134 sshd[260819]: Failed password for root from 61.177.173.18 port 60735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 22:28:49,312] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:28:49,314] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:29:10,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:29:10,783] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0509 seconds
INFO    [2022-12-06 22:29:11,704] defence360agent.files: Updating all files
INFO    [2022-12-06 22:29:12,048] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:12,049] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 22:29:12,392] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:12,393] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 22:29:12,712] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:12,713] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 22:29:13,058] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:13,058] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 22:29:13,059] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 22:29:13,376] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 20:29:13 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4E411B9C0CBB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 22:29:13,377] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 22:29:13,378] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 22:29:14,339] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:14,339] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 22:29:14,657] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:14,658] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 22:29:14,984] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:14,985] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 22:29:15,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358555.1340487, 'message': 'Dec  6 22:29:13 hqnl0246134 sshd[260853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:29:15,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358555.1343126, 'message': 'Dec  6 22:29:13 hqnl0246134 sshd[260853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:29:15,377] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:15,378] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 22:29:15,841] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 22:29:15,843] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 22:29:17,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358557.1340797, 'message': 'Dec  6 22:29:15 hqnl0246134 sshd[260853]: Failed password for root from 61.177.173.18 port 28113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:29:17,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358557.1343088, 'message': 'Dec  6 22:29:16 hqnl0246134 sshd[260853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:29:18,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:29:18,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:29:18,049] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:29:18,061] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 22:29:19,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358559.1368887, 'message': 'Dec  6 22:29:18 hqnl0246134 sshd[260853]: Failed password for root from 61.177.173.18 port 28113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:29:19,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358559.14489, 'message': 'Dec  6 22:29:18 hqnl0246134 sshd[260853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:29:20,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:29:20,680] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:29:20,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:29:20,698] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 22:29:21,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358561.1434386, 'message': 'Dec  6 22:29:20 hqnl0246134 sshd[260853]: Failed password for root from 61.177.173.18 port 28113 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:29:25,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:29:25,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:29:25,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:29:25,389] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
WARNING [2022-12-06 22:29:49,322] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:29:49,324] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:30:01,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358601.19862, 'message': 'Dec  6 22:30:00 hqnl0246134 sshd[260886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 22:30:01,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358601.1993878, 'message': 'Dec  6 22:30:00 hqnl0246134 sshd[260886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:30:03,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358603.2030113, 'message': 'Dec  6 22:30:02 hqnl0246134 sshd[260886]: Failed password for root from 61.177.173.18 port 62094 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-06 22:30:05,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358605.2010257, 'message': 'Dec  6 22:30:04 hqnl0246134 sshd[260886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:30:07,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358607.202079, 'message': 'Dec  6 22:30:06 hqnl0246134 sshd[260886]: Failed password for root from 61.177.173.18 port 62094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0597 seconds
INFO    [2022-12-06 22:30:07,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358607.2160354, 'message': 'Dec  6 22:30:06 hqnl0246134 sshd[260886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-06 22:30:09,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358609.2039406, 'message': 'Dec  6 22:30:09 hqnl0246134 sshd[260886]: Failed password for root from 61.177.173.18 port 62094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 22:30:10,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:30:10,765] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-06 22:30:17,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358617.2156215, 'message': 'Dec  6 22:30:15 hqnl0246134 sshd[260948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:30:17,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:30:17,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:30:17,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:30:17,965] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 22:30:19,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358619.223182, 'message': 'Dec  6 22:30:17 hqnl0246134 sshd[260948]: Failed password for root from 165.227.166.207 port 41744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:30:20,661] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:30:20,661] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:30:20,672] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:30:20,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-06 22:30:41,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670358641.258418, 'message': 'Dec  6 22:30:39 hqnl0246134 sshd[260972]: Invalid user john from 43.153.68.27 port 37766', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:30:41,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.68.27', 'timestamp': 1670358641.2587852, 'message': 'Dec  6 22:30:39 hqnl0246134 sshd[260972]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.68.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:30:41,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.68.27', 'timestamp': 1670358641.2589467, 'message': 'Dec  6 22:30:39 hqnl0246134 sshd[260972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.68.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 22:30:43,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670358643.2607734, 'message': 'Dec  6 22:30:41 hqnl0246134 sshd[260972]: Failed password for invalid user john from 43.153.68.27 port 37766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 22:30:45,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670358645.2631423, 'message': 'Dec  6 22:30:43 hqnl0246134 sshd[260972]: Disconnected from invalid user john 43.153.68.27 port 37766 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 22:30:45,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:30:45,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:30:45,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:30:45,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 22:30:47,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358647.2653704, 'message': 'Dec  6 22:30:45 hqnl0246134 sshd[260976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:30:47,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358647.2656326, 'message': 'Dec  6 22:30:45 hqnl0246134 sshd[260976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:30:47,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358647.2657762, 'message': 'Dec  6 22:30:47 hqnl0246134 sshd[260976]: Failed password for root from 61.177.173.18 port 27740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:30:49,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358649.270663, 'message': 'Dec  6 22:30:47 hqnl0246134 sshd[260976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-06 22:30:49,327] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:30:49,327] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:30:51,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358651.272701, 'message': 'Dec  6 22:30:49 hqnl0246134 sshd[260976]: Failed password for root from 61.177.173.18 port 27740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 22:30:53,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358653.275599, 'message': 'Dec  6 22:30:51 hqnl0246134 sshd[260976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:30:55,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358655.2783606, 'message': 'Dec  6 22:30:54 hqnl0246134 sshd[260976]: Failed password for root from 61.177.173.18 port 27740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-06 22:31:10,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:31:10,779] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-06 22:31:18,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:31:18,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:31:18,052] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:31:18,065] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 22:31:20,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:31:20,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:31:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:31:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 22:31:33,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358693.3421235, 'message': 'Dec  6 22:31:32 hqnl0246134 sshd[261023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 22:31:33,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358693.3425133, 'message': 'Dec  6 22:31:32 hqnl0246134 sshd[261023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:31:35,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358695.3447413, 'message': 'Dec  6 22:31:34 hqnl0246134 sshd[261023]: Failed password for root from 61.177.173.18 port 11570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 22:31:35,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358695.3450148, 'message': 'Dec  6 22:31:34 hqnl0246134 sshd[261023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:31:37,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358697.3470938, 'message': 'Dec  6 22:31:36 hqnl0246134 sshd[261023]: Failed password for root from 61.177.173.18 port 11570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:31:37,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358697.3473632, 'message': 'Dec  6 22:31:36 hqnl0246134 sshd[261023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:31:39,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358699.3498328, 'message': 'Dec  6 22:31:39 hqnl0246134 sshd[261023]: Failed password for root from 61.177.173.18 port 11570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:31:41,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358701.350386, 'message': 'Dec  6 22:31:39 hqnl0246134 sshd[261028]: Invalid user ian from 136.228.161.67 port 59410', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:31:41,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358701.3506472, 'message': 'Dec  6 22:31:39 hqnl0246134 sshd[261028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 136.228.161.67 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-06 22:31:41,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358701.350803, 'message': 'Dec  6 22:31:39 hqnl0246134 sshd[261028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.228.161.67 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 22:31:43,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358703.3537586, 'message': 'Dec  6 22:31:41 hqnl0246134 sshd[261028]: Failed password for invalid user ian from 136.228.161.67 port 59410 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:31:43,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '136.228.161.67', 'timestamp': 1670358703.3539474, 'message': 'Dec  6 22:31:42 hqnl0246134 sshd[261028]: Disconnected from invalid user ian 136.228.161.67 port 59410 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 22:31:49,331] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:31:49,333] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:31:51,400] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:31:51,468] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:31:51,469] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:31:51,469] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:31:51,469] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:31:51,470] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:31:51,480] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:31:51,496] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0252 seconds
WARNING [2022-12-06 22:31:51,504] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:31:51,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:31:51,522] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0322 seconds
INFO    [2022-12-06 22:31:51,524] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0302 seconds
WARNING [2022-12-06 22:31:54,030] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 22:32:09,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358729.395142, 'message': 'Dec  6 22:32:08 hqnl0246134 sshd[261057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0261 seconds
WARNING [2022-12-06 22:32:10,751] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:32:10,773] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-06 22:32:11,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358731.3937142, 'message': 'Dec  6 22:32:10 hqnl0246134 sshd[261057]: Failed password for root from 165.227.166.207 port 52054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:32:15,185] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:32:15,185] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:32:15,195] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:32:15,214] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
INFO    [2022-12-06 22:32:17,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:32:17,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:32:17,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:32:17,923] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 22:32:19,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358739.4033537, 'message': 'Dec  6 22:32:17 hqnl0246134 sshd[261070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-06 22:32:19,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358739.4036307, 'message': 'Dec  6 22:32:17 hqnl0246134 sshd[261070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0679 seconds
INFO    [2022-12-06 22:32:21,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358741.4053571, 'message': 'Dec  6 22:32:20 hqnl0246134 sshd[261070]: Failed password for root from 61.177.173.18 port 21933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 22:32:21,595] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:32:21,595] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:32:21,596] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 22:32:23,202] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:32:23,203] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:32:23,211] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:32:23,223] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:32:23,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358743.407392, 'message': 'Dec  6 22:32:22 hqnl0246134 sshd[261070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:32:25,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358745.4134011, 'message': 'Dec  6 22:32:24 hqnl0246134 sshd[261070]: Failed password for root from 61.177.173.18 port 21933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:32:27,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358747.4181376, 'message': 'Dec  6 22:32:26 hqnl0246134 sshd[261070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:32:29,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358749.421671, 'message': 'Dec  6 22:32:28 hqnl0246134 sshd[261070]: Failed password for root from 61.177.173.18 port 21933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 22:32:49,335] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:32:49,336] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:33:07,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358787.5032077, 'message': 'Dec  6 22:33:05 hqnl0246134 sshd[261110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:33:07,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358787.5035865, 'message': 'Dec  6 22:33:05 hqnl0246134 sshd[261110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:33:09,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358789.5118365, 'message': 'Dec  6 22:33:07 hqnl0246134 sshd[261110]: Failed password for root from 61.177.173.18 port 50538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:33:10,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:33:10,770] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0241 seconds
INFO    [2022-12-06 22:33:11,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358791.5145779, 'message': 'Dec  6 22:33:10 hqnl0246134 sshd[261110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:33:13,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358793.5241606, 'message': 'Dec  6 22:33:12 hqnl0246134 sshd[261110]: Failed password for root from 61.177.173.18 port 50538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:33:15,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358795.5261297, 'message': 'Dec  6 22:33:14 hqnl0246134 sshd[261110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:33:17,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358797.5293815, 'message': 'Dec  6 22:33:16 hqnl0246134 sshd[261110]: Failed password for root from 61.177.173.18 port 50538 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-06 22:33:18,281] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:33:18,281] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:33:18,290] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:33:18,302] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:33:20,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:33:20,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:33:20,982] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:33:20,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 22:33:49,340] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:33:49,341] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:33:53,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358833.5946743, 'message': 'Dec  6 22:33:51 hqnl0246134 sshd[261159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:33:53,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358833.595265, 'message': 'Dec  6 22:33:51 hqnl0246134 sshd[261159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:33:53,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358833.5954487, 'message': 'Dec  6 22:33:53 hqnl0246134 sshd[261159]: Failed password for root from 61.177.173.18 port 16936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 22:33:55,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358835.6008255, 'message': 'Dec  6 22:33:54 hqnl0246134 sshd[261159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:33:57,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358837.6016958, 'message': 'Dec  6 22:33:56 hqnl0246134 sshd[261159]: Failed password for root from 61.177.173.18 port 16936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:33:59,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358839.6077082, 'message': 'Dec  6 22:33:58 hqnl0246134 sshd[261159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:34:01,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358841.6116505, 'message': 'Dec  6 22:34:00 hqnl0246134 sshd[261159]: Failed password for root from 61.177.173.18 port 16936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 22:34:01,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358841.6119094, 'message': 'Dec  6 22:34:01 hqnl0246134 sshd[261165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-06 22:34:03,450] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:34:03,451] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:34:03,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:34:03,471] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 22:34:03,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358843.6129012, 'message': 'Dec  6 22:34:03 hqnl0246134 sshd[261165]: Failed password for root from 165.227.166.207 port 34092 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:34:05,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358845.6157794, 'message': 'Dec  6 22:34:04 hqnl0246134 sshd[261187]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.232.43.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 22:34:05,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358845.6171937, 'message': 'Dec  6 22:34:04 hqnl0246134 sshd[261187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.232.43.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:34:07,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358847.618117, 'message': 'Dec  6 22:34:06 hqnl0246134 sshd[261187]: Failed password for root from 37.232.43.250 port 19182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:34:09,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670358849.6211438, 'message': 'Dec  6 22:34:08 hqnl0246134 sshd[261189]: Invalid user krishna from 98.248.92.175 port 48663', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:34:09,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.248.92.175', 'timestamp': 1670358849.6213658, 'message': 'Dec  6 22:34:08 hqnl0246134 sshd[261189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.248.92.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:34:09,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.248.92.175', 'timestamp': 1670358849.6215408, 'message': 'Dec  6 22:34:08 hqnl0246134 sshd[261189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.248.92.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-06 22:34:10,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:34:10,785] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-06 22:34:11,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670358851.6232445, 'message': 'Dec  6 22:34:10 hqnl0246134 sshd[261189]: Failed password for invalid user krishna from 98.248.92.175 port 48663 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 22:34:13,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670358853.6267865, 'message': 'Dec  6 22:34:12 hqnl0246134 sshd[261189]: Disconnected from invalid user krishna 98.248.92.175 port 48663 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:34:19,202] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:34:19,203] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:34:19,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:34:19,256] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0428 seconds
INFO    [2022-12-06 22:34:22,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:34:22,539] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:34:22,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:34:22,559] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 22:34:37,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358877.654545, 'message': 'Dec  6 22:34:37 hqnl0246134 sshd[261224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:34:37,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358877.655218, 'message': 'Dec  6 22:34:37 hqnl0246134 sshd[261224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 22:34:39,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358879.6534305, 'message': 'Dec  6 22:34:38 hqnl0246134 sshd[261224]: Failed password for root from 61.177.173.18 port 39483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 22:34:39,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358879.6536512, 'message': 'Dec  6 22:34:39 hqnl0246134 sshd[261224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:34:41,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358881.6612208, 'message': 'Dec  6 22:34:41 hqnl0246134 sshd[261224]: Failed password for root from 61.177.173.18 port 39483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:34:43,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358883.661736, 'message': 'Dec  6 22:34:41 hqnl0246134 sshd[261224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:34:45,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358885.6620812, 'message': 'Dec  6 22:34:44 hqnl0246134 sshd[261224]: Failed password for root from 61.177.173.18 port 39483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 22:34:49,343] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:34:49,344] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:34:51,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670358891.6693454, 'message': 'Dec  6 22:34:51 hqnl0246134 sshd[261229]: Invalid user tsbot from 43.153.11.85 port 39782', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:34:53,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.11.85', 'timestamp': 1670358893.671723, 'message': 'Dec  6 22:34:51 hqnl0246134 sshd[261229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.11.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:34:53,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.11.85', 'timestamp': 1670358893.6719997, 'message': 'Dec  6 22:34:51 hqnl0246134 sshd[261229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.11.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:34:55,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670358895.6777513, 'message': 'Dec  6 22:34:53 hqnl0246134 sshd[261229]: Failed password for invalid user tsbot from 43.153.11.85 port 39782 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:34:57,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670358897.681707, 'message': 'Dec  6 22:34:55 hqnl0246134 sshd[261229]: Disconnected from invalid user tsbot 43.153.11.85 port 39782 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:35:03,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670358903.689995, 'message': 'Dec  6 22:35:01 hqnl0246134 sshd[261232]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 22:35:03,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670358903.6904085, 'message': 'Dec  6 22:35:01 hqnl0246134 sshd[261232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 22:35:05,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.55.198', 'timestamp': 1670358905.6919043, 'message': 'Dec  6 22:35:03 hqnl0246134 sshd[261232]: Failed password for root from 178.128.55.198 port 32922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:35:08,429] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:35:08,429] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:35:08,436] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:35:08,448] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-06 22:35:10,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:35:10,787] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-06 22:35:17,884] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:35:17,885] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:35:17,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:35:17,904] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:35:20,608] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:35:20,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:35:20,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:35:20,627] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 22:35:25,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358925.7172198, 'message': 'Dec  6 22:35:24 hqnl0246134 sshd[261289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 22:35:25,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358925.7178438, 'message': 'Dec  6 22:35:24 hqnl0246134 sshd[261289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:35:27,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358927.7223654, 'message': 'Dec  6 22:35:26 hqnl0246134 sshd[261289]: Failed password for root from 61.177.173.18 port 19149 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:35:29,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358929.7264075, 'message': 'Dec  6 22:35:28 hqnl0246134 sshd[261289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:35:31,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358931.7289822, 'message': 'Dec  6 22:35:30 hqnl0246134 sshd[261289]: Failed password for root from 61.177.173.18 port 19149 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:35:31,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358931.7291574, 'message': 'Dec  6 22:35:30 hqnl0246134 sshd[261289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:35:33,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358933.730526, 'message': 'Dec  6 22:35:32 hqnl0246134 sshd[261289]: Failed password for root from 61.177.173.18 port 19149 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 22:35:45,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358945.747424, 'message': 'Dec  6 22:35:44 hqnl0246134 sshd[261301]: Invalid user ernesto from 37.232.43.250 port 53451', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:35:45,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358945.7476423, 'message': 'Dec  6 22:35:44 hqnl0246134 sshd[261301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.232.43.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:35:45,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358945.7478018, 'message': 'Dec  6 22:35:44 hqnl0246134 sshd[261301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.232.43.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:35:45,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358945.7479496, 'message': 'Dec  6 22:35:45 hqnl0246134 sshd[261301]: Failed password for invalid user ernesto from 37.232.43.250 port 53451 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:35:47,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670358947.7501428, 'message': 'Dec  6 22:35:45 hqnl0246134 sshd[261301]: Disconnected from invalid user ernesto 37.232.43.250 port 53451 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 22:35:49,346] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:35:49,347] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:35:51,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358951.7547271, 'message': 'Dec  6 22:35:50 hqnl0246134 sshd[261305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:35:51,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670358951.7549493, 'message': 'Dec  6 22:35:51 hqnl0246134 sshd[261305]: Failed password for root from 165.227.166.207 port 44384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:36:07,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358967.7888675, 'message': 'Dec  6 22:36:07 hqnl0246134 sshd[261323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 22:36:07,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358967.7894516, 'message': 'Dec  6 22:36:07 hqnl0246134 sshd[261323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:36:09,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670358969.7915156, 'message': 'Dec  6 22:36:09 hqnl0246134 sshd[261325]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 22:36:09,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670358969.7917168, 'message': 'Dec  6 22:36:09 hqnl0246134 sshd[261325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 22:36:10,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:36:10,786] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0266 seconds
INFO    [2022-12-06 22:36:11,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358971.7942257, 'message': 'Dec  6 22:36:09 hqnl0246134 sshd[261323]: Failed password for root from 61.177.173.18 port 28238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 22:36:11,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.165.246.58', 'timestamp': 1670358971.7944279, 'message': 'Dec  6 22:36:10 hqnl0246134 sshd[261325]: Failed password for root from 202.165.246.58 port 60410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:36:13,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358973.7982976, 'message': 'Dec  6 22:36:12 hqnl0246134 sshd[261323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:36:15,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358975.8006496, 'message': 'Dec  6 22:36:14 hqnl0246134 sshd[261323]: Failed password for root from 61.177.173.18 port 28238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 22:36:17,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:36:17,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:36:17,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:36:17,820] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0271 seconds
INFO    [2022-12-06 22:36:17,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358977.80156, 'message': 'Dec  6 22:36:16 hqnl0246134 sshd[261323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 22:36:19,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670358979.805282, 'message': 'Dec  6 22:36:18 hqnl0246134 sshd[261323]: Failed password for root from 61.177.173.18 port 28238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:36:20,506] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:36:20,506] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:36:20,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:36:20,524] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 22:36:41,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359001.8525307, 'message': 'Dec  6 22:36:40 hqnl0246134 sshd[261347]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.255.116.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:36:41,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359001.8538945, 'message': 'Dec  6 22:36:40 hqnl0246134 sshd[261347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.255.116.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 22:36:43,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359003.852716, 'message': 'Dec  6 22:36:42 hqnl0246134 sshd[261347]: Failed password for root from 139.255.116.74 port 60742 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 22:36:45,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:36:45,742] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:36:45,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:36:45,766] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
WARNING [2022-12-06 22:36:49,351] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:36:49,351] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:36:53,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359013.8680031, 'message': 'Dec  6 22:36:53 hqnl0246134 sshd[261364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 22:36:53,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359013.8683546, 'message': 'Dec  6 22:36:53 hqnl0246134 sshd[261364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 22:36:55,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359015.8692777, 'message': 'Dec  6 22:36:54 hqnl0246134 sshd[261366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.233.142.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:36:55,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359015.8695545, 'message': 'Dec  6 22:36:54 hqnl0246134 sshd[261366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.233.142.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:36:57,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359017.8735006, 'message': 'Dec  6 22:36:55 hqnl0246134 sshd[261364]: Failed password for root from 61.177.173.18 port 47849 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 22:36:57,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359017.873995, 'message': 'Dec  6 22:36:57 hqnl0246134 sshd[261366]: Failed password for root from 85.233.142.6 port 54998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 22:36:57,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359017.873797, 'message': 'Dec  6 22:36:56 hqnl0246134 sshd[261364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:36:59,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359019.874012, 'message': 'Dec  6 22:36:58 hqnl0246134 sshd[261364]: Failed password for root from 61.177.173.18 port 47849 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-06 22:36:59,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359019.8758502, 'message': 'Dec  6 22:36:59 hqnl0246134 sshd[261369]: Invalid user xujie from 177.55.100.134 port 53484', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 22:36:59,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359019.8762336, 'message': 'Dec  6 22:36:59 hqnl0246134 sshd[261369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.55.100.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:36:59,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359019.8807294, 'message': 'Dec  6 22:36:59 hqnl0246134 sshd[261369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.55.100.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:37:01,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359021.877352, 'message': 'Dec  6 22:37:00 hqnl0246134 sshd[261364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 22:37:01,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359021.8775728, 'message': 'Dec  6 22:37:01 hqnl0246134 sshd[261369]: Failed password for invalid user xujie from 177.55.100.134 port 53484 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 22:37:03,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359023.881298, 'message': 'Dec  6 22:37:02 hqnl0246134 sshd[261364]: Failed password for root from 61.177.173.18 port 47849 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 22:37:03,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359023.881879, 'message': 'Dec  6 22:37:02 hqnl0246134 sshd[261369]: Disconnected from invalid user xujie 177.55.100.134 port 53484 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
WARNING [2022-12-06 22:37:10,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:37:10,796] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-06 22:37:15,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359035.8913012, 'message': 'Dec  6 22:37:15 hqnl0246134 sshd[261419]: Invalid user test_user from 43.153.11.85 port 52980', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 22:37:15,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359035.8915277, 'message': 'Dec  6 22:37:15 hqnl0246134 sshd[261419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.11.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 22:37:15,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359035.891704, 'message': 'Dec  6 22:37:15 hqnl0246134 sshd[261419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.11.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:37:17,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359037.8927622, 'message': 'Dec  6 22:37:17 hqnl0246134 sshd[261419]: Failed password for invalid user test_user from 43.153.11.85 port 52980 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:37:17,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359037.8929503, 'message': 'Dec  6 22:37:17 hqnl0246134 sshd[261419]: Disconnected from invalid user test_user 43.153.11.85 port 52980 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:37:18,263] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:37:18,264] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:37:18,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:37:18,282] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 22:37:22,013] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:37:22,013] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:37:22,021] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:37:22,033] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 22:37:23,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670359043.9061441, 'message': 'Dec  6 22:37:23 hqnl0246134 sshd[261436]: Invalid user kevin from 37.232.43.250 port 13204', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:37:23,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.232.43.250', 'timestamp': 1670359043.9064493, 'message': 'Dec  6 22:37:23 hqnl0246134 sshd[261436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.232.43.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:37:23,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.232.43.250', 'timestamp': 1670359043.9065657, 'message': 'Dec  6 22:37:23 hqnl0246134 sshd[261436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.232.43.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:37:25,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670359045.9131212, 'message': 'Dec  6 22:37:25 hqnl0246134 sshd[261436]: Failed password for invalid user kevin from 37.232.43.250 port 13204 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 22:37:27,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.232.43.250', 'timestamp': 1670359047.9202123, 'message': 'Dec  6 22:37:27 hqnl0246134 sshd[261436]: Disconnected from invalid user kevin 37.232.43.250 port 13204 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:37:35,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359055.934499, 'message': 'Dec  6 22:37:35 hqnl0246134 sshd[261446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 22:37:37,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359057.9372804, 'message': 'Dec  6 22:37:36 hqnl0246134 sshd[261446]: Failed password for root from 165.227.166.207 port 54642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:37:41,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359061.9431741, 'message': 'Dec  6 22:37:40 hqnl0246134 sshd[261449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:37:41,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359061.9434187, 'message': 'Dec  6 22:37:40 hqnl0246134 sshd[261449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:37:43,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359063.9452069, 'message': 'Dec  6 22:37:43 hqnl0246134 sshd[261449]: Failed password for root from 61.177.173.18 port 19477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:37:45,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359065.9481385, 'message': 'Dec  6 22:37:45 hqnl0246134 sshd[261449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:37:47,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359067.9507918, 'message': 'Dec  6 22:37:47 hqnl0246134 sshd[261449]: Failed password for root from 61.177.173.18 port 19477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:37:47,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359067.9510493, 'message': 'Dec  6 22:37:47 hqnl0246134 sshd[261452]: Invalid user test from 43.153.11.85 port 52540', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 22:37:48,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359067.9511893, 'message': 'Dec  6 22:37:47 hqnl0246134 sshd[261452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.11.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 22:37:48,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359067.9513257, 'message': 'Dec  6 22:37:47 hqnl0246134 sshd[261452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.11.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-06 22:37:49,357] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:37:49,357] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:37:50,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359069.9516873, 'message': 'Dec  6 22:37:49 hqnl0246134 sshd[261449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-06 22:37:50,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359069.9519985, 'message': 'Dec  6 22:37:49 hqnl0246134 sshd[261452]: Failed password for invalid user test from 43.153.11.85 port 52540 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-06 22:37:51,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359071.9546556, 'message': 'Dec  6 22:37:49 hqnl0246134 sshd[261452]: Disconnected from invalid user test 43.153.11.85 port 52540 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:37:53,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359073.9577441, 'message': 'Dec  6 22:37:52 hqnl0246134 sshd[261449]: Failed password for root from 61.177.173.18 port 19477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:38:00,568] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:38:00,637] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:38:00,638] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:38:00,638] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:38:00,639] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:38:00,639] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:38:00,651] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:38:00,667] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0272 seconds
WARNING [2022-12-06 22:38:00,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:38:00,676] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:38:00,693] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-06 22:38:00,694] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0297 seconds
INFO    [2022-12-06 22:38:01,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359081.970039, 'message': 'Dec  6 22:38:01 hqnl0246134 sshd[261455]: Invalid user print from 220.247.10.215 port 62896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:38:02,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359081.970242, 'message': 'Dec  6 22:38:01 hqnl0246134 sshd[261455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.247.10.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:38:02,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359081.9703693, 'message': 'Dec  6 22:38:01 hqnl0246134 sshd[261455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.10.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 22:38:05,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359085.9744449, 'message': 'Dec  6 22:38:04 hqnl0246134 sshd[261455]: Failed password for invalid user print from 220.247.10.215 port 62896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 22:38:06,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359085.9747825, 'message': 'Dec  6 22:38:05 hqnl0246134 sshd[261455]: Disconnected from invalid user print 220.247.10.215 port 62896 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:38:08,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:38:08,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:38:08,134] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:38:08,166] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0449 seconds
WARNING [2022-12-06 22:38:10,775] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:38:10,800] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-06 22:38:16,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359095.986141, 'message': 'Dec  6 22:38:14 hqnl0246134 sshd[261480]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.11.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 22:38:16,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359095.9863636, 'message': 'Dec  6 22:38:14 hqnl0246134 sshd[261480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.11.85  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:38:17,827] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:38:17,828] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:38:17,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:38:17,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-06 22:38:18,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.11.85', 'timestamp': 1670359097.9900553, 'message': 'Dec  6 22:38:16 hqnl0246134 sshd[261480]: Failed password for mysql from 43.153.11.85 port 35768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:38:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:38:20,556] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:38:20,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:38:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 22:38:28,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359107.9998162, 'message': 'Dec  6 22:38:27 hqnl0246134 sshd[261493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 22:38:28,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359108.000207, 'message': 'Dec  6 22:38:27 hqnl0246134 sshd[261493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:38:30,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359110.0007493, 'message': 'Dec  6 22:38:29 hqnl0246134 sshd[261493]: Failed password for root from 61.177.173.18 port 37756 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:38:30,776] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:38:30,777] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:38:30,778] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 22:38:32,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359112.0020452, 'message': 'Dec  6 22:38:31 hqnl0246134 sshd[261493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 22:38:34,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670359114.002434, 'message': 'Dec  6 22:38:32 hqnl0246134 sshd[261495]: Invalid user vpn from 152.89.196.220 port 30350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 22:38:34,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359114.0030303, 'message': 'Dec  6 22:38:33 hqnl0246134 sshd[261493]: Failed password for root from 61.177.173.18 port 37756 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 22:38:34,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670359114.0027702, 'message': 'Dec  6 22:38:32 hqnl0246134 sshd[261495]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:38:34,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670359114.002909, 'message': 'Dec  6 22:38:32 hqnl0246134 sshd[261495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 22:38:36,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670359116.005125, 'message': 'Dec  6 22:38:34 hqnl0246134 sshd[261495]: Failed password for invalid user vpn from 152.89.196.220 port 30350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:38:36,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670359116.005446, 'message': 'Dec  6 22:38:35 hqnl0246134 sshd[261495]: Disconnected from invalid user vpn 152.89.196.220 port 30350 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:38:38,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359118.0141807, 'message': 'Dec  6 22:38:36 hqnl0246134 sshd[261493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:38:38,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359118.014581, 'message': 'Dec  6 22:38:37 hqnl0246134 sshd[261505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.248.92.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:38:38,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359118.0148463, 'message': 'Dec  6 22:38:37 hqnl0246134 sshd[261505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.248.92.175  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 22:38:40,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359120.016261, 'message': 'Dec  6 22:38:38 hqnl0246134 sshd[261493]: Failed password for root from 61.177.173.18 port 37756 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 22:38:40,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359120.0165255, 'message': 'Dec  6 22:38:39 hqnl0246134 sshd[261505]: Failed password for root from 98.248.92.175 port 5241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
WARNING [2022-12-06 22:38:49,362] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:38:49,363] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:39:08,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359148.076171, 'message': 'Dec  6 22:39:07 hqnl0246134 sshd[261647]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.245.12.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 22:39:08,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359148.0767877, 'message': 'Dec  6 22:39:07 hqnl0246134 sshd[261647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.245.12.26  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 22:39:10,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359150.07979, 'message': 'Dec  6 22:39:09 hqnl0246134 sshd[261647]: Failed password for root from 170.245.12.26 port 47694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-06 22:39:10,782] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:39:10,816] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0436 seconds
INFO    [2022-12-06 22:39:16,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359156.0920894, 'message': 'Dec  6 22:39:14 hqnl0246134 sshd[261649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 22:39:16,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359156.0924487, 'message': 'Dec  6 22:39:14 hqnl0246134 sshd[261649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 22:39:18,019] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:39:18,020] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:39:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:39:18,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-06 22:39:18,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359158.093421, 'message': 'Dec  6 22:39:16 hqnl0246134 sshd[261649]: Failed password for root from 61.177.173.18 port 63905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 22:39:20,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359160.0948148, 'message': 'Dec  6 22:39:18 hqnl0246134 sshd[261649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:39:20,641] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:39:20,641] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:39:20,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:39:20,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-06 22:39:22,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359162.0971453, 'message': 'Dec  6 22:39:20 hqnl0246134 sshd[261649]: Failed password for root from 61.177.173.18 port 63905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:39:22,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359162.0973315, 'message': 'Dec  6 22:39:20 hqnl0246134 sshd[261663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 22:39:22,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359162.097473, 'message': 'Dec  6 22:39:21 hqnl0246134 sshd[261649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:39:24,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359164.098988, 'message': 'Dec  6 22:39:22 hqnl0246134 sshd[261663]: Failed password for root from 165.227.166.207 port 36730 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-06 22:39:24,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359164.0998907, 'message': 'Dec  6 22:39:23 hqnl0246134 sshd[261649]: Failed password for root from 61.177.173.18 port 63905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-06 22:39:25,188] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:39:25,188] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:39:25,195] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:39:25,206] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 22:39:30,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359170.1071098, 'message': 'Dec  6 22:39:28 hqnl0246134 sshd[261671]: Invalid user atom from 43.153.68.27 port 46494', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:39:30,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359170.1073854, 'message': 'Dec  6 22:39:28 hqnl0246134 sshd[261671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.68.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:39:30,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359170.107507, 'message': 'Dec  6 22:39:28 hqnl0246134 sshd[261671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.68.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:39:32,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359172.1095302, 'message': 'Dec  6 22:39:30 hqnl0246134 sshd[261671]: Failed password for invalid user atom from 43.153.68.27 port 46494 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:39:32,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359172.1097507, 'message': 'Dec  6 22:39:31 hqnl0246134 sshd[261671]: Disconnected from invalid user atom 43.153.68.27 port 46494 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:39:44,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359184.1351707, 'message': 'Dec  6 22:39:43 hqnl0246134 sshd[261682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.0.15.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:39:44,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359184.1359582, 'message': 'Dec  6 22:39:43 hqnl0246134 sshd[261682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:39:46,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359186.1441944, 'message': 'Dec  6 22:39:45 hqnl0246134 sshd[261682]: Failed password for root from 95.0.15.234 port 25504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 22:39:49,367] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:39:49,368] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:40:00,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359200.1897736, 'message': 'Dec  6 22:40:00 hqnl0246134 sshd[261687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:40:00,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359200.1904318, 'message': 'Dec  6 22:40:00 hqnl0246134 sshd[261687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:40:02,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359202.2115753, 'message': 'Dec  6 22:40:02 hqnl0246134 sshd[261687]: Failed password for root from 61.177.173.18 port 22451 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2458 seconds
INFO    [2022-12-06 22:40:02,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359202.2118635, 'message': 'Dec  6 22:40:02 hqnl0246134 sshd[261695]: Invalid user demo from 43.153.30.100 port 54822', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2463 seconds
INFO    [2022-12-06 22:40:04,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359204.2029862, 'message': 'Dec  6 22:40:02 hqnl0246134 sshd[261695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:40:04,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359204.2035148, 'message': 'Dec  6 22:40:02 hqnl0246134 sshd[261695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 22:40:04,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359204.2037184, 'message': 'Dec  6 22:40:03 hqnl0246134 sshd[261695]: Failed password for invalid user demo from 43.153.30.100 port 54822 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 22:40:06,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359206.2007556, 'message': 'Dec  6 22:40:04 hqnl0246134 sshd[261695]: Disconnected from invalid user demo 43.153.30.100 port 54822 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 22:40:06,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359206.2009413, 'message': 'Dec  6 22:40:04 hqnl0246134 sshd[261687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 22:40:08,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359208.2037356, 'message': 'Dec  6 22:40:06 hqnl0246134 sshd[261687]: Failed password for root from 61.177.173.18 port 22451 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:40:08,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359208.2040083, 'message': 'Dec  6 22:40:06 hqnl0246134 sshd[261687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:40:10,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359210.2055194, 'message': 'Dec  6 22:40:08 hqnl0246134 sshd[261687]: Failed password for root from 61.177.173.18 port 22451 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 22:40:10,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:40:10,814] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0369 seconds
INFO    [2022-12-06 22:40:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:40:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:40:17,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:40:17,912] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 22:40:20,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:40:20,539] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:40:20,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:40:20,560] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:40:46,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359246.2468078, 'message': 'Dec  6 22:40:45 hqnl0246134 sshd[261756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:40:46,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359246.2477558, 'message': 'Dec  6 22:40:45 hqnl0246134 sshd[261756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 22:40:48,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359248.2670555, 'message': 'Dec  6 22:40:47 hqnl0246134 sshd[261756]: Failed password for root from 61.177.173.18 port 48094 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 22:40:49,370] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:40:49,371] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:40:50,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359250.2491605, 'message': 'Dec  6 22:40:50 hqnl0246134 sshd[261756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:40:52,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359252.2505121, 'message': 'Dec  6 22:40:52 hqnl0246134 sshd[261756]: Failed password for root from 61.177.173.18 port 48094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:40:54,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359254.2527828, 'message': 'Dec  6 22:40:52 hqnl0246134 sshd[261756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-06 22:40:54,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359254.2530458, 'message': 'Dec  6 22:40:54 hqnl0246134 sshd[261756]: Failed password for root from 61.177.173.18 port 48094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 22:40:57,239] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:40:57,240] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:40:57,247] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:40:57,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 22:41:06,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359266.2631414, 'message': 'Dec  6 22:41:04 hqnl0246134 sshd[261802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 22:41:06,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359266.264708, 'message': 'Dec  6 22:41:06 hqnl0246134 sshd[261802]: Failed password for root from 165.227.166.207 port 46980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 22:41:10,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:41:10,814] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0296 seconds
INFO    [2022-12-06 22:41:17,961] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:41:17,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:41:17,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:41:17,997] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
INFO    [2022-12-06 22:41:18,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359278.3644807, 'message': 'Dec  6 22:41:17 hqnl0246134 sshd[261815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.24.222 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:41:18,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359278.3646498, 'message': 'Dec  6 22:41:17 hqnl0246134 sshd[261815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.24.222  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:41:20,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359280.2822013, 'message': 'Dec  6 22:41:20 hqnl0246134 sshd[261815]: Failed password for root from 178.62.24.222 port 43208 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:41:20,710] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:41:20,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:41:20,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:41:20,732] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 22:41:22,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359282.288784, 'message': 'Dec  6 22:41:20 hqnl0246134 sshd[261818]: Invalid user myuser from 98.248.92.175 port 33314', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:41:22,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359282.2890315, 'message': 'Dec  6 22:41:20 hqnl0246134 sshd[261818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.248.92.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:41:22,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359282.289159, 'message': 'Dec  6 22:41:20 hqnl0246134 sshd[261818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.248.92.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:41:24,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359284.2907681, 'message': 'Dec  6 22:41:22 hqnl0246134 sshd[261818]: Failed password for invalid user myuser from 98.248.92.175 port 33314 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:41:24,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359284.2910452, 'message': 'Dec  6 22:41:23 hqnl0246134 sshd[261818]: Disconnected from invalid user myuser 98.248.92.175 port 33314 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:41:26,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359286.292992, 'message': 'Dec  6 22:41:24 hqnl0246134 sshd[261824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.135.20.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:41:26,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359286.2931945, 'message': 'Dec  6 22:41:24 hqnl0246134 sshd[261824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.135.20.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:41:28,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359288.29416, 'message': 'Dec  6 22:41:26 hqnl0246134 sshd[261824]: Failed password for root from 194.135.20.5 port 43916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:41:32,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359292.301713, 'message': 'Dec  6 22:41:30 hqnl0246134 sshd[261826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:41:32,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359292.30197, 'message': 'Dec  6 22:41:30 hqnl0246134 sshd[261826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:41:34,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359294.3079226, 'message': 'Dec  6 22:41:32 hqnl0246134 sshd[261826]: Failed password for root from 61.177.173.18 port 18050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 22:41:34,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359294.3086975, 'message': 'Dec  6 22:41:33 hqnl0246134 sshd[261826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 22:41:36,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359296.309578, 'message': 'Dec  6 22:41:35 hqnl0246134 sshd[261826]: Failed password for root from 61.177.173.18 port 18050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-06 22:41:38,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359298.3119605, 'message': 'Dec  6 22:41:37 hqnl0246134 sshd[261826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:41:40,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359300.3153865, 'message': 'Dec  6 22:41:39 hqnl0246134 sshd[261826]: Failed password for root from 61.177.173.18 port 18050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-06 22:41:49,373] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:41:49,374] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 22:41:54,037] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 22:42:08,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359328.372908, 'message': 'Dec  6 22:42:07 hqnl0246134 sshd[261867]: Invalid user bitnami from 194.204.194.11 port 47286', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:42:08,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359328.3743732, 'message': 'Dec  6 22:42:08 hqnl0246134 sshd[261867]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:42:08,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359328.3748357, 'message': 'Dec  6 22:42:08 hqnl0246134 sshd[261867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 22:42:10,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359330.3746395, 'message': 'Dec  6 22:42:09 hqnl0246134 sshd[261867]: Failed password for invalid user bitnami from 194.204.194.11 port 47286 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 22:42:10,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359330.3750794, 'message': 'Dec  6 22:42:10 hqnl0246134 sshd[261869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.68.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 22:42:10,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359330.3749008, 'message': 'Dec  6 22:42:09 hqnl0246134 sshd[261867]: Disconnected from invalid user bitnami 194.204.194.11 port 47286 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 22:42:10,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359330.3752782, 'message': 'Dec  6 22:42:10 hqnl0246134 sshd[261869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.68.27  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
WARNING [2022-12-06 22:42:10,798] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:42:10,827] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-06 22:42:12,206] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:42:12,207] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:42:12,220] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:42:12,238] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-06 22:42:12,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359332.3766773, 'message': 'Dec  6 22:42:11 hqnl0246134 sshd[261869]: Failed password for root from 43.153.68.27 port 39354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:42:17,841] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:42:17,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:42:17,850] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:42:17,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 22:42:18,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359338.3852851, 'message': 'Dec  6 22:42:16 hqnl0246134 sshd[261877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:42:18,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359338.3854945, 'message': 'Dec  6 22:42:16 hqnl0246134 sshd[261877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:42:20,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359340.3897018, 'message': 'Dec  6 22:42:19 hqnl0246134 sshd[261877]: Failed password for root from 61.177.173.18 port 46129 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:42:20,582] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:42:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:42:20,590] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:42:20,601] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-06 22:42:22,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359342.3920271, 'message': 'Dec  6 22:42:21 hqnl0246134 sshd[261877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:42:22,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359342.3922346, 'message': 'Dec  6 22:42:22 hqnl0246134 sshd[261889]: Invalid user nfs from 220.247.10.215 port 62145', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:42:22,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359342.3923943, 'message': 'Dec  6 22:42:22 hqnl0246134 sshd[261889]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.247.10.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:42:22,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359342.392624, 'message': 'Dec  6 22:42:22 hqnl0246134 sshd[261889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.10.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:42:24,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359344.39401, 'message': 'Dec  6 22:42:22 hqnl0246134 sshd[261877]: Failed password for root from 61.177.173.18 port 46129 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 22:42:24,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359344.3943229, 'message': 'Dec  6 22:42:23 hqnl0246134 sshd[261877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:42:26,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359346.396818, 'message': 'Dec  6 22:42:24 hqnl0246134 sshd[261889]: Failed password for invalid user nfs from 220.247.10.215 port 62145 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-06 22:42:26,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359346.3969984, 'message': 'Dec  6 22:42:25 hqnl0246134 sshd[261877]: Failed password for root from 61.177.173.18 port 46129 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0672 seconds
INFO    [2022-12-06 22:42:26,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359346.397745, 'message': 'Dec  6 22:42:25 hqnl0246134 sshd[261891]: Invalid user admin from 193.179.226.199 port 38354', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0673 seconds
INFO    [2022-12-06 22:42:26,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359346.3978512, 'message': 'Dec  6 22:42:25 hqnl0246134 sshd[261891]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.179.226.199 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:42:26,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359346.3979533, 'message': 'Dec  6 22:42:25 hqnl0246134 sshd[261891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.179.226.199 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 22:42:28,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359348.398705, 'message': 'Dec  6 22:42:26 hqnl0246134 sshd[261889]: Disconnected from invalid user nfs 220.247.10.215 port 62145 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0611 seconds
INFO    [2022-12-06 22:42:28,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359348.399011, 'message': 'Dec  6 22:42:27 hqnl0246134 sshd[261891]: Failed password for invalid user admin from 193.179.226.199 port 38354 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-06 22:42:28,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359348.399202, 'message': 'Dec  6 22:42:27 hqnl0246134 sshd[261891]: Disconnected from invalid user admin 193.179.226.199 port 38354 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 22:42:49,378] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:42:49,379] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:42:50,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359370.4237263, 'message': 'Dec  6 22:42:48 hqnl0246134 sshd[261910]: Invalid user gerrit from 202.165.246.58 port 56084', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:42:50,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359370.4246268, 'message': 'Dec  6 22:42:50 hqnl0246134 sshd[261913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:42:50,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359370.4242742, 'message': 'Dec  6 22:42:48 hqnl0246134 sshd[261910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:42:50,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359370.4244633, 'message': 'Dec  6 22:42:48 hqnl0246134 sshd[261910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:42:52,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359372.4226184, 'message': 'Dec  6 22:42:50 hqnl0246134 sshd[261910]: Failed password for invalid user gerrit from 202.165.246.58 port 56084 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 22:42:52,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359372.4229252, 'message': 'Dec  6 22:42:51 hqnl0246134 sshd[261912]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-06 22:42:52,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359372.4232402, 'message': 'Dec  6 22:42:52 hqnl0246134 sshd[261913]: Failed password for root from 165.227.166.207 port 57310 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-06 22:42:52,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359372.4227962, 'message': 'Dec  6 22:42:50 hqnl0246134 sshd[261910]: Disconnected from invalid user gerrit 202.165.246.58 port 56084 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 22:42:52,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359372.4230368, 'message': 'Dec  6 22:42:51 hqnl0246134 sshd[261912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 22:42:54,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359374.4254699, 'message': 'Dec  6 22:42:53 hqnl0246134 sshd[261912]: Failed password for root from 178.128.55.198 port 37458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0640 seconds
INFO    [2022-12-06 22:43:02,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359382.4431, 'message': 'Dec  6 22:43:01 hqnl0246134 sshd[261922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:43:02,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359382.4435773, 'message': 'Dec  6 22:43:01 hqnl0246134 sshd[261922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:43:04,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359384.444385, 'message': 'Dec  6 22:43:03 hqnl0246134 sshd[261922]: Failed password for root from 61.177.173.18 port 61750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:43:06,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359386.4459708, 'message': 'Dec  6 22:43:05 hqnl0246134 sshd[261922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:43:08,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359388.449933, 'message': 'Dec  6 22:43:07 hqnl0246134 sshd[261922]: Failed password for root from 61.177.173.18 port 61750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:43:08,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359388.4501333, 'message': 'Dec  6 22:43:07 hqnl0246134 sshd[261922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:43:10,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359390.4502223, 'message': 'Dec  6 22:43:09 hqnl0246134 sshd[261922]: Failed password for root from 61.177.173.18 port 61750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 22:43:10,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:43:10,825] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-06 22:43:17,779] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:43:17,780] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:43:17,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:43:17,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 22:43:20,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:43:20,555] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:43:20,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:43:20,611] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0553 seconds
INFO    [2022-12-06 22:43:22,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359402.4668334, 'message': 'Dec  6 22:43:21 hqnl0246134 sshd[261955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.245.12.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:43:22,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359402.4670267, 'message': 'Dec  6 22:43:21 hqnl0246134 sshd[261955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.245.12.26  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:43:24,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359404.4719172, 'message': 'Dec  6 22:43:24 hqnl0246134 sshd[261955]: Failed password for root from 170.245.12.26 port 40484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:43:28,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:43:28,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:43:28,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:43:28,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 22:43:44,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359424.5000768, 'message': 'Dec  6 22:43:42 hqnl0246134 sshd[261974]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.248.92.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:43:44,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359424.500862, 'message': 'Dec  6 22:43:42 hqnl0246134 sshd[261974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.248.92.175  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:43:46,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '98.248.92.175', 'timestamp': 1670359426.4982252, 'message': 'Dec  6 22:43:44 hqnl0246134 sshd[261974]: Failed password for root from 98.248.92.175 port 3918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:43:48,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359428.5008323, 'message': 'Dec  6 22:43:47 hqnl0246134 sshd[261977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:43:48,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359428.501076, 'message': 'Dec  6 22:43:47 hqnl0246134 sshd[261977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-06 22:43:49,383] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:43:49,384] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:43:50,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359430.5035112, 'message': 'Dec  6 22:43:49 hqnl0246134 sshd[261977]: Failed password for root from 61.177.173.18 port 31686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 22:43:52,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359432.5060594, 'message': 'Dec  6 22:43:51 hqnl0246134 sshd[261977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 22:43:52,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359432.5063536, 'message': 'Dec  6 22:43:52 hqnl0246134 sshd[261980]: Invalid user admin from 95.0.15.234 port 13184', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:43:52,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359432.506553, 'message': 'Dec  6 22:43:52 hqnl0246134 sshd[261980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.0.15.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:43:52,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359432.5066972, 'message': 'Dec  6 22:43:52 hqnl0246134 sshd[261980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:43:54,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359434.5096323, 'message': 'Dec  6 22:43:53 hqnl0246134 sshd[261977]: Failed password for root from 61.177.173.18 port 31686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:43:56,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359436.512333, 'message': 'Dec  6 22:43:54 hqnl0246134 sshd[261980]: Failed password for invalid user admin from 95.0.15.234 port 13184 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:43:56,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359436.512539, 'message': 'Dec  6 22:43:56 hqnl0246134 sshd[261977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 22:43:56,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359436.5126479, 'message': 'Dec  6 22:43:56 hqnl0246134 sshd[261980]: Disconnected from invalid user admin 95.0.15.234 port 13184 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:43:58,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359438.518567, 'message': 'Dec  6 22:43:58 hqnl0246134 sshd[261977]: Failed password for root from 61.177.173.18 port 31686 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0355 seconds
WARNING [2022-12-06 22:44:10,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:44:10,834] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-06 22:44:17,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:44:17,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:44:17,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:44:17,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 22:44:20,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:44:20,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:44:20,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:44:20,423] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 22:44:34,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359474.589575, 'message': 'Dec  6 22:44:34 hqnl0246134 sshd[262043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 22:44:34,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359474.5899947, 'message': 'Dec  6 22:44:34 hqnl0246134 sshd[262043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:44:38,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359478.598881, 'message': 'Dec  6 22:44:36 hqnl0246134 sshd[262043]: Failed password for root from 61.177.173.18 port 55913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 22:44:40,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359480.5982237, 'message': 'Dec  6 22:44:38 hqnl0246134 sshd[262043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 22:44:42,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359482.6016803, 'message': 'Dec  6 22:44:40 hqnl0246134 sshd[262043]: Failed password for root from 61.177.173.18 port 55913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:44:44,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359484.6037035, 'message': 'Dec  6 22:44:43 hqnl0246134 sshd[262043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 22:44:44,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359484.6039994, 'message': 'Dec  6 22:44:43 hqnl0246134 sshd[262054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 22:44:46,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359486.6058524, 'message': 'Dec  6 22:44:45 hqnl0246134 sshd[262043]: Failed password for root from 61.177.173.18 port 55913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 22:44:46,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359486.609043, 'message': 'Dec  6 22:44:45 hqnl0246134 sshd[262054]: Failed password for root from 165.227.166.207 port 39364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 22:44:48,077] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:44:48,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:44:48,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:44:48,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0406 seconds
WARNING [2022-12-06 22:44:49,386] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:44:49,387] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:44:50,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359490.6144593, 'message': 'Dec  6 22:44:50 hqnl0246134 sshd[262062]: Invalid user anna from 43.153.68.27 port 33854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 22:44:50,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359490.6147783, 'message': 'Dec  6 22:44:50 hqnl0246134 sshd[262062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.68.27 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 22:44:50,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359490.6161118, 'message': 'Dec  6 22:44:50 hqnl0246134 sshd[262062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.68.27 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:44:52,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359492.616707, 'message': 'Dec  6 22:44:52 hqnl0246134 sshd[262062]: Failed password for invalid user anna from 43.153.68.27 port 33854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 22:44:52,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.68.27', 'timestamp': 1670359492.6169362, 'message': 'Dec  6 22:44:52 hqnl0246134 sshd[262062]: Disconnected from invalid user anna 43.153.68.27 port 33854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:45:02,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359502.6313078, 'message': 'Dec  6 22:45:02 hqnl0246134 sshd[262066]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.74.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-06 22:45:02,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359502.6316853, 'message': 'Dec  6 22:45:02 hqnl0246134 sshd[262066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.74.3  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 22:45:04,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359504.6326253, 'message': 'Dec  6 22:45:04 hqnl0246134 sshd[262066]: Failed password for root from 167.71.74.3 port 40346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
WARNING [2022-12-06 22:45:10,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:45:10,840] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 22:45:17,721] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:45:17,722] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:45:17,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:45:17,743] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:45:20,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:45:20,323] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:45:20,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:45:20,342] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 22:45:20,470] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:45:20,539] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:45:20,540] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:45:20,540] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:45:20,540] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:45:20,541] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:45:20,550] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:45:20,567] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0254 seconds
WARNING [2022-12-06 22:45:20,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:45:20,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:45:20,594] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0336 seconds
INFO    [2022-12-06 22:45:20,596] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0315 seconds
INFO    [2022-12-06 22:45:22,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359522.661438, 'message': 'Dec  6 22:45:21 hqnl0246134 sshd[262115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:45:22,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359522.6617324, 'message': 'Dec  6 22:45:21 hqnl0246134 sshd[262115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:45:24,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359524.6641254, 'message': 'Dec  6 22:45:22 hqnl0246134 sshd[262115]: Failed password for root from 61.177.173.18 port 19613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 22:45:24,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359524.6647854, 'message': 'Dec  6 22:45:24 hqnl0246134 sshd[262120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.245.12.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 22:45:24,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359524.6646059, 'message': 'Dec  6 22:45:23 hqnl0246134 sshd[262115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 22:45:24,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359524.664988, 'message': 'Dec  6 22:45:24 hqnl0246134 sshd[262120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.245.12.26  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 22:45:26,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359526.668104, 'message': 'Dec  6 22:45:24 hqnl0246134 sshd[262121]: Invalid user user from 220.247.10.215 port 62002', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 22:45:26,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359526.6688948, 'message': 'Dec  6 22:45:25 hqnl0246134 sshd[262115]: Failed password for root from 61.177.173.18 port 19613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 22:45:26,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359526.6686172, 'message': 'Dec  6 22:45:24 hqnl0246134 sshd[262121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.247.10.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:45:26,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359526.6687586, 'message': 'Dec  6 22:45:24 hqnl0246134 sshd[262121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.10.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:45:28,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359528.6697917, 'message': 'Dec  6 22:45:26 hqnl0246134 sshd[262120]: Failed password for root from 170.245.12.26 port 38442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 22:45:28,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359528.670049, 'message': 'Dec  6 22:45:27 hqnl0246134 sshd[262121]: Failed password for invalid user user from 220.247.10.215 port 62002 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0551 seconds
INFO    [2022-12-06 22:45:28,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359528.6701741, 'message': 'Dec  6 22:45:27 hqnl0246134 sshd[262115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-06 22:45:30,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359530.6713357, 'message': 'Dec  6 22:45:29 hqnl0246134 sshd[262121]: Disconnected from invalid user user 220.247.10.215 port 62002 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:45:30,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359530.671656, 'message': 'Dec  6 22:45:30 hqnl0246134 sshd[262115]: Failed password for root from 61.177.173.18 port 19613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
WARNING [2022-12-06 22:45:49,391] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:45:49,393] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:45:50,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359550.7125082, 'message': 'Dec  6 22:45:49 hqnl0246134 sshd[262139]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:45:50,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359550.7135775, 'message': 'Dec  6 22:45:49 hqnl0246134 sshd[262139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 22:45:52,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359552.7148483, 'message': 'Dec  6 22:45:51 hqnl0246134 sshd[262139]: Failed password for root from 103.89.85.14 port 48848 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 22:45:56,626] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:45:56,626] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:45:56,635] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:45:56,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 22:45:58,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359558.7204876, 'message': 'Dec  6 22:45:58 hqnl0246134 sshd[262147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:45:58,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359558.720697, 'message': 'Dec  6 22:45:58 hqnl0246134 sshd[262147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:46:01,193] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:46:01,193] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:46:01,194] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 22:46:02,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359562.7257605, 'message': 'Dec  6 22:46:00 hqnl0246134 sshd[262147]: Failed password for root from 178.128.55.198 port 54404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:46:08,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359568.733564, 'message': 'Dec  6 22:46:07 hqnl0246134 sshd[262165]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0597 seconds
INFO    [2022-12-06 22:46:08,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359568.734418, 'message': 'Dec  6 22:46:08 hqnl0246134 sshd[262167]: Invalid user mcserver from 95.0.15.234 port 54212', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0609 seconds
INFO    [2022-12-06 22:46:08,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359568.734175, 'message': 'Dec  6 22:46:07 hqnl0246134 sshd[262165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 22:46:08,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359568.7345448, 'message': 'Dec  6 22:46:08 hqnl0246134 sshd[262167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.0.15.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 22:46:08,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359568.734663, 'message': 'Dec  6 22:46:08 hqnl0246134 sshd[262167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:46:10,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359570.7354717, 'message': 'Dec  6 22:46:09 hqnl0246134 sshd[262165]: Failed password for root from 61.177.173.18 port 42900 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:46:10,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359570.735729, 'message': 'Dec  6 22:46:10 hqnl0246134 sshd[262167]: Failed password for invalid user mcserver from 95.0.15.234 port 54212 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:46:10,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359570.7358723, 'message': 'Dec  6 22:46:10 hqnl0246134 sshd[262165]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-06 22:46:10,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:46:10,852] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0467 seconds
INFO    [2022-12-06 22:46:12,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359572.7373772, 'message': 'Dec  6 22:46:10 hqnl0246134 sshd[262167]: Disconnected from invalid user mcserver 95.0.15.234 port 54212 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:46:14,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359574.7411666, 'message': 'Dec  6 22:46:12 hqnl0246134 sshd[262165]: Failed password for root from 61.177.173.18 port 42900 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 22:46:14,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359574.7414796, 'message': 'Dec  6 22:46:14 hqnl0246134 sshd[262165]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:46:17,941] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:46:17,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:46:17,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:46:17,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 22:46:18,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359578.744965, 'message': 'Dec  6 22:46:17 hqnl0246134 sshd[262165]: Failed password for root from 61.177.173.18 port 42900 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:46:20,648] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:46:20,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:46:20,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:46:20,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 22:46:20,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359580.7469702, 'message': 'Dec  6 22:46:18 hqnl0246134 sshd[262175]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-06 22:46:20,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359580.7472808, 'message': 'Dec  6 22:46:20 hqnl0246134 sshd[262179]: Invalid user wordpress from 203.76.121.230 port 55774', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:46:20,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359580.747145, 'message': 'Dec  6 22:46:18 hqnl0246134 sshd[262175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-06 22:46:20,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359580.7474048, 'message': 'Dec  6 22:46:20 hqnl0246134 sshd[262179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.76.121.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-06 22:46:20,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359580.74763, 'message': 'Dec  6 22:46:20 hqnl0246134 sshd[262175]: Failed password for root from 202.165.246.58 port 55826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 22:46:20,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359580.7475095, 'message': 'Dec  6 22:46:20 hqnl0246134 sshd[262179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.121.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 22:46:22,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359582.7524586, 'message': 'Dec  6 22:46:22 hqnl0246134 sshd[262179]: Failed password for invalid user wordpress from 203.76.121.230 port 55774 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 22:46:24,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359584.754433, 'message': 'Dec  6 22:46:23 hqnl0246134 sshd[262179]: Disconnected from invalid user wordpress 203.76.121.230 port 55774 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:46:46,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359606.7935157, 'message': 'Dec  6 22:46:44 hqnl0246134 sshd[262194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 22:46:48,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359608.7995732, 'message': 'Dec  6 22:46:46 hqnl0246134 sshd[262194]: Failed password for root from 165.227.166.207 port 49652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 22:46:49,398] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:46:49,398] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:46:54,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359614.80995, 'message': 'Dec  6 22:46:54 hqnl0246134 sshd[262198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:46:54,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359614.81046, 'message': 'Dec  6 22:46:54 hqnl0246134 sshd[262198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:46:56,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359616.810038, 'message': 'Dec  6 22:46:55 hqnl0246134 sshd[262198]: Failed password for root from 61.177.173.18 port 63575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 22:46:56,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359616.810295, 'message': 'Dec  6 22:46:56 hqnl0246134 sshd[262198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-06 22:46:58,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359618.812892, 'message': 'Dec  6 22:46:58 hqnl0246134 sshd[262198]: Failed password for root from 61.177.173.18 port 63575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-06 22:46:58,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359618.813268, 'message': 'Dec  6 22:46:58 hqnl0246134 sshd[262198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:47:02,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359622.8234386, 'message': 'Dec  6 22:47:01 hqnl0246134 sshd[262198]: Failed password for root from 61.177.173.18 port 63575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 22:47:05,696] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:47:05,697] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:47:05,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:47:05,719] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
WARNING [2022-12-06 22:47:10,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:47:10,852] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-06 22:47:17,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:47:17,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:47:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:47:17,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 22:47:18,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359638.8455563, 'message': 'Dec  6 22:47:18 hqnl0246134 sshd[262245]: Invalid user vijay from 178.62.24.222 port 59754', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 22:47:18,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359638.8458784, 'message': 'Dec  6 22:47:18 hqnl0246134 sshd[262245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.24.222 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:47:18,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359638.8461125, 'message': 'Dec  6 22:47:18 hqnl0246134 sshd[262245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.24.222 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 22:47:20,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:47:20,715] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:47:20,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:47:20,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
INFO    [2022-12-06 22:47:20,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359640.8456173, 'message': 'Dec  6 22:47:19 hqnl0246134 sshd[262245]: Failed password for invalid user vijay from 178.62.24.222 port 59754 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 22:47:20,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359640.8457897, 'message': 'Dec  6 22:47:19 hqnl0246134 sshd[262245]: Disconnected from invalid user vijay 178.62.24.222 port 59754 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:47:32,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359652.8748527, 'message': 'Dec  6 22:47:31 hqnl0246134 sshd[262255]: Invalid user jack from 170.245.12.26 port 36428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 22:47:32,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359652.8771129, 'message': 'Dec  6 22:47:31 hqnl0246134 sshd[262255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.245.12.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:47:32,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359652.8773057, 'message': 'Dec  6 22:47:31 hqnl0246134 sshd[262255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.245.12.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:47:34,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359654.8767626, 'message': 'Dec  6 22:47:33 hqnl0246134 sshd[262255]: Failed password for invalid user jack from 170.245.12.26 port 36428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 22:47:34,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.245.12.26', 'timestamp': 1670359654.8769546, 'message': 'Dec  6 22:47:33 hqnl0246134 sshd[262255]: Disconnected from invalid user jack 170.245.12.26 port 36428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-06 22:47:40,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359660.8910124, 'message': 'Dec  6 22:47:39 hqnl0246134 sshd[262268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.233.142.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 22:47:40,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359660.8922143, 'message': 'Dec  6 22:47:40 hqnl0246134 sshd[262270]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 22:47:40,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359660.8914924, 'message': 'Dec  6 22:47:39 hqnl0246134 sshd[262268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.233.142.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 22:47:40,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359660.8924096, 'message': 'Dec  6 22:47:40 hqnl0246134 sshd[262270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:47:42,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359662.8931663, 'message': 'Dec  6 22:47:41 hqnl0246134 sshd[262268]: Failed password for root from 85.233.142.6 port 33468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:47:42,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359662.900843, 'message': 'Dec  6 22:47:42 hqnl0246134 sshd[262270]: Failed password for root from 61.177.173.18 port 30227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 22:47:42,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359662.900982, 'message': 'Dec  6 22:47:42 hqnl0246134 sshd[262270]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 22:47:44,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359664.8957543, 'message': 'Dec  6 22:47:44 hqnl0246134 sshd[262270]: Failed password for root from 61.177.173.18 port 30227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 22:47:46,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359666.898894, 'message': 'Dec  6 22:47:44 hqnl0246134 sshd[262274]: Invalid user kevin from 167.71.74.3 port 57922', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 22:47:46,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359666.8994322, 'message': 'Dec  6 22:47:45 hqnl0246134 sshd[262270]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 22:47:46,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359666.8991673, 'message': 'Dec  6 22:47:44 hqnl0246134 sshd[262274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.74.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:47:46,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359666.8992825, 'message': 'Dec  6 22:47:44 hqnl0246134 sshd[262274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.74.3 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:47:48,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359668.9015117, 'message': 'Dec  6 22:47:47 hqnl0246134 sshd[262274]: Failed password for invalid user kevin from 167.71.74.3 port 57922 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:47:48,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359668.901755, 'message': 'Dec  6 22:47:47 hqnl0246134 sshd[262270]: Failed password for root from 61.177.173.18 port 30227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:47:48,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359668.901871, 'message': 'Dec  6 22:47:48 hqnl0246134 sshd[262274]: Disconnected from invalid user kevin 167.71.74.3 port 57922 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:47:49,401] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:47:49,402] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:48:02,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359682.932757, 'message': 'Dec  6 22:48:02 hqnl0246134 sshd[262285]: Invalid user mcserver from 193.179.226.199 port 57242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:48:02,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359682.9331965, 'message': 'Dec  6 22:48:02 hqnl0246134 sshd[262285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.179.226.199 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:48:02,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359682.9333708, 'message': 'Dec  6 22:48:02 hqnl0246134 sshd[262285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.179.226.199 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:48:04,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359684.9345405, 'message': 'Dec  6 22:48:04 hqnl0246134 sshd[262285]: Failed password for invalid user mcserver from 193.179.226.199 port 57242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:48:04,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359684.9347475, 'message': 'Dec  6 22:48:04 hqnl0246134 sshd[262285]: Disconnected from invalid user mcserver 193.179.226.199 port 57242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:48:07,046] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:48:07,047] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:48:07,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:48:07,071] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0235 seconds
WARNING [2022-12-06 22:48:10,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:48:10,850] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-06 22:48:19,037] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:48:19,038] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:48:19,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:48:19,189] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1440 seconds
INFO    [2022-12-06 22:48:19,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359699.0463002, 'message': 'Dec  6 22:48:17 hqnl0246134 sshd[262304]: Invalid user system from 43.153.30.100 port 37020', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1437 seconds
INFO    [2022-12-06 22:48:19,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359699.0464706, 'message': 'Dec  6 22:48:17 hqnl0246134 sshd[262304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 22:48:19,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359699.0465949, 'message': 'Dec  6 22:48:17 hqnl0246134 sshd[262304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-06 22:48:20,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359700.9669192, 'message': 'Dec  6 22:48:19 hqnl0246134 sshd[262304]: Failed password for invalid user system from 43.153.30.100 port 37020 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:48:20,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359700.9670997, 'message': 'Dec  6 22:48:19 hqnl0246134 sshd[262312]: Invalid user ubuntu from 220.247.10.215 port 62497', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 22:48:21,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359700.967488, 'message': 'Dec  6 22:48:20 hqnl0246134 sshd[262304]: Disconnected from invalid user system 43.153.30.100 port 37020 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:48:21,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359700.9672623, 'message': 'Dec  6 22:48:19 hqnl0246134 sshd[262312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.247.10.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 22:48:21,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359700.9673696, 'message': 'Dec  6 22:48:19 hqnl0246134 sshd[262312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.10.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:48:22,571] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:48:22,571] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:48:22,578] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:48:22,589] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:48:23,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359702.970238, 'message': 'Dec  6 22:48:21 hqnl0246134 sshd[262312]: Failed password for invalid user ubuntu from 220.247.10.215 port 62497 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 22:48:23,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359702.9705184, 'message': 'Dec  6 22:48:21 hqnl0246134 sshd[262317]: Invalid user serveur from 177.55.100.134 port 55108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 22:48:23,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.247.10.215', 'timestamp': 1670359702.9706995, 'message': 'Dec  6 22:48:21 hqnl0246134 sshd[262312]: Disconnected from invalid user ubuntu 220.247.10.215 port 62497 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 22:48:23,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359702.970878, 'message': 'Dec  6 22:48:21 hqnl0246134 sshd[262317]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.55.100.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 22:48:23,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359702.9710608, 'message': 'Dec  6 22:48:21 hqnl0246134 sshd[262317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.55.100.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:48:24,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359704.9706361, 'message': 'Dec  6 22:48:24 hqnl0246134 sshd[262317]: Failed password for invalid user serveur from 177.55.100.134 port 55108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 22:48:25,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359704.970897, 'message': 'Dec  6 22:48:24 hqnl0246134 sshd[262317]: Disconnected from invalid user serveur 177.55.100.134 port 55108 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:48:27,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359706.9736118, 'message': 'Dec  6 22:48:25 hqnl0246134 sshd[262325]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 22:48:27,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359706.9740305, 'message': 'Dec  6 22:48:26 hqnl0246134 sshd[262329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 22:48:27,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359706.9739017, 'message': 'Dec  6 22:48:25 hqnl0246134 sshd[262325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 22:48:27,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359706.9741824, 'message': 'Dec  6 22:48:26 hqnl0246134 sshd[262329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 22:48:29,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359708.987069, 'message': 'Dec  6 22:48:27 hqnl0246134 sshd[262331]: Invalid user bitnami from 95.0.15.234 port 40191', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 22:48:29,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359708.9877715, 'message': 'Dec  6 22:48:27 hqnl0246134 sshd[262325]: Failed password for root from 61.177.173.18 port 47400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 22:48:29,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359708.9873648, 'message': 'Dec  6 22:48:27 hqnl0246134 sshd[262331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 95.0.15.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-06 22:48:29,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359708.9881454, 'message': 'Dec  6 22:48:28 hqnl0246134 sshd[262329]: Failed password for root from 194.204.194.11 port 41002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-06 22:48:29,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359708.9879584, 'message': 'Dec  6 22:48:27 hqnl0246134 sshd[262325]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-06 22:48:29,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359708.98758, 'message': 'Dec  6 22:48:27 hqnl0246134 sshd[262331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:48:29,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359708.9883795, 'message': 'Dec  6 22:48:28 hqnl0246134 sshd[262331]: Failed password for invalid user bitnami from 95.0.15.234 port 40191 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:48:31,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '95.0.15.234', 'timestamp': 1670359710.9861653, 'message': 'Dec  6 22:48:29 hqnl0246134 sshd[262331]: Disconnected from invalid user bitnami 95.0.15.234 port 40191 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 22:48:31,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359710.9865735, 'message': 'Dec  6 22:48:29 hqnl0246134 sshd[262325]: Failed password for root from 61.177.173.18 port 47400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 22:48:31,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359710.9867597, 'message': 'Dec  6 22:48:30 hqnl0246134 sshd[262325]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:48:33,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359712.9896326, 'message': 'Dec  6 22:48:31 hqnl0246134 sshd[262325]: Failed password for root from 61.177.173.18 port 47400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 22:48:49,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359729.0279574, 'message': 'Dec  6 22:48:47 hqnl0246134 sshd[262342]: Invalid user oracle from 41.149.77.178 port 39182', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 22:48:49,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359729.0285976, 'message': 'Dec  6 22:48:48 hqnl0246134 sshd[262342]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.149.77.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:48:49,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359729.028752, 'message': 'Dec  6 22:48:48 hqnl0246134 sshd[262342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.149.77.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 22:48:49,406] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:48:49,407] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:48:51,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359731.0358646, 'message': 'Dec  6 22:48:49 hqnl0246134 sshd[262344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 22:48:51,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359731.0363257, 'message': 'Dec  6 22:48:50 hqnl0246134 sshd[262342]: Failed password for invalid user oracle from 41.149.77.178 port 39182 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 22:48:51,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359731.0364645, 'message': 'Dec  6 22:48:50 hqnl0246134 sshd[262344]: Failed password for root from 165.227.166.207 port 59948 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:48:53,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359733.0378594, 'message': 'Dec  6 22:48:51 hqnl0246134 sshd[262342]: Disconnected from invalid user oracle 41.149.77.178 port 39182 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:49:05,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359745.0631895, 'message': 'Dec  6 22:49:04 hqnl0246134 sshd[262357]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.55.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:49:05,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359745.0634809, 'message': 'Dec  6 22:49:04 hqnl0246134 sshd[262357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:49:07,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.55.198', 'timestamp': 1670359747.0653186, 'message': 'Dec  6 22:49:07 hqnl0246134 sshd[262357]: Failed password for root from 178.128.55.198 port 43130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-06 22:49:09,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359749.0660548, 'message': 'Dec  6 22:49:08 hqnl0246134 sshd[262368]: Invalid user copy from 194.135.20.5 port 39434', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:49:09,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359749.066492, 'message': 'Dec  6 22:49:08 hqnl0246134 sshd[262368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.135.20.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 22:49:09,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359749.066646, 'message': 'Dec  6 22:49:08 hqnl0246134 sshd[262368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.135.20.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 22:49:10,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:49:10,887] defence360agent.internals.the_sink: SensorIncidentList(<29 item(s)>) processed in 0.0713 seconds
INFO    [2022-12-06 22:49:11,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359751.0697749, 'message': 'Dec  6 22:49:09 hqnl0246134 sshd[262371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 22:49:11,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.171.187.57', 'timestamp': 1670359751.0699692, 'message': 'Dec  6 22:49:09 hqnl0246134 sshd[262373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.171.187.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-06 22:49:11,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359751.070314, 'message': 'Dec  6 22:49:10 hqnl0246134 sshd[262368]: Failed password for invalid user copy from 194.135.20.5 port 39434 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-06 22:49:11,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359751.070098, 'message': 'Dec  6 22:49:09 hqnl0246134 sshd[262371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 22:49:11,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.171.187.57', 'timestamp': 1670359751.0702057, 'message': 'Dec  6 22:49:09 hqnl0246134 sshd[262373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.171.187.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 22:49:11,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359751.070431, 'message': 'Dec  6 22:49:10 hqnl0246134 sshd[262368]: Disconnected from invalid user copy 194.135.20.5 port 39434 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-06 22:49:13,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.171.187.57', 'timestamp': 1670359753.0707936, 'message': 'Dec  6 22:49:11 hqnl0246134 sshd[262373]: Failed password for root from 34.171.187.57 port 53584 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-06 22:49:13,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359753.0711682, 'message': 'Dec  6 22:49:11 hqnl0246134 sshd[262371]: Failed password for root from 61.177.173.18 port 59301 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-06 22:49:13,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359753.0714924, 'message': 'Dec  6 22:49:12 hqnl0246134 sshd[262371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:49:15,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359755.072397, 'message': 'Dec  6 22:49:14 hqnl0246134 sshd[262371]: Failed password for root from 61.177.173.18 port 59301 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:49:15,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359755.0726933, 'message': 'Dec  6 22:49:14 hqnl0246134 sshd[262371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:49:17,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359757.0737333, 'message': 'Dec  6 22:49:16 hqnl0246134 sshd[262371]: Failed password for root from 61.177.173.18 port 59301 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:49:17,947] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:49:17,947] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:49:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:49:17,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 22:49:20,757] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:49:20,757] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:49:20,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:49:20,778] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:49:43,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359783.1293168, 'message': 'Dec  6 22:49:42 hqnl0246134 sshd[262399]: Invalid user jenkins from 202.165.246.58 port 42506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-06 22:49:43,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359783.1302195, 'message': 'Dec  6 22:49:42 hqnl0246134 sshd[262399]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 22:49:43,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359783.1304884, 'message': 'Dec  6 22:49:42 hqnl0246134 sshd[262399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:49:45,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359785.129966, 'message': 'Dec  6 22:49:43 hqnl0246134 sshd[262399]: Failed password for invalid user jenkins from 202.165.246.58 port 42506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 22:49:45,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359785.1303692, 'message': 'Dec  6 22:49:44 hqnl0246134 sshd[262401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-06 22:49:45,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670359785.130254, 'message': 'Dec  6 22:49:44 hqnl0246134 sshd[262399]: Disconnected from invalid user jenkins 202.165.246.58 port 42506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 22:49:45,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359785.1305714, 'message': 'Dec  6 22:49:44 hqnl0246134 sshd[262401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-06 22:49:47,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359787.1328828, 'message': 'Dec  6 22:49:46 hqnl0246134 sshd[262401]: Failed password for root from 103.89.85.14 port 45364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0665 seconds
INFO    [2022-12-06 22:49:48,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:49:48,287] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:49:48,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:49:48,309] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
WARNING [2022-12-06 22:49:49,410] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:49:49,410] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:49:57,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359797.1508465, 'message': 'Dec  6 22:49:56 hqnl0246134 sshd[262410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 22:49:57,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359797.1511326, 'message': 'Dec  6 22:49:56 hqnl0246134 sshd[262410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 22:49:59,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359799.1563873, 'message': 'Dec  6 22:49:57 hqnl0246134 sshd[262410]: Failed password for root from 61.177.173.18 port 31093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:49:59,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359799.1565874, 'message': 'Dec  6 22:49:58 hqnl0246134 sshd[262410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:50:01,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359801.1611881, 'message': 'Dec  6 22:50:00 hqnl0246134 sshd[262410]: Failed password for root from 61.177.173.18 port 31093 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 22:50:03,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359803.1676736, 'message': 'Dec  6 22:50:02 hqnl0246134 sshd[262410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 22:50:05,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359805.1728013, 'message': 'Dec  6 22:50:04 hqnl0246134 sshd[262410]: Failed password for root from 61.177.173.18 port 31093 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 22:50:07,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359807.1743364, 'message': 'Dec  6 22:50:05 hqnl0246134 sshd[262435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.255.116.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:50:07,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359807.1746967, 'message': 'Dec  6 22:50:05 hqnl0246134 sshd[262435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.255.116.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:50:09,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.255.116.74', 'timestamp': 1670359809.1760762, 'message': 'Dec  6 22:50:07 hqnl0246134 sshd[262435]: Failed password for root from 139.255.116.74 port 51224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 22:50:10,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:50:10,859] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0384 seconds
INFO    [2022-12-06 22:50:17,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359817.1969492, 'message': 'Dec  6 22:50:16 hqnl0246134 sshd[262481]: Invalid user fileshare from 167.71.74.3 port 47206', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0614 seconds
INFO    [2022-12-06 22:50:17,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359817.197215, 'message': 'Dec  6 22:50:16 hqnl0246134 sshd[262481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.74.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0594 seconds
INFO    [2022-12-06 22:50:17,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359817.1974287, 'message': 'Dec  6 22:50:16 hqnl0246134 sshd[262481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.74.3 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 22:50:18,928] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:50:18,929] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:50:18,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:50:18,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 22:50:21,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359821.2017503, 'message': 'Dec  6 22:50:19 hqnl0246134 sshd[262481]: Failed password for invalid user fileshare from 167.71.74.3 port 47206 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:50:21,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359821.2019618, 'message': 'Dec  6 22:50:19 hqnl0246134 sshd[262481]: Disconnected from invalid user fileshare 167.71.74.3 port 47206 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:50:21,672] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:50:21,672] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:50:21,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:50:21,690] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:50:27,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359827.2102292, 'message': 'Dec  6 22:50:25 hqnl0246134 sshd[262496]: Invalid user mysqler from 85.233.142.6 port 50480', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:50:27,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359827.210537, 'message': 'Dec  6 22:50:25 hqnl0246134 sshd[262496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.233.142.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 22:50:27,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359827.210706, 'message': 'Dec  6 22:50:25 hqnl0246134 sshd[262496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.233.142.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:50:29,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359829.2147396, 'message': 'Dec  6 22:50:27 hqnl0246134 sshd[262496]: Failed password for invalid user mysqler from 85.233.142.6 port 50480 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 22:50:29,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359829.214946, 'message': 'Dec  6 22:50:27 hqnl0246134 sshd[262496]: Disconnected from invalid user mysqler 85.233.142.6 port 50480 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:50:41,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359841.227442, 'message': 'Dec  6 22:50:41 hqnl0246134 sshd[262508]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.76.121.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 22:50:41,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359841.2284775, 'message': 'Dec  6 22:50:41 hqnl0246134 sshd[262508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.121.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 22:50:43,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359843.2281122, 'message': 'Dec  6 22:50:42 hqnl0246134 sshd[262510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-06 22:50:43,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '203.76.121.230', 'timestamp': 1670359843.228584, 'message': 'Dec  6 22:50:42 hqnl0246134 sshd[262508]: Failed password for root from 203.76.121.230 port 50970 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-06 22:50:43,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359843.2284255, 'message': 'Dec  6 22:50:42 hqnl0246134 sshd[262510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:50:45,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359845.234395, 'message': 'Dec  6 22:50:44 hqnl0246134 sshd[262510]: Failed password for root from 61.177.173.18 port 51574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:50:47,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359847.2371938, 'message': 'Dec  6 22:50:46 hqnl0246134 sshd[262510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:50:49,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359849.239842, 'message': 'Dec  6 22:50:47 hqnl0246134 sshd[262512]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.179.226.199 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:50:49,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359849.2401779, 'message': 'Dec  6 22:50:47 hqnl0246134 sshd[262512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.179.226.199  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 22:50:49,412] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:50:49,413] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:50:51,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359851.2424872, 'message': 'Dec  6 22:50:49 hqnl0246134 sshd[262510]: Failed password for root from 61.177.173.18 port 51574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 22:50:51,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '193.179.226.199', 'timestamp': 1670359851.2427754, 'message': 'Dec  6 22:50:50 hqnl0246134 sshd[262512]: Failed password for root from 193.179.226.199 port 45886 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 22:50:53,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359853.2447271, 'message': 'Dec  6 22:50:51 hqnl0246134 sshd[262510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:50:54,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:50:54,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:50:54,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:50:54,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0643 seconds
INFO    [2022-12-06 22:50:55,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359855.2466888, 'message': 'Dec  6 22:50:53 hqnl0246134 sshd[262510]: Failed password for root from 61.177.173.18 port 51574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:50:55,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359855.2470949, 'message': 'Dec  6 22:50:54 hqnl0246134 sshd[262518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 22:50:57,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359857.2509575, 'message': 'Dec  6 22:50:56 hqnl0246134 sshd[262518]: Failed password for root from 165.227.166.207 port 42012 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:50:59,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359859.2534304, 'message': 'Dec  6 22:50:59 hqnl0246134 sshd[262524]: Invalid user ubuntu from 43.153.30.100 port 44496', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0579 seconds
INFO    [2022-12-06 22:51:01,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359861.2594612, 'message': 'Dec  6 22:50:59 hqnl0246134 sshd[262524]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:51:01,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359861.2597415, 'message': 'Dec  6 22:50:59 hqnl0246134 sshd[262524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 22:51:03,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359863.2577274, 'message': 'Dec  6 22:51:01 hqnl0246134 sshd[262524]: Failed password for invalid user ubuntu from 43.153.30.100 port 44496 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:51:05,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.100', 'timestamp': 1670359865.2630794, 'message': 'Dec  6 22:51:03 hqnl0246134 sshd[262524]: Disconnected from invalid user ubuntu 43.153.30.100 port 44496 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:51:10,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:51:10,865] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-06 22:51:13,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359873.2774966, 'message': 'Dec  6 22:51:11 hqnl0246134 sshd[262547]: Invalid user oraprod from 178.62.24.222 port 49410', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:51:13,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359873.277777, 'message': 'Dec  6 22:51:11 hqnl0246134 sshd[262547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.24.222 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:51:13,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359873.277912, 'message': 'Dec  6 22:51:11 hqnl0246134 sshd[262547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.24.222 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1194 seconds
INFO    [2022-12-06 22:51:15,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359875.2785726, 'message': 'Dec  6 22:51:14 hqnl0246134 sshd[262547]: Failed password for invalid user oraprod from 178.62.24.222 port 49410 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:51:15,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359875.2788994, 'message': 'Dec  6 22:51:14 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 22:51:15,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670359875.2787638, 'message': 'Dec  6 22:51:14 hqnl0246134 sshd[262547]: Disconnected from invalid user oraprod 178.62.24.222 port 49410 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 22:51:15,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359875.2790437, 'message': 'Dec  6 22:51:14 hqnl0246134 sshd[262549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-06 22:51:17,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359877.280244, 'message': 'Dec  6 22:51:17 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:51:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:51:17,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:51:17,989] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:51:18,001] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 22:51:19,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359879.284546, 'message': 'Dec  6 22:51:18 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:51:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:51:20,734] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:51:20,744] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:51:20,757] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 22:51:21,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359881.2894247, 'message': 'Dec  6 22:51:20 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:51:21,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359881.2896569, 'message': 'Dec  6 22:51:21 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:51:25,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359885.294621, 'message': 'Dec  6 22:51:23 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:51:27,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359887.298469, 'message': 'Dec  6 22:51:25 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:51:27,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359887.2987247, 'message': 'Dec  6 22:51:27 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:51:29,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359889.3000257, 'message': 'Dec  6 22:51:27 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 22:51:31,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359891.303143, 'message': 'Dec  6 22:51:29 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 22:51:31,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359891.3036363, 'message': 'Dec  6 22:51:30 hqnl0246134 sshd[262563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 22:51:31,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359891.3035088, 'message': 'Dec  6 22:51:29 hqnl0246134 sshd[262549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 22:51:31,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359891.3038292, 'message': 'Dec  6 22:51:30 hqnl0246134 sshd[262563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:51:33,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359893.3068473, 'message': 'Dec  6 22:51:32 hqnl0246134 sshd[262563]: Failed password for root from 61.177.173.18 port 22618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:51:33,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359893.307255, 'message': 'Dec  6 22:51:32 hqnl0246134 sshd[262549]: Failed password for root from 36.110.228.254 port 48002 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:51:33,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359893.307126, 'message': 'Dec  6 22:51:32 hqnl0246134 sshd[262563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:51:35,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5758, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359895.3098245, 'message': 'Dec  6 22:51:34 hqnl0246134 sshd[262549]: error: maximum authentication attempts exceeded for root from 36.110.228.254 port 48002 ssh2 [preauth]', 'severity': 3, 'name': 'Maximum authentication attempts exceeded.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 22:51:35,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359895.3100452, 'message': 'Dec  6 22:51:34 hqnl0246134 sshd[262563]: Failed password for root from 61.177.173.18 port 22618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:51:37,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359897.3172984, 'message': 'Dec  6 22:51:36 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 22:51:37,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359897.3183334, 'message': 'Dec  6 22:51:36 hqnl0246134 sshd[262563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 22:51:37,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359897.3182013, 'message': 'Dec  6 22:51:36 hqnl0246134 sshd[262566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:51:39,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359899.3200798, 'message': 'Dec  6 22:51:37 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 22:51:39,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359899.3211277, 'message': 'Dec  6 22:51:38 hqnl0246134 sshd[262563]: Failed password for root from 61.177.173.18 port 22618 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:51:39,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359899.3202825, 'message': 'Dec  6 22:51:38 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:51:40,117] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 22:51:40,119] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 22:51:40,956] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 22:51:41,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359901.322407, 'message': 'Dec  6 22:51:39 hqnl0246134 sshd[262576]: Invalid user oracle from 177.55.100.134 port 57854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 22:51:41,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359901.3230827, 'message': 'Dec  6 22:51:40 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 22:51:41,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359901.3228025, 'message': 'Dec  6 22:51:39 hqnl0246134 sshd[262576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.55.100.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:51:41,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359901.322953, 'message': 'Dec  6 22:51:39 hqnl0246134 sshd[262576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.55.100.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 22:51:43,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359903.3224545, 'message': 'Dec  6 22:51:41 hqnl0246134 sshd[262576]: Failed password for invalid user oracle from 177.55.100.134 port 57854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 22:51:43,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359903.3226492, 'message': 'Dec  6 22:51:42 hqnl0246134 sshd[262590]: Invalid user admin from 194.204.194.11 port 57866', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-06 22:51:43,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359903.3230188, 'message': 'Dec  6 22:51:42 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:51:43,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359903.322781, 'message': 'Dec  6 22:51:42 hqnl0246134 sshd[262590]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:51:43,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359903.3228865, 'message': 'Dec  6 22:51:42 hqnl0246134 sshd[262590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:51:45,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670359905.3257794, 'message': 'Dec  6 22:51:43 hqnl0246134 sshd[262576]: Disconnected from invalid user oracle 177.55.100.134 port 57854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-06 22:51:45,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359905.3259995, 'message': 'Dec  6 22:51:44 hqnl0246134 sshd[262590]: Failed password for invalid user admin from 194.204.194.11 port 57866 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-06 22:51:45,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359905.3261123, 'message': 'Dec  6 22:51:44 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-06 22:51:45,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670359905.3266518, 'message': 'Dec  6 22:51:44 hqnl0246134 sshd[262590]: Disconnected from invalid user admin 194.204.194.11 port 57866 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 22:51:45,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359905.326823, 'message': 'Dec  6 22:51:44 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 22:51:49,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359909.3287745, 'message': 'Dec  6 22:51:47 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
WARNING [2022-12-06 22:51:49,416] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:51:49,417] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:51:51,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359911.330128, 'message': 'Dec  6 22:51:49 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 22:51:53,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359913.3311243, 'message': 'Dec  6 22:51:51 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
WARNING [2022-12-06 22:51:54,040] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 22:51:55,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359915.3318784, 'message': 'Dec  6 22:51:53 hqnl0246134 sshd[262566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:51:57,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359917.3336592, 'message': 'Dec  6 22:51:55 hqnl0246134 sshd[262566]: Failed password for root from 36.110.228.254 port 22470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:51:59,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5758, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359919.3354383, 'message': 'Dec  6 22:51:57 hqnl0246134 sshd[262566]: error: maximum authentication attempts exceeded for root from 36.110.228.254 port 22470 ssh2 [preauth]', 'severity': 3, 'name': 'Maximum authentication attempts exceeded.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:51:59,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359919.3356178, 'message': 'Dec  6 22:51:59 hqnl0246134 sshd[262601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:51:59,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359919.3357646, 'message': 'Dec  6 22:51:59 hqnl0246134 sshd[262601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-06 22:52:00,306] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:52:00,307] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:52:00,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:52:00,328] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:52:01,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359921.3377883, 'message': 'Dec  6 22:52:01 hqnl0246134 sshd[262601]: Failed password for root from 36.110.228.254 port 51614 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 22:52:05,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359925.3435109, 'message': 'Dec  6 22:52:03 hqnl0246134 sshd[262601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 22:52:05,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359925.3437462, 'message': 'Dec  6 22:52:04 hqnl0246134 sshd[262621]: Invalid user ks from 194.135.20.5 port 43868', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 22:52:05,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359925.3439872, 'message': 'Dec  6 22:52:04 hqnl0246134 sshd[262621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.135.20.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:52:05,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359925.3441098, 'message': 'Dec  6 22:52:04 hqnl0246134 sshd[262621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.135.20.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:52:07,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359927.3484287, 'message': 'Dec  6 22:52:05 hqnl0246134 sshd[262601]: Failed password for root from 36.110.228.254 port 51614 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-06 22:52:07,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359927.3495018, 'message': 'Dec  6 22:52:07 hqnl0246134 sshd[262621]: Failed password for invalid user ks from 194.135.20.5 port 43868 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-06 22:52:07,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359927.349067, 'message': 'Dec  6 22:52:05 hqnl0246134 sshd[262601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 22:52:09,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359929.3495796, 'message': 'Dec  6 22:52:08 hqnl0246134 sshd[262601]: Failed password for root from 36.110.228.254 port 51614 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 22:52:09,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670359929.3498373, 'message': 'Dec  6 22:52:08 hqnl0246134 sshd[262621]: Disconnected from invalid user ks 194.135.20.5 port 43868 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-06 22:52:10,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:52:10,865] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-06 22:52:11,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359931.3525758, 'message': 'Dec  6 22:52:11 hqnl0246134 sshd[262653]: Invalid user admin from 36.110.228.254 port 36168', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 22:52:11,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359931.3528266, 'message': 'Dec  6 22:52:11 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:52:11,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359931.3530107, 'message': 'Dec  6 22:52:11 hqnl0246134 sshd[262653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:52:13,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359933.3536751, 'message': 'Dec  6 22:52:13 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:52:15,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359935.3560746, 'message': 'Dec  6 22:52:14 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:52:17,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359937.357802, 'message': 'Dec  6 22:52:16 hqnl0246134 sshd[262657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:52:17,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359937.3579905, 'message': 'Dec  6 22:52:16 hqnl0246134 sshd[262657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:52:17,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:52:17,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:52:17,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:52:17,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 22:52:19,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359939.359014, 'message': 'Dec  6 22:52:17 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 22:52:19,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359939.3591847, 'message': 'Dec  6 22:52:18 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:52:20,376] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:52:20,376] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:52:20,387] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:52:20,404] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 22:52:21,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359941.3616226, 'message': 'Dec  6 22:52:19 hqnl0246134 sshd[262657]: Failed password for root from 61.177.173.18 port 43535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 22:52:21,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359941.3620167, 'message': 'Dec  6 22:52:20 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-06 22:52:21,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359941.3704915, 'message': 'Dec  6 22:52:21 hqnl0246134 sshd[262657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:52:23,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359943.3653193, 'message': 'Dec  6 22:52:22 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:52:25,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359945.3685336, 'message': 'Dec  6 22:52:23 hqnl0246134 sshd[262657]: Failed password for root from 61.177.173.18 port 43535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 22:52:25,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359945.3688564, 'message': 'Dec  6 22:52:24 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-06 22:52:25,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359945.3690743, 'message': 'Dec  6 22:52:24 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 22:52:27,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359947.3715017, 'message': 'Dec  6 22:52:25 hqnl0246134 sshd[262657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-06 22:52:27,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359947.3718631, 'message': 'Dec  6 22:52:25 hqnl0246134 sshd[262671]: Invalid user serveur from 41.149.77.178 port 55154', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0567 seconds
INFO    [2022-12-06 22:52:27,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359947.3724983, 'message': 'Dec  6 22:52:26 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0560 seconds
INFO    [2022-12-06 22:52:27,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359947.3720567, 'message': 'Dec  6 22:52:25 hqnl0246134 sshd[262671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.149.77.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:52:27,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359947.3726547, 'message': 'Dec  6 22:52:26 hqnl0246134 sshd[262653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:52:27,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359947.3722596, 'message': 'Dec  6 22:52:25 hqnl0246134 sshd[262671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.149.77.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 22:52:29,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359949.3740654, 'message': 'Dec  6 22:52:27 hqnl0246134 sshd[262657]: Failed password for root from 61.177.173.18 port 43535 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 22:52:29,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359949.3743265, 'message': 'Dec  6 22:52:27 hqnl0246134 sshd[262671]: Failed password for invalid user serveur from 41.149.77.178 port 55154 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 22:52:29,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670359949.3744993, 'message': 'Dec  6 22:52:28 hqnl0246134 sshd[262671]: Disconnected from invalid user serveur 41.149.77.178 port 55154 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:52:31,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359951.3772047, 'message': 'Dec  6 22:52:29 hqnl0246134 sshd[262653]: Failed password for invalid user admin from 36.110.228.254 port 36168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 22:52:31,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359951.3774536, 'message': 'Dec  6 22:52:30 hqnl0246134 sshd[262653]: error: maximum authentication attempts exceeded for invalid user admin from 36.110.228.254 port 36168 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:52:31,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359951.377571, 'message': 'Dec  6 22:52:30 hqnl0246134 sshd[262653]: Disconnecting invalid user admin 36.110.228.254 port 36168: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:52:33,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359953.379219, 'message': 'Dec  6 22:52:31 hqnl0246134 sshd[262675]: Invalid user admin from 36.110.228.254 port 50945', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 22:52:33,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359953.380401, 'message': 'Dec  6 22:52:31 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:52:33,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359953.3806398, 'message': 'Dec  6 22:52:31 hqnl0246134 sshd[262675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 22:52:35,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359955.3808343, 'message': 'Dec  6 22:52:33 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:52:35,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359955.3810713, 'message': 'Dec  6 22:52:33 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:52:35,752] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:52:35,825] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:52:35,825] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:52:35,826] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:52:35,826] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:52:35,826] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:52:35,836] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:52:35,854] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0275 seconds
WARNING [2022-12-06 22:52:35,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:52:35,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:52:35,891] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0423 seconds
INFO    [2022-12-06 22:52:35,893] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0407 seconds
INFO    [2022-12-06 22:52:37,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359957.3823054, 'message': 'Dec  6 22:52:36 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 22:52:39,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359959.386035, 'message': 'Dec  6 22:52:37 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:52:41,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359961.3896627, 'message': 'Dec  6 22:52:40 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 22:52:43,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359963.3935745, 'message': 'Dec  6 22:52:41 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:52:45,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359965.3984072, 'message': 'Dec  6 22:52:44 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:52:47,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359967.4028502, 'message': 'Dec  6 22:52:45 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 22:52:49,419] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:52:49,420] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:52:49,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359969.405765, 'message': 'Dec  6 22:52:47 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 22:52:51,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359971.4085839, 'message': 'Dec  6 22:52:49 hqnl0246134 sshd[262675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:52:53,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359973.4098592, 'message': 'Dec  6 22:52:52 hqnl0246134 sshd[262675]: Failed password for invalid user admin from 36.110.228.254 port 50945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:52:53,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359973.4100456, 'message': 'Dec  6 22:52:52 hqnl0246134 sshd[262687]: Invalid user orajsd from 167.71.74.3 port 36480', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 22:52:53,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359973.4106145, 'message': 'Dec  6 22:52:52 hqnl0246134 sshd[262687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.74.3 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:52:53,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359973.4108036, 'message': 'Dec  6 22:52:52 hqnl0246134 sshd[262687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.74.3 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:52:55,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359975.4127991, 'message': 'Dec  6 22:52:53 hqnl0246134 sshd[262675]: error: maximum authentication attempts exceeded for invalid user admin from 36.110.228.254 port 50945 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-06 22:52:55,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359975.413152, 'message': 'Dec  6 22:52:54 hqnl0246134 sshd[262687]: Failed password for invalid user orajsd from 167.71.74.3 port 36480 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 22:52:55,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359975.4129777, 'message': 'Dec  6 22:52:53 hqnl0246134 sshd[262675]: Disconnecting invalid user admin 36.110.228.254 port 50945: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:52:55,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359975.4132786, 'message': 'Dec  6 22:52:55 hqnl0246134 sshd[262689]: Invalid user admin from 36.110.228.254 port 15100', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:52:55,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359975.413385, 'message': 'Dec  6 22:52:55 hqnl0246134 sshd[262689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:52:55,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359975.4135385, 'message': 'Dec  6 22:52:55 hqnl0246134 sshd[262689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:52:57,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.74.3', 'timestamp': 1670359977.414644, 'message': 'Dec  6 22:52:55 hqnl0246134 sshd[262687]: Disconnected from invalid user orajsd 167.71.74.3 port 36480 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-06 22:52:57,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359977.414896, 'message': 'Dec  6 22:52:56 hqnl0246134 sshd[262691]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-06 22:52:57,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359977.4153323, 'message': 'Dec  6 22:52:56 hqnl0246134 sshd[262689]: Failed password for invalid user admin from 36.110.228.254 port 15100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-06 22:52:57,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359977.415115, 'message': 'Dec  6 22:52:56 hqnl0246134 sshd[262691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:52:59,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359979.417218, 'message': 'Dec  6 22:52:57 hqnl0246134 sshd[262696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-06 22:52:59,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359979.4175353, 'message': 'Dec  6 22:52:57 hqnl0246134 sshd[262689]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-06 22:52:59,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.89.85.14', 'timestamp': 1670359979.4177094, 'message': 'Dec  6 22:52:58 hqnl0246134 sshd[262691]: Failed password for root from 103.89.85.14 port 34802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-06 22:53:01,057] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:53:01,057] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:53:01,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:53:01,084] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
INFO    [2022-12-06 22:53:01,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670359981.4180756, 'message': 'Dec  6 22:52:59 hqnl0246134 sshd[262696]: Failed password for root from 165.227.166.207 port 52298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:53:01,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359981.418264, 'message': 'Dec  6 22:52:59 hqnl0246134 sshd[262689]: Failed password for invalid user admin from 36.110.228.254 port 15100 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-06 22:53:03,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359983.4221423, 'message': 'Dec  6 22:53:01 hqnl0246134 sshd[262689]: Disconnected from invalid user admin 36.110.228.254 port 15100 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 22:53:03,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359983.4223442, 'message': 'Dec  6 22:53:02 hqnl0246134 sshd[262711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:53:03,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359983.422594, 'message': 'Dec  6 22:53:03 hqnl0246134 sshd[262713]: Invalid user oracle from 36.110.228.254 port 41548', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:53:03,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359983.4224837, 'message': 'Dec  6 22:53:02 hqnl0246134 sshd[262711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 22:53:03,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359983.4229436, 'message': 'Dec  6 22:53:03 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:53:03,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359983.423049, 'message': 'Dec  6 22:53:03 hqnl0246134 sshd[262713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:53:05,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359985.4257534, 'message': 'Dec  6 22:53:04 hqnl0246134 sshd[262711]: Failed password for root from 61.177.173.18 port 10987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-06 22:53:05,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359985.4260495, 'message': 'Dec  6 22:53:05 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-06 22:53:05,952] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:53:05,952] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:53:05,953] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 22:53:07,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359987.4290097, 'message': 'Dec  6 22:53:06 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:53:07,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359987.4293673, 'message': 'Dec  6 22:53:07 hqnl0246134 sshd[262711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 22:53:09,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359989.4298944, 'message': 'Dec  6 22:53:08 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 22:53:09,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359989.4309258, 'message': 'Dec  6 22:53:08 hqnl0246134 sshd[262711]: Failed password for root from 61.177.173.18 port 10987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 22:53:09,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359989.4310367, 'message': 'Dec  6 22:53:08 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 22:53:09,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359989.43117, 'message': 'Dec  6 22:53:09 hqnl0246134 sshd[262711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
WARNING [2022-12-06 22:53:10,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:53:10,869] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 22:53:11,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359991.4320412, 'message': 'Dec  6 22:53:10 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-06 22:53:11,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670359991.432311, 'message': 'Dec  6 22:53:11 hqnl0246134 sshd[262711]: Failed password for root from 61.177.173.18 port 10987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:53:13,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359993.4338202, 'message': 'Dec  6 22:53:12 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 22:53:15,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359995.4398842, 'message': 'Dec  6 22:53:14 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 22:53:17,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359997.4420228, 'message': 'Dec  6 22:53:16 hqnl0246134 sshd[262727]: Invalid user admin from 85.233.142.6 port 39278', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:53:17,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359997.442531, 'message': 'Dec  6 22:53:16 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-06 22:53:17,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359997.4422717, 'message': 'Dec  6 22:53:16 hqnl0246134 sshd[262727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.233.142.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:53:17,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359997.44241, 'message': 'Dec  6 22:53:16 hqnl0246134 sshd[262727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.233.142.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:53:17,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:53:17,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:53:17,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:53:17,910] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-06 22:53:19,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359999.444413, 'message': 'Dec  6 22:53:17 hqnl0246134 sshd[262727]: Failed password for invalid user admin from 85.233.142.6 port 39278 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-06 22:53:19,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359999.4446166, 'message': 'Dec  6 22:53:18 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 22:53:19,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.233.142.6', 'timestamp': 1670359999.44474, 'message': 'Dec  6 22:53:18 hqnl0246134 sshd[262727]: Disconnected from invalid user admin 85.233.142.6 port 39278 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 22:53:19,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670359999.4448962, 'message': 'Dec  6 22:53:18 hqnl0246134 sshd[262713]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:53:20,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:53:20,596] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:53:20,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:53:20,614] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 22:53:21,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.4515038, 'message': 'Dec  6 22:53:19 hqnl0246134 sshd[262713]: Failed password for invalid user oracle from 36.110.228.254 port 41548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:53:21,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.4517384, 'message': 'Dec  6 22:53:20 hqnl0246134 sshd[262713]: error: maximum authentication attempts exceeded for invalid user oracle from 36.110.228.254 port 41548 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:53:21,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.4518676, 'message': 'Dec  6 22:53:20 hqnl0246134 sshd[262713]: Disconnecting invalid user oracle 36.110.228.254 port 41548: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 22:53:21,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.451997, 'message': 'Dec  6 22:53:21 hqnl0246134 sshd[262738]: Invalid user oracle from 36.110.228.254 port 45307', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:53:21,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.452111, 'message': 'Dec  6 22:53:21 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-06 22:53:21,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360001.452218, 'message': 'Dec  6 22:53:21 hqnl0246134 sshd[262738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:53:23,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360003.4546885, 'message': 'Dec  6 22:53:22 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 22:53:23,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360003.4549701, 'message': 'Dec  6 22:53:23 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:53:25,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360005.456409, 'message': 'Dec  6 22:53:25 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:53:27,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360007.4580433, 'message': 'Dec  6 22:53:26 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:53:29,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360009.4617534, 'message': 'Dec  6 22:53:28 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 22:53:29,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360009.462102, 'message': 'Dec  6 22:53:29 hqnl0246134 sshd[262745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.255.116.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 22:53:29,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360009.4619796, 'message': 'Dec  6 22:53:28 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 22:53:29,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360009.4622185, 'message': 'Dec  6 22:53:29 hqnl0246134 sshd[262745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.255.116.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:53:31,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360011.4702513, 'message': 'Dec  6 22:53:30 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 22:53:31,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360011.4705205, 'message': 'Dec  6 22:53:31 hqnl0246134 sshd[262745]: Failed password for root from 139.255.116.74 port 41564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 22:53:33,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360013.4729083, 'message': 'Dec  6 22:53:32 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 22:53:35,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670360015.4755979, 'message': 'Dec  6 22:53:33 hqnl0246134 sshd[262751]: Invalid user bitnami from 193.179.226.199 port 34524', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0631 seconds
INFO    [2022-12-06 22:53:35,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360015.4761722, 'message': 'Dec  6 22:53:34 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-06 22:53:35,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.179.226.199', 'timestamp': 1670360015.4758248, 'message': 'Dec  6 22:53:34 hqnl0246134 sshd[262751]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.179.226.199 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 22:53:35,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.179.226.199', 'timestamp': 1670360015.475968, 'message': 'Dec  6 22:53:34 hqnl0246134 sshd[262751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.179.226.199 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-06 22:53:37,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670360017.4783611, 'message': 'Dec  6 22:53:35 hqnl0246134 sshd[262751]: Failed password for invalid user bitnami from 193.179.226.199 port 34524 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-06 22:53:37,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360017.478746, 'message': 'Dec  6 22:53:36 hqnl0246134 sshd[262738]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-06 22:53:37,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.100', 'timestamp': 1670360017.4788785, 'message': 'Dec  6 22:53:36 hqnl0246134 sshd[262755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-06 22:53:37,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.100', 'timestamp': 1670360017.4790297, 'message': 'Dec  6 22:53:36 hqnl0246134 sshd[262755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:53:39,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.179.226.199', 'timestamp': 1670360019.4817593, 'message': 'Dec  6 22:53:37 hqnl0246134 sshd[262751]: Disconnected from invalid user bitnami 193.179.226.199 port 34524 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 22:53:39,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360019.4821837, 'message': 'Dec  6 22:53:38 hqnl0246134 sshd[262738]: Failed password for invalid user oracle from 36.110.228.254 port 45307 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-06 22:53:39,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.30.100', 'timestamp': 1670360019.4925663, 'message': 'Dec  6 22:53:38 hqnl0246134 sshd[262755]: Failed password for root from 43.153.30.100 port 51854 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-06 22:53:41,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.105.209.169', 'timestamp': 1670360021.4820282, 'message': 'Dec  6 22:53:39 hqnl0246134 sshd[262750]: Invalid user admin from 211.105.209.169 port 39592', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0670 seconds
INFO    [2022-12-06 22:53:41,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360021.4822943, 'message': 'Dec  6 22:53:39 hqnl0246134 sshd[262738]: error: maximum authentication attempts exceeded for invalid user oracle from 36.110.228.254 port 45307 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0670 seconds
INFO    [2022-12-06 22:53:41,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '211.105.209.169', 'timestamp': 1670360021.4834495, 'message': 'Dec  6 22:53:39 hqnl0246134 sshd[262750]: pam_imunify(sshd:auth): [IM360_RBL] The IP 211.105.209.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1131 seconds
INFO    [2022-12-06 22:53:41,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360021.4833095, 'message': 'Dec  6 22:53:39 hqnl0246134 sshd[262738]: Disconnecting invalid user oracle 36.110.228.254 port 45307: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1221 seconds
INFO    [2022-12-06 22:53:41,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '211.105.209.169', 'timestamp': 1670360021.4835675, 'message': 'Dec  6 22:53:39 hqnl0246134 sshd[262750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.105.209.169 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1264 seconds
INFO    [2022-12-06 22:53:41,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360021.4836934, 'message': 'Dec  6 22:53:41 hqnl0246134 sshd[262765]: Invalid user oracle from 36.110.228.254 port 54936', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1257 seconds
INFO    [2022-12-06 22:53:41,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360021.4837916, 'message': 'Dec  6 22:53:41 hqnl0246134 sshd[262765]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0719 seconds
INFO    [2022-12-06 22:53:41,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360021.483921, 'message': 'Dec  6 22:53:41 hqnl0246134 sshd[262765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-06 22:53:43,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '211.105.209.169', 'timestamp': 1670360023.4855874, 'message': 'Dec  6 22:53:42 hqnl0246134 sshd[262750]: Failed password for invalid user admin from 211.105.209.169 port 39592 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 22:53:43,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360023.4858186, 'message': 'Dec  6 22:53:43 hqnl0246134 sshd[262765]: Failed password for invalid user oracle from 36.110.228.254 port 54936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 22:53:45,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360025.486034, 'message': 'Dec  6 22:53:44 hqnl0246134 sshd[262765]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 22:53:47,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360027.4962306, 'message': 'Dec  6 22:53:46 hqnl0246134 sshd[262765]: Failed password for invalid user oracle from 36.110.228.254 port 54936 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 22:53:47,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360027.4968414, 'message': 'Dec  6 22:53:46 hqnl0246134 sshd[262765]: Disconnected from invalid user oracle 36.110.228.254 port 54936 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 22:53:49,428] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:53:49,429] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:53:49,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360029.5033472, 'message': 'Dec  6 22:53:47 hqnl0246134 sshd[262772]: Invalid user usuario from 36.110.228.254 port 22574', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 22:53:49,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360029.5041032, 'message': 'Dec  6 22:53:48 hqnl0246134 sshd[262770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 22:53:49,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360029.5036848, 'message': 'Dec  6 22:53:47 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:53:49,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360029.5042667, 'message': 'Dec  6 22:53:48 hqnl0246134 sshd[262770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 22:53:49,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360029.5039144, 'message': 'Dec  6 22:53:47 hqnl0246134 sshd[262772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:53:51,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360031.5058014, 'message': 'Dec  6 22:53:50 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-06 22:53:51,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360031.5060637, 'message': 'Dec  6 22:53:50 hqnl0246134 sshd[262770]: Failed password for root from 61.177.173.18 port 28710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-06 22:53:53,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360033.5148308, 'message': 'Dec  6 22:53:51 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:53:53,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360033.515025, 'message': 'Dec  6 22:53:52 hqnl0246134 sshd[262770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:53:55,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360035.5277197, 'message': 'Dec  6 22:53:53 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:53:55,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360035.5279222, 'message': 'Dec  6 22:53:54 hqnl0246134 sshd[262770]: Failed password for root from 61.177.173.18 port 28710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:53:55,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360035.528078, 'message': 'Dec  6 22:53:54 hqnl0246134 sshd[262770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:53:57,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360037.530243, 'message': 'Dec  6 22:53:55 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-06 22:53:57,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360037.5304928, 'message': 'Dec  6 22:53:55 hqnl0246134 sshd[262770]: Failed password for root from 61.177.173.18 port 28710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0548 seconds
INFO    [2022-12-06 22:53:57,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360037.5306056, 'message': 'Dec  6 22:53:57 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-06 22:53:59,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360039.5333686, 'message': 'Dec  6 22:53:57 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-06 22:53:59,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360039.5336807, 'message': 'Dec  6 22:53:59 hqnl0246134 sshd[262781]: Invalid user postmaster from 203.76.121.230 port 40514', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 22:53:59,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360039.5351086, 'message': 'Dec  6 22:53:59 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 22:53:59,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360039.5338547, 'message': 'Dec  6 22:53:59 hqnl0246134 sshd[262781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.76.121.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 22:53:59,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360039.534949, 'message': 'Dec  6 22:53:59 hqnl0246134 sshd[262781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.121.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 22:54:01,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360041.535998, 'message': 'Dec  6 22:53:59 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:54:03,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360043.5408373, 'message': 'Dec  6 22:54:01 hqnl0246134 sshd[262781]: Failed password for invalid user postmaster from 203.76.121.230 port 40514 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:54:03,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360043.5410388, 'message': 'Dec  6 22:54:02 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 22:54:05,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360045.5463688, 'message': 'Dec  6 22:54:03 hqnl0246134 sshd[262781]: Disconnected from invalid user postmaster 203.76.121.230 port 40514 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:54:05,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360045.5465698, 'message': 'Dec  6 22:54:04 hqnl0246134 sshd[262772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:54:06,207] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:54:06,208] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:54:06,215] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:54:06,227] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 22:54:07,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5579572, 'message': 'Dec  6 22:54:05 hqnl0246134 sshd[262772]: Failed password for invalid user usuario from 36.110.228.254 port 22574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 22:54:07,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5583203, 'message': 'Dec  6 22:54:05 hqnl0246134 sshd[262772]: error: maximum authentication attempts exceeded for invalid user usuario from 36.110.228.254 port 22574 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:54:07,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5584793, 'message': 'Dec  6 22:54:05 hqnl0246134 sshd[262772]: Disconnecting invalid user usuario 36.110.228.254 port 22574: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:54:07,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5586216, 'message': 'Dec  6 22:54:07 hqnl0246134 sshd[262795]: Invalid user usuario from 36.110.228.254 port 29716', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:54:07,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5587363, 'message': 'Dec  6 22:54:07 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:54:07,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360047.5589173, 'message': 'Dec  6 22:54:07 hqnl0246134 sshd[262795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:54:09,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360049.5600295, 'message': 'Dec  6 22:54:08 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:54:09,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360049.5602276, 'message': 'Dec  6 22:54:09 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 22:54:10,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:54:10,879] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-06 22:54:13,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360053.5681353, 'message': 'Dec  6 22:54:11 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:54:13,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360053.5683959, 'message': 'Dec  6 22:54:13 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:54:15,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360055.5721152, 'message': 'Dec  6 22:54:14 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:54:15,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360055.572371, 'message': 'Dec  6 22:54:15 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:54:17,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360057.5764785, 'message': 'Dec  6 22:54:17 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:54:17,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360057.5767245, 'message': 'Dec  6 22:54:17 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:54:17,848] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:54:17,849] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:54:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:54:17,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 22:54:19,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360059.5784764, 'message': 'Dec  6 22:54:19 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:54:20,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:54:20,536] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:54:20,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:54:20,562] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0253 seconds
INFO    [2022-12-06 22:54:21,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360061.5815275, 'message': 'Dec  6 22:54:19 hqnl0246134 sshd[262795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 22:54:21,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360061.581725, 'message': 'Dec  6 22:54:20 hqnl0246134 sshd[262795]: Failed password for invalid user usuario from 36.110.228.254 port 29716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:54:23,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360063.5829566, 'message': 'Dec  6 22:54:21 hqnl0246134 sshd[262795]: error: maximum authentication attempts exceeded for invalid user usuario from 36.110.228.254 port 29716 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 22:54:23,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360063.5831547, 'message': 'Dec  6 22:54:21 hqnl0246134 sshd[262795]: Disconnecting invalid user usuario 36.110.228.254 port 29716: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:54:23,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360063.583273, 'message': 'Dec  6 22:54:22 hqnl0246134 sshd[262817]: Invalid user usuario from 36.110.228.254 port 25578', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:54:23,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360063.583384, 'message': 'Dec  6 22:54:22 hqnl0246134 sshd[262817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:54:23,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360063.5834994, 'message': 'Dec  6 22:54:22 hqnl0246134 sshd[262817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:54:25,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360065.585184, 'message': 'Dec  6 22:54:24 hqnl0246134 sshd[262817]: Failed password for invalid user usuario from 36.110.228.254 port 25578 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 22:54:27,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360067.591701, 'message': 'Dec  6 22:54:26 hqnl0246134 sshd[262817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:54:29,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360069.5941036, 'message': 'Dec  6 22:54:28 hqnl0246134 sshd[262817]: Failed password for invalid user usuario from 36.110.228.254 port 25578 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:54:31,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360071.596291, 'message': 'Dec  6 22:54:30 hqnl0246134 sshd[262817]: Disconnected from invalid user usuario 36.110.228.254 port 25578 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-06 22:54:33,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670360073.5980515, 'message': 'Dec  6 22:54:33 hqnl0246134 sshd[262822]: Invalid user mcserver from 194.204.194.11 port 46484', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 22:54:33,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.204.194.11', 'timestamp': 1670360073.5983057, 'message': 'Dec  6 22:54:33 hqnl0246134 sshd[262822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.204.194.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:54:33,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.204.194.11', 'timestamp': 1670360073.5984774, 'message': 'Dec  6 22:54:33 hqnl0246134 sshd[262822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.204.194.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:54:35,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360075.6007526, 'message': 'Dec  6 22:54:33 hqnl0246134 sshd[262823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 22:54:35,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670360075.6011143, 'message': 'Dec  6 22:54:35 hqnl0246134 sshd[262822]: Failed password for invalid user mcserver from 194.204.194.11 port 46484 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 22:54:35,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360075.6010022, 'message': 'Dec  6 22:54:34 hqnl0246134 sshd[262823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:54:37,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360077.602499, 'message': 'Dec  6 22:54:36 hqnl0246134 sshd[262823]: Failed password for root from 61.177.173.18 port 58353 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 22:54:37,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.204.194.11', 'timestamp': 1670360077.60304, 'message': 'Dec  6 22:54:37 hqnl0246134 sshd[262822]: Disconnected from invalid user mcserver 194.204.194.11 port 46484 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 22:54:39,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360079.605259, 'message': 'Dec  6 22:54:38 hqnl0246134 sshd[262823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:54:41,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360081.6087294, 'message': 'Dec  6 22:54:39 hqnl0246134 sshd[262823]: Failed password for root from 61.177.173.18 port 58353 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:54:41,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360081.609025, 'message': 'Dec  6 22:54:40 hqnl0246134 sshd[262823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:54:43,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360083.6148524, 'message': 'Dec  6 22:54:42 hqnl0246134 sshd[262827]: Invalid user test from 36.110.228.254 port 54310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-06 22:54:43,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360083.6154864, 'message': 'Dec  6 22:54:42 hqnl0246134 sshd[262823]: Failed password for root from 61.177.173.18 port 58353 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 22:54:43,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360083.615107, 'message': 'Dec  6 22:54:42 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:54:43,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360083.615315, 'message': 'Dec  6 22:54:42 hqnl0246134 sshd[262827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 22:54:45,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360085.625132, 'message': 'Dec  6 22:54:43 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:54:45,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360085.6253529, 'message': 'Dec  6 22:54:44 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:54:47,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360087.629839, 'message': 'Dec  6 22:54:47 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:54:49,433] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:54:49,434] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:54:49,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360089.6403985, 'message': 'Dec  6 22:54:47 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:54:49,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670360089.6405995, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262838]: Invalid user cs from 194.135.20.5 port 60760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:54:49,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.135.20.5', 'timestamp': 1670360089.6407344, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.135.20.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:54:49,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.135.20.5', 'timestamp': 1670360089.6408973, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.135.20.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:54:51,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670360091.6420743, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262840]: Invalid user sysadmin from 177.55.100.134 port 41698', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-06 22:54:51,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360091.6425357, 'message': 'Dec  6 22:54:50 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-06 22:54:51,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670360091.642647, 'message': 'Dec  6 22:54:51 hqnl0246134 sshd[262838]: Failed password for invalid user cs from 194.135.20.5 port 60760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-06 22:54:51,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.55.100.134', 'timestamp': 1670360091.6422665, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.55.100.134 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:54:51,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.135.20.5', 'timestamp': 1670360091.643327, 'message': 'Dec  6 22:54:51 hqnl0246134 sshd[262838]: Disconnected from invalid user cs 194.135.20.5 port 60760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 22:54:51,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.55.100.134', 'timestamp': 1670360091.6423771, 'message': 'Dec  6 22:54:49 hqnl0246134 sshd[262840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.55.100.134 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 22:54:51,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670360091.6434822, 'message': 'Dec  6 22:54:51 hqnl0246134 sshd[262840]: Failed password for invalid user sysadmin from 177.55.100.134 port 41698 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:54:53,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.55.100.134', 'timestamp': 1670360093.6448557, 'message': 'Dec  6 22:54:51 hqnl0246134 sshd[262840]: Disconnected from invalid user sysadmin 177.55.100.134 port 41698 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 22:54:53,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360093.645055, 'message': 'Dec  6 22:54:52 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:54:55,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360095.6460748, 'message': 'Dec  6 22:54:54 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 22:54:55,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360095.6463532, 'message': 'Dec  6 22:54:55 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:54:57,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670360097.6486807, 'message': 'Dec  6 22:54:56 hqnl0246134 sshd[262844]: Invalid user eagle from 178.62.24.222 port 39068', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 22:54:57,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360097.649214, 'message': 'Dec  6 22:54:57 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 22:54:57,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.24.222', 'timestamp': 1670360097.6489067, 'message': 'Dec  6 22:54:57 hqnl0246134 sshd[262844]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.24.222 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:54:57,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.24.222', 'timestamp': 1670360097.6490216, 'message': 'Dec  6 22:54:57 hqnl0246134 sshd[262844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.24.222 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:54:59,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360099.6499367, 'message': 'Dec  6 22:54:57 hqnl0246134 sshd[262827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:54:59,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670360099.6501052, 'message': 'Dec  6 22:54:59 hqnl0246134 sshd[262844]: Failed password for invalid user eagle from 178.62.24.222 port 39068 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 22:55:01,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6532917, 'message': 'Dec  6 22:54:59 hqnl0246134 sshd[262827]: Failed password for invalid user test from 36.110.228.254 port 54310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 22:55:01,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.24.222', 'timestamp': 1670360101.6667886, 'message': 'Dec  6 22:55:00 hqnl0246134 sshd[262844]: Disconnected from invalid user eagle 178.62.24.222 port 39068 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0659 seconds
INFO    [2022-12-06 22:55:01,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360101.6669438, 'message': 'Dec  6 22:55:00 hqnl0246134 sshd[262847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0660 seconds
INFO    [2022-12-06 22:55:01,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6536422, 'message': 'Dec  6 22:55:00 hqnl0246134 sshd[262827]: error: maximum authentication attempts exceeded for invalid user test from 36.110.228.254 port 54310 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-06 22:55:01,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6538198, 'message': 'Dec  6 22:55:00 hqnl0246134 sshd[262827]: Disconnecting invalid user test 36.110.228.254 port 54310: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:55:01,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6670506, 'message': 'Dec  6 22:55:01 hqnl0246134 sshd[262849]: Invalid user test from 36.110.228.254 port 41516', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 22:55:01,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6672275, 'message': 'Dec  6 22:55:01 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:55:01,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360101.6673498, 'message': 'Dec  6 22:55:01 hqnl0246134 sshd[262849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:55:03,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360103.6614978, 'message': 'Dec  6 22:55:02 hqnl0246134 sshd[262847]: Failed password for root from 165.227.166.207 port 34350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-06 22:55:03,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360103.6694937, 'message': 'Dec  6 22:55:03 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-06 22:55:05,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360105.665617, 'message': 'Dec  6 22:55:03 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 22:55:07,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360107.6768801, 'message': 'Dec  6 22:55:05 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 22:55:07,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670360107.6780245, 'message': 'Dec  6 22:55:07 hqnl0246134 sshd[262870]: Invalid user ahmad from 103.187.146.55 port 57664', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 22:55:07,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360107.6778595, 'message': 'Dec  6 22:55:06 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:55:07,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.55', 'timestamp': 1670360107.6781945, 'message': 'Dec  6 22:55:07 hqnl0246134 sshd[262870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 22:55:07,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.55', 'timestamp': 1670360107.678377, 'message': 'Dec  6 22:55:07 hqnl0246134 sshd[262870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:55:09,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360109.6822467, 'message': 'Dec  6 22:55:07 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-06 22:55:09,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670360109.6827161, 'message': 'Dec  6 22:55:09 hqnl0246134 sshd[262870]: Failed password for invalid user ahmad from 103.187.146.55 port 57664 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 22:55:09,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360109.68252, 'message': 'Dec  6 22:55:08 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 22:55:10,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:55:10,885] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0408 seconds
INFO    [2022-12-06 22:55:11,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670360111.6849637, 'message': 'Dec  6 22:55:09 hqnl0246134 sshd[262870]: Disconnected from invalid user ahmad 103.187.146.55 port 57664 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 22:55:11,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360111.6852598, 'message': 'Dec  6 22:55:10 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:55:11,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360111.6854734, 'message': 'Dec  6 22:55:11 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:55:12,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:55:12,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:55:12,481] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:55:12,494] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 22:55:13,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360113.6860893, 'message': 'Dec  6 22:55:13 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 22:55:15,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360115.6883738, 'message': 'Dec  6 22:55:14 hqnl0246134 sshd[262894]: Invalid user center from 103.67.165.114 port 48630', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 22:55:15,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360115.6885934, 'message': 'Dec  6 22:55:14 hqnl0246134 sshd[262894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.67.165.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 22:55:15,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360115.6887321, 'message': 'Dec  6 22:55:14 hqnl0246134 sshd[262894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.165.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:55:17,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360117.6901488, 'message': 'Dec  6 22:55:15 hqnl0246134 sshd[262849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-06 22:55:17,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360117.6903362, 'message': 'Dec  6 22:55:16 hqnl0246134 sshd[262894]: Failed password for invalid user center from 103.67.165.114 port 48630 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-06 22:55:17,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360117.6904645, 'message': 'Dec  6 22:55:17 hqnl0246134 sshd[262894]: Disconnected from invalid user center 103.67.165.114 port 48630 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 22:55:17,955] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:55:17,956] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:55:17,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:55:17,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 22:55:19,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.6938107, 'message': 'Dec  6 22:55:17 hqnl0246134 sshd[262849]: Failed password for invalid user test from 36.110.228.254 port 41516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0796 seconds
INFO    [2022-12-06 22:55:19,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.6941054, 'message': 'Dec  6 22:55:18 hqnl0246134 sshd[262849]: error: maximum authentication attempts exceeded for invalid user test from 36.110.228.254 port 41516 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1226 seconds
INFO    [2022-12-06 22:55:19,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.694279, 'message': 'Dec  6 22:55:18 hqnl0246134 sshd[262849]: Disconnecting invalid user test 36.110.228.254 port 41516: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-06 22:55:20,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.6944613, 'message': 'Dec  6 22:55:19 hqnl0246134 sshd[262910]: Invalid user test from 36.110.228.254 port 47873', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1055 seconds
INFO    [2022-12-06 22:55:20,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.6946316, 'message': 'Dec  6 22:55:19 hqnl0246134 sshd[262910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0598 seconds
INFO    [2022-12-06 22:55:20,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360119.6947942, 'message': 'Dec  6 22:55:19 hqnl0246134 sshd[262910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-06 22:55:21,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360121.6947875, 'message': 'Dec  6 22:55:21 hqnl0246134 sshd[262910]: Failed password for invalid user test from 36.110.228.254 port 47873 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-06 22:55:21,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360121.6950119, 'message': 'Dec  6 22:55:21 hqnl0246134 sshd[262915]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-06 22:55:21,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360121.6951282, 'message': 'Dec  6 22:55:21 hqnl0246134 sshd[262915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 22:55:22,193] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:55:22,194] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:55:22,204] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:55:22,224] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-06 22:55:23,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360123.6960132, 'message': 'Dec  6 22:55:21 hqnl0246134 sshd[262910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:55:23,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360123.696323, 'message': 'Dec  6 22:55:23 hqnl0246134 sshd[262915]: Failed password for root from 61.177.173.18 port 46365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-06 22:55:23,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360123.696473, 'message': 'Dec  6 22:55:23 hqnl0246134 sshd[262910]: Failed password for invalid user test from 36.110.228.254 port 47873 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:55:25,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360125.6986291, 'message': 'Dec  6 22:55:23 hqnl0246134 sshd[262915]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:55:25,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360125.6988516, 'message': 'Dec  6 22:55:24 hqnl0246134 sshd[262910]: Disconnected from invalid user test 36.110.228.254 port 47873 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:55:25,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360125.698965, 'message': 'Dec  6 22:55:25 hqnl0246134 sshd[262920]: Invalid user user from 36.110.228.254 port 11787', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:55:25,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360125.6990774, 'message': 'Dec  6 22:55:25 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:55:25,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360125.6992173, 'message': 'Dec  6 22:55:25 hqnl0246134 sshd[262920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:55:27,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360127.7069118, 'message': 'Dec  6 22:55:26 hqnl0246134 sshd[262915]: Failed password for root from 61.177.173.18 port 46365 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-06 22:55:27,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360127.7071362, 'message': 'Dec  6 22:55:26 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0717 seconds
INFO    [2022-12-06 22:55:27,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360127.7073724, 'message': 'Dec  6 22:55:27 hqnl0246134 sshd[262922]: Invalid user sysadmin from 41.149.77.178 port 40244', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0726 seconds
INFO    [2022-12-06 22:55:27,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360127.7072692, 'message': 'Dec  6 22:55:27 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-06 22:55:27,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360127.7075026, 'message': 'Dec  6 22:55:27 hqnl0246134 sshd[262922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.149.77.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 22:55:27,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360127.707605, 'message': 'Dec  6 22:55:27 hqnl0246134 sshd[262922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.149.77.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 22:55:29,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360129.7184124, 'message': 'Dec  6 22:55:28 hqnl0246134 sshd[262915]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-06 22:55:29,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360129.7186859, 'message': 'Dec  6 22:55:29 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 22:55:29,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360129.7188158, 'message': 'Dec  6 22:55:29 hqnl0246134 sshd[262922]: Failed password for invalid user sysadmin from 41.149.77.178 port 40244 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-06 22:55:31,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360131.7205007, 'message': 'Dec  6 22:55:30 hqnl0246134 sshd[262915]: Failed password for root from 61.177.173.18 port 46365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 22:55:31,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360131.7207594, 'message': 'Dec  6 22:55:31 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-06 22:55:31,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360131.7208858, 'message': 'Dec  6 22:55:31 hqnl0246134 sshd[262922]: Disconnected from invalid user sysadmin 41.149.77.178 port 40244 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-06 22:55:33,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360133.7222805, 'message': 'Dec  6 22:55:33 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:55:33,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360133.7225647, 'message': 'Dec  6 22:55:33 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 22:55:35,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360135.7246394, 'message': 'Dec  6 22:55:35 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 22:55:35,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360135.7250342, 'message': 'Dec  6 22:55:35 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 22:55:39,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360139.7306576, 'message': 'Dec  6 22:55:37 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 22:55:41,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360141.7325914, 'message': 'Dec  6 22:55:39 hqnl0246134 sshd[262920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:55:43,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360143.7343907, 'message': 'Dec  6 22:55:42 hqnl0246134 sshd[262920]: Failed password for invalid user user from 36.110.228.254 port 11787 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 22:55:43,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360143.734682, 'message': 'Dec  6 22:55:43 hqnl0246134 sshd[262920]: error: maximum authentication attempts exceeded for invalid user user from 36.110.228.254 port 11787 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:55:43,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360143.7348528, 'message': 'Dec  6 22:55:43 hqnl0246134 sshd[262920]: Disconnecting invalid user user 36.110.228.254 port 11787: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 22:55:45,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360145.7372725, 'message': 'Dec  6 22:55:44 hqnl0246134 sshd[262962]: Invalid user user from 36.110.228.254 port 22048', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:55:45,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360145.7437787, 'message': 'Dec  6 22:55:44 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 22:55:45,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360145.7440577, 'message': 'Dec  6 22:55:44 hqnl0246134 sshd[262962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 22:55:47,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360147.7379322, 'message': 'Dec  6 22:55:46 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 22:55:47,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360147.7382116, 'message': 'Dec  6 22:55:46 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 22:55:49,437] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:55:49,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:55:49,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360149.7381246, 'message': 'Dec  6 22:55:49 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:55:51,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360151.740686, 'message': 'Dec  6 22:55:51 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:55:53,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360153.7415385, 'message': 'Dec  6 22:55:53 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:55:55,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360155.7449331, 'message': 'Dec  6 22:55:55 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:55:57,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360157.7492833, 'message': 'Dec  6 22:55:56 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:55:57,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360157.749648, 'message': 'Dec  6 22:55:57 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 22:55:59,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360159.7496393, 'message': 'Dec  6 22:55:59 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:56:01,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.14', 'timestamp': 1670360161.7545152, 'message': 'Dec  6 22:56:01 hqnl0246134 sshd[262975]: Invalid user yt from 103.89.85.14 port 52458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-06 22:56:01,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360161.7548425, 'message': 'Dec  6 22:56:01 hqnl0246134 sshd[262962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-06 22:56:01,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.14', 'timestamp': 1670360161.7550254, 'message': 'Dec  6 22:56:01 hqnl0246134 sshd[262975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:56:01,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.14', 'timestamp': 1670360161.7552016, 'message': 'Dec  6 22:56:01 hqnl0246134 sshd[262975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:56:03,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360163.7567897, 'message': 'Dec  6 22:56:03 hqnl0246134 sshd[262962]: Failed password for invalid user user from 36.110.228.254 port 22048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-06 22:56:03,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.14', 'timestamp': 1670360163.7570853, 'message': 'Dec  6 22:56:03 hqnl0246134 sshd[262975]: Failed password for invalid user yt from 103.89.85.14 port 52458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-06 22:56:03,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360163.7572775, 'message': 'Dec  6 22:56:03 hqnl0246134 sshd[262962]: error: maximum authentication attempts exceeded for invalid user user from 36.110.228.254 port 22048 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 22:56:03,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360163.7574677, 'message': 'Dec  6 22:56:03 hqnl0246134 sshd[262962]: Disconnecting invalid user user 36.110.228.254 port 22048: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:56:05,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360165.7606633, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262991]: Invalid user user from 36.110.228.254 port 33643', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-06 22:56:05,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360165.7614727, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-06 22:56:05,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360165.7609591, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0772 seconds
INFO    [2022-12-06 22:56:05,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.14', 'timestamp': 1670360165.7618337, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262975]: Disconnected from invalid user yt 103.89.85.14 port 52458 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0777 seconds
INFO    [2022-12-06 22:56:05,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360165.7616572, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0760 seconds
INFO    [2022-12-06 22:56:05,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360165.761216, 'message': 'Dec  6 22:56:04 hqnl0246134 sshd[262991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 22:56:07,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360167.762568, 'message': 'Dec  6 22:56:06 hqnl0246134 sshd[262991]: Failed password for invalid user user from 36.110.228.254 port 33643 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 22:56:07,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360167.762982, 'message': 'Dec  6 22:56:06 hqnl0246134 sshd[262989]: Failed password for root from 61.177.173.18 port 52442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 22:56:09,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360169.765278, 'message': 'Dec  6 22:56:08 hqnl0246134 sshd[262991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:56:09,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360169.7655265, 'message': 'Dec  6 22:56:09 hqnl0246134 sshd[262989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-06 22:56:10,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:56:10,882] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-06 22:56:11,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.199.109.204', 'timestamp': 1670360171.7678576, 'message': 'Dec  6 22:56:09 hqnl0246134 sshd[263003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.199.109.204 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0763 seconds
INFO    [2022-12-06 22:56:11,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360171.7684016, 'message': 'Dec  6 22:56:10 hqnl0246134 sshd[262991]: Failed password for invalid user user from 36.110.228.254 port 33643 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0770 seconds
INFO    [2022-12-06 22:56:11,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360171.7687943, 'message': 'Dec  6 22:56:11 hqnl0246134 sshd[262989]: Failed password for root from 61.177.173.18 port 52442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0768 seconds
INFO    [2022-12-06 22:56:11,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.199.109.204', 'timestamp': 1670360171.7681763, 'message': 'Dec  6 22:56:09 hqnl0246134 sshd[263003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.109.204  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 22:56:11,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360171.7686083, 'message': 'Dec  6 22:56:11 hqnl0246134 sshd[262991]: Disconnected from invalid user user 36.110.228.254 port 33643 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 22:56:13,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.199.109.204', 'timestamp': 1670360173.769386, 'message': 'Dec  6 22:56:11 hqnl0246134 sshd[263003]: Failed password for root from 198.199.109.204 port 44308 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0721 seconds
INFO    [2022-12-06 22:56:13,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360173.7697244, 'message': 'Dec  6 22:56:12 hqnl0246134 sshd[263005]: Invalid user ftpuser from 36.110.228.254 port 59210', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0724 seconds
INFO    [2022-12-06 22:56:13,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360173.7702792, 'message': 'Dec  6 22:56:13 hqnl0246134 sshd[262989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0714 seconds
INFO    [2022-12-06 22:56:13,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360173.7699335, 'message': 'Dec  6 22:56:12 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:56:13,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360173.7701194, 'message': 'Dec  6 22:56:12 hqnl0246134 sshd[263005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 22:56:14,371] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 22:56:14,438] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 22:56:14,439] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 22:56:14,439] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 22:56:14,439] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 22:56:14,439] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 22:56:14,450] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 22:56:14,467] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0269 seconds
WARNING [2022-12-06 22:56:14,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 22:56:14,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:56:14,494] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0328 seconds
INFO    [2022-12-06 22:56:14,495] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-06 22:56:15,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360175.7707517, 'message': 'Dec  6 22:56:14 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-06 22:56:15,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360175.771323, 'message': 'Dec  6 22:56:15 hqnl0246134 sshd[262989]: Failed password for root from 61.177.173.18 port 52442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0719 seconds
INFO    [2022-12-06 22:56:15,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360175.7711174, 'message': 'Dec  6 22:56:14 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 22:56:17,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360177.77294, 'message': 'Dec  6 22:56:16 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 22:56:17,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360177.7732863, 'message': 'Dec  6 22:56:17 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 22:56:18,235] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:56:18,236] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:56:18,247] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:56:18,261] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-06 22:56:21,026] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:56:21,026] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:56:21,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:56:21,047] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:56:21,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360181.7827199, 'message': 'Dec  6 22:56:20 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 22:56:21,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360181.7829242, 'message': 'Dec  6 22:56:20 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:56:23,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360183.7851925, 'message': 'Dec  6 22:56:21 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:56:23,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360183.7854784, 'message': 'Dec  6 22:56:23 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 22:56:25,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360185.7857654, 'message': 'Dec  6 22:56:25 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:56:27,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360187.7872043, 'message': 'Dec  6 22:56:26 hqnl0246134 sshd[263005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:56:29,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360189.789529, 'message': 'Dec  6 22:56:28 hqnl0246134 sshd[263005]: Failed password for invalid user ftpuser from 36.110.228.254 port 59210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:56:29,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360189.7898052, 'message': 'Dec  6 22:56:28 hqnl0246134 sshd[263005]: error: maximum authentication attempts exceeded for invalid user ftpuser from 36.110.228.254 port 59210 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 22:56:29,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360189.7899356, 'message': 'Dec  6 22:56:28 hqnl0246134 sshd[263005]: Disconnecting invalid user ftpuser 36.110.228.254 port 59210: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-06 22:56:31,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:56:31,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:56:31,409] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:56:31,420] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 22:56:31,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360191.789885, 'message': 'Dec  6 22:56:29 hqnl0246134 sshd[263031]: Invalid user ftpuser from 36.110.228.254 port 63327', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 22:56:31,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360191.7901697, 'message': 'Dec  6 22:56:29 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 22:56:31,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360191.7921984, 'message': 'Dec  6 22:56:29 hqnl0246134 sshd[263031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 22:56:33,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360193.7924223, 'message': 'Dec  6 22:56:32 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:56:33,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360193.7926707, 'message': 'Dec  6 22:56:32 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:56:35,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360195.794226, 'message': 'Dec  6 22:56:34 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:56:35,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360195.7945247, 'message': 'Dec  6 22:56:35 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:56:39,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360199.7979813, 'message': 'Dec  6 22:56:38 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 22:56:41,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360201.8000512, 'message': 'Dec  6 22:56:40 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:56:43,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360203.8019614, 'message': 'Dec  6 22:56:42 hqnl0246134 sshd[263047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.255.116.74 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 22:56:43,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360203.8023863, 'message': 'Dec  6 22:56:43 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 22:56:43,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360203.8021967, 'message': 'Dec  6 22:56:42 hqnl0246134 sshd[263047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.255.116.74  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-06 22:56:43,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360203.802538, 'message': 'Dec  6 22:56:43 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 22:56:44,706] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 22:56:44,707] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 22:56:44,708] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 22:56:45,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.255.116.74', 'timestamp': 1670360205.8076453, 'message': 'Dec  6 22:56:44 hqnl0246134 sshd[263047]: Failed password for root from 139.255.116.74 port 60108 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:56:45,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360205.807892, 'message': 'Dec  6 22:56:44 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:56:47,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360207.8137717, 'message': 'Dec  6 22:56:46 hqnl0246134 sshd[263031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 22:56:49,442] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:56:49,443] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:56:49,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360209.8162048, 'message': 'Dec  6 22:56:48 hqnl0246134 sshd[263031]: Failed password for invalid user ftpuser from 36.110.228.254 port 63327 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 22:56:49,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360209.816569, 'message': 'Dec  6 22:56:48 hqnl0246134 sshd[263031]: error: maximum authentication attempts exceeded for invalid user ftpuser from 36.110.228.254 port 63327 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 22:56:49,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360209.81718, 'message': 'Dec  6 22:56:48 hqnl0246134 sshd[263031]: Disconnecting invalid user ftpuser 36.110.228.254 port 63327: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:56:51,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360211.828436, 'message': 'Dec  6 22:56:50 hqnl0246134 sshd[263050]: Invalid user ftpuser from 36.110.228.254 port 15770', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-06 22:56:51,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360211.8288367, 'message': 'Dec  6 22:56:51 hqnl0246134 sshd[263052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 22:56:51,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360211.8286257, 'message': 'Dec  6 22:56:50 hqnl0246134 sshd[263050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 22:56:51,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360211.8289375, 'message': 'Dec  6 22:56:51 hqnl0246134 sshd[263052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 22:56:51,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360211.8287342, 'message': 'Dec  6 22:56:50 hqnl0246134 sshd[263050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:56:53,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360213.8207908, 'message': 'Dec  6 22:56:51 hqnl0246134 sshd[263050]: Failed password for invalid user ftpuser from 36.110.228.254 port 15770 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 22:56:53,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360213.821098, 'message': 'Dec  6 22:56:53 hqnl0246134 sshd[263052]: Failed password for root from 61.177.173.18 port 23418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-06 22:56:53,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360213.8209817, 'message': 'Dec  6 22:56:53 hqnl0246134 sshd[263050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 22:56:55,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360215.822128, 'message': 'Dec  6 22:56:55 hqnl0246134 sshd[263050]: Failed password for invalid user ftpuser from 36.110.228.254 port 15770 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:56:55,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360215.8223474, 'message': 'Dec  6 22:56:55 hqnl0246134 sshd[263052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 22:56:55,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360215.8225062, 'message': 'Dec  6 22:56:55 hqnl0246134 sshd[263050]: Disconnected from invalid user ftpuser 36.110.228.254 port 15770 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 22:56:57,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360217.8245986, 'message': 'Dec  6 22:56:57 hqnl0246134 sshd[263052]: Failed password for root from 61.177.173.18 port 23418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 22:56:57,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360217.8248343, 'message': 'Dec  6 22:56:57 hqnl0246134 sshd[263055]: Invalid user test1 from 36.110.228.254 port 37392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-06 22:56:57,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360217.8250084, 'message': 'Dec  6 22:56:57 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 22:56:57,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360217.8251219, 'message': 'Dec  6 22:56:57 hqnl0246134 sshd[263055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:56:59,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360219.8263078, 'message': 'Dec  6 22:56:57 hqnl0246134 sshd[263052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1038 seconds
INFO    [2022-12-06 22:56:59,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360219.8266752, 'message': 'Dec  6 22:56:59 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1040 seconds
INFO    [2022-12-06 22:57:01,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360221.8293955, 'message': 'Dec  6 22:56:59 hqnl0246134 sshd[263052]: Failed password for root from 61.177.173.18 port 23418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 22:57:01,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360221.8312192, 'message': 'Dec  6 22:57:00 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-06 22:57:01,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360221.8313801, 'message': 'Dec  6 22:57:01 hqnl0246134 sshd[263067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-06 22:57:03,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360223.8305173, 'message': 'Dec  6 22:57:02 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:57:03,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360223.8307276, 'message': 'Dec  6 22:57:03 hqnl0246134 sshd[263067]: Failed password for root from 165.227.166.207 port 44636 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 22:57:05,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360225.832892, 'message': 'Dec  6 22:57:03 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 22:57:07,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360227.8337476, 'message': 'Dec  6 22:57:06 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 22:57:07,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360227.8340797, 'message': 'Dec  6 22:57:07 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:57:09,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360229.8372223, 'message': 'Dec  6 22:57:09 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 22:57:10,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:57:10,887] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-06 22:57:11,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360231.8378282, 'message': 'Dec  6 22:57:10 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 22:57:13,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360233.8410168, 'message': 'Dec  6 22:57:12 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 22:57:13,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360233.8412895, 'message': 'Dec  6 22:57:13 hqnl0246134 sshd[263055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 22:57:15,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360235.841793, 'message': 'Dec  6 22:57:15 hqnl0246134 sshd[263055]: Failed password for invalid user test1 from 36.110.228.254 port 37392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:57:17,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360237.8445497, 'message': 'Dec  6 22:57:16 hqnl0246134 sshd[263055]: error: maximum authentication attempts exceeded for invalid user test1 from 36.110.228.254 port 37392 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:57:17,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360237.8447793, 'message': 'Dec  6 22:57:16 hqnl0246134 sshd[263055]: Disconnecting invalid user test1 36.110.228.254 port 37392: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:57:17,980] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:57:17,981] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:57:17,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:57:18,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 22:57:19,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360239.846004, 'message': 'Dec  6 22:57:18 hqnl0246134 sshd[263093]: Invalid user test1 from 36.110.228.254 port 48441', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:57:19,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360239.8462477, 'message': 'Dec  6 22:57:18 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 22:57:19,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360239.8463612, 'message': 'Dec  6 22:57:18 hqnl0246134 sshd[263093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 22:57:20,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:57:20,947] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:57:20,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:57:20,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-06 22:57:21,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360241.917126, 'message': 'Dec  6 22:57:20 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 22:57:21,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360241.9173172, 'message': 'Dec  6 22:57:21 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 22:57:23,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360243.850205, 'message': 'Dec  6 22:57:23 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:57:25,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360245.8540401, 'message': 'Dec  6 22:57:24 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:57:27,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360247.8575642, 'message': 'Dec  6 22:57:26 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 22:57:27,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360247.8578439, 'message': 'Dec  6 22:57:27 hqnl0246134 sshd[263106]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.76.121.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-06 22:57:27,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360247.8580825, 'message': 'Dec  6 22:57:27 hqnl0246134 sshd[263106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.121.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:57:29,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360249.8614302, 'message': 'Dec  6 22:57:28 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 22:57:31,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '203.76.121.230', 'timestamp': 1670360251.8616533, 'message': 'Dec  6 22:57:29 hqnl0246134 sshd[263106]: Failed password for root from 203.76.121.230 port 58332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:57:31,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360251.8618426, 'message': 'Dec  6 22:57:30 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 22:57:33,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360253.86448, 'message': 'Dec  6 22:57:32 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 22:57:34,345] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:57:34,345] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:57:34,352] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:57:34,364] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 22:57:35,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360255.8659909, 'message': 'Dec  6 22:57:33 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 22:57:35,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360255.866181, 'message': 'Dec  6 22:57:35 hqnl0246134 sshd[263093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 22:57:37,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360257.8723757, 'message': 'Dec  6 22:57:37 hqnl0246134 sshd[263093]: Failed password for invalid user test1 from 36.110.228.254 port 48441 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0980 seconds
INFO    [2022-12-06 22:57:39,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360259.870629, 'message': 'Dec  6 22:57:38 hqnl0246134 sshd[263093]: error: maximum authentication attempts exceeded for invalid user test1 from 36.110.228.254 port 48441 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 22:57:39,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360259.8710866, 'message': 'Dec  6 22:57:38 hqnl0246134 sshd[263113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 22:57:39,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360259.8709466, 'message': 'Dec  6 22:57:38 hqnl0246134 sshd[263093]: Disconnecting invalid user test1 36.110.228.254 port 48441: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-06 22:57:39,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360259.8711936, 'message': 'Dec  6 22:57:38 hqnl0246134 sshd[263113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 22:57:39,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360259.8712957, 'message': 'Dec  6 22:57:39 hqnl0246134 sshd[263123]: Invalid user test1 from 36.110.228.254 port 61580', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:57:39,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360259.8714142, 'message': 'Dec  6 22:57:39 hqnl0246134 sshd[263123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:57:40,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360259.8715758, 'message': 'Dec  6 22:57:39 hqnl0246134 sshd[263123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:57:41,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360261.8740993, 'message': 'Dec  6 22:57:40 hqnl0246134 sshd[263113]: Failed password for root from 61.177.173.18 port 45911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 22:57:41,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360261.8744044, 'message': 'Dec  6 22:57:41 hqnl0246134 sshd[263123]: Failed password for invalid user test1 from 36.110.228.254 port 61580 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 22:57:41,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360261.8742905, 'message': 'Dec  6 22:57:40 hqnl0246134 sshd[263113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 22:57:43,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360263.8769255, 'message': 'Dec  6 22:57:42 hqnl0246134 sshd[263123]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:57:43,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360263.877113, 'message': 'Dec  6 22:57:43 hqnl0246134 sshd[263113]: Failed password for root from 61.177.173.18 port 45911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:57:45,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360265.8779194, 'message': 'Dec  6 22:57:44 hqnl0246134 sshd[263123]: Failed password for invalid user test1 from 36.110.228.254 port 61580 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 22:57:45,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360265.8781414, 'message': 'Dec  6 22:57:45 hqnl0246134 sshd[263113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:57:45,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360265.8782542, 'message': 'Dec  6 22:57:45 hqnl0246134 sshd[263123]: Disconnected from invalid user test1 36.110.228.254 port 61580 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 22:57:47,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360267.883517, 'message': 'Dec  6 22:57:46 hqnl0246134 sshd[263126]: Invalid user test2 from 36.110.228.254 port 28921', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0580 seconds
INFO    [2022-12-06 22:57:47,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360267.8840618, 'message': 'Dec  6 22:57:47 hqnl0246134 sshd[263113]: Failed password for root from 61.177.173.18 port 45911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-06 22:57:47,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360267.8837473, 'message': 'Dec  6 22:57:46 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 22:57:47,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360267.8838623, 'message': 'Dec  6 22:57:46 hqnl0246134 sshd[263126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-06 22:57:49,448] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:57:49,449] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:57:49,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360269.8857427, 'message': 'Dec  6 22:57:49 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:57:52,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360271.995519, 'message': 'Dec  6 22:57:51 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:57:53,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360273.8899455, 'message': 'Dec  6 22:57:52 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 22:57:53,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360273.8901622, 'message': 'Dec  6 22:57:53 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 22:57:57,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360277.8941872, 'message': 'Dec  6 22:57:55 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:57:57,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360277.8944094, 'message': 'Dec  6 22:57:57 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 22:57:59,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360279.8966153, 'message': 'Dec  6 22:57:59 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 22:58:01,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360281.898908, 'message': 'Dec  6 22:58:01 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 22:58:03,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360283.9005892, 'message': 'Dec  6 22:58:03 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:58:03,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360283.9009037, 'message': 'Dec  6 22:58:03 hqnl0246134 sshd[263126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:58:05,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360285.9035664, 'message': 'Dec  6 22:58:05 hqnl0246134 sshd[263126]: Failed password for invalid user test2 from 36.110.228.254 port 28921 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 22:58:05,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360285.9037738, 'message': 'Dec  6 22:58:05 hqnl0246134 sshd[263126]: error: maximum authentication attempts exceeded for invalid user test2 from 36.110.228.254 port 28921 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 22:58:05,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360285.9039361, 'message': 'Dec  6 22:58:05 hqnl0246134 sshd[263126]: Disconnecting invalid user test2 36.110.228.254 port 28921: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 22:58:07,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360287.9080462, 'message': 'Dec  6 22:58:07 hqnl0246134 sshd[263147]: Invalid user test2 from 36.110.228.254 port 36144', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:58:07,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360287.908294, 'message': 'Dec  6 22:58:07 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:58:08,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360287.9084096, 'message': 'Dec  6 22:58:07 hqnl0246134 sshd[263147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1080 seconds
INFO    [2022-12-06 22:58:09,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360289.9103744, 'message': 'Dec  6 22:58:09 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
WARNING [2022-12-06 22:58:10,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:58:10,888] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-06 22:58:11,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360291.9123764, 'message': 'Dec  6 22:58:11 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 22:58:13,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360293.9138823, 'message': 'Dec  6 22:58:13 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 22:58:15,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360295.9161205, 'message': 'Dec  6 22:58:15 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 22:58:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:58:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:58:17,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:58:17,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 22:58:17,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360297.9185975, 'message': 'Dec  6 22:58:17 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:58:20,656] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:58:20,656] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:58:20,663] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:58:20,675] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 22:58:21,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360301.9216745, 'message': 'Dec  6 22:58:19 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:58:23,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360303.924104, 'message': 'Dec  6 22:58:22 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:58:25,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360305.925026, 'message': 'Dec  6 22:58:24 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 22:58:25,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360305.9253268, 'message': 'Dec  6 22:58:25 hqnl0246134 sshd[263168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:58:25,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360305.9255345, 'message': 'Dec  6 22:58:25 hqnl0246134 sshd[263168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 22:58:27,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360307.92585, 'message': 'Dec  6 22:58:26 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 22:58:27,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360307.9260404, 'message': 'Dec  6 22:58:26 hqnl0246134 sshd[263168]: Failed password for root from 61.177.173.18 port 62338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 22:58:27,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360307.9261513, 'message': 'Dec  6 22:58:27 hqnl0246134 sshd[263168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-06 22:58:29,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360309.9296148, 'message': 'Dec  6 22:58:28 hqnl0246134 sshd[263147]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0604 seconds
INFO    [2022-12-06 22:58:29,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360309.9311247, 'message': 'Dec  6 22:58:29 hqnl0246134 sshd[263168]: Failed password for root from 61.177.173.18 port 62338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-06 22:58:30,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360309.9312906, 'message': 'Dec  6 22:58:29 hqnl0246134 sshd[263168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 22:58:31,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360311.930193, 'message': 'Dec  6 22:58:30 hqnl0246134 sshd[263147]: Failed password for invalid user test2 from 36.110.228.254 port 36144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 22:58:33,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360313.932795, 'message': 'Dec  6 22:58:32 hqnl0246134 sshd[263168]: Failed password for root from 61.177.173.18 port 62338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-06 22:58:33,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360313.9329984, 'message': 'Dec  6 22:58:32 hqnl0246134 sshd[263147]: error: maximum authentication attempts exceeded for invalid user test2 from 36.110.228.254 port 36144 ssh2 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 22:58:33,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360313.9331305, 'message': 'Dec  6 22:58:32 hqnl0246134 sshd[263147]: Disconnecting invalid user test2 36.110.228.254 port 36144: Too many authentication failures [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 22:58:34,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360313.933265, 'message': 'Dec  6 22:58:33 hqnl0246134 sshd[263171]: Invalid user test2 from 36.110.228.254 port 60004', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:58:34,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360313.9333696, 'message': 'Dec  6 22:58:33 hqnl0246134 sshd[263171]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 22:58:34,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360313.9335053, 'message': 'Dec  6 22:58:33 hqnl0246134 sshd[263171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 22:58:35,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360315.9353216, 'message': 'Dec  6 22:58:34 hqnl0246134 sshd[263173]: Invalid user xujie from 41.149.77.178 port 53572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-06 22:58:35,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360315.9360085, 'message': 'Dec  6 22:58:35 hqnl0246134 sshd[263171]: Failed password for invalid user test2 from 36.110.228.254 port 60004 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-06 22:58:35,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360315.9356718, 'message': 'Dec  6 22:58:34 hqnl0246134 sshd[263173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.149.77.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:58:36,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360315.935893, 'message': 'Dec  6 22:58:34 hqnl0246134 sshd[263173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.149.77.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 22:58:37,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360317.9370773, 'message': 'Dec  6 22:58:36 hqnl0246134 sshd[263173]: Failed password for invalid user xujie from 41.149.77.178 port 53572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-06 22:58:37,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360317.9375901, 'message': 'Dec  6 22:58:37 hqnl0246134 sshd[263171]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0519 seconds
INFO    [2022-12-06 22:58:38,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.149.77.178', 'timestamp': 1670360317.9373848, 'message': 'Dec  6 22:58:37 hqnl0246134 sshd[263173]: Disconnected from invalid user xujie 41.149.77.178 port 53572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 22:58:39,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360319.9377062, 'message': 'Dec  6 22:58:39 hqnl0246134 sshd[263171]: Failed password for invalid user test2 from 36.110.228.254 port 60004 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 22:58:41,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360321.9423573, 'message': 'Dec  6 22:58:40 hqnl0246134 sshd[263171]: Disconnected from invalid user test2 36.110.228.254 port 60004 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 22:58:41,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360321.9426641, 'message': 'Dec  6 22:58:40 hqnl0246134 sshd[263187]: Invalid user contador from 36.110.228.254 port 26365', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:58:42,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360321.9428623, 'message': 'Dec  6 22:58:40 hqnl0246134 sshd[263187]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 22:58:42,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360321.9429955, 'message': 'Dec  6 22:58:40 hqnl0246134 sshd[263187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 22:58:42,870] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:58:42,871] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:58:42,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:58:42,892] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 22:58:43,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360323.942196, 'message': 'Dec  6 22:58:43 hqnl0246134 sshd[263187]: Failed password for invalid user contador from 36.110.228.254 port 26365 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 22:58:45,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360325.9444315, 'message': 'Dec  6 22:58:44 hqnl0246134 sshd[263187]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 22:58:47,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360327.9474013, 'message': 'Dec  6 22:58:46 hqnl0246134 sshd[263187]: Failed password for invalid user contador from 36.110.228.254 port 26365 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 22:58:47,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360327.9476285, 'message': 'Dec  6 22:58:47 hqnl0246134 sshd[263197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.180.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 22:58:47,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360327.9477544, 'message': 'Dec  6 22:58:47 hqnl0246134 sshd[263197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 22:58:49,457] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:58:49,458] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 22:58:49,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360329.957731, 'message': 'Dec  6 22:58:48 hqnl0246134 sshd[263187]: Disconnected from invalid user contador 36.110.228.254 port 26365 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-06 22:58:49,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360329.957912, 'message': 'Dec  6 22:58:49 hqnl0246134 sshd[263197]: Failed password for root from 138.197.180.102 port 54126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-06 22:58:51,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360331.9612179, 'message': 'Dec  6 22:58:50 hqnl0246134 sshd[263199]: Invalid user duni from 36.110.228.254 port 50308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:58:52,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360331.9615133, 'message': 'Dec  6 22:58:50 hqnl0246134 sshd[263199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:58:52,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360331.9616728, 'message': 'Dec  6 22:58:50 hqnl0246134 sshd[263199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 22:58:53,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360333.9621992, 'message': 'Dec  6 22:58:53 hqnl0246134 sshd[263199]: Failed password for invalid user duni from 36.110.228.254 port 50308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 22:58:54,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360333.9624712, 'message': 'Dec  6 22:58:53 hqnl0246134 sshd[263199]: Disconnected from invalid user duni 36.110.228.254 port 50308 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 22:58:55,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360335.9634821, 'message': 'Dec  6 22:58:55 hqnl0246134 sshd[263203]: Invalid user pi from 36.110.228.254 port 11078', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 22:58:56,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360335.9637556, 'message': 'Dec  6 22:58:55 hqnl0246134 sshd[263203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-06 22:58:56,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360335.963943, 'message': 'Dec  6 22:58:55 hqnl0246134 sshd[263203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-06 22:58:57,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360337.9635532, 'message': 'Dec  6 22:58:57 hqnl0246134 sshd[263203]: Failed password for invalid user pi from 36.110.228.254 port 11078 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 22:58:58,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360337.9637578, 'message': 'Dec  6 22:58:57 hqnl0246134 sshd[263203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 22:58:59,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360339.9657292, 'message': 'Dec  6 22:58:59 hqnl0246134 sshd[263203]: Failed password for invalid user pi from 36.110.228.254 port 11078 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 22:59:02,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360341.9692736, 'message': 'Dec  6 22:59:00 hqnl0246134 sshd[263203]: Disconnected from invalid user pi 36.110.228.254 port 11078 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 22:59:02,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360341.979479, 'message': 'Dec  6 22:59:01 hqnl0246134 sshd[263208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-06 22:59:02,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360341.979753, 'message': 'Dec  6 22:59:01 hqnl0246134 sshd[263206]: Invalid user baikal from 36.110.228.254 port 30776', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 22:59:02,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360341.9799583, 'message': 'Dec  6 22:59:01 hqnl0246134 sshd[263206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.110.228.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 22:59:02,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360341.980156, 'message': 'Dec  6 22:59:01 hqnl0246134 sshd[263206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-06 22:59:04,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360343.9699106, 'message': 'Dec  6 22:59:02 hqnl0246134 sshd[263208]: Failed password for root from 165.227.166.207 port 54906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 22:59:04,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360343.970217, 'message': 'Dec  6 22:59:03 hqnl0246134 sshd[263206]: Failed password for invalid user baikal from 36.110.228.254 port 30776 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-06 22:59:05,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.110.228.254', 'timestamp': 1670360345.9702322, 'message': 'Dec  6 22:59:04 hqnl0246134 sshd[263206]: Disconnected from invalid user baikal 36.110.228.254 port 30776 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 22:59:10,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:59:10,895] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-06 22:59:12,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360351.9782321, 'message': 'Dec  6 22:59:11 hqnl0246134 sshd[263226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 22:59:12,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360351.9785914, 'message': 'Dec  6 22:59:11 hqnl0246134 sshd[263226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 22:59:14,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360353.982576, 'message': 'Dec  6 22:59:13 hqnl0246134 sshd[263226]: Failed password for root from 61.177.173.18 port 24482 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 22:59:15,844] defence360agent.files: Updating all files
INFO    [2022-12-06 22:59:16,126] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:16,127] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 22:59:16,465] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:16,465] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 22:59:16,786] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:16,786] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 22:59:17,114] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:17,114] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 22:59:17,114] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 22:59:17,432] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 20:59:17 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E4FE525BA02FE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 22:59:17,434] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 22:59:17,435] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 22:59:17,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:59:17,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:59:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:59:17,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 22:59:18,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360357.9852793, 'message': 'Dec  6 22:59:16 hqnl0246134 sshd[263226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 22:59:18,026] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:18,026] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 22:59:18,285] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:18,285] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 22:59:18,605] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:18,605] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 22:59:18,954] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:18,954] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 22:59:19,397] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 22:59:19,399] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 22:59:20,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360359.987778, 'message': 'Dec  6 22:59:18 hqnl0246134 sshd[263226]: Failed password for root from 61.177.173.18 port 24482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 22:59:20,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 22:59:20,646] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 22:59:20,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 22:59:20,664] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 22:59:22,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360361.9899879, 'message': 'Dec  6 22:59:20 hqnl0246134 sshd[263226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 22:59:24,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360363.9925742, 'message': 'Dec  6 22:59:22 hqnl0246134 sshd[263226]: Failed password for root from 61.177.173.18 port 24482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
WARNING [2022-12-06 22:59:49,461] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 22:59:49,462] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:00:00,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360400.0496593, 'message': 'Dec  6 22:59:58 hqnl0246134 sshd[263275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:00:00,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360400.0502243, 'message': 'Dec  6 22:59:58 hqnl0246134 sshd[263275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 23:00:02,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360402.0453675, 'message': 'Dec  6 23:00:00 hqnl0246134 sshd[263275]: Failed password for root from 61.177.173.18 port 48725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-06 23:00:02,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360402.04579, 'message': 'Dec  6 23:00:00 hqnl0246134 sshd[263275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 23:00:04,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360404.0464065, 'message': 'Dec  6 23:00:03 hqnl0246134 sshd[263275]: Failed password for root from 61.177.173.18 port 48725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0609 seconds
INFO    [2022-12-06 23:00:06,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360406.047885, 'message': 'Dec  6 23:00:05 hqnl0246134 sshd[263275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:00:08,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360408.0534108, 'message': 'Dec  6 23:00:07 hqnl0246134 sshd[263275]: Failed password for root from 61.177.173.18 port 48725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 23:00:10,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:00:10,917] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0497 seconds
INFO    [2022-12-06 23:00:12,669] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:00:12,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:00:12,699] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:00:12,712] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0415 seconds
INFO    [2022-12-06 23:00:17,790] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:00:17,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:00:17,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:00:17,814] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-06 23:00:20,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:00:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:00:20,489] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:00:20,501] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 23:00:41,934] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:00:42,007] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:00:42,008] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:00:42,008] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:00:42,009] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:00:42,010] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:00:42,029] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:00:42,059] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0481 seconds
WARNING [2022-12-06 23:00:42,071] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:00:42,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:00:42,091] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0421 seconds
INFO    [2022-12-06 23:00:42,092] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0371 seconds
INFO    [2022-12-06 23:00:44,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360444.0994737, 'message': 'Dec  6 23:00:43 hqnl0246134 sshd[263367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:00:44,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360444.0997307, 'message': 'Dec  6 23:00:43 hqnl0246134 sshd[263367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:00:46,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360446.1015062, 'message': 'Dec  6 23:00:44 hqnl0246134 sshd[263367]: Failed password for root from 61.177.173.18 port 61022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:00:46,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360446.101714, 'message': 'Dec  6 23:00:45 hqnl0246134 sshd[263367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:00:48,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360448.107247, 'message': 'Dec  6 23:00:47 hqnl0246134 sshd[263367]: Failed password for root from 61.177.173.18 port 61022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:00:48,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360448.1074424, 'message': 'Dec  6 23:00:47 hqnl0246134 sshd[263367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 23:00:49,467] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:00:49,468] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:00:50,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360450.1128542, 'message': 'Dec  6 23:00:50 hqnl0246134 sshd[263367]: Failed password for root from 61.177.173.18 port 61022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:00:54,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360454.117451, 'message': 'Dec  6 23:00:54 hqnl0246134 sshd[263373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:00:56,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360456.1177056, 'message': 'Dec  6 23:00:55 hqnl0246134 sshd[263373]: Failed password for root from 165.227.166.207 port 36966 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:01:04,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.28.101.14', 'timestamp': 1670360464.1343746, 'message': 'Dec  6 23:01:04 hqnl0246134 sshd[263385]: Invalid user db2fenc1 from 181.28.101.14 port 52500', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-06 23:01:06,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.28.101.14', 'timestamp': 1670360466.1386392, 'message': 'Dec  6 23:01:04 hqnl0246134 sshd[263385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.28.101.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-06 23:01:06,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.28.101.14', 'timestamp': 1670360466.1389499, 'message': 'Dec  6 23:01:04 hqnl0246134 sshd[263385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.28.101.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-06 23:01:08,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.28.101.14', 'timestamp': 1670360468.145529, 'message': 'Dec  6 23:01:06 hqnl0246134 sshd[263385]: Failed password for invalid user db2fenc1 from 181.28.101.14 port 52500 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:01:08,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.28.101.14', 'timestamp': 1670360468.1457515, 'message': 'Dec  6 23:01:07 hqnl0246134 sshd[263385]: Disconnected from invalid user db2fenc1 181.28.101.14 port 52500 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 23:01:10,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:01:10,906] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 23:01:12,138] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:01:12,138] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:01:12,139] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 23:01:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:01:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:01:17,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:01:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 23:01:20,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:01:20,604] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:01:20,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:01:20,626] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-06 23:01:30,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360490.176384, 'message': 'Dec  6 23:01:29 hqnl0246134 sshd[263408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 23:01:30,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360490.1767654, 'message': 'Dec  6 23:01:29 hqnl0246134 sshd[263408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:01:32,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360492.1798642, 'message': 'Dec  6 23:01:31 hqnl0246134 sshd[263408]: Failed password for root from 61.177.173.18 port 30758 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 23:01:32,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360492.1801093, 'message': 'Dec  6 23:01:31 hqnl0246134 sshd[263408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:01:34,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360494.1832705, 'message': 'Dec  6 23:01:32 hqnl0246134 sshd[263408]: Failed password for root from 61.177.173.18 port 30758 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:01:34,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360494.1835616, 'message': 'Dec  6 23:01:33 hqnl0246134 sshd[263408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 23:01:36,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360496.186787, 'message': 'Dec  6 23:01:35 hqnl0246134 sshd[263408]: Failed password for root from 61.177.173.18 port 30758 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 23:01:38,622] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:01:38,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:01:38,636] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:01:38,655] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
WARNING [2022-12-06 23:01:49,470] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:01:49,471] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:01:54,046] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 23:02:10,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:02:10,907] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-06 23:02:16,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360536.2437794, 'message': 'Dec  6 23:02:14 hqnl0246134 sshd[263460]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:02:16,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360536.2440574, 'message': 'Dec  6 23:02:14 hqnl0246134 sshd[263460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:02:18,195] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:02:18,196] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:02:18,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:02:18,217] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 23:02:18,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360538.2454195, 'message': 'Dec  6 23:02:16 hqnl0246134 sshd[263460]: Failed password for root from 61.177.173.18 port 49279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:02:18,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360538.2456696, 'message': 'Dec  6 23:02:16 hqnl0246134 sshd[263460]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:02:20,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360540.2500613, 'message': 'Dec  6 23:02:18 hqnl0246134 sshd[263460]: Failed password for root from 61.177.173.18 port 49279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:02:22,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360542.252246, 'message': 'Dec  6 23:02:21 hqnl0246134 sshd[263460]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 23:02:22,827] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:02:22,828] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:02:22,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:02:22,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 23:02:24,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360544.257598, 'message': 'Dec  6 23:02:23 hqnl0246134 sshd[263460]: Failed password for root from 61.177.173.18 port 49279 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 23:02:42,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360562.2855756, 'message': 'Dec  6 23:02:41 hqnl0246134 sshd[263505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 23:02:46,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360566.2881336, 'message': 'Dec  6 23:02:44 hqnl0246134 sshd[263505]: Failed password for root from 165.227.166.207 port 47304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 23:02:48,435] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:02:48,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:02:48,443] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:02:48,454] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-06 23:02:49,473] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:02:49,474] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:03:02,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360582.3088665, 'message': 'Dec  6 23:03:01 hqnl0246134 sshd[263519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 23:03:02,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360582.3092558, 'message': 'Dec  6 23:03:01 hqnl0246134 sshd[263519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 23:03:04,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360584.3099544, 'message': 'Dec  6 23:03:03 hqnl0246134 sshd[263519]: Failed password for root from 61.177.173.18 port 18241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:03:04,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360584.3102329, 'message': 'Dec  6 23:03:03 hqnl0246134 sshd[263519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 23:03:06,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360586.3120644, 'message': 'Dec  6 23:03:05 hqnl0246134 sshd[263519]: Failed password for root from 61.177.173.18 port 18241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-06 23:03:06,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360586.3123088, 'message': 'Dec  6 23:03:06 hqnl0246134 sshd[263519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 23:03:10,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360590.3172889, 'message': 'Dec  6 23:03:08 hqnl0246134 sshd[263519]: Failed password for root from 61.177.173.18 port 18241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0378 seconds
WARNING [2022-12-06 23:03:10,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:03:10,905] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0277 seconds
INFO    [2022-12-06 23:03:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:03:17,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:03:17,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:03:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 23:03:21,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:03:21,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:03:21,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:03:21,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 23:03:48,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360628.3605757, 'message': 'Dec  6 23:03:47 hqnl0246134 sshd[263564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 23:03:48,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360628.3613381, 'message': 'Dec  6 23:03:47 hqnl0246134 sshd[263564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 23:03:49,477] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:03:49,478] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:03:50,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360630.3609543, 'message': 'Dec  6 23:03:50 hqnl0246134 sshd[263564]: Failed password for root from 61.177.173.18 port 33526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 23:03:52,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360632.364071, 'message': 'Dec  6 23:03:52 hqnl0246134 sshd[263564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 23:03:54,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360634.3660185, 'message': 'Dec  6 23:03:54 hqnl0246134 sshd[263564]: Failed password for root from 61.177.173.18 port 33526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 23:03:56,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360636.368834, 'message': 'Dec  6 23:03:56 hqnl0246134 sshd[263564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 23:03:58,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360638.3722243, 'message': 'Dec  6 23:03:58 hqnl0246134 sshd[263564]: Failed password for root from 61.177.173.18 port 33526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-06 23:04:10,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:04:10,935] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0524 seconds
INFO    [2022-12-06 23:04:18,142] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:04:18,142] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:04:18,152] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:04:18,165] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 23:04:21,149] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:04:21,150] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:04:21,163] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:04:21,185] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
INFO    [2022-12-06 23:04:34,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360674.4390357, 'message': 'Dec  6 23:04:33 hqnl0246134 sshd[263600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 23:04:36,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360676.4405293, 'message': 'Dec  6 23:04:34 hqnl0246134 sshd[263602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 23:04:36,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360676.440903, 'message': 'Dec  6 23:04:35 hqnl0246134 sshd[263600]: Failed password for root from 165.227.166.207 port 57566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 23:04:36,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360676.4407492, 'message': 'Dec  6 23:04:34 hqnl0246134 sshd[263602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:04:38,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360678.441931, 'message': 'Dec  6 23:04:37 hqnl0246134 sshd[263602]: Failed password for root from 61.177.173.18 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 23:04:40,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360680.4445882, 'message': 'Dec  6 23:04:39 hqnl0246134 sshd[263602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 23:04:41,394] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:04:41,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:04:41,401] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:04:41,412] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-06 23:04:42,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360682.4464548, 'message': 'Dec  6 23:04:40 hqnl0246134 sshd[263602]: Failed password for root from 61.177.173.18 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:04:42,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360682.4466813, 'message': 'Dec  6 23:04:41 hqnl0246134 sshd[263602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:04:44,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360684.448682, 'message': 'Dec  6 23:04:44 hqnl0246134 sshd[263602]: Failed password for root from 61.177.173.18 port 60083 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-06 23:04:49,481] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:04:49,482] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:05:10,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:05:10,917] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0281 seconds
INFO    [2022-12-06 23:05:18,168] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:05:18,169] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:05:18,178] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:05:18,190] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 23:05:21,413] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:05:21,413] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:05:21,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:05:21,437] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-06 23:05:24,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360724.5091848, 'message': 'Dec  6 23:05:23 hqnl0246134 sshd[263672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 23:05:24,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360724.509498, 'message': 'Dec  6 23:05:23 hqnl0246134 sshd[263672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 23:05:26,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360726.5116353, 'message': 'Dec  6 23:05:25 hqnl0246134 sshd[263672]: Failed password for root from 61.177.173.18 port 42647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:05:28,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360728.5143454, 'message': 'Dec  6 23:05:27 hqnl0246134 sshd[263672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 23:05:30,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360730.5209947, 'message': 'Dec  6 23:05:29 hqnl0246134 sshd[263672]: Failed password for root from 61.177.173.18 port 42647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:05:30,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360730.5212448, 'message': 'Dec  6 23:05:29 hqnl0246134 sshd[263672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 23:05:32,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360732.5245159, 'message': 'Dec  6 23:05:32 hqnl0246134 sshd[263672]: Failed password for root from 61.177.173.18 port 42647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:05:42,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360742.53957, 'message': 'Dec  6 23:05:41 hqnl0246134 sshd[263676]: Invalid user nicolas from 103.67.165.114 port 45200', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 23:05:42,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360742.5400832, 'message': 'Dec  6 23:05:41 hqnl0246134 sshd[263676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.67.165.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:05:42,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360742.5403996, 'message': 'Dec  6 23:05:41 hqnl0246134 sshd[263676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.165.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:05:44,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360744.5413048, 'message': 'Dec  6 23:05:43 hqnl0246134 sshd[263676]: Failed password for invalid user nicolas from 103.67.165.114 port 45200 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:05:46,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360746.5423405, 'message': 'Dec  6 23:05:45 hqnl0246134 sshd[263676]: Disconnected from invalid user nicolas 103.67.165.114 port 45200 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:05:48,636] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:05:48,637] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:05:48,651] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:05:48,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
WARNING [2022-12-06 23:05:49,485] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:05:49,485] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:05:51,802] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:05:51,875] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:05:51,876] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:05:51,876] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:05:51,876] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:05:51,877] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:05:51,889] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:05:51,904] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0273 seconds
WARNING [2022-12-06 23:05:51,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:05:51,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:05:51,935] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0362 seconds
INFO    [2022-12-06 23:05:51,937] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0346 seconds
INFO    [2022-12-06 23:06:08,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360768.5721157, 'message': 'Dec  6 23:06:06 hqnl0246134 sshd[263704]: Invalid user joshua from 49.51.19.172 port 41472', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 23:06:08,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360768.5733168, 'message': 'Dec  6 23:06:07 hqnl0246134 sshd[263702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 23:06:08,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360768.572419, 'message': 'Dec  6 23:06:07 hqnl0246134 sshd[263704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.19.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 23:06:08,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360768.5734546, 'message': 'Dec  6 23:06:07 hqnl0246134 sshd[263702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 23:06:08,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360768.572601, 'message': 'Dec  6 23:06:07 hqnl0246134 sshd[263704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.19.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:06:10,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360770.5746403, 'message': 'Dec  6 23:06:08 hqnl0246134 sshd[263702]: Failed password for root from 61.177.173.18 port 49996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-06 23:06:10,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360770.575008, 'message': 'Dec  6 23:06:09 hqnl0246134 sshd[263704]: Failed password for invalid user joshua from 49.51.19.172 port 41472 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-06 23:06:10,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360770.5751522, 'message': 'Dec  6 23:06:09 hqnl0246134 sshd[263702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-06 23:06:10,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360770.5753026, 'message': 'Dec  6 23:06:09 hqnl0246134 sshd[263704]: Disconnected from invalid user joshua 49.51.19.172 port 41472 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0413 seconds
WARNING [2022-12-06 23:06:10,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:06:10,994] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.1006 seconds
INFO    [2022-12-06 23:06:12,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360772.577601, 'message': 'Dec  6 23:06:11 hqnl0246134 sshd[263714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.180.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 23:06:12,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360772.578027, 'message': 'Dec  6 23:06:11 hqnl0246134 sshd[263702]: Failed password for root from 61.177.173.18 port 49996 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-06 23:06:12,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360772.577851, 'message': 'Dec  6 23:06:11 hqnl0246134 sshd[263714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 23:06:12,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360772.579016, 'message': 'Dec  6 23:06:12 hqnl0246134 sshd[263702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 23:06:14,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360774.5856786, 'message': 'Dec  6 23:06:12 hqnl0246134 sshd[263714]: Failed password for root from 138.197.180.102 port 41488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-06 23:06:14,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360774.586574, 'message': 'Dec  6 23:06:13 hqnl0246134 sshd[263702]: Failed password for root from 61.177.173.18 port 49996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 23:06:17,873] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:06:17,874] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:06:17,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:06:17,892] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 23:06:20,920] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:06:20,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:06:20,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:06:20,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 23:06:22,004] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:06:22,005] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:06:22,006] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-06 23:06:24,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360784.5937095, 'message': 'Dec  6 23:06:23 hqnl0246134 sshd[263752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 23:06:26,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360786.598381, 'message': 'Dec  6 23:06:24 hqnl0246134 sshd[263752]: Failed password for root from 165.227.166.207 port 39632 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-06 23:06:49,491] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:06:49,493] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:06:52,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360812.6490352, 'message': 'Dec  6 23:06:52 hqnl0246134 sshd[263764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:06:52,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360812.6496284, 'message': 'Dec  6 23:06:52 hqnl0246134 sshd[263764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:06:54,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360814.6527152, 'message': 'Dec  6 23:06:54 hqnl0246134 sshd[263764]: Failed password for root from 61.177.173.18 port 14676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 23:06:56,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360816.6560314, 'message': 'Dec  6 23:06:54 hqnl0246134 sshd[263764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:06:58,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360818.657712, 'message': 'Dec  6 23:06:56 hqnl0246134 sshd[263764]: Failed password for root from 61.177.173.18 port 14676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:06:58,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360818.657976, 'message': 'Dec  6 23:06:57 hqnl0246134 sshd[263764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:06:58,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360818.658102, 'message': 'Dec  6 23:06:58 hqnl0246134 sshd[263764]: Failed password for root from 61.177.173.18 port 14676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 23:07:10,906] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:07:10,930] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-06 23:07:18,050] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:07:18,050] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:07:18,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:07:18,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 23:07:21,096] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:07:21,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:07:21,109] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:07:21,126] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0286 seconds
INFO    [2022-12-06 23:07:38,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360858.7261617, 'message': 'Dec  6 23:07:37 hqnl0246134 sshd[263806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:07:38,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360858.726417, 'message': 'Dec  6 23:07:37 hqnl0246134 sshd[263806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:07:40,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360860.7270944, 'message': 'Dec  6 23:07:39 hqnl0246134 sshd[263806]: Failed password for root from 61.177.173.18 port 33437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-06 23:07:40,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360860.7275429, 'message': 'Dec  6 23:07:39 hqnl0246134 sshd[263806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 23:07:42,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360862.730998, 'message': 'Dec  6 23:07:41 hqnl0246134 sshd[263806]: Failed password for root from 61.177.173.18 port 33437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:07:42,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360862.731227, 'message': 'Dec  6 23:07:41 hqnl0246134 sshd[263806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 23:07:44,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360864.7342455, 'message': 'Dec  6 23:07:44 hqnl0246134 sshd[263806]: Failed password for root from 61.177.173.18 port 33437 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:07:49,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:07:49,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:07:49,483] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:07:49,494] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:07:49,494] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:07:49,505] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0358 seconds
INFO    [2022-12-06 23:08:08,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360888.7663035, 'message': 'Dec  6 23:08:08 hqnl0246134 sshd[263838]: Invalid user snow from 103.67.165.114 port 52530', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 23:08:08,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360888.7669244, 'message': 'Dec  6 23:08:08 hqnl0246134 sshd[263838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.67.165.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 23:08:08,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360888.7671037, 'message': 'Dec  6 23:08:08 hqnl0246134 sshd[263838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.165.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-06 23:08:11,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:08:11,769] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.8683 seconds
INFO    [2022-12-06 23:08:12,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360892.7666063, 'message': 'Dec  6 23:08:10 hqnl0246134 sshd[263838]: Failed password for invalid user snow from 103.67.165.114 port 52530 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0614 seconds
INFO    [2022-12-06 23:08:12,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670360892.7669213, 'message': 'Dec  6 23:08:11 hqnl0246134 sshd[263838]: Disconnected from invalid user snow 103.67.165.114 port 52530 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-06 23:08:18,117] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:08:18,118] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:08:18,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:08:18,138] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 23:08:21,223] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:08:21,223] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:08:21,231] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:08:21,244] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 23:08:22,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360902.7825894, 'message': 'Dec  6 23:08:21 hqnl0246134 sshd[263861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 23:08:24,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360904.7841537, 'message': 'Dec  6 23:08:22 hqnl0246134 sshd[263863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:08:24,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670360904.7851217, 'message': 'Dec  6 23:08:23 hqnl0246134 sshd[263861]: Failed password for root from 165.227.166.207 port 49904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-06 23:08:24,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360904.7850132, 'message': 'Dec  6 23:08:22 hqnl0246134 sshd[263863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:08:26,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360906.7888238, 'message': 'Dec  6 23:08:25 hqnl0246134 sshd[263863]: Failed password for root from 61.177.173.18 port 56850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:08:28,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360908.7923067, 'message': 'Dec  6 23:08:27 hqnl0246134 sshd[263863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:08:30,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360910.7966037, 'message': 'Dec  6 23:08:29 hqnl0246134 sshd[263863]: Failed password for root from 61.177.173.18 port 56850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:08:32,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360912.8009052, 'message': 'Dec  6 23:08:31 hqnl0246134 sshd[263863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:08:34,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360914.8050733, 'message': 'Dec  6 23:08:33 hqnl0246134 sshd[263863]: Failed password for root from 61.177.173.18 port 56850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:08:40,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360920.8132215, 'message': 'Dec  6 23:08:39 hqnl0246134 sshd[263868]: Invalid user user2 from 138.197.180.102 port 59418', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-06 23:08:40,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360920.8135579, 'message': 'Dec  6 23:08:39 hqnl0246134 sshd[263868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.180.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 23:08:40,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360920.8137164, 'message': 'Dec  6 23:08:39 hqnl0246134 sshd[263868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:08:42,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360922.815011, 'message': 'Dec  6 23:08:41 hqnl0246134 sshd[263868]: Failed password for invalid user user2 from 138.197.180.102 port 59418 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 23:08:42,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670360922.815317, 'message': 'Dec  6 23:08:42 hqnl0246134 sshd[263868]: Disconnected from invalid user user2 138.197.180.102 port 59418 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-06 23:08:49,502] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:08:49,503] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:09:10,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360950.8659132, 'message': 'Dec  6 23:09:09 hqnl0246134 sshd[264024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-06 23:09:10,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:09:10,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360950.8666782, 'message': 'Dec  6 23:09:09 hqnl0246134 sshd[264024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-06 23:09:10,947] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-06 23:09:12,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360952.872201, 'message': 'Dec  6 23:09:11 hqnl0246134 sshd[264024]: Failed password for root from 61.177.173.18 port 23074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:09:14,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360954.8735192, 'message': 'Dec  6 23:09:13 hqnl0246134 sshd[264024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 23:09:16,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360956.877116, 'message': 'Dec  6 23:09:15 hqnl0246134 sshd[264024]: Failed password for root from 61.177.173.18 port 23074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:09:16,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360956.8773646, 'message': 'Dec  6 23:09:15 hqnl0246134 sshd[264024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 23:09:18,261] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:09:18,262] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:09:18,278] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:09:18,298] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-06 23:09:18,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360958.883622, 'message': 'Dec  6 23:09:17 hqnl0246134 sshd[264024]: Failed password for root from 61.177.173.18 port 23074 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 23:09:18,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360958.8838053, 'message': 'Dec  6 23:09:18 hqnl0246134 sshd[264040]: Invalid user atul from 49.51.19.172 port 41210', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:09:18,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360958.8839262, 'message': 'Dec  6 23:09:18 hqnl0246134 sshd[264040]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.19.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:09:18,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360958.8840332, 'message': 'Dec  6 23:09:18 hqnl0246134 sshd[264040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.19.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:09:20,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360960.885729, 'message': 'Dec  6 23:09:20 hqnl0246134 sshd[264040]: Failed password for invalid user atul from 49.51.19.172 port 41210 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-06 23:09:21,235] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:09:21,235] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:09:21,242] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:09:21,254] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 23:09:21,526] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:09:21,527] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:09:21,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:09:21,547] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 23:09:22,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670360962.8887868, 'message': 'Dec  6 23:09:21 hqnl0246134 sshd[264040]: Disconnected from invalid user atul 49.51.19.172 port 41210 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 23:09:49,509] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:09:49,511] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:09:56,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360996.951223, 'message': 'Dec  6 23:09:56 hqnl0246134 sshd[264065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 23:09:56,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360996.9516592, 'message': 'Dec  6 23:09:56 hqnl0246134 sshd[264065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:09:58,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360998.9556398, 'message': 'Dec  6 23:09:58 hqnl0246134 sshd[264065]: Failed password for root from 61.177.173.18 port 44903 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 23:09:59,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670360998.9568324, 'message': 'Dec  6 23:09:58 hqnl0246134 sshd[264065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:10:00,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361000.960962, 'message': 'Dec  6 23:10:00 hqnl0246134 sshd[264065]: Failed password for root from 61.177.173.18 port 44903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 23:10:01,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361000.9612854, 'message': 'Dec  6 23:10:00 hqnl0246134 sshd[264065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 23:10:05,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361004.96937, 'message': 'Dec  6 23:10:03 hqnl0246134 sshd[264065]: Failed password for root from 61.177.173.18 port 44903 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
WARNING [2022-12-06 23:10:10,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:10:10,946] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0401 seconds
INFO    [2022-12-06 23:10:17,948] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:10:17,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:10:17,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:10:17,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 23:10:20,617] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:10:20,618] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:10:20,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:10:20,636] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 23:10:21,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361020.9964418, 'message': 'Dec  6 23:10:19 hqnl0246134 sshd[264133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 23:10:23,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361022.9980907, 'message': 'Dec  6 23:10:21 hqnl0246134 sshd[264133]: Failed password for root from 165.227.166.207 port 60200 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:10:24,498] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:10:24,499] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:10:24,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:10:24,520] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:10:39,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670361039.0232203, 'message': 'Dec  6 23:10:37 hqnl0246134 sshd[264150]: Invalid user student6 from 103.67.165.114 port 59832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 23:10:39,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.67.165.114', 'timestamp': 1670361039.023583, 'message': 'Dec  6 23:10:37 hqnl0246134 sshd[264150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.67.165.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 23:10:39,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.67.165.114', 'timestamp': 1670361039.0237756, 'message': 'Dec  6 23:10:37 hqnl0246134 sshd[264150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.165.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-06 23:10:41,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670361041.0268805, 'message': 'Dec  6 23:10:39 hqnl0246134 sshd[264150]: Failed password for invalid user student6 from 103.67.165.114 port 59832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-06 23:10:41,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.67.165.114', 'timestamp': 1670361041.0274463, 'message': 'Dec  6 23:10:40 hqnl0246134 sshd[264150]: Disconnected from invalid user student6 103.67.165.114 port 59832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-06 23:10:45,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361045.042687, 'message': 'Dec  6 23:10:43 hqnl0246134 sshd[264162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 23:10:45,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361045.0430117, 'message': 'Dec  6 23:10:43 hqnl0246134 sshd[264162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 23:10:45,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361045.0432103, 'message': 'Dec  6 23:10:44 hqnl0246134 sshd[264162]: Failed password for root from 61.177.173.18 port 63748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:10:47,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361047.043299, 'message': 'Dec  6 23:10:45 hqnl0246134 sshd[264162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:10:49,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361049.0458965, 'message': 'Dec  6 23:10:47 hqnl0246134 sshd[264162]: Failed password for root from 61.177.173.18 port 63748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0484 seconds
WARNING [2022-12-06 23:10:49,514] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:10:49,515] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:10:51,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361051.052014, 'message': 'Dec  6 23:10:49 hqnl0246134 sshd[264162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0749 seconds
INFO    [2022-12-06 23:10:53,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361053.0503368, 'message': 'Dec  6 23:10:52 hqnl0246134 sshd[264162]: Failed password for root from 61.177.173.18 port 63748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0260 seconds
WARNING [2022-12-06 23:11:10,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:11:10,967] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0571 seconds
INFO    [2022-12-06 23:11:18,095] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:11:18,096] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:11:18,106] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:11:18,118] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 23:11:19,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670361079.0907269, 'message': 'Dec  6 23:11:17 hqnl0246134 sshd[264213]: Invalid user vijay from 138.197.180.102 port 49302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 23:11:19,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.180.102', 'timestamp': 1670361079.0910838, 'message': 'Dec  6 23:11:17 hqnl0246134 sshd[264213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.180.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:11:19,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.180.102', 'timestamp': 1670361079.091319, 'message': 'Dec  6 23:11:17 hqnl0246134 sshd[264213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-06 23:11:20,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:11:20,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:11:20,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:11:20,973] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 23:11:21,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670361081.092053, 'message': 'Dec  6 23:11:19 hqnl0246134 sshd[264213]: Failed password for invalid user vijay from 138.197.180.102 port 49302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:11:21,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.180.102', 'timestamp': 1670361081.092277, 'message': 'Dec  6 23:11:20 hqnl0246134 sshd[264213]: Disconnected from invalid user vijay 138.197.180.102 port 49302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:11:31,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361091.1106045, 'message': 'Dec  6 23:11:30 hqnl0246134 sshd[264224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:11:31,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361091.1109767, 'message': 'Dec  6 23:11:30 hqnl0246134 sshd[264224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:11:33,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361093.113155, 'message': 'Dec  6 23:11:32 hqnl0246134 sshd[264224]: Failed password for root from 61.177.173.18 port 29694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 23:11:35,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361095.1174643, 'message': 'Dec  6 23:11:33 hqnl0246134 sshd[264224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 23:11:37,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361097.1194289, 'message': 'Dec  6 23:11:35 hqnl0246134 sshd[264224]: Failed password for root from 61.177.173.18 port 29694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 23:11:39,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361099.1225019, 'message': 'Dec  6 23:11:37 hqnl0246134 sshd[264224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 23:11:41,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361101.1333325, 'message': 'Dec  6 23:11:39 hqnl0246134 sshd[264224]: Failed password for root from 61.177.173.18 port 29694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0929 seconds
INFO    [2022-12-06 23:11:44,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:11:44,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:11:44,430] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:11:44,442] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-06 23:11:49,520] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:11:49,521] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:11:54,049] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 23:12:03,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361123.1646078, 'message': 'Dec  6 23:12:02 hqnl0246134 sshd[264261]: Invalid user localhost from 49.51.19.172 port 59444', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-06 23:12:03,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361123.165224, 'message': 'Dec  6 23:12:02 hqnl0246134 sshd[264261]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.19.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:12:03,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361123.165487, 'message': 'Dec  6 23:12:02 hqnl0246134 sshd[264261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.19.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:12:05,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361125.166025, 'message': 'Dec  6 23:12:03 hqnl0246134 sshd[264261]: Failed password for invalid user localhost from 49.51.19.172 port 59444 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 23:12:05,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361125.1664653, 'message': 'Dec  6 23:12:03 hqnl0246134 sshd[264261]: Disconnected from invalid user localhost 49.51.19.172 port 59444 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
WARNING [2022-12-06 23:12:10,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:12:10,942] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-06 23:12:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:12:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:12:17,825] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:12:17,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 23:12:19,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361139.19451, 'message': 'Dec  6 23:12:17 hqnl0246134 sshd[264299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1366 seconds
INFO    [2022-12-06 23:12:19,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361139.1948526, 'message': 'Dec  6 23:12:17 hqnl0246134 sshd[264299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:12:20,367] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:12:20,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:12:20,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:12:20,387] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 23:12:21,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361141.1974564, 'message': 'Dec  6 23:12:19 hqnl0246134 sshd[264299]: Failed password for root from 61.177.173.18 port 54071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:12:21,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361141.1977675, 'message': 'Dec  6 23:12:20 hqnl0246134 sshd[264299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:12:23,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361143.199432, 'message': 'Dec  6 23:12:21 hqnl0246134 sshd[264299]: Failed password for root from 61.177.173.18 port 54071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 23:12:23,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361143.2011814, 'message': 'Dec  6 23:12:22 hqnl0246134 sshd[264310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 23:12:23,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361143.1997418, 'message': 'Dec  6 23:12:22 hqnl0246134 sshd[264299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:12:25,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361145.2010489, 'message': 'Dec  6 23:12:24 hqnl0246134 sshd[264299]: Failed password for root from 61.177.173.18 port 54071 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 23:12:25,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361145.201629, 'message': 'Dec  6 23:12:24 hqnl0246134 sshd[264310]: Failed password for root from 165.227.166.207 port 42252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:12:42,751] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:12:42,816] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:12:42,817] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:12:42,817] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:12:42,817] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:12:42,818] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:12:42,829] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:12:42,846] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0274 seconds
WARNING [2022-12-06 23:12:42,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:12:42,855] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:12:42,872] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-06 23:12:42,875] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
WARNING [2022-12-06 23:12:49,527] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:12:49,528] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:13:02,092] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-06 23:13:02,099] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:13:02,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0254 seconds
INFO    [2022-12-06 23:13:05,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361185.2448797, 'message': 'Dec  6 23:13:04 hqnl0246134 sshd[264345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:13:05,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361185.2451327, 'message': 'Dec  6 23:13:04 hqnl0246134 sshd[264345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 23:13:07,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361187.2469916, 'message': 'Dec  6 23:13:06 hqnl0246134 sshd[264345]: Failed password for root from 61.177.173.18 port 18701 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:13:09,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361189.2501159, 'message': 'Dec  6 23:13:08 hqnl0246134 sshd[264345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-06 23:13:10,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:13:10,952] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-06 23:13:11,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361191.2539468, 'message': 'Dec  6 23:13:10 hqnl0246134 sshd[264345]: Failed password for root from 61.177.173.18 port 18701 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:13:11,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361191.254124, 'message': 'Dec  6 23:13:10 hqnl0246134 sshd[264345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 23:13:13,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361193.2610178, 'message': 'Dec  6 23:13:12 hqnl0246134 sshd[264345]: Failed password for root from 61.177.173.18 port 18701 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 23:13:15,248] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:13:15,248] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:13:15,249] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 23:13:15,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:13:15,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:13:15,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:13:15,884] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-06 23:13:17,864] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:13:17,864] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:13:17,873] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:13:17,884] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-06 23:13:20,352] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:13:20,353] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:13:20,360] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:13:20,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-06 23:13:49,530] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:13:49,532] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:13:51,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361231.308034, 'message': 'Dec  6 23:13:50 hqnl0246134 sshd[264406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-06 23:13:51,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361231.3089714, 'message': 'Dec  6 23:13:50 hqnl0246134 sshd[264406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 23:13:53,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361233.30831, 'message': 'Dec  6 23:13:52 hqnl0246134 sshd[264406]: Failed password for root from 61.177.173.18 port 37698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-06 23:13:55,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361235.30999, 'message': 'Dec  6 23:13:54 hqnl0246134 sshd[264406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 23:13:57,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361237.3123965, 'message': 'Dec  6 23:13:56 hqnl0246134 sshd[264406]: Failed password for root from 61.177.173.18 port 37698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:13:59,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361239.315212, 'message': 'Dec  6 23:13:58 hqnl0246134 sshd[264406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:14:01,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361241.317638, 'message': 'Dec  6 23:14:00 hqnl0246134 sshd[264406]: Failed password for root from 61.177.173.18 port 37698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:14:05,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361245.3221078, 'message': 'Dec  6 23:14:04 hqnl0246134 sshd[264415]: Invalid user consul from 68.183.20.198 port 60750', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-06 23:14:05,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361245.3250933, 'message': 'Dec  6 23:14:05 hqnl0246134 sshd[264415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.20.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 23:14:05,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361245.325292, 'message': 'Dec  6 23:14:05 hqnl0246134 sshd[264415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.20.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 23:14:07,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361247.3225014, 'message': 'Dec  6 23:14:06 hqnl0246134 sshd[264415]: Failed password for invalid user consul from 68.183.20.198 port 60750 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 23:14:07,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361247.3227608, 'message': 'Dec  6 23:14:07 hqnl0246134 sshd[264415]: Disconnected from invalid user consul 68.183.20.198 port 60750 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-06 23:14:10,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:14:10,957] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-06 23:14:17,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:14:17,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:14:17,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:14:17,911] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 23:14:20,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:14:20,694] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:14:20,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:14:20,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 23:14:25,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361265.3448925, 'message': 'Dec  6 23:14:24 hqnl0246134 sshd[264438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:14:27,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361267.3476412, 'message': 'Dec  6 23:14:27 hqnl0246134 sshd[264438]: Failed password for root from 165.227.166.207 port 52564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:14:31,375] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:14:31,376] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:14:31,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:14:31,397] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 23:14:37,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361277.3692663, 'message': 'Dec  6 23:14:35 hqnl0246134 sshd[264448]: Invalid user administrador from 49.51.19.172 port 44714', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 23:14:37,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361277.3702888, 'message': 'Dec  6 23:14:35 hqnl0246134 sshd[264445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 23:14:37,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361277.36997, 'message': 'Dec  6 23:14:35 hqnl0246134 sshd[264448]: pam_imunify(sshd:auth): [IM360_RBL] The IP 49.51.19.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 23:14:37,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361277.3704934, 'message': 'Dec  6 23:14:35 hqnl0246134 sshd[264445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-06 23:14:37,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361277.3701577, 'message': 'Dec  6 23:14:35 hqnl0246134 sshd[264448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.51.19.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:14:37,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361277.370633, 'message': 'Dec  6 23:14:37 hqnl0246134 sshd[264448]: Failed password for invalid user administrador from 49.51.19.172 port 44714 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:14:39,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361279.3695703, 'message': 'Dec  6 23:14:37 hqnl0246134 sshd[264445]: Failed password for root from 61.177.173.18 port 55095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-06 23:14:39,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '49.51.19.172', 'timestamp': 1670361279.3698356, 'message': 'Dec  6 23:14:37 hqnl0246134 sshd[264448]: Disconnected from invalid user administrador 49.51.19.172 port 44714 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-06 23:14:39,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361279.3699608, 'message': 'Dec  6 23:14:37 hqnl0246134 sshd[264445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:14:41,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361281.3734057, 'message': 'Dec  6 23:14:40 hqnl0246134 sshd[264445]: Failed password for root from 61.177.173.18 port 55095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-06 23:14:43,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361283.3741114, 'message': 'Dec  6 23:14:42 hqnl0246134 sshd[264445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-06 23:14:45,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361285.3777723, 'message': 'Dec  6 23:14:44 hqnl0246134 sshd[264445]: Failed password for root from 61.177.173.18 port 55095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
WARNING [2022-12-06 23:14:49,543] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:14:49,544] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:15:10,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:15:10,974] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0457 seconds
INFO    [2022-12-06 23:15:18,065] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:15:18,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:15:18,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:15:18,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-06 23:15:20,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:15:20,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:15:20,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:15:20,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-06 23:15:23,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361323.4568644, 'message': 'Dec  6 23:15:22 hqnl0246134 sshd[264517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 23:15:23,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361323.4572155, 'message': 'Dec  6 23:15:22 hqnl0246134 sshd[264517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:15:25,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361325.4578898, 'message': 'Dec  6 23:15:24 hqnl0246134 sshd[264517]: Failed password for root from 61.177.173.18 port 26739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:15:25,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361325.458123, 'message': 'Dec  6 23:15:24 hqnl0246134 sshd[264517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:15:27,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361327.4607484, 'message': 'Dec  6 23:15:26 hqnl0246134 sshd[264517]: Failed password for root from 61.177.173.18 port 26739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:15:27,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361327.4610312, 'message': 'Dec  6 23:15:27 hqnl0246134 sshd[264517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:15:29,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361329.4657218, 'message': 'Dec  6 23:15:29 hqnl0246134 sshd[264517]: Failed password for root from 61.177.173.18 port 26739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 23:15:49,548] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:15:49,550] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:16:09,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361369.522436, 'message': 'Dec  6 23:16:09 hqnl0246134 sshd[264543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 23:16:09,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361369.5233293, 'message': 'Dec  6 23:16:09 hqnl0246134 sshd[264543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-06 23:16:10,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:16:10,962] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0288 seconds
INFO    [2022-12-06 23:16:11,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361371.523927, 'message': 'Dec  6 23:16:11 hqnl0246134 sshd[264543]: Failed password for root from 61.177.173.18 port 42500 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:16:15,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361375.5290477, 'message': 'Dec  6 23:16:13 hqnl0246134 sshd[264543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-06 23:16:17,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361377.5299256, 'message': 'Dec  6 23:16:16 hqnl0246134 sshd[264543]: Failed password for root from 61.177.173.18 port 42500 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:16:18,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:16:18,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:16:18,128] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:16:18,141] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 23:16:19,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361379.5327013, 'message': 'Dec  6 23:16:18 hqnl0246134 sshd[264543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:16:20,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:16:20,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:16:20,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:16:20,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 23:16:21,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361381.5339344, 'message': 'Dec  6 23:16:20 hqnl0246134 sshd[264543]: Failed password for root from 61.177.173.18 port 42500 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:16:24,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:16:24,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:16:24,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:16:24,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 23:16:27,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361387.5467033, 'message': 'Dec  6 23:16:26 hqnl0246134 sshd[264570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:16:29,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361389.5494285, 'message': 'Dec  6 23:16:28 hqnl0246134 sshd[264570]: Failed password for root from 165.227.166.207 port 34604 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-06 23:16:49,554] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:16:49,555] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:16:57,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361417.5768096, 'message': 'Dec  6 23:16:57 hqnl0246134 sshd[264586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 23:16:57,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361417.577419, 'message': 'Dec  6 23:16:57 hqnl0246134 sshd[264586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:16:59,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361419.5774465, 'message': 'Dec  6 23:16:59 hqnl0246134 sshd[264586]: Failed password for root from 61.177.173.18 port 18430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:17:01,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361421.5807586, 'message': 'Dec  6 23:16:59 hqnl0246134 sshd[264586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 23:17:03,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361423.585256, 'message': 'Dec  6 23:17:02 hqnl0246134 sshd[264586]: Failed password for root from 61.177.173.18 port 18430 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:17:05,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361425.5851116, 'message': 'Dec  6 23:17:04 hqnl0246134 sshd[264586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 23:17:07,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361427.5860627, 'message': 'Dec  6 23:17:06 hqnl0246134 sshd[264586]: Failed password for root from 61.177.173.18 port 18430 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:17:09,455] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:17:09,522] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:17:09,523] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:17:09,523] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:17:09,523] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:17:09,524] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:17:09,533] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:17:09,549] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0254 seconds
WARNING [2022-12-06 23:17:09,556] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:17:09,559] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:17:09,577] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0332 seconds
INFO    [2022-12-06 23:17:09,578] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
WARNING [2022-12-06 23:17:10,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:17:10,979] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0405 seconds
INFO    [2022-12-06 23:17:18,217] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:17:18,218] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:17:18,229] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:17:18,250] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
INFO    [2022-12-06 23:17:21,056] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:17:21,056] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:17:21,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:17:21,077] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-06 23:17:21,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.123', 'timestamp': 1670361441.60151, 'message': 'Dec  6 23:17:20 hqnl0246134 sshd[264645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 23:17:21,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.123', 'timestamp': 1670361441.6017342, 'message': 'Dec  6 23:17:20 hqnl0246134 sshd[264645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.123  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:17:23,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.123', 'timestamp': 1670361443.602278, 'message': 'Dec  6 23:17:21 hqnl0246134 sshd[264645]: Failed password for root from 152.89.196.123 port 23506 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:17:43,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361463.6272051, 'message': 'Dec  6 23:17:43 hqnl0246134 sshd[264653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-06 23:17:43,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361463.627937, 'message': 'Dec  6 23:17:43 hqnl0246134 sshd[264653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:17:45,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361465.6301773, 'message': 'Dec  6 23:17:44 hqnl0246134 sshd[264653]: Failed password for root from 61.177.173.18 port 25097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 23:17:45,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361465.6304348, 'message': 'Dec  6 23:17:45 hqnl0246134 sshd[264653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 23:17:49,557] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:17:49,559] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:17:49,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361469.63781, 'message': 'Dec  6 23:17:47 hqnl0246134 sshd[264653]: Failed password for root from 61.177.173.18 port 25097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 23:17:51,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361471.6387837, 'message': 'Dec  6 23:17:49 hqnl0246134 sshd[264653]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-06 23:17:52,715] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:17:52,716] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:17:52,718] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 23:17:53,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361473.6403933, 'message': 'Dec  6 23:17:52 hqnl0246134 sshd[264653]: Failed password for root from 61.177.173.18 port 25097 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:17:56,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:17:56,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:17:56,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:17:56,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
WARNING [2022-12-06 23:18:10,949] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:18:10,973] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-06 23:18:17,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:18:17,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:18:17,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:18:17,973] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 23:18:20,618] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:18:20,618] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:18:20,626] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:18:20,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 23:18:21,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361501.6743488, 'message': 'Dec  6 23:18:20 hqnl0246134 sshd[264692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:18:23,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361503.6767554, 'message': 'Dec  6 23:18:21 hqnl0246134 sshd[264692]: Failed password for root from 165.227.166.207 port 44898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 23:18:31,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361511.6847298, 'message': 'Dec  6 23:18:30 hqnl0246134 sshd[264698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:18:31,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361511.684936, 'message': 'Dec  6 23:18:30 hqnl0246134 sshd[264698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:18:33,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361513.6857553, 'message': 'Dec  6 23:18:32 hqnl0246134 sshd[264698]: Failed password for root from 61.177.173.18 port 54858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 23:18:35,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361515.6881797, 'message': 'Dec  6 23:18:34 hqnl0246134 sshd[264698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:18:37,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361517.6912065, 'message': 'Dec  6 23:18:37 hqnl0246134 sshd[264698]: Failed password for root from 61.177.173.18 port 54858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 23:18:39,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361519.6931393, 'message': 'Dec  6 23:18:38 hqnl0246134 sshd[264698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:18:41,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361521.6943398, 'message': 'Dec  6 23:18:40 hqnl0246134 sshd[264698]: Failed password for root from 61.177.173.18 port 54858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-06 23:18:49,562] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:18:49,564] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:19:10,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:19:10,990] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0411 seconds
INFO    [2022-12-06 23:19:15,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361555.725429, 'message': 'Dec  6 23:19:15 hqnl0246134 sshd[264733]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 23:19:15,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361555.7257843, 'message': 'Dec  6 23:19:15 hqnl0246134 sshd[264733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:19:17,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361557.726391, 'message': 'Dec  6 23:19:16 hqnl0246134 sshd[264733]: Failed password for root from 61.177.173.18 port 12338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 23:19:17,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361557.7266698, 'message': 'Dec  6 23:19:17 hqnl0246134 sshd[264733]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 23:19:17,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:19:17,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:19:17,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:19:17,917] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 23:19:19,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361559.727297, 'message': 'Dec  6 23:19:19 hqnl0246134 sshd[264733]: Failed password for root from 61.177.173.18 port 12338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:19:20,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:19:20,606] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:19:20,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:19:20,624] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-06 23:19:21,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361561.728885, 'message': 'Dec  6 23:19:19 hqnl0246134 sshd[264733]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 23:19:23,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361563.7297401, 'message': 'Dec  6 23:19:22 hqnl0246134 sshd[264733]: Failed password for root from 61.177.173.18 port 12338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:19:26,669] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:19:26,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:19:26,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:19:26,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0328 seconds
WARNING [2022-12-06 23:19:49,568] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:19:49,569] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:20:01,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361601.7760983, 'message': 'Dec  6 23:20:00 hqnl0246134 sshd[264764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-06 23:20:01,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361601.7766008, 'message': 'Dec  6 23:20:00 hqnl0246134 sshd[264764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-06 23:20:03,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361603.7771795, 'message': 'Dec  6 23:20:02 hqnl0246134 sshd[264764]: Failed password for root from 61.177.173.18 port 33309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 23:20:03,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361603.777527, 'message': 'Dec  6 23:20:02 hqnl0246134 sshd[264764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:20:05,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361605.7785168, 'message': 'Dec  6 23:20:04 hqnl0246134 sshd[264764]: Failed password for root from 61.177.173.18 port 33309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 23:20:05,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361605.778842, 'message': 'Dec  6 23:20:04 hqnl0246134 sshd[264766]: Invalid user duser from 103.187.146.55 port 42366', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 23:20:05,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361605.7793102, 'message': 'Dec  6 23:20:05 hqnl0246134 sshd[264764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 23:20:05,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361605.7790716, 'message': 'Dec  6 23:20:04 hqnl0246134 sshd[264766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-06 23:20:05,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361605.7792037, 'message': 'Dec  6 23:20:04 hqnl0246134 sshd[264766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-06 23:20:07,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361607.7802505, 'message': 'Dec  6 23:20:06 hqnl0246134 sshd[264766]: Failed password for invalid user duser from 103.187.146.55 port 42366 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 23:20:07,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361607.78043, 'message': 'Dec  6 23:20:07 hqnl0246134 sshd[264764]: Failed password for root from 61.177.173.18 port 33309 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-06 23:20:09,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361609.7830193, 'message': 'Dec  6 23:20:08 hqnl0246134 sshd[264766]: Disconnected from invalid user duser 103.187.146.55 port 42366 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 23:20:10,960] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:20:10,978] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0259 seconds
INFO    [2022-12-06 23:20:11,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361611.785484, 'message': 'Dec  6 23:20:11 hqnl0246134 sshd[264794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:20:13,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.149.30', 'timestamp': 1670361613.7900295, 'message': 'Dec  6 23:20:12 hqnl0246134 sshd[264793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.149.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 23:20:13,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361613.7905934, 'message': 'Dec  6 23:20:13 hqnl0246134 sshd[264794]: Failed password for root from 165.227.166.207 port 55198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-06 23:20:13,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.149.30', 'timestamp': 1670361613.790427, 'message': 'Dec  6 23:20:12 hqnl0246134 sshd[264793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.149.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:20:15,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.149.30', 'timestamp': 1670361615.790648, 'message': 'Dec  6 23:20:14 hqnl0246134 sshd[264793]: Failed password for root from 128.199.149.30 port 39658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:20:18,685] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:20:18,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:20:18,697] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:20:18,739] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0518 seconds
INFO    [2022-12-06 23:20:24,400] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:20:24,400] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:20:24,414] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:20:24,433] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0318 seconds
INFO    [2022-12-06 23:20:47,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361647.8315413, 'message': 'Dec  6 23:20:46 hqnl0246134 sshd[264845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-06 23:20:47,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361647.8320692, 'message': 'Dec  6 23:20:46 hqnl0246134 sshd[264845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
WARNING [2022-12-06 23:20:49,572] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:20:49,572] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:20:49,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361649.8344612, 'message': 'Dec  6 23:20:48 hqnl0246134 sshd[264845]: Failed password for root from 61.177.173.18 port 56324 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 23:20:49,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361649.8346448, 'message': 'Dec  6 23:20:49 hqnl0246134 sshd[264845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 23:20:51,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361651.8346465, 'message': 'Dec  6 23:20:50 hqnl0246134 sshd[264842]: Invalid user info from 103.187.146.55 port 59850', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 23:20:51,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361651.8354025, 'message': 'Dec  6 23:20:51 hqnl0246134 sshd[264845]: Failed password for root from 61.177.173.18 port 56324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 23:20:51,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361651.8350558, 'message': 'Dec  6 23:20:50 hqnl0246134 sshd[264842]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:20:51,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361651.835288, 'message': 'Dec  6 23:20:50 hqnl0246134 sshd[264842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:20:53,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361653.836433, 'message': 'Dec  6 23:20:52 hqnl0246134 sshd[264842]: Failed password for invalid user info from 103.187.146.55 port 59850 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-06 23:20:53,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361653.8367174, 'message': 'Dec  6 23:20:53 hqnl0246134 sshd[264845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 23:20:53,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361653.836605, 'message': 'Dec  6 23:20:53 hqnl0246134 sshd[264842]: Disconnected from invalid user info 103.187.146.55 port 59850 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:20:55,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361655.8375995, 'message': 'Dec  6 23:20:55 hqnl0246134 sshd[264845]: Failed password for root from 61.177.173.18 port 56324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:20:56,109] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:20:56,109] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:20:56,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:20:56,234] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1243 seconds
WARNING [2022-12-06 23:21:10,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:21:10,996] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-06 23:21:17,871] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:21:17,872] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:21:17,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:21:17,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 23:21:20,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:21:20,581] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:21:20,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:21:20,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 23:21:33,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361693.875776, 'message': 'Dec  6 23:21:33 hqnl0246134 sshd[264910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 23:21:33,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361693.8763888, 'message': 'Dec  6 23:21:33 hqnl0246134 sshd[264910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 23:21:35,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361695.8774352, 'message': 'Dec  6 23:21:35 hqnl0246134 sshd[264910]: Failed password for root from 61.177.173.18 port 25478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:21:35,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361695.8776422, 'message': 'Dec  6 23:21:35 hqnl0246134 sshd[264910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:21:37,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361697.8795824, 'message': 'Dec  6 23:21:36 hqnl0246134 sshd[264908]: Invalid user test from 103.187.146.55 port 46716', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 23:21:37,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361697.8800135, 'message': 'Dec  6 23:21:37 hqnl0246134 sshd[264910]: Failed password for root from 61.177.173.18 port 25478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-06 23:21:37,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361697.8797684, 'message': 'Dec  6 23:21:36 hqnl0246134 sshd[264908]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.187.146.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:21:37,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361697.879882, 'message': 'Dec  6 23:21:36 hqnl0246134 sshd[264908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.146.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:21:39,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361699.8825486, 'message': 'Dec  6 23:21:39 hqnl0246134 sshd[264908]: Failed password for invalid user test from 103.187.146.55 port 46716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 23:21:39,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361699.8827343, 'message': 'Dec  6 23:21:39 hqnl0246134 sshd[264910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 23:21:41,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361701.885096, 'message': 'Dec  6 23:21:41 hqnl0246134 sshd[264910]: Failed password for root from 61.177.173.18 port 25478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 23:21:41,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.187.146.55', 'timestamp': 1670361701.885311, 'message': 'Dec  6 23:21:41 hqnl0246134 sshd[264908]: Disconnected from invalid user test 103.187.146.55 port 46716 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
WARNING [2022-12-06 23:21:49,574] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:21:49,575] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:21:54,052] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 23:22:05,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361725.9118154, 'message': 'Dec  6 23:22:05 hqnl0246134 sshd[264939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-06 23:22:07,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361727.9121234, 'message': 'Dec  6 23:22:06 hqnl0246134 sshd[264939]: Failed password for root from 165.227.166.207 port 37236 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:22:09,939] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:22:09,940] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:22:09,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:22:09,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0305 seconds
INFO    [2022-12-06 23:22:10,110] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:22:10,182] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:22:10,183] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:22:10,183] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:22:10,184] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:22:10,184] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:22:10,202] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:22:10,230] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0452 seconds
WARNING [2022-12-06 23:22:10,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:22:10,243] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:22:10,264] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0429 seconds
INFO    [2022-12-06 23:22:10,265] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0392 seconds
WARNING [2022-12-06 23:22:10,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:22:10,993] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-06 23:22:17,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:22:17,856] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:22:17,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:22:17,881] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 23:22:19,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361739.9194703, 'message': 'Dec  6 23:22:19 hqnl0246134 sshd[264966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 23:22:19,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361739.9198027, 'message': 'Dec  6 23:22:19 hqnl0246134 sshd[264966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:22:20,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:22:20,583] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:22:20,594] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:22:20,606] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-06 23:22:23,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361743.923363, 'message': 'Dec  6 23:22:22 hqnl0246134 sshd[264966]: Failed password for root from 61.177.173.18 port 43693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-06 23:22:25,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361745.9283314, 'message': 'Dec  6 23:22:24 hqnl0246134 sshd[264966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-06 23:22:27,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361747.9301825, 'message': 'Dec  6 23:22:26 hqnl0246134 sshd[264966]: Failed password for root from 61.177.173.18 port 43693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:22:27,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361747.9304254, 'message': 'Dec  6 23:22:26 hqnl0246134 sshd[264966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:22:29,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361749.932948, 'message': 'Dec  6 23:22:27 hqnl0246134 sshd[264966]: Failed password for root from 61.177.173.18 port 43693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 23:22:41,896] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:22:41,897] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:22:41,899] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-06 23:22:49,582] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:22:49,583] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:23:10,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361789.9869864, 'message': 'Dec  6 23:23:07 hqnl0246134 sshd[264995]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:23:10,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361789.9874804, 'message': 'Dec  6 23:23:07 hqnl0246134 sshd[264995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 23:23:10,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:23:10,990] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0242 seconds
INFO    [2022-12-06 23:23:12,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361791.9878488, 'message': 'Dec  6 23:23:10 hqnl0246134 sshd[264995]: Failed password for root from 61.177.173.18 port 16153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:23:14,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361793.9921627, 'message': 'Dec  6 23:23:12 hqnl0246134 sshd[264995]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 23:23:16,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361795.9925272, 'message': 'Dec  6 23:23:14 hqnl0246134 sshd[264995]: Failed password for root from 61.177.173.18 port 16153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:23:16,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361795.9927478, 'message': 'Dec  6 23:23:14 hqnl0246134 sshd[264995]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:23:17,887] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:23:17,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:23:17,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:23:17,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 23:23:18,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361797.993789, 'message': 'Dec  6 23:23:16 hqnl0246134 sshd[264995]: Failed password for root from 61.177.173.18 port 16153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 23:23:20,476] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:23:20,477] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:23:20,485] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:23:20,496] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-06 23:23:24,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.90.17', 'timestamp': 1670361804.0084267, 'message': 'Dec  6 23:23:23 hqnl0246134 sshd[265019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.90.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 23:23:24,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.90.17', 'timestamp': 1670361804.0088236, 'message': 'Dec  6 23:23:23 hqnl0246134 sshd[265019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.90.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:23:26,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.178.90.17', 'timestamp': 1670361806.0125337, 'message': 'Dec  6 23:23:25 hqnl0246134 sshd[265019]: Failed password for root from 51.178.90.17 port 57320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 23:23:49,586] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:23:49,588] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:23:54,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361834.0534737, 'message': 'Dec  6 23:23:53 hqnl0246134 sshd[265032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:23:54,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361834.0543027, 'message': 'Dec  6 23:23:53 hqnl0246134 sshd[265032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 23:23:56,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361836.053675, 'message': 'Dec  6 23:23:55 hqnl0246134 sshd[265032]: Failed password for root from 61.177.173.18 port 28168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-06 23:23:58,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361838.056119, 'message': 'Dec  6 23:23:56 hqnl0246134 sshd[265032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 23:23:58,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361838.0564184, 'message': 'Dec  6 23:23:56 hqnl0246134 sshd[265034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 23:24:00,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361840.0581408, 'message': 'Dec  6 23:23:58 hqnl0246134 sshd[265032]: Failed password for root from 61.177.173.18 port 28168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-06 23:24:00,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361840.0583856, 'message': 'Dec  6 23:23:58 hqnl0246134 sshd[265034]: Failed password for root from 165.227.166.207 port 47526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 23:24:01,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:24:01,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:24:01,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:24:01,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 23:24:02,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361842.060478, 'message': 'Dec  6 23:24:00 hqnl0246134 sshd[265032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:24:04,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361844.0618038, 'message': 'Dec  6 23:24:02 hqnl0246134 sshd[265032]: Failed password for root from 61.177.173.18 port 28168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 23:24:10,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:24:11,004] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-06 23:24:17,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:24:17,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:24:17,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:24:17,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-06 23:24:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:24:20,610] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:24:20,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:24:20,629] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-06 23:24:38,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670361878.1076102, 'message': 'Dec  6 23:24:36 hqnl0246134 sshd[265075]: Invalid user openhab from 180.190.241.88 port 28496', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:24:38,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '180.190.241.88', 'timestamp': 1670361878.1080384, 'message': 'Dec  6 23:24:36 hqnl0246134 sshd[265075]: pam_imunify(sshd:auth): [IM360_RBL] The IP 180.190.241.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:24:38,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '180.190.241.88', 'timestamp': 1670361878.1082058, 'message': 'Dec  6 23:24:36 hqnl0246134 sshd[265075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.190.241.88 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 23:24:40,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670361880.1083522, 'message': 'Dec  6 23:24:38 hqnl0246134 sshd[265075]: Failed password for invalid user openhab from 180.190.241.88 port 28496 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 23:24:40,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361880.1094894, 'message': 'Dec  6 23:24:39 hqnl0246134 sshd[265077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:24:40,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361880.1096547, 'message': 'Dec  6 23:24:39 hqnl0246134 sshd[265077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:24:42,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670361882.1131434, 'message': 'Dec  6 23:24:40 hqnl0246134 sshd[265075]: Disconnected from invalid user openhab 180.190.241.88 port 28496 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-06 23:24:42,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361882.1133893, 'message': 'Dec  6 23:24:42 hqnl0246134 sshd[265077]: Failed password for root from 61.177.173.18 port 44385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-06 23:24:44,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361884.1170914, 'message': 'Dec  6 23:24:43 hqnl0246134 sshd[265077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0683 seconds
INFO    [2022-12-06 23:24:46,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361886.1186197, 'message': 'Dec  6 23:24:45 hqnl0246134 sshd[265077]: Failed password for root from 61.177.173.18 port 44385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 23:24:46,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361886.1190584, 'message': 'Dec  6 23:24:46 hqnl0246134 sshd[265077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 23:24:49,593] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:24:49,594] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:24:50,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361890.1219182, 'message': 'Dec  6 23:24:48 hqnl0246134 sshd[265077]: Failed password for root from 61.177.173.18 port 44385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 23:24:58,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361898.1299722, 'message': 'Dec  6 23:24:57 hqnl0246134 sshd[265089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.20.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:24:58,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361898.1302388, 'message': 'Dec  6 23:24:57 hqnl0246134 sshd[265089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.20.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:25:00,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.20.198', 'timestamp': 1670361900.1343288, 'message': 'Dec  6 23:24:59 hqnl0246134 sshd[265089]: Failed password for root from 68.183.20.198 port 59324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:25:02,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670361902.1378434, 'message': 'Dec  6 23:25:00 hqnl0246134 sshd[265091]: Invalid user user from 188.166.114.8 port 35018', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0642 seconds
INFO    [2022-12-06 23:25:02,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.114.8', 'timestamp': 1670361902.1381392, 'message': 'Dec  6 23:25:00 hqnl0246134 sshd[265091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.114.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-06 23:25:02,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.114.8', 'timestamp': 1670361902.1383626, 'message': 'Dec  6 23:25:00 hqnl0246134 sshd[265091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.114.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 23:25:04,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670361904.1426642, 'message': 'Dec  6 23:25:02 hqnl0246134 sshd[265091]: Failed password for invalid user user from 188.166.114.8 port 35018 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-06 23:25:06,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670361906.1481147, 'message': 'Dec  6 23:25:04 hqnl0246134 sshd[265091]: Disconnected from invalid user user 188.166.114.8 port 35018 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:25:07,673] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:25:07,673] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:25:07,680] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:25:07,692] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-06 23:25:10,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:25:11,013] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0364 seconds
INFO    [2022-12-06 23:25:17,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:25:17,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:25:17,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:25:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-06 23:25:20,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:25:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:25:20,587] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:25:20,599] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 23:25:26,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361926.1649926, 'message': 'Dec  6 23:25:26 hqnl0246134 sshd[265148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:25:26,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361926.1661043, 'message': 'Dec  6 23:25:26 hqnl0246134 sshd[265148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:25:28,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361928.1656146, 'message': 'Dec  6 23:25:28 hqnl0246134 sshd[265148]: Failed password for root from 61.177.173.18 port 10075 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 23:25:30,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361930.1690195, 'message': 'Dec  6 23:25:28 hqnl0246134 sshd[265148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-06 23:25:32,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361932.1698563, 'message': 'Dec  6 23:25:30 hqnl0246134 sshd[265148]: Failed password for root from 61.177.173.18 port 10075 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 23:25:32,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361932.1700606, 'message': 'Dec  6 23:25:30 hqnl0246134 sshd[265148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 23:25:32,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361932.1702127, 'message': 'Dec  6 23:25:32 hqnl0246134 sshd[265148]: Failed password for root from 61.177.173.18 port 10075 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-06 23:25:49,609] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:25:49,610] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:25:50,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361950.1869164, 'message': 'Dec  6 23:25:49 hqnl0246134 sshd[265164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:25:52,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670361952.18958, 'message': 'Dec  6 23:25:50 hqnl0246134 sshd[265164]: Failed password for root from 165.227.166.207 port 57820 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-06 23:26:10,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:26:11,013] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-06 23:26:12,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361972.2062893, 'message': 'Dec  6 23:26:12 hqnl0246134 sshd[265179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:26:14,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361974.207594, 'message': 'Dec  6 23:26:12 hqnl0246134 sshd[265179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:26:14,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361974.207973, 'message': 'Dec  6 23:26:14 hqnl0246134 sshd[265179]: Failed password for root from 61.177.173.18 port 31050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 23:26:16,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361976.2140388, 'message': 'Dec  6 23:26:14 hqnl0246134 sshd[265179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-06 23:26:16,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361976.2147365, 'message': 'Dec  6 23:26:16 hqnl0246134 sshd[265179]: Failed password for root from 61.177.173.18 port 31050 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:26:18,015] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:26:18,015] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:26:18,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:26:18,038] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-06 23:26:18,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361978.2131956, 'message': 'Dec  6 23:26:16 hqnl0246134 sshd[265179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:26:20,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670361980.2167218, 'message': 'Dec  6 23:26:18 hqnl0246134 sshd[265179]: Failed password for root from 61.177.173.18 port 31050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:26:20,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:26:20,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:26:20,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:26:20,783] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 23:26:49,614] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:26:49,615] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:26:58,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362018.3071818, 'message': 'Dec  6 23:26:57 hqnl0246134 sshd[265236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 180.190.241.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 23:26:58,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362018.3076916, 'message': 'Dec  6 23:26:57 hqnl0246134 sshd[265238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 23:26:58,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362018.3075478, 'message': 'Dec  6 23:26:57 hqnl0246134 sshd[265236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.190.241.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 23:26:58,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362018.3077974, 'message': 'Dec  6 23:26:58 hqnl0246134 sshd[265238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 23:27:00,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362020.3099246, 'message': 'Dec  6 23:26:59 hqnl0246134 sshd[265236]: Failed password for root from 180.190.241.88 port 48192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 23:27:00,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362020.3101954, 'message': 'Dec  6 23:26:59 hqnl0246134 sshd[265238]: Failed password for root from 61.177.173.18 port 55187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 23:27:00,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362020.3103774, 'message': 'Dec  6 23:27:00 hqnl0246134 sshd[265238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:27:02,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362022.3105006, 'message': 'Dec  6 23:27:01 hqnl0246134 sshd[265238]: Failed password for root from 61.177.173.18 port 55187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-06 23:27:02,613] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:27:02,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:27:02,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:27:02,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0395 seconds
INFO    [2022-12-06 23:27:04,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362024.312048, 'message': 'Dec  6 23:27:02 hqnl0246134 sshd[265238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:27:06,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362026.316639, 'message': 'Dec  6 23:27:04 hqnl0246134 sshd[265238]: Failed password for root from 61.177.173.18 port 55187 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-06 23:27:10,997] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:27:11,020] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0337 seconds
INFO    [2022-12-06 23:27:18,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:27:18,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:27:18,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:27:18,588] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-06 23:27:21,234] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:27:21,235] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:27:21,244] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:27:21,257] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-06 23:27:30,215] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:27:30,284] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:27:30,285] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:27:30,285] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:27:30,286] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:27:30,286] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:27:30,304] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:27:30,335] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0485 seconds
WARNING [2022-12-06 23:27:30,344] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:27:30,346] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:27:30,363] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0370 seconds
INFO    [2022-12-06 23:27:30,364] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0325 seconds
INFO    [2022-12-06 23:27:40,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362060.3426592, 'message': 'Dec  6 23:27:38 hqnl0246134 sshd[265295]: Invalid user ts3srv from 180.190.241.88 port 29826', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 23:27:40,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362060.3429892, 'message': 'Dec  6 23:27:38 hqnl0246134 sshd[265295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 180.190.241.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:27:40,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362060.3431442, 'message': 'Dec  6 23:27:38 hqnl0246134 sshd[265295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.190.241.88 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:27:42,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362062.3458219, 'message': 'Dec  6 23:27:40 hqnl0246134 sshd[265295]: Failed password for invalid user ts3srv from 180.190.241.88 port 29826 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-06 23:27:42,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362062.3461206, 'message': 'Dec  6 23:27:40 hqnl0246134 sshd[265297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-06 23:27:42,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362062.3462977, 'message': 'Dec  6 23:27:41 hqnl0246134 sshd[265295]: Disconnected from invalid user ts3srv 180.190.241.88 port 29826 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 23:27:44,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362064.3491707, 'message': 'Dec  6 23:27:43 hqnl0246134 sshd[265299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:27:44,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362064.3494713, 'message': 'Dec  6 23:27:43 hqnl0246134 sshd[265297]: Failed password for root from 165.227.166.207 port 39868 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-06 23:27:44,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362064.3493547, 'message': 'Dec  6 23:27:43 hqnl0246134 sshd[265299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:27:46,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362066.3523555, 'message': 'Dec  6 23:27:45 hqnl0246134 sshd[265299]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 23:27:48,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362068.3547328, 'message': 'Dec  6 23:27:47 hqnl0246134 sshd[265299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-06 23:27:49,619] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:27:49,620] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:27:50,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362070.3562078, 'message': 'Dec  6 23:27:49 hqnl0246134 sshd[265299]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:27:50,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362070.35646, 'message': 'Dec  6 23:27:49 hqnl0246134 sshd[265299]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:27:52,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362072.35785, 'message': 'Dec  6 23:27:51 hqnl0246134 sshd[265299]: Failed password for root from 61.177.173.18 port 14143 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 23:28:00,748] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:28:00,749] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:28:00,750] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-06 23:28:06,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362086.3737671, 'message': 'Dec  6 23:28:05 hqnl0246134 sshd[265328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.114.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:28:06,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362086.3741236, 'message': 'Dec  6 23:28:05 hqnl0246134 sshd[265328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.114.8  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:28:08,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362088.375979, 'message': 'Dec  6 23:28:08 hqnl0246134 sshd[265328]: Failed password for root from 188.166.114.8 port 57602 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-06 23:28:11,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:28:11,024] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-06 23:28:12,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362092.3809793, 'message': 'Dec  6 23:28:11 hqnl0246134 sshd[265332]: Invalid user rodney from 68.183.20.198 port 48832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:28:12,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362092.3812687, 'message': 'Dec  6 23:28:11 hqnl0246134 sshd[265332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.20.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:28:12,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362092.381398, 'message': 'Dec  6 23:28:11 hqnl0246134 sshd[265332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.20.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:28:12,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:28:12,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:28:12,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:28:12,564] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:28:14,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362094.3836722, 'message': 'Dec  6 23:28:14 hqnl0246134 sshd[265332]: Failed password for invalid user rodney from 68.183.20.198 port 48832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:28:16,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362096.3874917, 'message': 'Dec  6 23:28:15 hqnl0246134 sshd[265332]: Disconnected from invalid user rodney 68.183.20.198 port 48832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 23:28:17,935] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:28:17,935] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:28:17,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:28:17,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:28:20,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362100.3900182, 'message': 'Dec  6 23:28:19 hqnl0246134 sshd[265355]: Invalid user vz from 180.190.241.88 port 35932', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:28:20,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362100.3902652, 'message': 'Dec  6 23:28:19 hqnl0246134 sshd[265355]: pam_imunify(sshd:auth): [IM360_RBL] The IP 180.190.241.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:28:20,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362100.3904693, 'message': 'Dec  6 23:28:19 hqnl0246134 sshd[265355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.190.241.88 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 23:28:21,001] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:28:21,002] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:28:21,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:28:21,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-06 23:28:22,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362102.3907263, 'message': 'Dec  6 23:28:21 hqnl0246134 sshd[265355]: Failed password for invalid user vz from 180.190.241.88 port 35932 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:28:24,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '180.190.241.88', 'timestamp': 1670362104.3937232, 'message': 'Dec  6 23:28:22 hqnl0246134 sshd[265355]: Disconnected from invalid user vz 180.190.241.88 port 35932 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:28:30,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362110.3992925, 'message': 'Dec  6 23:28:30 hqnl0246134 sshd[265369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:28:30,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362110.399747, 'message': 'Dec  6 23:28:30 hqnl0246134 sshd[265369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:28:32,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362112.3993762, 'message': 'Dec  6 23:28:31 hqnl0246134 sshd[265369]: Failed password for root from 61.177.173.18 port 34346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 23:28:32,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362112.3996065, 'message': 'Dec  6 23:28:32 hqnl0246134 sshd[265369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:28:36,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362116.4013965, 'message': 'Dec  6 23:28:34 hqnl0246134 sshd[265369]: Failed password for root from 61.177.173.18 port 34346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:28:38,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362118.4022636, 'message': 'Dec  6 23:28:36 hqnl0246134 sshd[265369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 23:28:38,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362118.4024737, 'message': 'Dec  6 23:28:37 hqnl0246134 sshd[265373]: Invalid user rtorrent from 104.131.40.97 port 33448', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 23:28:38,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362118.4029086, 'message': 'Dec  6 23:28:38 hqnl0246134 sshd[265369]: Failed password for root from 61.177.173.18 port 34346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-06 23:28:38,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362118.402624, 'message': 'Dec  6 23:28:37 hqnl0246134 sshd[265373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.40.97 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-06 23:28:38,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362118.402798, 'message': 'Dec  6 23:28:37 hqnl0246134 sshd[265373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.40.97 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-06 23:28:40,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362120.4040854, 'message': 'Dec  6 23:28:40 hqnl0246134 sshd[265373]: Failed password for invalid user rtorrent from 104.131.40.97 port 33448 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 23:28:42,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.240.206.206', 'timestamp': 1670362122.406344, 'message': 'Dec  6 23:28:40 hqnl0246134 sshd[265375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.240.206.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 23:28:42,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362122.4066892, 'message': 'Dec  6 23:28:41 hqnl0246134 sshd[265373]: Disconnected from invalid user rtorrent 104.131.40.97 port 33448 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 23:28:42,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.240.206.206', 'timestamp': 1670362122.4065313, 'message': 'Dec  6 23:28:40 hqnl0246134 sshd[265375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.206.206  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:28:44,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.240.206.206', 'timestamp': 1670362124.4080524, 'message': 'Dec  6 23:28:42 hqnl0246134 sshd[265375]: Failed password for root from 115.240.206.206 port 9252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 23:28:49,630] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:28:49,631] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:29:02,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362142.4333751, 'message': 'Dec  6 23:29:01 hqnl0246134 sshd[265389]: Invalid user luo from 51.178.90.17 port 45570', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 23:29:02,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362142.4338841, 'message': 'Dec  6 23:29:01 hqnl0246134 sshd[265389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.90.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:29:02,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362142.4341152, 'message': 'Dec  6 23:29:01 hqnl0246134 sshd[265389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.90.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:29:04,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362144.4350393, 'message': 'Dec  6 23:29:03 hqnl0246134 sshd[265389]: Failed password for invalid user luo from 51.178.90.17 port 45570 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 23:29:06,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362146.4394908, 'message': 'Dec  6 23:29:04 hqnl0246134 sshd[265389]: Disconnected from invalid user luo 51.178.90.17 port 45570 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
WARNING [2022-12-06 23:29:11,005] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:29:11,033] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0372 seconds
INFO    [2022-12-06 23:29:18,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:29:18,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:29:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:29:18,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-06 23:29:18,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362158.4531758, 'message': 'Dec  6 23:29:17 hqnl0246134 sshd[265410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 23:29:18,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362158.4535809, 'message': 'Dec  6 23:29:17 hqnl0246134 sshd[265410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:29:19,404] defence360agent.files: Updating all files
INFO    [2022-12-06 23:29:19,733] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:19,734] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 23:29:20,039] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:20,040] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 23:29:20,299] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:20,300] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 23:29:20,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362160.4540126, 'message': 'Dec  6 23:29:20 hqnl0246134 sshd[265410]: Failed password for root from 61.177.173.18 port 63335 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 23:29:20,586] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:20,587] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 23:29:20,587] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 23:29:20,849] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 21:29:20 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E518909CC00BE'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 23:29:20,850] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 23:29:20,851] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 23:29:21,337] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:29:21,337] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:29:21,352] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:29:21,373] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-06 23:29:21,484] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:21,484] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 23:29:21,740] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:21,741] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 23:29:22,041] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:22,041] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 23:29:22,445] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:22,445] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 23:29:22,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362162.6165206, 'message': 'Dec  6 23:29:22 hqnl0246134 sshd[265410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:29:22,935] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 23:29:22,936] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 23:29:24,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362164.4588637, 'message': 'Dec  6 23:29:24 hqnl0246134 sshd[265410]: Failed password for root from 61.177.173.18 port 63335 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:29:26,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362166.4606404, 'message': 'Dec  6 23:29:26 hqnl0246134 sshd[265410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:29:28,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362168.4621775, 'message': 'Dec  6 23:29:28 hqnl0246134 sshd[265410]: Failed password for root from 61.177.173.18 port 63335 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-06 23:29:31,248] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:29:31,248] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:29:31,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:29:31,268] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 23:29:34,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362174.466673, 'message': 'Dec  6 23:29:34 hqnl0246134 sshd[265433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 23:29:36,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362176.4697285, 'message': 'Dec  6 23:29:36 hqnl0246134 sshd[265433]: Failed password for root from 165.227.166.207 port 50172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 23:29:49,633] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:29:49,634] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:30:06,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362206.51598, 'message': 'Dec  6 23:30:04 hqnl0246134 sshd[265468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 23:30:06,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362206.5165138, 'message': 'Dec  6 23:30:04 hqnl0246134 sshd[265468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:30:08,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362208.520839, 'message': 'Dec  6 23:30:07 hqnl0246134 sshd[265468]: Failed password for root from 61.177.173.18 port 21007 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:30:10,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362210.5245764, 'message': 'Dec  6 23:30:08 hqnl0246134 sshd[265468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 23:30:11,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:30:11,034] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 23:30:12,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362212.5303233, 'message': 'Dec  6 23:30:10 hqnl0246134 sshd[265468]: Failed password for root from 61.177.173.18 port 21007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 23:30:12,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362212.5307555, 'message': 'Dec  6 23:30:11 hqnl0246134 sshd[265496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.149.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-06 23:30:12,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362212.530576, 'message': 'Dec  6 23:30:11 hqnl0246134 sshd[265468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-06 23:30:12,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362212.5309224, 'message': 'Dec  6 23:30:11 hqnl0246134 sshd[265496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.149.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-06 23:30:14,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362214.5361917, 'message': 'Dec  6 23:30:13 hqnl0246134 sshd[265468]: Failed password for root from 61.177.173.18 port 21007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 23:30:14,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362214.5364592, 'message': 'Dec  6 23:30:13 hqnl0246134 sshd[265496]: Failed password for root from 128.199.149.30 port 55560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-06 23:30:17,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:30:17,876] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:30:17,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:30:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0362 seconds
INFO    [2022-12-06 23:30:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:30:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:30:20,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:30:20,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-06 23:30:48,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362248.6188693, 'message': 'Dec  6 23:30:47 hqnl0246134 sshd[265532]: Invalid user sysadmin from 188.166.114.8 port 46920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 23:30:48,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362248.619217, 'message': 'Dec  6 23:30:47 hqnl0246134 sshd[265532]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.114.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:30:48,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362248.6193852, 'message': 'Dec  6 23:30:47 hqnl0246134 sshd[265532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.114.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-06 23:30:49,639] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:30:49,640] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:30:50,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362250.6211462, 'message': 'Dec  6 23:30:49 hqnl0246134 sshd[265532]: Failed password for invalid user sysadmin from 188.166.114.8 port 46920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:30:50,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362250.621383, 'message': 'Dec  6 23:30:49 hqnl0246134 sshd[265532]: Disconnected from invalid user sysadmin 188.166.114.8 port 46920 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:30:52,188] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:30:52,189] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:30:52,197] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:30:52,209] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-06 23:30:52,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362252.6250365, 'message': 'Dec  6 23:30:51 hqnl0246134 sshd[265536]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:30:52,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362252.6252244, 'message': 'Dec  6 23:30:51 hqnl0246134 sshd[265536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:30:54,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362254.62863, 'message': 'Dec  6 23:30:53 hqnl0246134 sshd[265536]: Failed password for root from 61.177.173.18 port 40894 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:30:54,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362254.628841, 'message': 'Dec  6 23:30:54 hqnl0246134 sshd[265541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.20.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-06 23:30:54,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362254.6289794, 'message': 'Dec  6 23:30:54 hqnl0246134 sshd[265541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.20.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:30:56,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362256.6323087, 'message': 'Dec  6 23:30:55 hqnl0246134 sshd[265536]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-06 23:30:56,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.20.198', 'timestamp': 1670362256.6329622, 'message': 'Dec  6 23:30:56 hqnl0246134 sshd[265541]: Failed password for root from 68.183.20.198 port 38376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 23:30:58,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362258.6348934, 'message': 'Dec  6 23:30:57 hqnl0246134 sshd[265536]: Failed password for root from 61.177.173.18 port 40894 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:30:58,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362258.6350768, 'message': 'Dec  6 23:30:57 hqnl0246134 sshd[265536]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:31:00,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362260.6357787, 'message': 'Dec  6 23:30:59 hqnl0246134 sshd[265536]: Failed password for root from 61.177.173.18 port 40894 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 23:31:11,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:31:11,033] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0292 seconds
INFO    [2022-12-06 23:31:17,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:31:17,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:31:17,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:31:17,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
INFO    [2022-12-06 23:31:20,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:31:20,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:31:20,547] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:31:20,559] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 23:31:30,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362290.687172, 'message': 'Dec  6 23:31:29 hqnl0246134 sshd[265575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 23:31:32,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362292.6865108, 'message': 'Dec  6 23:31:31 hqnl0246134 sshd[265575]: Failed password for root from 165.227.166.207 port 60440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:31:38,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362298.6981945, 'message': 'Dec  6 23:31:38 hqnl0246134 sshd[265579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-06 23:31:38,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362298.6985612, 'message': 'Dec  6 23:31:38 hqnl0246134 sshd[265579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:31:40,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362300.7035239, 'message': 'Dec  6 23:31:38 hqnl0246134 sshd[265581]: Invalid user user from 51.178.90.17 port 45402', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-06 23:31:40,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362300.7038846, 'message': 'Dec  6 23:31:38 hqnl0246134 sshd[265581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.90.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:31:40,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362300.7041216, 'message': 'Dec  6 23:31:38 hqnl0246134 sshd[265581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.90.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:31:42,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362302.7074714, 'message': 'Dec  6 23:31:40 hqnl0246134 sshd[265579]: Failed password for root from 61.177.173.18 port 12770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-06 23:31:42,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362302.7077863, 'message': 'Dec  6 23:31:41 hqnl0246134 sshd[265581]: Failed password for invalid user user from 51.178.90.17 port 45402 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 23:31:42,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362302.707999, 'message': 'Dec  6 23:31:42 hqnl0246134 sshd[265579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:31:44,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362304.7140539, 'message': 'Dec  6 23:31:42 hqnl0246134 sshd[265581]: Disconnected from invalid user user 51.178.90.17 port 45402 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-06 23:31:44,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362304.714235, 'message': 'Dec  6 23:31:43 hqnl0246134 sshd[265579]: Failed password for root from 61.177.173.18 port 12770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-06 23:31:46,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362306.7160046, 'message': 'Dec  6 23:31:44 hqnl0246134 sshd[265579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-06 23:31:46,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362306.7164352, 'message': 'Dec  6 23:31:46 hqnl0246134 sshd[265579]: Failed password for root from 61.177.173.18 port 12770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 23:31:49,643] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:31:49,644] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:31:54,057] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 23:32:11,019] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:32:11,053] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0450 seconds
INFO    [2022-12-06 23:32:18,056] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:32:18,057] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:32:18,066] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:32:18,079] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-06 23:32:20,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:32:20,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:32:20,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:32:20,821] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 23:32:22,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362342.7734127, 'message': 'Dec  6 23:32:21 hqnl0246134 sshd[265632]: Invalid user billy from 137.184.183.214 port 35494', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:32:22,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362342.7736452, 'message': 'Dec  6 23:32:21 hqnl0246134 sshd[265632]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.183.214 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 23:32:22,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362342.773805, 'message': 'Dec  6 23:32:21 hqnl0246134 sshd[265632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.183.214 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:32:24,051] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:32:24,117] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:32:24,117] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:32:24,118] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:32:24,118] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:32:24,118] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:32:24,127] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:32:24,143] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0250 seconds
WARNING [2022-12-06 23:32:24,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:32:24,153] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:32:24,171] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0331 seconds
INFO    [2022-12-06 23:32:24,172] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0309 seconds
INFO    [2022-12-06 23:32:24,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362344.7752664, 'message': 'Dec  6 23:32:23 hqnl0246134 sshd[265632]: Failed password for invalid user billy from 137.184.183.214 port 35494 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:32:26,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362346.7813652, 'message': 'Dec  6 23:32:25 hqnl0246134 sshd[265634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 23:32:26,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362346.7817967, 'message': 'Dec  6 23:32:26 hqnl0246134 sshd[265632]: Disconnected from invalid user billy 137.184.183.214 port 35494 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 23:32:26,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362346.7816062, 'message': 'Dec  6 23:32:25 hqnl0246134 sshd[265634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:32:28,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:32:28,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:32:28,632] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:32:28,648] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-06 23:32:28,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362348.7821548, 'message': 'Dec  6 23:32:26 hqnl0246134 sshd[265634]: Failed password for root from 61.177.173.18 port 35201 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 23:32:28,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362348.7824497, 'message': 'Dec  6 23:32:27 hqnl0246134 sshd[265634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 23:32:30,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362350.7866488, 'message': 'Dec  6 23:32:29 hqnl0246134 sshd[265634]: Failed password for root from 61.177.173.18 port 35201 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:32:30,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362350.7869916, 'message': 'Dec  6 23:32:29 hqnl0246134 sshd[265634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:32:32,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362352.7903695, 'message': 'Dec  6 23:32:31 hqnl0246134 sshd[265634]: Failed password for root from 61.177.173.18 port 35201 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 23:32:49,647] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:32:49,649] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:32:54,368] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:32:54,369] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:32:54,370] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-06 23:33:00,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362380.8346307, 'message': 'Dec  6 23:32:59 hqnl0246134 sshd[265659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.149.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-06 23:33:00,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362380.8352697, 'message': 'Dec  6 23:33:00 hqnl0246134 sshd[265659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.149.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:33:02,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362382.8374074, 'message': 'Dec  6 23:33:02 hqnl0246134 sshd[265659]: Failed password for root from 128.199.149.30 port 51372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-06 23:33:10,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362390.8582003, 'message': 'Dec  6 23:33:09 hqnl0246134 sshd[265671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:33:10,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362390.8584187, 'message': 'Dec  6 23:33:09 hqnl0246134 sshd[265671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-06 23:33:11,021] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:33:11,052] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-06 23:33:12,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362392.860661, 'message': 'Dec  6 23:33:11 hqnl0246134 sshd[265671]: Failed password for root from 61.177.173.18 port 46964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-06 23:33:12,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362392.867952, 'message': 'Dec  6 23:33:12 hqnl0246134 sshd[265671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 23:33:14,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362394.8650923, 'message': 'Dec  6 23:33:13 hqnl0246134 sshd[265671]: Failed password for root from 61.177.173.18 port 46964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:33:14,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362394.8652618, 'message': 'Dec  6 23:33:14 hqnl0246134 sshd[265671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:33:16,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362396.8663383, 'message': 'Dec  6 23:33:15 hqnl0246134 sshd[265671]: Failed password for root from 61.177.173.18 port 46964 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 23:33:17,906] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:33:17,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:33:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:33:17,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-06 23:33:18,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670362398.8690915, 'message': 'Dec  6 23:33:17 hqnl0246134 sshd[265675]: Invalid user vz from 191.17.116.8 port 43957', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-06 23:33:18,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.17.116.8', 'timestamp': 1670362398.869273, 'message': 'Dec  6 23:33:17 hqnl0246134 sshd[265675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.17.116.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:33:18,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.17.116.8', 'timestamp': 1670362398.869409, 'message': 'Dec  6 23:33:17 hqnl0246134 sshd[265675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.17.116.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:33:20,650] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:33:20,650] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:33:20,663] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:33:20,688] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0363 seconds
INFO    [2022-12-06 23:33:20,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362400.870591, 'message': 'Dec  6 23:33:18 hqnl0246134 sshd[265715]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.114.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 23:33:20,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670362400.871045, 'message': 'Dec  6 23:33:19 hqnl0246134 sshd[265675]: Failed password for invalid user vz from 191.17.116.8 port 43957 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-06 23:33:20,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362400.8708262, 'message': 'Dec  6 23:33:18 hqnl0246134 sshd[265715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.114.8  user=ftp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-06 23:33:20,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670362400.8711853, 'message': 'Dec  6 23:33:20 hqnl0246134 sshd[265675]: Disconnected from invalid user vz 191.17.116.8 port 43957 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-06 23:33:20,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.114.8', 'timestamp': 1670362400.8713143, 'message': 'Dec  6 23:33:20 hqnl0246134 sshd[265715]: Failed password for ftp from 188.166.114.8 port 36260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:33:28,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362408.8785582, 'message': 'Dec  6 23:33:27 hqnl0246134 sshd[265720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:33:30,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362410.881018, 'message': 'Dec  6 23:33:29 hqnl0246134 sshd[265720]: Failed password for root from 165.227.166.207 port 42502 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:33:38,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362418.8916218, 'message': 'Dec  6 23:33:38 hqnl0246134 sshd[265724]: Invalid user cent from 20.255.60.194 port 33876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:33:40,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362420.8956807, 'message': 'Dec  6 23:33:38 hqnl0246134 sshd[265724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.255.60.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:33:40,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362420.8959713, 'message': 'Dec  6 23:33:38 hqnl0246134 sshd[265724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.255.60.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:33:40,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362420.8960857, 'message': 'Dec  6 23:33:40 hqnl0246134 sshd[265724]: Failed password for invalid user cent from 20.255.60.194 port 33876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:33:42,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362422.898483, 'message': 'Dec  6 23:33:41 hqnl0246134 sshd[265724]: Disconnected from invalid user cent 20.255.60.194 port 33876 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 23:33:43,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:33:43,800] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:33:43,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:33:43,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 23:33:49,651] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:33:49,652] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:33:56,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362436.9384487, 'message': 'Dec  6 23:33:56 hqnl0246134 sshd[265741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 23:33:56,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362436.9388745, 'message': 'Dec  6 23:33:56 hqnl0246134 sshd[265741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:33:58,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362438.942386, 'message': 'Dec  6 23:33:58 hqnl0246134 sshd[265741]: Failed password for root from 61.177.173.18 port 17416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:33:58,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362438.9426053, 'message': 'Dec  6 23:33:58 hqnl0246134 sshd[265741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:34:02,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362442.9504244, 'message': 'Dec  6 23:34:01 hqnl0246134 sshd[265741]: Failed password for root from 61.177.173.18 port 17416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 23:34:04,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362444.9523122, 'message': 'Dec  6 23:34:03 hqnl0246134 sshd[265741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 23:34:06,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362446.9556348, 'message': 'Dec  6 23:34:05 hqnl0246134 sshd[265741]: Failed password for root from 61.177.173.18 port 17416 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:34:08,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362448.9603238, 'message': 'Dec  6 23:34:07 hqnl0246134 sshd[265752]: Invalid user thomas from 51.178.90.17 port 45426', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 23:34:09,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362448.960704, 'message': 'Dec  6 23:34:07 hqnl0246134 sshd[265752]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.90.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:34:09,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362448.96088, 'message': 'Dec  6 23:34:07 hqnl0246134 sshd[265752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.90.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:34:11,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362450.961641, 'message': 'Dec  6 23:34:09 hqnl0246134 sshd[265752]: Failed password for invalid user thomas from 51.178.90.17 port 45426 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0501 seconds
WARNING [2022-12-06 23:34:11,050] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:34:11,146] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.1228 seconds
INFO    [2022-12-06 23:34:12,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.90.17', 'timestamp': 1670362452.9658592, 'message': 'Dec  6 23:34:12 hqnl0246134 sshd[265752]: Disconnected from invalid user thomas 51.178.90.17 port 45426 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:34:17,826] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:34:17,827] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:34:17,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:34:17,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0540 seconds
INFO    [2022-12-06 23:34:21,334] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:34:21,335] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:34:21,344] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:34:21,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 23:34:43,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362483.0197968, 'message': 'Dec  6 23:34:42 hqnl0246134 sshd[265777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-06 23:34:43,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362483.0202208, 'message': 'Dec  6 23:34:42 hqnl0246134 sshd[265777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-06 23:34:45,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362485.025354, 'message': 'Dec  6 23:34:44 hqnl0246134 sshd[265777]: Failed password for root from 61.177.173.18 port 30479 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-06 23:34:45,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362485.0256376, 'message': 'Dec  6 23:34:44 hqnl0246134 sshd[265777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-06 23:34:47,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362487.0292447, 'message': 'Dec  6 23:34:46 hqnl0246134 sshd[265777]: Failed password for root from 61.177.173.18 port 30479 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 23:34:47,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362487.0297534, 'message': 'Dec  6 23:34:46 hqnl0246134 sshd[265777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:34:49,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362489.031112, 'message': 'Dec  6 23:34:48 hqnl0246134 sshd[265777]: Failed password for root from 61.177.173.18 port 30479 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-06 23:34:49,655] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:34:49,655] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:35:11,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:35:11,060] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0318 seconds
INFO    [2022-12-06 23:35:18,025] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:35:18,025] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:35:18,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:35:18,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-06 23:35:21,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:35:21,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:35:21,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:35:21,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 23:35:23,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362523.0957217, 'message': 'Dec  6 23:35:22 hqnl0246134 sshd[265844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0641 seconds
INFO    [2022-12-06 23:35:27,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362527.0978346, 'message': 'Dec  6 23:35:25 hqnl0246134 sshd[265844]: Failed password for root from 165.227.166.207 port 52792 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:35:29,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:35:29,536] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:35:29,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:35:29,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 23:35:31,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362531.1023118, 'message': 'Dec  6 23:35:29 hqnl0246134 sshd[265850]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-06 23:35:31,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362531.1025715, 'message': 'Dec  6 23:35:29 hqnl0246134 sshd[265850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 23:35:33,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362533.1063213, 'message': 'Dec  6 23:35:31 hqnl0246134 sshd[265850]: Failed password for root from 61.177.173.18 port 57478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-06 23:35:35,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362535.1137657, 'message': 'Dec  6 23:35:33 hqnl0246134 sshd[265850]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:35:37,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362537.1198065, 'message': 'Dec  6 23:35:35 hqnl0246134 sshd[265850]: Failed password for root from 61.177.173.18 port 57478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-06 23:35:37,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362537.12004, 'message': 'Dec  6 23:35:36 hqnl0246134 sshd[265850]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-06 23:35:39,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362539.1223724, 'message': 'Dec  6 23:35:38 hqnl0246134 sshd[265850]: Failed password for root from 61.177.173.18 port 57478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-06 23:35:45,614] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:35:45,681] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:35:45,682] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:35:45,682] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:35:45,682] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:35:45,682] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:35:45,692] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:35:45,715] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0316 seconds
WARNING [2022-12-06 23:35:45,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:35:45,731] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:35:45,763] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0555 seconds
INFO    [2022-12-06 23:35:45,765] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0542 seconds
INFO    [2022-12-06 23:35:47,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362547.1491792, 'message': 'Dec  6 23:35:46 hqnl0246134 sshd[265856]: Invalid user angie from 128.199.149.30 port 50624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:35:47,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362547.149537, 'message': 'Dec  6 23:35:46 hqnl0246134 sshd[265856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.149.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:35:47,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362547.1496894, 'message': 'Dec  6 23:35:46 hqnl0246134 sshd[265856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.149.30 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:35:49,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362549.1582367, 'message': 'Dec  6 23:35:49 hqnl0246134 sshd[265856]: Failed password for invalid user angie from 128.199.149.30 port 50624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-06 23:35:49,659] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:35:49,659] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:35:51,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.149.30', 'timestamp': 1670362551.1640503, 'message': 'Dec  6 23:35:50 hqnl0246134 sshd[265856]: Disconnected from invalid user angie 128.199.149.30 port 50624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:36:05,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362565.1888359, 'message': 'Dec  6 23:36:03 hqnl0246134 sshd[265875]: Invalid user whmcs from 104.131.40.97 port 48916', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 23:36:05,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362565.1892061, 'message': 'Dec  6 23:36:03 hqnl0246134 sshd[265875]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.40.97 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:36:05,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362565.1893327, 'message': 'Dec  6 23:36:03 hqnl0246134 sshd[265875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.40.97 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:36:07,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362567.1901183, 'message': 'Dec  6 23:36:05 hqnl0246134 sshd[265875]: Failed password for invalid user whmcs from 104.131.40.97 port 48916 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:36:07,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362567.1903684, 'message': 'Dec  6 23:36:07 hqnl0246134 sshd[265875]: Disconnected from invalid user whmcs 104.131.40.97 port 48916 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-06 23:36:11,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:36:11,066] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-06 23:36:11,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670362571.1943376, 'message': 'Dec  6 23:36:10 hqnl0246134 sshd[265877]: Invalid user nginx from 81.182.248.193 port 41948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:36:11,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.182.248.193', 'timestamp': 1670362571.194551, 'message': 'Dec  6 23:36:10 hqnl0246134 sshd[265877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.182.248.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-06 23:36:11,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.182.248.193', 'timestamp': 1670362571.1946862, 'message': 'Dec  6 23:36:10 hqnl0246134 sshd[265877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.182.248.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:36:13,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670362573.196204, 'message': 'Dec  6 23:36:12 hqnl0246134 sshd[265877]: Failed password for invalid user nginx from 81.182.248.193 port 41948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 23:36:15,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670362575.1984227, 'message': 'Dec  6 23:36:14 hqnl0246134 sshd[265877]: Disconnected from invalid user nginx 81.182.248.193 port 41948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-06 23:36:15,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362575.198605, 'message': 'Dec  6 23:36:15 hqnl0246134 sshd[265882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-06 23:36:15,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362575.1987638, 'message': 'Dec  6 23:36:15 hqnl0246134 sshd[265882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-06 23:36:15,808] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:36:15,809] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:36:15,809] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-06 23:36:17,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362577.2003334, 'message': 'Dec  6 23:36:16 hqnl0246134 sshd[265882]: Failed password for root from 61.177.173.18 port 10838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-06 23:36:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:36:17,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:36:17,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:36:17,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 23:36:19,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362579.2056997, 'message': 'Dec  6 23:36:17 hqnl0246134 sshd[265882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:36:20,629] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:36:20,630] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:36:20,636] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:36:20,648] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 23:36:21,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362581.2107918, 'message': 'Dec  6 23:36:19 hqnl0246134 sshd[265882]: Failed password for root from 61.177.173.18 port 10838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:36:23,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362583.2146714, 'message': 'Dec  6 23:36:21 hqnl0246134 sshd[265882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 23:36:25,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362585.2151973, 'message': 'Dec  6 23:36:23 hqnl0246134 sshd[265882]: Failed password for root from 61.177.173.18 port 10838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-06 23:36:49,671] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:36:49,672] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:37:05,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362625.3570743, 'message': 'Dec  6 23:37:03 hqnl0246134 sshd[265928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 23:37:05,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362625.3578134, 'message': 'Dec  6 23:37:03 hqnl0246134 sshd[265928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:37:05,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362625.3580892, 'message': 'Dec  6 23:37:05 hqnl0246134 sshd[265928]: Failed password for root from 61.177.173.18 port 43141 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 23:37:07,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362627.3580117, 'message': 'Dec  6 23:37:05 hqnl0246134 sshd[265928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 23:37:09,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362629.3624635, 'message': 'Dec  6 23:37:08 hqnl0246134 sshd[265928]: Failed password for root from 61.177.173.18 port 43141 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-06 23:37:11,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:37:11,063] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-06 23:37:11,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362631.3641574, 'message': 'Dec  6 23:37:10 hqnl0246134 sshd[265928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-06 23:37:11,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362631.3643978, 'message': 'Dec  6 23:37:10 hqnl0246134 sshd[265954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-06 23:37:13,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362633.3660693, 'message': 'Dec  6 23:37:12 hqnl0246134 sshd[265928]: Failed password for root from 61.177.173.18 port 43141 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 23:37:13,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362633.366252, 'message': 'Dec  6 23:37:12 hqnl0246134 sshd[265954]: Failed password for root from 165.227.166.207 port 34846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 23:37:15,081] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:37:15,082] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:37:15,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:37:15,102] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-06 23:37:17,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:37:17,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:37:17,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:37:17,900] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-06 23:37:19,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362639.3742502, 'message': 'Dec  6 23:37:17 hqnl0246134 sshd[265961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.255.60.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 23:37:19,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362639.3747084, 'message': 'Dec  6 23:37:17 hqnl0246134 sshd[265961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.255.60.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:37:20,524] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:37:20,524] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:37:20,533] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:37:20,546] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 23:37:21,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362641.373821, 'message': 'Dec  6 23:37:20 hqnl0246134 sshd[265961]: Failed password for root from 20.255.60.194 port 41038 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:37:49,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362669.4092927, 'message': 'Dec  6 23:37:49 hqnl0246134 sshd[265999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-06 23:37:49,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362669.4100022, 'message': 'Dec  6 23:37:49 hqnl0246134 sshd[265999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 23:37:49,678] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:37:49,679] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:37:51,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362671.4103167, 'message': 'Dec  6 23:37:50 hqnl0246134 sshd[265999]: Failed password for root from 61.177.173.18 port 56180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:37:53,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362673.4133832, 'message': 'Dec  6 23:37:51 hqnl0246134 sshd[265999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 23:37:55,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362675.4164555, 'message': 'Dec  6 23:37:54 hqnl0246134 sshd[265999]: Failed password for root from 61.177.173.18 port 56180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 23:37:57,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362677.4190059, 'message': 'Dec  6 23:37:55 hqnl0246134 sshd[265999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-06 23:37:59,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362679.604053, 'message': 'Dec  6 23:37:57 hqnl0246134 sshd[265999]: Failed password for root from 61.177.173.18 port 56180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
WARNING [2022-12-06 23:38:11,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:38:11,072] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0326 seconds
INFO    [2022-12-06 23:38:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:38:17,957] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:38:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:38:17,980] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 23:38:20,600] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:38:20,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:38:20,612] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:38:20,629] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-06 23:38:37,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362717.4619164, 'message': 'Dec  6 23:38:35 hqnl0246134 sshd[266036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 23:38:37,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362717.4622576, 'message': 'Dec  6 23:38:35 hqnl0246134 sshd[266036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:38:37,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362717.4624982, 'message': 'Dec  6 23:38:37 hqnl0246134 sshd[266036]: Failed password for root from 61.177.173.18 port 24422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-06 23:38:39,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362719.4616091, 'message': 'Dec  6 23:38:37 hqnl0246134 sshd[266036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:38:41,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362721.4657714, 'message': 'Dec  6 23:38:39 hqnl0246134 sshd[266036]: Failed password for root from 61.177.173.18 port 24422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:38:41,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362721.4659543, 'message': 'Dec  6 23:38:40 hqnl0246134 sshd[266036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:38:43,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362723.4682512, 'message': 'Dec  6 23:38:42 hqnl0246134 sshd[266038]: Invalid user www from 104.131.40.97 port 37484', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-06 23:38:43,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362723.4684534, 'message': 'Dec  6 23:38:42 hqnl0246134 sshd[266036]: Failed password for root from 61.177.173.18 port 24422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-06 23:38:43,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362723.468589, 'message': 'Dec  6 23:38:42 hqnl0246134 sshd[266038]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.40.97 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:38:43,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362723.4687145, 'message': 'Dec  6 23:38:42 hqnl0246134 sshd[266038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.40.97 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:38:45,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362725.4708848, 'message': 'Dec  6 23:38:44 hqnl0246134 sshd[266038]: Failed password for invalid user www from 104.131.40.97 port 37484 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 23:38:46,822] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:38:46,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:38:46,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:38:46,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-06 23:38:47,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362727.475523, 'message': 'Dec  6 23:38:46 hqnl0246134 sshd[266038]: Disconnected from invalid user www 104.131.40.97 port 37484 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1019 seconds
WARNING [2022-12-06 23:38:49,681] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:38:49,682] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:38:59,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362739.4876387, 'message': 'Dec  6 23:38:57 hqnl0246134 sshd[266054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-06 23:39:01,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362741.4891875, 'message': 'Dec  6 23:38:59 hqnl0246134 sshd[266054]: Failed password for root from 165.227.166.207 port 45140 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
WARNING [2022-12-06 23:39:11,055] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:39:11,080] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-06 23:39:19,424] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:39:19,425] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:39:19,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:39:19,465] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0379 seconds
INFO    [2022-12-06 23:39:19,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362759.50868, 'message': 'Dec  6 23:39:17 hqnl0246134 sshd[266190]: Invalid user support from 137.184.183.214 port 35748', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 23:39:19,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362759.5089455, 'message': 'Dec  6 23:39:17 hqnl0246134 sshd[266190]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.183.214 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:39:19,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362759.509138, 'message': 'Dec  6 23:39:17 hqnl0246134 sshd[266190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.183.214 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:39:21,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362761.5098426, 'message': 'Dec  6 23:39:20 hqnl0246134 sshd[266190]: Failed password for invalid user support from 137.184.183.214 port 35748 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-06 23:39:21,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362761.5100439, 'message': 'Dec  6 23:39:21 hqnl0246134 sshd[266206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-06 23:39:21,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362761.5101674, 'message': 'Dec  6 23:39:21 hqnl0246134 sshd[266206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-06 23:39:22,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:39:22,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:39:22,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:39:22,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0372 seconds
INFO    [2022-12-06 23:39:23,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362763.5113804, 'message': 'Dec  6 23:39:21 hqnl0246134 sshd[266190]: Disconnected from invalid user support 137.184.183.214 port 35748 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.2276 seconds
INFO    [2022-12-06 23:39:23,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362763.5115736, 'message': 'Dec  6 23:39:22 hqnl0246134 sshd[266206]: Failed password for root from 61.177.173.18 port 45023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2285 seconds
INFO    [2022-12-06 23:39:23,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362763.5117443, 'message': 'Dec  6 23:39:23 hqnl0246134 sshd[266206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1012 seconds
INFO    [2022-12-06 23:39:27,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362767.5140316, 'message': 'Dec  6 23:39:26 hqnl0246134 sshd[266206]: Failed password for root from 61.177.173.18 port 45023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-06 23:39:29,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362769.5163085, 'message': 'Dec  6 23:39:27 hqnl0246134 sshd[266206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:39:31,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362771.5191915, 'message': 'Dec  6 23:39:29 hqnl0246134 sshd[266206]: Failed password for root from 61.177.173.18 port 45023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 23:39:49,686] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:39:49,687] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:40:07,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362807.5704472, 'message': 'Dec  6 23:40:06 hqnl0246134 sshd[266258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-06 23:40:07,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362807.571127, 'message': 'Dec  6 23:40:06 hqnl0246134 sshd[266258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-06 23:40:09,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362809.5791285, 'message': 'Dec  6 23:40:08 hqnl0246134 sshd[266258]: Failed password for root from 61.177.173.18 port 56768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 23:40:09,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362809.5794165, 'message': 'Dec  6 23:40:08 hqnl0246134 sshd[266258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-06 23:40:11,063] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:40:11,085] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-06 23:40:11,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362811.587588, 'message': 'Dec  6 23:40:10 hqnl0246134 sshd[266258]: Failed password for root from 61.177.173.18 port 56768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:40:11,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362811.587827, 'message': 'Dec  6 23:40:10 hqnl0246134 sshd[266258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:40:13,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362813.5961733, 'message': 'Dec  6 23:40:13 hqnl0246134 sshd[266258]: Failed password for root from 61.177.173.18 port 56768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:40:18,104] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:40:18,105] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 23:40:18,233] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:40:18,233] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:40:18,325] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:40:18,355] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:40:18,389] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.2804 seconds
INFO    [2022-12-06 23:40:18,390] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1527 seconds
INFO    [2022-12-06 23:40:21,065] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:40:21,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:40:21,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:40:21,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 23:40:45,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362845.6662145, 'message': 'Dec  6 23:40:45 hqnl0246134 sshd[266299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-06 23:40:47,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362847.6736176, 'message': 'Dec  6 23:40:47 hqnl0246134 sshd[266299]: Failed password for root from 165.227.166.207 port 55418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-06 23:40:49,689] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:40:49,691] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:40:53,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362853.6906207, 'message': 'Dec  6 23:40:52 hqnl0246134 sshd[266310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-06 23:40:53,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362853.6909637, 'message': 'Dec  6 23:40:52 hqnl0246134 sshd[266310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:40:55,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362855.6937623, 'message': 'Dec  6 23:40:54 hqnl0246134 sshd[266310]: Failed password for root from 61.177.173.18 port 19078 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 23:40:57,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362857.7018464, 'message': 'Dec  6 23:40:56 hqnl0246134 sshd[266310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 23:40:59,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362859.7059586, 'message': 'Dec  6 23:40:58 hqnl0246134 sshd[266310]: Failed password for root from 61.177.173.18 port 19078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:40:59,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362859.706202, 'message': 'Dec  6 23:40:59 hqnl0246134 sshd[266310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-06 23:41:01,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362861.7094944, 'message': 'Dec  6 23:41:01 hqnl0246134 sshd[266310]: Failed password for root from 61.177.173.18 port 19078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-06 23:41:11,062] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:41:11,083] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-06 23:41:13,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362873.7230346, 'message': 'Dec  6 23:41:12 hqnl0246134 sshd[266349]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.131.40.97 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:41:13,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362873.7232985, 'message': 'Dec  6 23:41:12 hqnl0246134 sshd[266349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.40.97  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:41:15,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.131.40.97', 'timestamp': 1670362875.7255423, 'message': 'Dec  6 23:41:15 hqnl0246134 sshd[266349]: Failed password for root from 104.131.40.97 port 54282 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-06 23:41:18,321] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:41:18,322] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:41:18,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:41:18,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
INFO    [2022-12-06 23:41:19,615] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:41:19,616] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:41:19,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:41:19,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-06 23:41:21,110] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:41:21,111] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:41:21,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:41:21,130] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-06 23:41:27,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362887.7385485, 'message': 'Dec  6 23:41:27 hqnl0246134 sshd[266378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.255.60.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 23:41:29,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362889.7390673, 'message': 'Dec  6 23:41:27 hqnl0246134 sshd[266378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.255.60.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:41:31,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.255.60.194', 'timestamp': 1670362891.7421296, 'message': 'Dec  6 23:41:29 hqnl0246134 sshd[266378]: Failed password for root from 20.255.60.194 port 44362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-06 23:41:41,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362901.7578342, 'message': 'Dec  6 23:41:41 hqnl0246134 sshd[266385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-06 23:41:41,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362901.7580585, 'message': 'Dec  6 23:41:41 hqnl0246134 sshd[266385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:41:43,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362903.7580717, 'message': 'Dec  6 23:41:43 hqnl0246134 sshd[266385]: Failed password for root from 61.177.173.18 port 52055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:41:44,914] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:41:44,986] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:41:44,986] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:41:44,987] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:41:44,987] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:41:44,987] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:41:45,002] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:41:45,031] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0429 seconds
WARNING [2022-12-06 23:41:45,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:41:45,049] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:41:45,073] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0524 seconds
INFO    [2022-12-06 23:41:45,075] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0474 seconds
INFO    [2022-12-06 23:41:47,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362907.7676795, 'message': 'Dec  6 23:41:45 hqnl0246134 sshd[266385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:41:47,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362907.767931, 'message': 'Dec  6 23:41:47 hqnl0246134 sshd[266385]: Failed password for root from 61.177.173.18 port 52055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 23:41:49,695] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:41:49,696] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:41:49,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362909.769799, 'message': 'Dec  6 23:41:48 hqnl0246134 sshd[266385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 23:41:51,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362911.7719865, 'message': 'Dec  6 23:41:50 hqnl0246134 sshd[266385]: Failed password for root from 61.177.173.18 port 52055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 23:41:54,062] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-06 23:42:11,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:42:11,099] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-06 23:42:15,114] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:42:15,115] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:42:15,116] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-06 23:42:17,824] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:42:17,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:42:17,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:42:17,845] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 23:42:19,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362939.8089232, 'message': 'Dec  6 23:42:18 hqnl0246134 sshd[266415]: Invalid user vd from 137.184.183.214 port 35920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 23:42:19,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362939.8092716, 'message': 'Dec  6 23:42:18 hqnl0246134 sshd[266415]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.183.214 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:42:19,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362939.809433, 'message': 'Dec  6 23:42:18 hqnl0246134 sshd[266415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.183.214 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:42:20,745] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:42:20,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:42:20,756] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:42:20,792] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0456 seconds
INFO    [2022-12-06 23:42:21,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362941.8105803, 'message': 'Dec  6 23:42:20 hqnl0246134 sshd[266415]: Failed password for invalid user vd from 137.184.183.214 port 35920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-06 23:42:21,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670362941.810882, 'message': 'Dec  6 23:42:21 hqnl0246134 sshd[266415]: Disconnected from invalid user vd 137.184.183.214 port 35920 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-06 23:42:29,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362949.8232265, 'message': 'Dec  6 23:42:28 hqnl0246134 sshd[266435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-06 23:42:29,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362949.8237221, 'message': 'Dec  6 23:42:28 hqnl0246134 sshd[266435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-06 23:42:31,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362951.828339, 'message': 'Dec  6 23:42:31 hqnl0246134 sshd[266435]: Failed password for root from 61.177.173.18 port 13015 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:42:33,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362953.8306756, 'message': 'Dec  6 23:42:33 hqnl0246134 sshd[266435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 23:42:35,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362955.8358078, 'message': 'Dec  6 23:42:34 hqnl0246134 sshd[266438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-06 23:42:35,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362955.836062, 'message': 'Dec  6 23:42:35 hqnl0246134 sshd[266435]: Failed password for root from 61.177.173.18 port 13015 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-06 23:42:37,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670362957.8413136, 'message': 'Dec  6 23:42:36 hqnl0246134 sshd[266438]: Failed password for root from 165.227.166.207 port 37484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-06 23:42:37,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362957.8415222, 'message': 'Dec  6 23:42:37 hqnl0246134 sshd[266435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-06 23:42:39,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362959.8449385, 'message': 'Dec  6 23:42:39 hqnl0246134 sshd[266435]: Failed password for root from 61.177.173.18 port 13015 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 23:42:40,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:42:40,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:42:40,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:42:40,907] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-06 23:42:49,704] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:42:49,705] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-06 23:43:11,077] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:43:11,102] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0366 seconds
INFO    [2022-12-06 23:43:17,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362997.9033144, 'message': 'Dec  6 23:43:16 hqnl0246134 sshd[266471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 23:43:18,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:43:18,005] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:43:18,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:43:18,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362997.90527, 'message': 'Dec  6 23:43:16 hqnl0246134 sshd[266471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1015 seconds
INFO    [2022-12-06 23:43:18,033] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0276 seconds
INFO    [2022-12-06 23:43:19,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362999.9071465, 'message': 'Dec  6 23:43:18 hqnl0246134 sshd[266471]: Failed password for root from 61.177.173.18 port 29622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 23:43:19,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670362999.9075341, 'message': 'Dec  6 23:43:18 hqnl0246134 sshd[266471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:43:20,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:43:20,594] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:43:20,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:43:20,614] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 23:43:21,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363001.9087405, 'message': 'Dec  6 23:43:21 hqnl0246134 sshd[266471]: Failed password for root from 61.177.173.18 port 29622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-06 23:43:23,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363003.9114847, 'message': 'Dec  6 23:43:22 hqnl0246134 sshd[266471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:43:25,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363005.920487, 'message': 'Dec  6 23:43:25 hqnl0246134 sshd[266471]: Failed password for root from 61.177.173.18 port 29622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-06 23:43:49,708] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:43:49,709] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:44:04,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363044.0111163, 'message': 'Dec  6 23:44:02 hqnl0246134 sshd[266503]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 23:44:04,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363044.0116818, 'message': 'Dec  6 23:44:02 hqnl0246134 sshd[266503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:44:06,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363046.012824, 'message': 'Dec  6 23:44:04 hqnl0246134 sshd[266503]: Failed password for root from 61.177.173.18 port 45121 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-06 23:44:06,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363046.0130568, 'message': 'Dec  6 23:44:04 hqnl0246134 sshd[266503]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:44:08,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363048.0158846, 'message': 'Dec  6 23:44:06 hqnl0246134 sshd[266503]: Failed password for root from 61.177.173.18 port 45121 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 23:44:08,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363048.0162387, 'message': 'Dec  6 23:44:06 hqnl0246134 sshd[266503]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:44:10,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363050.017715, 'message': 'Dec  6 23:44:09 hqnl0246134 sshd[266503]: Failed password for root from 61.177.173.18 port 45121 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-06 23:44:11,079] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:44:11,108] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-06 23:44:13,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:44:13,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:44:13,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:44:13,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-06 23:44:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:44:17,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:44:17,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:44:17,984] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-06 23:44:20,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:44:20,776] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:44:20,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:44:20,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-06 23:44:24,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363064.034629, 'message': 'Dec  6 23:44:23 hqnl0246134 sshd[266564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-06 23:44:26,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363066.037985, 'message': 'Dec  6 23:44:25 hqnl0246134 sshd[266564]: Failed password for root from 165.227.166.207 port 47760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-06 23:44:49,713] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:44:49,714] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:44:50,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363090.077997, 'message': 'Dec  6 23:44:48 hqnl0246134 sshd[266568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-06 23:44:50,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363090.0784082, 'message': 'Dec  6 23:44:48 hqnl0246134 sshd[266568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-06 23:44:52,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363092.084898, 'message': 'Dec  6 23:44:51 hqnl0246134 sshd[266568]: Failed password for root from 61.177.173.18 port 12953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 23:44:54,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363094.0907319, 'message': 'Dec  6 23:44:53 hqnl0246134 sshd[266568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 23:44:54,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363094.0910091, 'message': 'Dec  6 23:44:53 hqnl0246134 sshd[266566]: Invalid user openhab from 191.17.116.8 port 47650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-06 23:44:54,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363094.0911486, 'message': 'Dec  6 23:44:53 hqnl0246134 sshd[266566]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.17.116.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:44:54,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363094.0912702, 'message': 'Dec  6 23:44:53 hqnl0246134 sshd[266566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.17.116.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:44:56,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363096.094228, 'message': 'Dec  6 23:44:55 hqnl0246134 sshd[266568]: Failed password for root from 61.177.173.18 port 12953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-06 23:44:56,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363096.0947332, 'message': 'Dec  6 23:44:55 hqnl0246134 sshd[266566]: Failed password for invalid user openhab from 191.17.116.8 port 47650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-06 23:44:56,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363096.0945277, 'message': 'Dec  6 23:44:55 hqnl0246134 sshd[266568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:44:58,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363098.09432, 'message': 'Dec  6 23:44:57 hqnl0246134 sshd[266566]: Disconnected from invalid user openhab 191.17.116.8 port 47650 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 23:44:58,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363098.0945494, 'message': 'Dec  6 23:44:57 hqnl0246134 sshd[266568]: Failed password for root from 61.177.173.18 port 12953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-06 23:45:11,086] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:45:11,112] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-06 23:45:14,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670363114.1208043, 'message': 'Dec  6 23:45:12 hqnl0246134 sshd[266604]: Invalid user kumar from 137.184.183.214 port 36088', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 23:45:14,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.183.214', 'timestamp': 1670363114.1210396, 'message': 'Dec  6 23:45:12 hqnl0246134 sshd[266604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.183.214 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:45:14,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.183.214', 'timestamp': 1670363114.1211603, 'message': 'Dec  6 23:45:12 hqnl0246134 sshd[266604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.183.214 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:45:16,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670363116.1233406, 'message': 'Dec  6 23:45:14 hqnl0246134 sshd[266604]: Failed password for invalid user kumar from 137.184.183.214 port 36088 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-06 23:45:16,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.183.214', 'timestamp': 1670363116.1235301, 'message': 'Dec  6 23:45:14 hqnl0246134 sshd[266604]: Disconnected from invalid user kumar 137.184.183.214 port 36088 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:45:17,778] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:45:17,779] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:45:17,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:45:17,798] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 23:45:18,504] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:45:18,504] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:45:18,518] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:45:18,538] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0319 seconds
INFO    [2022-12-06 23:45:20,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:45:20,826] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:45:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:45:20,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0289 seconds
INFO    [2022-12-06 23:45:36,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363136.1538978, 'message': 'Dec  6 23:45:34 hqnl0246134 sshd[266639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:45:36,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363136.154184, 'message': 'Dec  6 23:45:34 hqnl0246134 sshd[266639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:45:38,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363138.1639924, 'message': 'Dec  6 23:45:36 hqnl0246134 sshd[266639]: Failed password for root from 61.177.173.18 port 29916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:45:38,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363138.1642864, 'message': 'Dec  6 23:45:37 hqnl0246134 sshd[266639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:45:40,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363140.1659489, 'message': 'Dec  6 23:45:38 hqnl0246134 sshd[266639]: Failed password for root from 61.177.173.18 port 29916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-06 23:45:40,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363140.1661675, 'message': 'Dec  6 23:45:39 hqnl0246134 sshd[266639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:45:42,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363142.1750054, 'message': 'Dec  6 23:45:41 hqnl0246134 sshd[266639]: Failed password for root from 61.177.173.18 port 29916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:45:48,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.255.60.194', 'timestamp': 1670363148.189075, 'message': 'Dec  6 23:45:46 hqnl0246134 sshd[266648]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.255.60.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:45:48,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.255.60.194', 'timestamp': 1670363148.189329, 'message': 'Dec  6 23:45:46 hqnl0246134 sshd[266648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.255.60.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-06 23:45:49,716] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:45:49,717] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:45:50,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.255.60.194', 'timestamp': 1670363150.1951487, 'message': 'Dec  6 23:45:48 hqnl0246134 sshd[266648]: Failed password for root from 20.255.60.194 port 38300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 23:46:02,770] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:46:02,839] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:46:02,840] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:46:02,840] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:46:02,840] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:46:02,841] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:46:02,853] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:46:02,873] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0317 seconds
WARNING [2022-12-06 23:46:02,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:46:02,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:46:02,909] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0420 seconds
INFO    [2022-12-06 23:46:02,911] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0405 seconds
WARNING [2022-12-06 23:46:11,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:46:11,109] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-06 23:46:12,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363172.2293034, 'message': 'Dec  6 23:46:10 hqnl0246134 sshd[266673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:46:14,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363174.2298453, 'message': 'Dec  6 23:46:12 hqnl0246134 sshd[266673]: Failed password for root from 165.227.166.207 port 58062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:46:17,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:46:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:46:17,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:46:17,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 23:46:20,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363180.2383578, 'message': 'Dec  6 23:46:20 hqnl0246134 sshd[266682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-06 23:46:20,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363180.2410207, 'message': 'Dec  6 23:46:20 hqnl0246134 sshd[266682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:46:20,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:46:20,716] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:46:20,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:46:20,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-06 23:46:22,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363182.2428353, 'message': 'Dec  6 23:46:21 hqnl0246134 sshd[266682]: Failed password for root from 61.177.173.18 port 47581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-06 23:46:24,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363184.2471378, 'message': 'Dec  6 23:46:22 hqnl0246134 sshd[266682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-06 23:46:26,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363186.251948, 'message': 'Dec  6 23:46:24 hqnl0246134 sshd[266682]: Failed password for root from 61.177.173.18 port 47581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:46:28,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363188.2567728, 'message': 'Dec  6 23:46:26 hqnl0246134 sshd[266682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 23:46:30,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363190.2608366, 'message': 'Dec  6 23:46:28 hqnl0246134 sshd[266682]: Failed password for root from 61.177.173.18 port 47581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:46:32,968] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:46:32,969] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:46:32,970] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 23:46:49,734] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:46:49,735] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:47:08,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363228.3526227, 'message': 'Dec  6 23:47:06 hqnl0246134 sshd[266722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-06 23:47:08,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363228.3545065, 'message': 'Dec  6 23:47:06 hqnl0246134 sshd[266722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 23:47:10,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363230.3565886, 'message': 'Dec  6 23:47:09 hqnl0246134 sshd[266722]: Failed password for root from 61.177.173.18 port 14343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
WARNING [2022-12-06 23:47:11,091] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:47:11,110] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0260 seconds
INFO    [2022-12-06 23:47:12,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363232.3612897, 'message': 'Dec  6 23:47:11 hqnl0246134 sshd[266722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-06 23:47:14,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363234.367147, 'message': 'Dec  6 23:47:13 hqnl0246134 sshd[266722]: Failed password for root from 61.177.173.18 port 14343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:47:16,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363236.3694818, 'message': 'Dec  6 23:47:15 hqnl0246134 sshd[266722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:47:17,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:47:17,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:47:17,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:47:17,883] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-06 23:47:18,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363238.3715725, 'message': 'Dec  6 23:47:17 hqnl0246134 sshd[266722]: Failed password for root from 61.177.173.18 port 14343 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 23:47:20,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363240.3740366, 'message': 'Dec  6 23:47:19 hqnl0246134 sshd[266725]: Invalid user user11 from 81.182.248.193 port 55734', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-06 23:47:20,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363240.3744779, 'message': 'Dec  6 23:47:20 hqnl0246134 sshd[266725]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.182.248.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-06 23:47:20,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363240.3770084, 'message': 'Dec  6 23:47:20 hqnl0246134 sshd[266725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.182.248.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-06 23:47:20,668] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:47:20,669] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-06 23:47:20,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:47:20,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:47:20,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:47:20,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:47:21,204] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.5272 seconds
INFO    [2022-12-06 23:47:21,205] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.3232 seconds
INFO    [2022-12-06 23:47:22,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363242.3811252, 'message': 'Dec  6 23:47:21 hqnl0246134 sshd[266725]: Failed password for invalid user user11 from 81.182.248.193 port 55734 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 23:47:22,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363242.381434, 'message': 'Dec  6 23:47:22 hqnl0246134 sshd[266725]: Disconnected from invalid user user11 81.182.248.193 port 55734 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-06 23:47:49,738] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:47:49,739] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:47:54,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363274.459672, 'message': 'Dec  6 23:47:53 hqnl0246134 sshd[266764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:47:54,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363274.4601097, 'message': 'Dec  6 23:47:53 hqnl0246134 sshd[266764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:47:56,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363276.4628468, 'message': 'Dec  6 23:47:55 hqnl0246134 sshd[266764]: Failed password for root from 61.177.173.18 port 30354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-06 23:47:58,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363278.4641702, 'message': 'Dec  6 23:47:57 hqnl0246134 sshd[266767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-06 23:47:58,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363278.4643843, 'message': 'Dec  6 23:47:57 hqnl0246134 sshd[266764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 23:48:00,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363280.4666214, 'message': 'Dec  6 23:47:59 hqnl0246134 sshd[266767]: Failed password for root from 165.227.166.207 port 40160 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-06 23:48:00,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363280.466844, 'message': 'Dec  6 23:47:59 hqnl0246134 sshd[266764]: Failed password for root from 61.177.173.18 port 30354 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:48:00,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363280.4677086, 'message': 'Dec  6 23:48:00 hqnl0246134 sshd[266764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-06 23:48:02,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363282.472464, 'message': 'Dec  6 23:48:02 hqnl0246134 sshd[266764]: Failed password for root from 61.177.173.18 port 30354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
WARNING [2022-12-06 23:48:11,099] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:48:11,120] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0280 seconds
INFO    [2022-12-06 23:48:17,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:48:17,907] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:48:17,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:48:17,935] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-06 23:48:21,446] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:48:21,447] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:48:21,455] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:48:21,468] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-06 23:48:42,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363322.5583303, 'message': 'Dec  6 23:48:41 hqnl0246134 sshd[266827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-06 23:48:42,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363322.5587904, 'message': 'Dec  6 23:48:41 hqnl0246134 sshd[266827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-06 23:48:44,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363324.5605125, 'message': 'Dec  6 23:48:43 hqnl0246134 sshd[266827]: Failed password for root from 61.177.173.18 port 54673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-06 23:48:46,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363326.563015, 'message': 'Dec  6 23:48:45 hqnl0246134 sshd[266827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-06 23:48:48,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363328.5657032, 'message': 'Dec  6 23:48:47 hqnl0246134 sshd[266827]: Failed password for root from 61.177.173.18 port 54673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 23:48:48,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363328.5659153, 'message': 'Dec  6 23:48:47 hqnl0246134 sshd[266827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-06 23:48:49,741] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:48:49,742] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:48:50,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363330.5688283, 'message': 'Dec  6 23:48:50 hqnl0246134 sshd[266827]: Failed password for root from 61.177.173.18 port 54673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-06 23:48:54,754] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:48:54,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:48:54,763] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:48:54,775] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-06 23:49:11,103] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:49:11,121] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0252 seconds
INFO    [2022-12-06 23:49:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:49:17,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:49:17,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:49:17,824] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
INFO    [2022-12-06 23:49:20,535] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:49:20,535] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:49:20,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:49:20,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-06 23:49:28,240] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:49:28,308] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:49:28,309] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:49:28,309] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:49:28,309] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:49:28,309] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:49:28,320] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:49:28,342] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0316 seconds
WARNING [2022-12-06 23:49:28,351] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:49:28,353] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:49:28,372] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0399 seconds
INFO    [2022-12-06 23:49:28,373] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0357 seconds
INFO    [2022-12-06 23:49:28,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363368.6388252, 'message': 'Dec  6 23:49:27 hqnl0246134 sshd[266870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-06 23:49:28,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363368.6390529, 'message': 'Dec  6 23:49:27 hqnl0246134 sshd[266870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-06 23:49:30,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363370.6399143, 'message': 'Dec  6 23:49:29 hqnl0246134 sshd[266870]: Failed password for root from 61.177.173.18 port 64238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:49:32,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363372.6473792, 'message': 'Dec  6 23:49:31 hqnl0246134 sshd[266870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:49:34,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363374.6508677, 'message': 'Dec  6 23:49:33 hqnl0246134 sshd[266870]: Failed password for root from 61.177.173.18 port 64238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-06 23:49:34,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363374.651105, 'message': 'Dec  6 23:49:33 hqnl0246134 sshd[266870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-06 23:49:36,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363376.6600175, 'message': 'Dec  6 23:49:35 hqnl0246134 sshd[266870]: Failed password for root from 61.177.173.18 port 64238 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
WARNING [2022-12-06 23:49:49,747] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:49:49,747] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:49:50,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363390.6962006, 'message': 'Dec  6 23:49:49 hqnl0246134 sshd[266875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-06 23:49:52,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363392.6990826, 'message': 'Dec  6 23:49:51 hqnl0246134 sshd[266875]: Failed password for root from 165.227.166.207 port 50400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:49:55,705] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:49:55,705] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:49:55,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:49:55,724] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-06 23:49:58,439] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:49:58,440] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:49:58,441] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-06 23:50:11,114] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:50:11,140] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-06 23:50:14,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363414.7180643, 'message': 'Dec  6 23:50:14 hqnl0246134 sshd[266918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:50:14,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363414.7182832, 'message': 'Dec  6 23:50:14 hqnl0246134 sshd[266918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-06 23:50:16,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363416.719916, 'message': 'Dec  6 23:50:15 hqnl0246134 sshd[266918]: Failed password for root from 61.177.173.18 port 33646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-06 23:50:16,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363416.7200885, 'message': 'Dec  6 23:50:16 hqnl0246134 sshd[266918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-06 23:50:18,073] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:50:18,073] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:50:18,080] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:50:18,092] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-06 23:50:18,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363418.7220628, 'message': 'Dec  6 23:50:17 hqnl0246134 sshd[266918]: Failed password for root from 61.177.173.18 port 33646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-06 23:50:18,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363418.7222645, 'message': 'Dec  6 23:50:18 hqnl0246134 sshd[266918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-06 23:50:20,741] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:50:20,742] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:50:20,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:50:20,764] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 23:50:22,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363422.7301345, 'message': 'Dec  6 23:50:20 hqnl0246134 sshd[266918]: Failed password for root from 61.177.173.18 port 33646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-06 23:50:49,752] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:50:49,753] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:51:02,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363462.7964225, 'message': 'Dec  6 23:51:02 hqnl0246134 sshd[266955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-06 23:51:02,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363462.7970872, 'message': 'Dec  6 23:51:02 hqnl0246134 sshd[266955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-06 23:51:04,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363464.7989485, 'message': 'Dec  6 23:51:03 hqnl0246134 sshd[266955]: Failed password for root from 61.177.173.18 port 60291 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:51:04,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363464.7992406, 'message': 'Dec  6 23:51:04 hqnl0246134 sshd[266955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:51:06,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363466.8043923, 'message': 'Dec  6 23:51:06 hqnl0246134 sshd[266955]: Failed password for root from 61.177.173.18 port 60291 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:51:06,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363466.8047097, 'message': 'Dec  6 23:51:06 hqnl0246134 sshd[266955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-06 23:51:10,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363470.8140538, 'message': 'Dec  6 23:51:08 hqnl0246134 sshd[266955]: Failed password for root from 61.177.173.18 port 60291 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 23:51:11,117] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:51:11,138] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-06 23:51:17,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:51:17,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:51:17,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:51:17,866] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:51:22,513] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:51:22,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:51:22,524] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:51:22,539] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-06 23:51:36,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363496.8487945, 'message': 'Dec  6 23:51:35 hqnl0246134 sshd[266986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:51:38,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363498.850326, 'message': 'Dec  6 23:51:37 hqnl0246134 sshd[266986]: Failed password for root from 165.227.166.207 port 60692 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-06 23:51:40,119] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-06 23:51:40,122] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-06 23:51:41,125] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-06 23:51:42,561] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:51:42,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:51:42,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:51:42,584] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-06 23:51:48,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363508.859377, 'message': 'Dec  6 23:51:47 hqnl0246134 sshd[267005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:51:48,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363508.8596714, 'message': 'Dec  6 23:51:47 hqnl0246134 sshd[267005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-06 23:51:49,757] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:51:49,757] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:51:51,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363510.8986156, 'message': 'Dec  6 23:51:49 hqnl0246134 sshd[267005]: Failed password for root from 61.177.173.18 port 16693 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.1227 seconds
INFO    [2022-12-06 23:51:51,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363510.898974, 'message': 'Dec  6 23:51:49 hqnl0246134 sshd[267005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-06 23:51:52,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363512.8625503, 'message': 'Dec  6 23:51:51 hqnl0246134 sshd[267005]: Failed password for root from 61.177.173.18 port 16693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0674 seconds
WARNING [2022-12-06 23:51:54,067] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-06 23:51:54,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363514.8639705, 'message': 'Dec  6 23:51:53 hqnl0246134 sshd[267005]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:51:56,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363516.8665752, 'message': 'Dec  6 23:51:55 hqnl0246134 sshd[267005]: Failed password for root from 61.177.173.18 port 16693 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
WARNING [2022-12-06 23:52:11,134] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:52:11,165] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0490 seconds
INFO    [2022-12-06 23:52:17,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:52:17,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:52:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:52:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-06 23:52:20,545] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:52:20,545] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:52:20,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:52:20,563] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-06 23:52:34,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363554.9131455, 'message': 'Dec  6 23:52:33 hqnl0246134 sshd[267083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-06 23:52:34,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363554.9137244, 'message': 'Dec  6 23:52:33 hqnl0246134 sshd[267083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:52:36,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363556.9170232, 'message': 'Dec  6 23:52:35 hqnl0246134 sshd[267083]: Failed password for root from 61.177.173.18 port 37530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-06 23:52:36,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363556.9172275, 'message': 'Dec  6 23:52:35 hqnl0246134 sshd[267083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-06 23:52:38,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363558.9262424, 'message': 'Dec  6 23:52:37 hqnl0246134 sshd[267083]: Failed password for root from 61.177.173.18 port 37530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 23:52:38,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363558.926415, 'message': 'Dec  6 23:52:38 hqnl0246134 sshd[267083]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-06 23:52:40,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363560.932657, 'message': 'Dec  6 23:52:39 hqnl0246134 sshd[267083]: Failed password for root from 61.177.173.18 port 37530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-06 23:52:49,761] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:52:49,761] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:53:09,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363588.9977791, 'message': 'Dec  6 23:53:07 hqnl0246134 sshd[267095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.17.116.8 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-06 23:53:09,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363589.0049365, 'message': 'Dec  6 23:53:07 hqnl0246134 sshd[267095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.17.116.8  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-06 23:53:11,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '191.17.116.8', 'timestamp': 1670363590.9978614, 'message': 'Dec  6 23:53:10 hqnl0246134 sshd[267095]: Failed password for root from 191.17.116.8 port 36822 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-06 23:53:11,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:53:11,146] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0267 seconds
INFO    [2022-12-06 23:53:14,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:53:14,777] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:53:14,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:53:14,800] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-06 23:53:17,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:53:17,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:53:17,787] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:53:17,808] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-06 23:53:20,417] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:53:20,418] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:53:20,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:53:20,441] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-06 23:53:21,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363601.0166147, 'message': 'Dec  6 23:53:20 hqnl0246134 sshd[267120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:53:21,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363601.0168428, 'message': 'Dec  6 23:53:20 hqnl0246134 sshd[267120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:53:23,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363603.0211785, 'message': 'Dec  6 23:53:21 hqnl0246134 sshd[267125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-06 23:53:23,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363603.0218265, 'message': 'Dec  6 23:53:21 hqnl0246134 sshd[267120]: Failed password for root from 61.177.173.18 port 61263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-06 23:53:23,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363603.0220225, 'message': 'Dec  6 23:53:22 hqnl0246134 sshd[267120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-06 23:53:25,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363605.021563, 'message': 'Dec  6 23:53:23 hqnl0246134 sshd[267125]: Failed password for root from 165.227.166.207 port 42748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-06 23:53:27,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363607.0244498, 'message': 'Dec  6 23:53:25 hqnl0246134 sshd[267120]: Failed password for root from 61.177.173.18 port 61263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-06 23:53:29,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363609.0260248, 'message': 'Dec  6 23:53:27 hqnl0246134 sshd[267120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-06 23:53:29,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363609.0262637, 'message': 'Dec  6 23:53:28 hqnl0246134 sshd[267120]: Failed password for root from 61.177.173.18 port 61263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0490 seconds
WARNING [2022-12-06 23:53:49,765] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:53:49,766] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:54:07,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363647.1009684, 'message': 'Dec  6 23:54:06 hqnl0246134 sshd[267159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1099 seconds
INFO    [2022-12-06 23:54:07,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363647.1016107, 'message': 'Dec  6 23:54:06 hqnl0246134 sshd[267159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0792 seconds
INFO    [2022-12-06 23:54:09,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363649.1017969, 'message': 'Dec  6 23:54:08 hqnl0246134 sshd[267159]: Failed password for root from 61.177.173.18 port 15611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
WARNING [2022-12-06 23:54:11,131] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:54:11,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363651.1069899, 'message': 'Dec  6 23:54:10 hqnl0246134 sshd[267159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-06 23:54:11,152] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-06 23:54:13,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363653.1099858, 'message': 'Dec  6 23:54:12 hqnl0246134 sshd[267159]: Failed password for root from 61.177.173.18 port 15611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-06 23:54:15,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363655.113388, 'message': 'Dec  6 23:54:13 hqnl0246134 sshd[267159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 23:54:17,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363657.1169746, 'message': 'Dec  6 23:54:15 hqnl0246134 sshd[267159]: Failed password for root from 61.177.173.18 port 15611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:54:17,849] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:54:17,849] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:54:17,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:54:17,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-06 23:54:20,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:54:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:54:20,642] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:54:20,662] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
WARNING [2022-12-06 23:54:49,770] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:54:49,773] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:54:55,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363695.2063472, 'message': 'Dec  6 23:54:54 hqnl0246134 sshd[267201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-06 23:54:55,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363695.2071428, 'message': 'Dec  6 23:54:54 hqnl0246134 sshd[267201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-06 23:54:57,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363697.2076566, 'message': 'Dec  6 23:54:57 hqnl0246134 sshd[267201]: Failed password for root from 61.177.173.18 port 41052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-06 23:54:59,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363699.2107267, 'message': 'Dec  6 23:54:57 hqnl0246134 sshd[267201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:54:59,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363699.2109375, 'message': 'Dec  6 23:54:59 hqnl0246134 sshd[267201]: Failed password for root from 61.177.173.18 port 41052 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-06 23:55:01,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363701.2136345, 'message': 'Dec  6 23:54:59 hqnl0246134 sshd[267201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 23:55:03,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363703.217535, 'message': 'Dec  6 23:55:01 hqnl0246134 sshd[267201]: Failed password for root from 61.177.173.18 port 41052 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-06 23:55:05,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:55:05,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:55:05,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:55:05,520] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-06 23:55:07,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363707.2280483, 'message': 'Dec  6 23:55:06 hqnl0246134 sshd[267251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-06 23:55:09,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363709.232748, 'message': 'Dec  6 23:55:08 hqnl0246134 sshd[267251]: Failed password for root from 165.227.166.207 port 53046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0437 seconds
WARNING [2022-12-06 23:55:11,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:55:11,156] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0289 seconds
INFO    [2022-12-06 23:55:17,881] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:55:17,881] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:55:17,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:55:17,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:55:20,682] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:55:20,683] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:55:20,689] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:55:20,701] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-06 23:55:43,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363743.3034058, 'message': 'Dec  6 23:55:42 hqnl0246134 sshd[267289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 23:55:43,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363743.3045392, 'message': 'Dec  6 23:55:42 hqnl0246134 sshd[267289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-06 23:55:45,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363745.3062594, 'message': 'Dec  6 23:55:44 hqnl0246134 sshd[267289]: Failed password for root from 61.177.173.18 port 61165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:55:47,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363747.3092327, 'message': 'Dec  6 23:55:46 hqnl0246134 sshd[267289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:55:49,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363749.317305, 'message': 'Dec  6 23:55:48 hqnl0246134 sshd[267289]: Failed password for root from 61.177.173.18 port 61165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-06 23:55:49,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363749.3175988, 'message': 'Dec  6 23:55:48 hqnl0246134 sshd[267289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-06 23:55:49,778] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:55:49,779] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:55:53,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363753.3267407, 'message': 'Dec  6 23:55:51 hqnl0246134 sshd[267289]: Failed password for root from 61.177.173.18 port 61165 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0452 seconds
WARNING [2022-12-06 23:56:11,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:56:11,157] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0280 seconds
INFO    [2022-12-06 23:56:17,820] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:56:17,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:56:17,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:56:17,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-06 23:56:20,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:56:20,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:56:20,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:56:20,758] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-06 23:56:29,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363789.3756928, 'message': 'Dec  6 23:56:28 hqnl0246134 sshd[267330]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-06 23:56:29,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363789.3764002, 'message': 'Dec  6 23:56:29 hqnl0246134 sshd[267316]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.182.248.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-06 23:56:29,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363789.3761637, 'message': 'Dec  6 23:56:28 hqnl0246134 sshd[267330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-06 23:56:29,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363789.376555, 'message': 'Dec  6 23:56:29 hqnl0246134 sshd[267316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.182.248.193  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-06 23:56:31,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363791.3775198, 'message': 'Dec  6 23:56:30 hqnl0246134 sshd[267330]: Failed password for root from 61.177.173.18 port 16481 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-06 23:56:31,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '81.182.248.193', 'timestamp': 1670363791.3780496, 'message': 'Dec  6 23:56:31 hqnl0246134 sshd[267316]: Failed password for root from 81.182.248.193 port 45056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-06 23:56:31,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363791.377848, 'message': 'Dec  6 23:56:31 hqnl0246134 sshd[267330]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-06 23:56:33,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363793.3795176, 'message': 'Dec  6 23:56:33 hqnl0246134 sshd[267330]: Failed password for root from 61.177.173.18 port 16481 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:56:33,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363793.3797345, 'message': 'Dec  6 23:56:33 hqnl0246134 sshd[267330]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:56:33,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:56:33,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:56:33,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:56:33,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0289 seconds
INFO    [2022-12-06 23:56:35,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363795.3824446, 'message': 'Dec  6 23:56:34 hqnl0246134 sshd[267330]: Failed password for root from 61.177.173.18 port 16481 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-06 23:56:49,782] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:56:49,783] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:56:53,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363813.4167593, 'message': 'Dec  6 23:56:52 hqnl0246134 sshd[267338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-06 23:56:55,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363815.4191263, 'message': 'Dec  6 23:56:53 hqnl0246134 sshd[267338]: Failed password for root from 165.227.166.207 port 35034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-06 23:57:11,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:57:11,167] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-06 23:57:12,290] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-06 23:57:12,357] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-06 23:57:12,358] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-06 23:57:12,358] im360.plugins.client360: await _sink_future...
INFO    [2022-12-06 23:57:12,358] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-06 23:57:12,359] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-06 23:57:12,368] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-06 23:57:12,384] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0253 seconds
WARNING [2022-12-06 23:57:12,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-06 23:57:12,394] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:57:12,411] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0327 seconds
INFO    [2022-12-06 23:57:12,414] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0316 seconds
INFO    [2022-12-06 23:57:17,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363837.4582722, 'message': 'Dec  6 23:57:16 hqnl0246134 sshd[267364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-06 23:57:17,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363837.4585295, 'message': 'Dec  6 23:57:16 hqnl0246134 sshd[267364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-06 23:57:17,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:57:17,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:57:17,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:57:17,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 23:57:19,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363839.4604092, 'message': 'Dec  6 23:57:17 hqnl0246134 sshd[267364]: Failed password for root from 61.177.173.18 port 42016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:57:19,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363839.4606352, 'message': 'Dec  6 23:57:18 hqnl0246134 sshd[267364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-06 23:57:20,531] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:57:20,532] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:57:20,539] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:57:20,550] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-06 23:57:21,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363841.4654925, 'message': 'Dec  6 23:57:20 hqnl0246134 sshd[267364]: Failed password for root from 61.177.173.18 port 42016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-06 23:57:21,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363841.4658055, 'message': 'Dec  6 23:57:20 hqnl0246134 sshd[267364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-06 23:57:23,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363843.4692738, 'message': 'Dec  6 23:57:22 hqnl0246134 sshd[267364]: Failed password for root from 61.177.173.18 port 42016 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-06 23:57:48,213] im360.plugins.client360: Server connection closed
WARNING [2022-12-06 23:57:48,214] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-06 23:57:48,215] im360.plugins.client360: Waiting 2 minutes before retry...
WARNING [2022-12-06 23:57:49,787] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:57:49,788] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:58:01,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363881.527045, 'message': 'Dec  6 23:58:00 hqnl0246134 sshd[267405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-06 23:58:01,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363881.527682, 'message': 'Dec  6 23:58:00 hqnl0246134 sshd[267405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-06 23:58:03,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363883.5309274, 'message': 'Dec  6 23:58:02 hqnl0246134 sshd[267405]: Failed password for root from 61.177.173.18 port 54499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-06 23:58:03,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363883.5311198, 'message': 'Dec  6 23:58:03 hqnl0246134 sshd[267405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-06 23:58:05,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363885.5346801, 'message': 'Dec  6 23:58:04 hqnl0246134 sshd[267405]: Failed password for root from 61.177.173.18 port 54499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-06 23:58:05,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363885.5348508, 'message': 'Dec  6 23:58:05 hqnl0246134 sshd[267405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-06 23:58:07,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363887.543338, 'message': 'Dec  6 23:58:06 hqnl0246134 sshd[267405]: Failed password for root from 61.177.173.18 port 54499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-06 23:58:10,090] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:58:10,091] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:58:10,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:58:10,112] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-06 23:58:11,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:58:11,165] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0258 seconds
INFO    [2022-12-06 23:58:15,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670363895.568609, 'message': 'Dec  6 23:58:14 hqnl0246134 sshd[267426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-06 23:58:15,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670363895.5691073, 'message': 'Dec  6 23:58:14 hqnl0246134 sshd[267426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-06 23:58:17,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.89.196.220', 'timestamp': 1670363897.5698166, 'message': 'Dec  6 23:58:16 hqnl0246134 sshd[267426]: Failed password for root from 152.89.196.220 port 60522 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-06 23:58:17,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:58:17,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:58:17,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:58:17,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-06 23:58:20,469] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:58:20,469] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:58:20,477] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:58:20,488] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-06 23:58:39,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363919.6172442, 'message': 'Dec  6 23:58:38 hqnl0246134 sshd[267452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-06 23:58:41,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670363921.6179953, 'message': 'Dec  6 23:58:39 hqnl0246134 sshd[267452]: Failed password for root from 165.227.166.207 port 45392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:58:47,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363927.6265757, 'message': 'Dec  6 23:58:47 hqnl0246134 sshd[267455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:58:47,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363927.6267776, 'message': 'Dec  6 23:58:47 hqnl0246134 sshd[267455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-06 23:58:49,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363929.6320279, 'message': 'Dec  6 23:58:49 hqnl0246134 sshd[267455]: Failed password for root from 61.177.173.18 port 22575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
WARNING [2022-12-06 23:58:49,791] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:58:49,792] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-06 23:58:51,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363931.6331663, 'message': 'Dec  6 23:58:49 hqnl0246134 sshd[267455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-06 23:58:53,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363933.64036, 'message': 'Dec  6 23:58:52 hqnl0246134 sshd[267455]: Failed password for root from 61.177.173.18 port 22575 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-06 23:58:55,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363935.6480744, 'message': 'Dec  6 23:58:54 hqnl0246134 sshd[267455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-06 23:58:57,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363937.651075, 'message': 'Dec  6 23:58:56 hqnl0246134 sshd[267455]: Failed password for root from 61.177.173.18 port 22575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-06 23:59:11,149] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:59:11,173] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0310 seconds
INFO    [2022-12-06 23:59:17,880] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:59:17,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:59:17,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:59:17,900] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-06 23:59:20,619] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:59:20,619] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:59:20,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:59:20,640] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-06 23:59:22,943] defence360agent.files: Updating all files
INFO    [2022-12-06 23:59:23,266] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:23,266] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-06 23:59:23,610] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:23,610] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-06 23:59:23,878] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:23,878] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-06 23:59:24,208] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:24,208] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-06 23:59:24,208] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-06 23:59:24,518] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 21:59:24 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E532CFCE1DDE9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-06 23:59:24,520] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-06 23:59:24,521] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-06 23:59:25,090] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:25,090] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-06 23:59:25,342] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:25,343] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-06 23:59:25,657] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:25,657] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-06 23:59:26,050] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:26,051] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-06 23:59:26,486] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-06 23:59:26,488] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-06 23:59:33,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363973.742527, 'message': 'Dec  6 23:59:33 hqnl0246134 sshd[267517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-06 23:59:33,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363973.7429419, 'message': 'Dec  6 23:59:33 hqnl0246134 sshd[267517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-06 23:59:35,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363975.744233, 'message': 'Dec  6 23:59:35 hqnl0246134 sshd[267517]: Failed password for root from 61.177.173.18 port 42744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-06 23:59:37,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363977.7456746, 'message': 'Dec  6 23:59:35 hqnl0246134 sshd[267517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-06 23:59:39,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363979.753677, 'message': 'Dec  6 23:59:38 hqnl0246134 sshd[267517]: Failed password for root from 61.177.173.18 port 42744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-06 23:59:41,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363981.7578506, 'message': 'Dec  6 23:59:40 hqnl0246134 sshd[267517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-06 23:59:43,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670363983.7737622, 'message': 'Dec  6 23:59:42 hqnl0246134 sshd[267517]: Failed password for root from 61.177.173.18 port 42744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-06 23:59:44,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-06 23:59:44,997] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-06 23:59:45,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-06 23:59:45,032] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
WARNING [2022-12-06 23:59:49,794] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-06 23:59:49,795] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:00:11,156] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:00:11,209] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0640 seconds
INFO    [2022-12-07 00:00:18,787] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:00:18,788] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:00:18,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:00:18,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0653 seconds
INFO    [2022-12-07 00:00:21,978] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:00:21,979] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:00:22,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:00:22,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364021.8391807, 'message': 'Dec  7 00:00:20 hqnl0246134 sshd[267774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1736 seconds
INFO    [2022-12-07 00:00:22,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0456 seconds
INFO    [2022-12-07 00:00:22,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364021.8396904, 'message': 'Dec  7 00:00:20 hqnl0246134 sshd[267774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 00:00:23,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364023.8401756, 'message': 'Dec  7 00:00:22 hqnl0246134 sshd[267774]: Failed password for root from 61.177.173.18 port 62157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:00:25,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364025.8422492, 'message': 'Dec  7 00:00:24 hqnl0246134 sshd[267774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:00:27,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364027.8453856, 'message': 'Dec  7 00:00:26 hqnl0246134 sshd[267810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 00:00:27,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364027.845869, 'message': 'Dec  7 00:00:26 hqnl0246134 sshd[267774]: Failed password for root from 61.177.173.18 port 62157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 00:00:27,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364027.8461912, 'message': 'Dec  7 00:00:26 hqnl0246134 sshd[267774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:00:29,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364029.848008, 'message': 'Dec  7 00:00:28 hqnl0246134 sshd[267810]: Failed password for root from 165.227.166.207 port 55672 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 00:00:29,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364029.848319, 'message': 'Dec  7 00:00:28 hqnl0246134 sshd[267774]: Failed password for root from 61.177.173.18 port 62157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 00:00:40,783] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:00:40,858] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:00:40,859] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:00:40,859] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:00:40,859] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:00:40,860] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:00:40,870] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:00:40,890] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0296 seconds
WARNING [2022-12-07 00:00:40,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:00:40,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:00:40,918] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0360 seconds
INFO    [2022-12-07 00:00:40,920] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0323 seconds
WARNING [2022-12-07 00:00:49,799] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:00:49,799] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:00:53,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670364053.8794081, 'message': 'Dec  7 00:00:52 hqnl0246134 sshd[267836]: Invalid user ts3srv from 191.17.116.8 port 54171', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 00:00:53,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.17.116.8', 'timestamp': 1670364053.8797684, 'message': 'Dec  7 00:00:52 hqnl0246134 sshd[267836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.17.116.8 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:00:55,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670364055.88277, 'message': 'Dec  7 00:00:54 hqnl0246134 sshd[267836]: Failed password for invalid user ts3srv from 191.17.116.8 port 54171 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 00:00:55,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.17.116.8', 'timestamp': 1670364055.882992, 'message': 'Dec  7 00:00:55 hqnl0246134 sshd[267836]: Disconnected from invalid user ts3srv 191.17.116.8 port 54171 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:00:59,755] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:00:59,756] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:00:59,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:00:59,776] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 00:01:09,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364069.9020908, 'message': 'Dec  7 00:01:08 hqnl0246134 sshd[267878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 00:01:09,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364069.9024296, 'message': 'Dec  7 00:01:08 hqnl0246134 sshd[267878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
WARNING [2022-12-07 00:01:11,162] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:01:11,189] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-07 00:01:11,577] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:01:11,578] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:01:11,579] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 00:01:11,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364071.9030483, 'message': 'Dec  7 00:01:10 hqnl0246134 sshd[267878]: Failed password for root from 61.177.173.18 port 30873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 00:01:11,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364071.9032285, 'message': 'Dec  7 00:01:10 hqnl0246134 sshd[267878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 00:01:13,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364073.9066532, 'message': 'Dec  7 00:01:12 hqnl0246134 sshd[267878]: Failed password for root from 61.177.173.18 port 30873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:01:15,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364075.9091952, 'message': 'Dec  7 00:01:14 hqnl0246134 sshd[267878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:01:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:01:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:01:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:01:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-07 00:01:17,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364077.920734, 'message': 'Dec  7 00:01:16 hqnl0246134 sshd[267878]: Failed password for root from 61.177.173.18 port 30873 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:01:21,076] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:01:21,076] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:01:21,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:01:21,095] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 00:01:27,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364087.9343178, 'message': 'Dec  7 00:01:27 hqnl0246134 sshd[267903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.240.206.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 00:01:27,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364087.93474, 'message': 'Dec  7 00:01:27 hqnl0246134 sshd[267903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.206.206  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:01:29,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364089.9398835, 'message': 'Dec  7 00:01:29 hqnl0246134 sshd[267903]: Failed password for root from 115.240.206.206 port 16417 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 00:01:41,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364101.973871, 'message': 'Dec  7 00:01:41 hqnl0246134 sshd[267909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.218.109.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:01:44,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364103.9805539, 'message': 'Dec  7 00:01:43 hqnl0246134 sshd[267909]: Failed password for root from 20.218.109.19 port 38048 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
WARNING [2022-12-07 00:01:49,803] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:01:49,803] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:01:54,070] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 00:01:56,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364116.0067692, 'message': 'Dec  7 00:01:54 hqnl0246134 sshd[267924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 00:01:56,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364116.007196, 'message': 'Dec  7 00:01:54 hqnl0246134 sshd[267924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:01:58,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364118.0084116, 'message': 'Dec  7 00:01:56 hqnl0246134 sshd[267924]: Failed password for root from 61.177.173.18 port 42214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:02:00,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364120.011728, 'message': 'Dec  7 00:01:58 hqnl0246134 sshd[267924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 00:02:02,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364122.0139773, 'message': 'Dec  7 00:02:00 hqnl0246134 sshd[267924]: Failed password for root from 61.177.173.18 port 42214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 00:02:02,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364122.0145092, 'message': 'Dec  7 00:02:01 hqnl0246134 sshd[267924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 00:02:04,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364124.1154556, 'message': 'Dec  7 00:02:03 hqnl0246134 sshd[267924]: Failed password for root from 61.177.173.18 port 42214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 00:02:11,171] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:02:11,208] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0508 seconds
INFO    [2022-12-07 00:02:14,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364134.0381112, 'message': 'Dec  7 00:02:13 hqnl0246134 sshd[267947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 00:02:18,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364138.0408907, 'message': 'Dec  7 00:02:16 hqnl0246134 sshd[267947]: Failed password for root from 165.227.166.207 port 37742 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:02:19,838] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:02:19,839] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:02:19,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:02:19,858] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 00:02:20,203] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:02:20,203] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:02:20,210] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:02:20,221] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 00:02:22,544] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:02:22,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:02:22,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:02:22,562] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:02:44,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364164.1047509, 'message': 'Dec  7 00:02:42 hqnl0246134 sshd[267975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:02:44,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364164.1051025, 'message': 'Dec  7 00:02:42 hqnl0246134 sshd[267975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:02:46,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364166.108792, 'message': 'Dec  7 00:02:44 hqnl0246134 sshd[267975]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 00:02:48,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364168.110852, 'message': 'Dec  7 00:02:46 hqnl0246134 sshd[267979]: Invalid user zhang from 43.153.30.50 port 36332', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 00:02:48,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364168.1113102, 'message': 'Dec  7 00:02:46 hqnl0246134 sshd[267975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 00:02:48,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364168.1115582, 'message': 'Dec  7 00:02:46 hqnl0246134 sshd[267979]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 00:02:48,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364168.111753, 'message': 'Dec  7 00:02:46 hqnl0246134 sshd[267979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 00:02:49,806] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:02:49,807] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:02:50,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364170.1167672, 'message': 'Dec  7 00:02:48 hqnl0246134 sshd[267975]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 00:02:50,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364170.1171172, 'message': 'Dec  7 00:02:48 hqnl0246134 sshd[267979]: Failed password for invalid user zhang from 43.153.30.50 port 36332 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 00:02:50,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364170.117321, 'message': 'Dec  7 00:02:48 hqnl0246134 sshd[267975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:02:52,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364172.117953, 'message': 'Dec  7 00:02:50 hqnl0246134 sshd[267979]: Disconnected from invalid user zhang 43.153.30.50 port 36332 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 00:02:52,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364172.1181908, 'message': 'Dec  7 00:02:51 hqnl0246134 sshd[267975]: Failed password for root from 61.177.173.18 port 64595 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
WARNING [2022-12-07 00:03:11,175] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:03:11,202] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0371 seconds
INFO    [2022-12-07 00:03:18,226] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:03:18,226] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:03:18,234] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:03:18,246] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 00:03:21,101] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:03:21,102] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:03:21,114] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:03:21,136] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
INFO    [2022-12-07 00:03:30,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364210.187932, 'message': 'Dec  7 00:03:29 hqnl0246134 sshd[268045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 00:03:30,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364210.188365, 'message': 'Dec  7 00:03:29 hqnl0246134 sshd[268045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 00:03:32,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364212.1897423, 'message': 'Dec  7 00:03:31 hqnl0246134 sshd[268045]: Failed password for root from 61.177.173.18 port 34845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:03:32,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364212.189916, 'message': 'Dec  7 00:03:32 hqnl0246134 sshd[268045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:03:34,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364214.1918588, 'message': 'Dec  7 00:03:33 hqnl0246134 sshd[268045]: Failed password for root from 61.177.173.18 port 34845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:03:36,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364216.196405, 'message': 'Dec  7 00:03:34 hqnl0246134 sshd[268045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 00:03:36,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364216.1966565, 'message': 'Dec  7 00:03:36 hqnl0246134 sshd[268045]: Failed password for root from 61.177.173.18 port 34845 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-07 00:03:49,811] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:03:49,811] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:03:56,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364236.2302392, 'message': 'Dec  7 00:03:54 hqnl0246134 sshd[268062]: Invalid user production from 51.178.139.28 port 51068', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0745 seconds
INFO    [2022-12-07 00:03:56,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364236.2309878, 'message': 'Dec  7 00:03:54 hqnl0246134 sshd[268062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.139.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0744 seconds
INFO    [2022-12-07 00:03:56,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364236.2312458, 'message': 'Dec  7 00:03:54 hqnl0246134 sshd[268062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.139.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 00:03:58,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364238.2309372, 'message': 'Dec  7 00:03:56 hqnl0246134 sshd[268062]: Failed password for invalid user production from 51.178.139.28 port 51068 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 00:03:58,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364238.2312722, 'message': 'Dec  7 00:03:57 hqnl0246134 sshd[268062]: Disconnected from invalid user production 51.178.139.28 port 51068 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 00:04:01,187] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:04:01,188] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:04:01,244] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:04:01,305] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0993 seconds
INFO    [2022-12-07 00:04:10,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364250.2468352, 'message': 'Dec  7 00:04:08 hqnl0246134 sshd[268087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
WARNING [2022-12-07 00:04:11,188] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:04:11,221] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0465 seconds
INFO    [2022-12-07 00:04:12,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364252.2543771, 'message': 'Dec  7 00:04:10 hqnl0246134 sshd[268087]: Failed password for root from 165.227.166.207 port 48038 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:04:18,108] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:04:18,109] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:04:18,118] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:04:18,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 00:04:18,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364258.2649527, 'message': 'Dec  7 00:04:17 hqnl0246134 sshd[268091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 00:04:20,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364260.2661245, 'message': 'Dec  7 00:04:18 hqnl0246134 sshd[268091]: Failed password for root from 61.177.173.18 port 60356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:04:20,991] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:04:20,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:04:20,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:04:21,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 00:04:22,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364262.271871, 'message': 'Dec  7 00:04:21 hqnl0246134 sshd[268091]: Failed password for root from 61.177.173.18 port 60356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 00:04:28,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364268.2856836, 'message': 'Dec  7 00:04:25 hqnl0246134 sshd[268091]: Failed password for root from 61.177.173.18 port 60356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-07 00:04:49,816] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:04:49,817] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:05:04,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364304.3438675, 'message': 'Dec  7 00:05:02 hqnl0246134 sshd[268146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0615 seconds
INFO    [2022-12-07 00:05:06,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364306.3442452, 'message': 'Dec  7 00:05:05 hqnl0246134 sshd[268146]: Failed password for root from 61.177.173.18 port 19840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
WARNING [2022-12-07 00:05:11,190] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:05:11,211] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-07 00:05:16,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670364316.36115, 'message': 'Dec  7 00:05:15 hqnl0246134 sshd[268153]: Invalid user elsearch from 81.182.248.193 port 34400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 00:05:16,478] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:05:16,478] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:05:16,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:05:16,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.182.248.193', 'timestamp': 1670364316.3615017, 'message': 'Dec  7 00:05:15 hqnl0246134 sshd[268153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.182.248.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1129 seconds
INFO    [2022-12-07 00:05:16,517] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0356 seconds
INFO    [2022-12-07 00:05:16,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.182.248.193', 'timestamp': 1670364316.3616717, 'message': 'Dec  7 00:05:15 hqnl0246134 sshd[268153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.182.248.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:05:18,232] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:05:18,233] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:05:18,243] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:05:18,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 00:05:18,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670364318.362278, 'message': 'Dec  7 00:05:16 hqnl0246134 sshd[268153]: Failed password for invalid user elsearch from 81.182.248.193 port 34400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 00:05:18,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.182.248.193', 'timestamp': 1670364318.3625948, 'message': 'Dec  7 00:05:17 hqnl0246134 sshd[268153]: Disconnected from invalid user elsearch 81.182.248.193 port 34400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:05:21,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:05:21,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:05:21,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:05:21,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0367 seconds
INFO    [2022-12-07 00:05:28,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364328.3732662, 'message': 'Dec  7 00:05:27 hqnl0246134 sshd[268191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.217.131.233 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 00:05:28,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364328.3739257, 'message': 'Dec  7 00:05:27 hqnl0246134 sshd[268191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:05:30,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364330.378165, 'message': 'Dec  7 00:05:28 hqnl0246134 sshd[268191]: Failed password for root from 206.217.131.233 port 60882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:05:48,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364348.3989007, 'message': 'Dec  7 00:05:47 hqnl0246134 sshd[268196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.240.206.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:05:48,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364348.3991265, 'message': 'Dec  7 00:05:47 hqnl0246134 sshd[268196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.206.206  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 00:05:49,820] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:05:49,820] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:05:50,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364350.4024975, 'message': 'Dec  7 00:05:49 hqnl0246134 sshd[268196]: Failed password for root from 115.240.206.206 port 49440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 00:05:50,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364350.4028528, 'message': 'Dec  7 00:05:49 hqnl0246134 sshd[268198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-07 00:05:52,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364352.406416, 'message': 'Dec  7 00:05:51 hqnl0246134 sshd[268198]: Failed password for root from 61.177.173.18 port 40231 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 00:06:06,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364366.4212627, 'message': 'Dec  7 00:06:05 hqnl0246134 sshd[268218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:06:08,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364368.4227302, 'message': 'Dec  7 00:06:07 hqnl0246134 sshd[268218]: Failed password for root from 165.227.166.207 port 58320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 00:06:11,196] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:06:11,226] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0432 seconds
INFO    [2022-12-07 00:06:17,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:06:18,001] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:06:18,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:06:18,025] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 00:06:20,697] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:06:20,698] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:06:20,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:06:20,720] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 00:06:38,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364398.470505, 'message': 'Dec  7 00:06:37 hqnl0246134 sshd[268243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 00:06:40,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364400.4768023, 'message': 'Dec  7 00:06:39 hqnl0246134 sshd[268243]: Failed password for root from 61.177.173.18 port 64652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 00:06:49,824] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:06:49,825] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:06:53,149] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:06:53,150] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:06:53,157] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:06:53,168] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 00:07:11,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:07:11,224] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0293 seconds
INFO    [2022-12-07 00:07:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:07:17,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:07:17,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:07:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 00:07:20,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:07:20,927] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:07:20,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:07:20,945] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 00:07:22,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364442.5426488, 'message': 'Dec  7 00:07:22 hqnl0246134 sshd[268294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.39.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 00:07:22,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364442.5429292, 'message': 'Dec  7 00:07:22 hqnl0246134 sshd[268294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 00:07:24,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364444.5447292, 'message': 'Dec  7 00:07:24 hqnl0246134 sshd[268294]: Failed password for root from 143.198.39.194 port 46362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:07:26,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364446.548065, 'message': 'Dec  7 00:07:25 hqnl0246134 sshd[268297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:07:28,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364448.5503294, 'message': 'Dec  7 00:07:27 hqnl0246134 sshd[268297]: Failed password for root from 61.177.173.18 port 18236 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:07:32,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364452.5689845, 'message': 'Dec  7 00:07:31 hqnl0246134 sshd[268297]: Failed password for root from 61.177.173.18 port 18236 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:07:38,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364458.5775182, 'message': 'Dec  7 00:07:35 hqnl0246134 sshd[268297]: Failed password for root from 61.177.173.18 port 18236 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0361 seconds
WARNING [2022-12-07 00:07:49,829] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:07:49,830] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:07:56,750] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:07:56,817] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:07:56,818] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:07:56,818] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:07:56,819] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:07:56,819] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:07:56,831] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:07:56,850] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0307 seconds
WARNING [2022-12-07 00:07:56,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:07:56,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:07:56,889] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0445 seconds
INFO    [2022-12-07 00:07:56,891] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0434 seconds
INFO    [2022-12-07 00:08:04,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364484.6152234, 'message': 'Dec  7 00:08:03 hqnl0246134 sshd[268349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 00:08:06,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364486.6163874, 'message': 'Dec  7 00:08:05 hqnl0246134 sshd[268349]: Failed password for root from 165.227.166.207 port 40380 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:08:08,195] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:08:08,195] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:08:08,207] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:08:08,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
WARNING [2022-12-07 00:08:11,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:08:11,236] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-07 00:08:14,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364494.625429, 'message': 'Dec  7 00:08:12 hqnl0246134 sshd[268358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 00:08:14,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364494.6256816, 'message': 'Dec  7 00:08:14 hqnl0246134 sshd[268358]: Failed password for root from 61.177.173.18 port 34575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:08:17,972] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:08:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:08:17,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:08:18,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-07 00:08:18,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364498.6282203, 'message': 'Dec  7 00:08:16 hqnl0246134 sshd[268358]: Failed password for root from 61.177.173.18 port 34575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 00:08:18,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364498.6285694, 'message': 'Dec  7 00:08:16 hqnl0246134 sshd[268361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.8.68.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0551 seconds
INFO    [2022-12-07 00:08:18,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364498.628695, 'message': 'Dec  7 00:08:16 hqnl0246134 sshd[268361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.8.68.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 00:08:20,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364500.629964, 'message': 'Dec  7 00:08:19 hqnl0246134 sshd[268358]: Failed password for root from 61.177.173.18 port 34575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 00:08:20,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364500.6302242, 'message': 'Dec  7 00:08:19 hqnl0246134 sshd[268361]: Failed password for root from 189.8.68.56 port 47868 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 00:08:20,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:08:20,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:08:20,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:08:20,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 00:08:28,797] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:08:28,798] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:08:28,800] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 00:08:49,834] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:08:49,836] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:09:00,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364540.6861684, 'message': 'Dec  7 00:08:59 hqnl0246134 sshd[268401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 00:09:02,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364542.687365, 'message': 'Dec  7 00:09:01 hqnl0246134 sshd[268401]: Failed password for root from 61.177.173.18 port 47764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 00:09:06,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364546.6904645, 'message': 'Dec  7 00:09:06 hqnl0246134 sshd[268401]: Failed password for root from 61.177.173.18 port 47764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-07 00:09:11,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:09:11,795] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.5899 seconds
INFO    [2022-12-07 00:09:12,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364552.70565, 'message': 'Dec  7 00:09:10 hqnl0246134 sshd[268401]: Failed password for root from 61.177.173.18 port 47764 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 00:09:18,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:09:18,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:09:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:09:18,139] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0379 seconds
INFO    [2022-12-07 00:09:21,087] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:09:21,088] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:09:21,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:09:21,108] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 00:09:48,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364588.7676144, 'message': 'Dec  7 00:09:47 hqnl0246134 sshd[268575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 00:09:49,839] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:09:49,840] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:09:50,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364590.7741072, 'message': 'Dec  7 00:09:49 hqnl0246134 sshd[268575]: Failed password for root from 61.177.173.18 port 16256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:09:52,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364592.7769005, 'message': 'Dec  7 00:09:51 hqnl0246134 sshd[268575]: Failed password for root from 61.177.173.18 port 16256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:09:52,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364592.777171, 'message': 'Dec  7 00:09:51 hqnl0246134 sshd[268579]: Invalid user centos from 45.240.88.36 port 33700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 00:09:52,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364592.781176, 'message': 'Dec  7 00:09:51 hqnl0246134 sshd[268579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.240.88.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:09:52,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364592.7813272, 'message': 'Dec  7 00:09:51 hqnl0246134 sshd[268579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.36 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:09:54,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364594.7781563, 'message': 'Dec  7 00:09:53 hqnl0246134 sshd[268575]: Failed password for root from 61.177.173.18 port 16256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 00:09:54,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364594.7784545, 'message': 'Dec  7 00:09:53 hqnl0246134 sshd[268579]: Failed password for invalid user centos from 45.240.88.36 port 33700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 00:09:54,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364594.7786531, 'message': 'Dec  7 00:09:54 hqnl0246134 sshd[268579]: Disconnected from invalid user centos 45.240.88.36 port 33700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 00:09:57,167] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:09:57,168] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:09:57,178] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:09:57,192] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-07 00:09:58,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364598.782274, 'message': 'Dec  7 00:09:58 hqnl0246134 sshd[268597]: Invalid user testing from 115.240.206.206 port 56005', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 00:09:58,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364598.7825317, 'message': 'Dec  7 00:09:58 hqnl0246134 sshd[268597]: pam_imunify(sshd:auth): [IM360_RBL] The IP 115.240.206.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 00:09:58,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364598.7826886, 'message': 'Dec  7 00:09:58 hqnl0246134 sshd[268597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.206.206 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:10:00,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364600.784676, 'message': 'Dec  7 00:10:00 hqnl0246134 sshd[268597]: Failed password for invalid user testing from 115.240.206.206 port 56005 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 00:10:04,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364604.7957103, 'message': 'Dec  7 00:10:02 hqnl0246134 sshd[268620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1009 seconds
INFO    [2022-12-07 00:10:04,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '115.240.206.206', 'timestamp': 1670364604.7961006, 'message': 'Dec  7 00:10:03 hqnl0246134 sshd[268597]: Disconnected from invalid user testing 115.240.206.206 port 56005 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1013 seconds
INFO    [2022-12-07 00:10:06,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364606.7962687, 'message': 'Dec  7 00:10:05 hqnl0246134 sshd[268620]: Failed password for root from 165.227.166.207 port 50660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
WARNING [2022-12-07 00:10:11,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:10:11,253] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0435 seconds
INFO    [2022-12-07 00:10:17,980] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:10:17,981] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:10:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:10:18,003] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 00:10:20,561] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:10:20,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:10:20,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:10:20,580] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 00:10:32,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364632.8477404, 'message': 'Dec  7 00:10:32 hqnl0246134 sshd[268655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 00:10:34,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364634.849732, 'message': 'Dec  7 00:10:34 hqnl0246134 sshd[268655]: Failed password for root from 61.177.173.18 port 25225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 00:10:48,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364648.8843296, 'message': 'Dec  7 00:10:48 hqnl0246134 sshd[268660]: pam_imunify(sshd:auth): [IM360_RBL] The IP 93.153.192.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:10:48,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364648.8846202, 'message': 'Dec  7 00:10:48 hqnl0246134 sshd[268660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.153.192.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 00:10:49,843] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:10:49,844] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:10:50,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364650.8892713, 'message': 'Dec  7 00:10:50 hqnl0246134 sshd[268660]: Failed password for root from 93.153.192.254 port 56336 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 00:11:11,228] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:11:11,259] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0436 seconds
INFO    [2022-12-07 00:11:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:11:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:11:17,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:11:17,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 00:11:18,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364678.9419575, 'message': 'Dec  7 00:11:18 hqnl0246134 sshd[268686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:11:20,822] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:11:20,823] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:11:20,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:11:20,844] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 00:11:20,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364680.944123, 'message': 'Dec  7 00:11:20 hqnl0246134 sshd[268686]: Failed password for root from 61.177.173.18 port 49526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 00:11:24,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364684.9534814, 'message': 'Dec  7 00:11:23 hqnl0246134 sshd[268686]: Failed password for root from 61.177.173.18 port 49526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 00:11:28,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364688.966582, 'message': 'Dec  7 00:11:25 hqnl0246134 sshd[268686]: Failed password for root from 61.177.173.18 port 49526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 00:11:30,270] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:11:30,270] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:11:30,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:11:30,304] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
WARNING [2022-12-07 00:11:49,846] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:11:49,847] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:11:54,074] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 00:11:57,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364717.0268638, 'message': 'Dec  7 00:11:56 hqnl0246134 sshd[268720]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 00:11:57,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364717.0273871, 'message': 'Dec  7 00:11:56 hqnl0246134 sshd[268720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:11:59,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364719.03128, 'message': 'Dec  7 00:11:58 hqnl0246134 sshd[268720]: Failed password for root from 43.153.30.50 port 51690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:12:01,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364721.0361786, 'message': 'Dec  7 00:11:59 hqnl0246134 sshd[268722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1074 seconds
INFO    [2022-12-07 00:12:01,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364721.0364578, 'message': 'Dec  7 00:11:59 hqnl0246134 sshd[268724]: Invalid user anjana from 51.178.139.28 port 43198', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1079 seconds
INFO    [2022-12-07 00:12:01,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364721.0365732, 'message': 'Dec  7 00:11:59 hqnl0246134 sshd[268724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.139.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 00:12:01,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364721.0366793, 'message': 'Dec  7 00:11:59 hqnl0246134 sshd[268724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.139.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:12:03,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364723.0394192, 'message': 'Dec  7 00:12:01 hqnl0246134 sshd[268722]: Failed password for root from 165.227.166.207 port 60968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 00:12:03,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364723.0397089, 'message': 'Dec  7 00:12:01 hqnl0246134 sshd[268724]: Failed password for invalid user anjana from 51.178.139.28 port 43198 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 00:12:03,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364723.0398357, 'message': 'Dec  7 00:12:02 hqnl0246134 sshd[268724]: Disconnected from invalid user anjana 51.178.139.28 port 43198 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:12:05,275] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:12:05,343] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:12:05,343] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:12:05,344] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:12:05,344] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:12:05,344] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:12:05,358] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:12:05,375] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0305 seconds
WARNING [2022-12-07 00:12:05,384] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:12:05,386] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:12:05,405] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0348 seconds
INFO    [2022-12-07 00:12:05,406] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0335 seconds
INFO    [2022-12-07 00:12:07,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364727.0441434, 'message': 'Dec  7 00:12:05 hqnl0246134 sshd[268742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 00:12:09,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364729.0489485, 'message': 'Dec  7 00:12:07 hqnl0246134 sshd[268742]: Failed password for root from 61.177.173.18 port 14072 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 00:12:09,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670364729.0491548, 'message': 'Dec  7 00:12:08 hqnl0246134 sshd[268745]: Invalid user cam from 138.197.147.235 port 42922', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 00:12:09,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.147.235', 'timestamp': 1670364729.0492764, 'message': 'Dec  7 00:12:08 hqnl0246134 sshd[268745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.147.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:12:09,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.147.235', 'timestamp': 1670364729.0494409, 'message': 'Dec  7 00:12:08 hqnl0246134 sshd[268745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.147.235 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:12:11,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670364731.050111, 'message': 'Dec  7 00:12:10 hqnl0246134 sshd[268745]: Failed password for invalid user cam from 138.197.147.235 port 42922 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 00:12:11,227] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:12:11,254] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-07 00:12:13,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670364733.0541546, 'message': 'Dec  7 00:12:11 hqnl0246134 sshd[268745]: Disconnected from invalid user cam 138.197.147.235 port 42922 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 00:12:13,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364733.0544922, 'message': 'Dec  7 00:12:11 hqnl0246134 sshd[268742]: Failed password for root from 61.177.173.18 port 14072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 00:12:17,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364737.058173, 'message': 'Dec  7 00:12:15 hqnl0246134 sshd[268742]: Failed password for root from 61.177.173.18 port 14072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:12:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:12:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:12:17,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:12:17,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 00:12:20,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:12:20,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:12:20,509] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:12:20,520] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 00:12:21,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670364741.0647504, 'message': 'Dec  7 00:12:19 hqnl0246134 sshd[268774]: Invalid user monitoring from 189.68.156.60 port 23398', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:12:21,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.68.156.60', 'timestamp': 1670364741.0649765, 'message': 'Dec  7 00:12:19 hqnl0246134 sshd[268774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.68.156.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 00:12:23,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670364743.0691645, 'message': 'Dec  7 00:12:21 hqnl0246134 sshd[268774]: Failed password for invalid user monitoring from 189.68.156.60 port 23398 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:12:25,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670364745.074112, 'message': 'Dec  7 00:12:23 hqnl0246134 sshd[268774]: Disconnected from invalid user monitoring 189.68.156.60 port 23398 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 00:12:33,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364753.0858626, 'message': 'Dec  7 00:12:31 hqnl0246134 sshd[268791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.8.68.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 00:12:33,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364753.0863786, 'message': 'Dec  7 00:12:31 hqnl0246134 sshd[268791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.8.68.56  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 00:12:35,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364755.0883517, 'message': 'Dec  7 00:12:33 hqnl0246134 sshd[268791]: Failed password for root from 189.8.68.56 port 42258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 00:12:38,128] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:12:38,129] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:12:38,141] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:12:38,156] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-07 00:12:40,519] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:12:40,520] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:12:40,521] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 00:12:49,850] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:12:49,851] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:12:53,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364773.1127021, 'message': 'Dec  7 00:12:53 hqnl0246134 sshd[268802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:12:57,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364777.1182647, 'message': 'Dec  7 00:12:55 hqnl0246134 sshd[268802]: Failed password for root from 61.177.173.18 port 40477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 00:13:02,296] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 00:13:02,303] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:13:02,314] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0172 seconds
INFO    [2022-12-07 00:13:03,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364783.1247685, 'message': 'Dec  7 00:12:59 hqnl0246134 sshd[268802]: Failed password for root from 61.177.173.18 port 40477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1094 seconds
INFO    [2022-12-07 00:13:03,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364783.1249545, 'message': 'Dec  7 00:13:01 hqnl0246134 sshd[268802]: Failed password for root from 61.177.173.18 port 40477 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 00:13:11,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:13:11,250] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0269 seconds
INFO    [2022-12-07 00:13:13,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364793.1403706, 'message': 'Dec  7 00:13:12 hqnl0246134 sshd[268832]: Invalid user admin from 206.217.131.233 port 40568', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:13:13,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364793.1407945, 'message': 'Dec  7 00:13:12 hqnl0246134 sshd[268832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.217.131.233 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:13:13,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364793.1410167, 'message': 'Dec  7 00:13:12 hqnl0246134 sshd[268832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 00:13:15,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364795.1421962, 'message': 'Dec  7 00:13:13 hqnl0246134 sshd[268832]: Failed password for invalid user admin from 206.217.131.233 port 40568 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 00:13:15,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670364795.1432357, 'message': 'Dec  7 00:13:15 hqnl0246134 sshd[268834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 00:13:15,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364795.14312, 'message': 'Dec  7 00:13:14 hqnl0246134 sshd[268832]: Disconnected from invalid user admin 206.217.131.233 port 40568 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 00:13:15,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670364795.143368, 'message': 'Dec  7 00:13:15 hqnl0246134 sshd[268834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 00:13:17,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:13:17,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:13:17,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:13:17,758] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 00:13:19,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.40.81.0', 'timestamp': 1670364799.14867, 'message': 'Dec  7 00:13:17 hqnl0246134 sshd[268834]: Failed password for root from 20.40.81.0 port 57706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 00:13:20,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:13:20,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:13:20,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:13:20,386] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 00:13:41,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364821.1961076, 'message': 'Dec  7 00:13:40 hqnl0246134 sshd[268856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 00:13:43,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364823.2141638, 'message': 'Dec  7 00:13:42 hqnl0246134 sshd[268856]: Failed password for root from 61.177.173.18 port 59662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 00:13:49,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364829.2212803, 'message': 'Dec  7 00:13:46 hqnl0246134 sshd[268856]: Failed password for root from 61.177.173.18 port 59662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 00:13:49,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364829.221572, 'message': 'Dec  7 00:13:49 hqnl0246134 sshd[268859]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:13:49,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364829.2217433, 'message': 'Dec  7 00:13:49 hqnl0246134 sshd[268859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 00:13:49,854] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:13:49,855] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:13:51,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364831.2264655, 'message': 'Dec  7 00:13:50 hqnl0246134 sshd[268856]: Failed password for root from 61.177.173.18 port 59662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 00:13:51,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364831.2289324, 'message': 'Dec  7 00:13:51 hqnl0246134 sshd[268859]: Failed password for root from 61.177.173.50 port 37826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 00:13:53,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364833.22846, 'message': 'Dec  7 00:13:53 hqnl0246134 sshd[268859]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:13:55,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364835.2319307, 'message': 'Dec  7 00:13:55 hqnl0246134 sshd[268864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:13:57,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364837.2342157, 'message': 'Dec  7 00:13:55 hqnl0246134 sshd[268859]: Failed password for root from 61.177.173.50 port 37826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 00:13:57,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364837.2346509, 'message': 'Dec  7 00:13:56 hqnl0246134 sshd[268864]: Failed password for root from 165.227.166.207 port 43028 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 00:13:59,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364839.2371614, 'message': 'Dec  7 00:13:57 hqnl0246134 sshd[268859]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:14:01,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364841.2420738, 'message': 'Dec  7 00:13:59 hqnl0246134 sshd[268859]: Failed password for root from 61.177.173.50 port 37826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:14:05,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364845.2469327, 'message': 'Dec  7 00:14:04 hqnl0246134 sshd[268882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.39.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 00:14:05,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364845.2474685, 'message': 'Dec  7 00:14:04 hqnl0246134 sshd[268882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 00:14:07,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.39.194', 'timestamp': 1670364847.2489078, 'message': 'Dec  7 00:14:06 hqnl0246134 sshd[268882]: Failed password for root from 143.198.39.194 port 44034 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 00:14:09,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364849.2508774, 'message': 'Dec  7 00:14:08 hqnl0246134 sshd[268887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 00:14:09,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364849.2512128, 'message': 'Dec  7 00:14:08 hqnl0246134 sshd[268887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 00:14:11,088] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:14:11,089] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:14:11,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:14:11,111] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-07 00:14:11,234] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:14:11,273] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0477 seconds
INFO    [2022-12-07 00:14:11,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364851.2576776, 'message': 'Dec  7 00:14:10 hqnl0246134 sshd[268887]: Failed password for root from 61.177.173.50 port 14239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 00:14:13,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364853.2590666, 'message': 'Dec  7 00:14:12 hqnl0246134 sshd[268887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:14:15,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364855.2634997, 'message': 'Dec  7 00:14:14 hqnl0246134 sshd[268887]: Failed password for root from 61.177.173.50 port 14239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 00:14:17,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364857.266942, 'message': 'Dec  7 00:14:15 hqnl0246134 sshd[268887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 00:14:17,772] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:14:17,772] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:14:17,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:14:17,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 00:14:19,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670364859.2731037, 'message': 'Dec  7 00:14:17 hqnl0246134 sshd[268887]: Failed password for root from 61.177.173.50 port 14239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:14:20,422] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:14:20,422] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:14:20,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:14:20,440] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 00:14:25,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364865.2852068, 'message': 'Dec  7 00:14:24 hqnl0246134 sshd[268904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:14:25,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364865.28553, 'message': 'Dec  7 00:14:24 hqnl0246134 sshd[268904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:14:27,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364867.2865357, 'message': 'Dec  7 00:14:26 hqnl0246134 sshd[268904]: Failed password for root from 61.177.173.36 port 34735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 00:14:27,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364867.2870467, 'message': 'Dec  7 00:14:26 hqnl0246134 sshd[268904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 00:14:29,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364869.2885942, 'message': 'Dec  7 00:14:27 hqnl0246134 sshd[268914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 00:14:29,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364869.2887945, 'message': 'Dec  7 00:14:28 hqnl0246134 sshd[268904]: Failed password for root from 61.177.173.36 port 34735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 00:14:31,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364871.2901585, 'message': 'Dec  7 00:14:29 hqnl0246134 sshd[268914]: Failed password for root from 61.177.173.18 port 27572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 00:14:31,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364871.2904842, 'message': 'Dec  7 00:14:30 hqnl0246134 sshd[268904]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 00:14:33,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364873.2919743, 'message': 'Dec  7 00:14:31 hqnl0246134 sshd[268914]: Failed password for root from 61.177.173.18 port 27572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 00:14:33,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364873.2922318, 'message': 'Dec  7 00:14:32 hqnl0246134 sshd[268904]: Failed password for root from 61.177.173.36 port 34735 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 00:14:35,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364875.2964895, 'message': 'Dec  7 00:14:34 hqnl0246134 sshd[268914]: Failed password for root from 61.177.173.18 port 27572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-07 00:14:35,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364875.2968028, 'message': 'Dec  7 00:14:34 hqnl0246134 sshd[268918]: Invalid user admin from 93.153.192.254 port 55504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-07 00:14:35,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364875.2969933, 'message': 'Dec  7 00:14:34 hqnl0246134 sshd[268918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 93.153.192.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 00:14:35,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364875.2972486, 'message': 'Dec  7 00:14:34 hqnl0246134 sshd[268918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.153.192.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 00:14:37,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364877.3010848, 'message': 'Dec  7 00:14:36 hqnl0246134 sshd[268918]: Failed password for invalid user admin from 93.153.192.254 port 55504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 00:14:37,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364877.3013968, 'message': 'Dec  7 00:14:36 hqnl0246134 sshd[268920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 00:14:37,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364877.301629, 'message': 'Dec  7 00:14:36 hqnl0246134 sshd[268920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 00:14:39,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364879.3054266, 'message': 'Dec  7 00:14:38 hqnl0246134 sshd[268920]: Failed password for root from 61.177.173.36 port 53910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:14:39,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670364879.305617, 'message': 'Dec  7 00:14:38 hqnl0246134 sshd[268918]: Disconnected from invalid user admin 93.153.192.254 port 55504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 00:14:39,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364879.3057327, 'message': 'Dec  7 00:14:38 hqnl0246134 sshd[268920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:14:41,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364881.3110654, 'message': 'Dec  7 00:14:41 hqnl0246134 sshd[268920]: Failed password for root from 61.177.173.36 port 53910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 00:14:43,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364883.3127599, 'message': 'Dec  7 00:14:43 hqnl0246134 sshd[268922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.240.88.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 00:14:43,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364883.3131, 'message': 'Dec  7 00:14:43 hqnl0246134 sshd[268920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 00:14:43,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364883.312945, 'message': 'Dec  7 00:14:43 hqnl0246134 sshd[268922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:14:45,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364885.3176405, 'message': 'Dec  7 00:14:44 hqnl0246134 sshd[268926]: Invalid user felix from 43.153.30.50 port 59302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-07 00:14:45,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.240.88.36', 'timestamp': 1670364885.3180165, 'message': 'Dec  7 00:14:45 hqnl0246134 sshd[268922]: Failed password for root from 45.240.88.36 port 44344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-07 00:14:45,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364885.3186553, 'message': 'Dec  7 00:14:45 hqnl0246134 sshd[268920]: Failed password for root from 61.177.173.36 port 53910 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 00:14:45,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364885.3183, 'message': 'Dec  7 00:14:45 hqnl0246134 sshd[268926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 00:14:45,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364885.318488, 'message': 'Dec  7 00:14:45 hqnl0246134 sshd[268926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 00:14:47,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364887.3180227, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 00:14:47,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364887.3183734, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268926]: Failed password for invalid user felix from 43.153.30.50 port 59302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 00:14:47,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364887.318212, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 00:14:49,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364889.3203256, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268924]: Invalid user software from 20.218.109.19 port 54856', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 00:14:49,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670364889.3207695, 'message': 'Dec  7 00:14:48 hqnl0246134 sshd[268926]: Disconnected from invalid user felix 43.153.30.50 port 59302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 00:14:49,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364889.3205047, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.218.109.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:14:49,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364889.3206167, 'message': 'Dec  7 00:14:47 hqnl0246134 sshd[268924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.218.109.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 00:14:49,857] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:14:49,857] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:14:51,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364891.3223987, 'message': 'Dec  7 00:14:49 hqnl0246134 sshd[268928]: Failed password for root from 61.177.173.36 port 12944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 00:14:51,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364891.3226595, 'message': 'Dec  7 00:14:50 hqnl0246134 sshd[268924]: Failed password for invalid user software from 20.218.109.19 port 54856 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-07 00:14:51,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364891.3228607, 'message': 'Dec  7 00:14:50 hqnl0246134 sshd[268933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.139.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 00:14:51,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670364891.3231332, 'message': 'Dec  7 00:14:51 hqnl0246134 sshd[268924]: Disconnected from invalid user software 20.218.109.19 port 54856 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 00:14:51,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364891.3230145, 'message': 'Dec  7 00:14:50 hqnl0246134 sshd[268933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.139.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 00:14:53,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364893.3251615, 'message': 'Dec  7 00:14:51 hqnl0246134 sshd[268928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0704 seconds
INFO    [2022-12-07 00:14:53,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.178.139.28', 'timestamp': 1670364893.325565, 'message': 'Dec  7 00:14:53 hqnl0246134 sshd[268933]: Failed password for root from 51.178.139.28 port 33010 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0782 seconds
INFO    [2022-12-07 00:14:53,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364893.325403, 'message': 'Dec  7 00:14:53 hqnl0246134 sshd[268928]: Failed password for root from 61.177.173.36 port 12944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 00:14:55,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364895.32799, 'message': 'Dec  7 00:14:53 hqnl0246134 sshd[268928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:14:55,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670364895.328428, 'message': 'Dec  7 00:14:55 hqnl0246134 sshd[268928]: Failed password for root from 61.177.173.36 port 12944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:15:07,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364907.35, 'message': 'Dec  7 00:15:06 hqnl0246134 sshd[268967]: Invalid user deployer from 189.8.68.56 port 46856', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 00:15:07,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364907.350549, 'message': 'Dec  7 00:15:06 hqnl0246134 sshd[268967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.8.68.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 00:15:07,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364907.3507106, 'message': 'Dec  7 00:15:06 hqnl0246134 sshd[268967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.8.68.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 00:15:09,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364909.350119, 'message': 'Dec  7 00:15:08 hqnl0246134 sshd[268967]: Failed password for invalid user deployer from 189.8.68.56 port 46856 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 00:15:11,239] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:15:11,271] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0394 seconds
INFO    [2022-12-07 00:15:11,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670364911.352952, 'message': 'Dec  7 00:15:09 hqnl0246134 sshd[268967]: Disconnected from invalid user deployer 189.8.68.56 port 46856 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 00:15:15,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364915.3569329, 'message': 'Dec  7 00:15:14 hqnl0246134 sshd[268977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 00:15:17,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364917.3576696, 'message': 'Dec  7 00:15:15 hqnl0246134 sshd[268977]: Failed password for root from 61.177.173.18 port 46313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:15:18,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:15:18,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:15:18,028] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:15:18,039] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:15:19,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364919.360868, 'message': 'Dec  7 00:15:18 hqnl0246134 sshd[268977]: Failed password for root from 61.177.173.18 port 46313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 00:15:20,720] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:15:20,721] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:15:20,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:15:20,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:15:23,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364923.3652349, 'message': 'Dec  7 00:15:23 hqnl0246134 sshd[268977]: Failed password for root from 61.177.173.18 port 46313 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 00:15:27,557] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:15:27,558] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:15:27,568] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:15:27,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
WARNING [2022-12-07 00:15:49,863] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:15:49,864] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:15:51,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364951.3946922, 'message': 'Dec  7 00:15:49 hqnl0246134 sshd[269032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.217.131.233 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 00:15:51,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364951.3950055, 'message': 'Dec  7 00:15:49 hqnl0246134 sshd[269032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 00:15:51,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.217.131.233', 'timestamp': 1670364951.3952382, 'message': 'Dec  7 00:15:50 hqnl0246134 sshd[269032]: Failed password for root from 206.217.131.233 port 57754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 00:15:53,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364953.3968525, 'message': 'Dec  7 00:15:51 hqnl0246134 sshd[269034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:15:55,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670364955.3976128, 'message': 'Dec  7 00:15:53 hqnl0246134 sshd[269034]: Failed password for root from 165.227.166.207 port 53316 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 00:16:01,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364961.4057422, 'message': 'Dec  7 00:15:59 hqnl0246134 sshd[269048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 00:16:03,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670364963.4089975, 'message': 'Dec  7 00:16:01 hqnl0246134 sshd[269048]: Failed password for root from 61.177.173.18 port 57768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 00:16:11,244] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:16:11,269] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-07 00:16:18,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:16:18,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:16:18,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:16:18,042] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 00:16:21,431] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:16:21,431] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:16:21,439] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:16:21,452] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 00:16:37,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670364997.4604335, 'message': 'Dec  7 00:16:37 hqnl0246134 sshd[269085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 00:16:37,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670364997.4608002, 'message': 'Dec  7 00:16:37 hqnl0246134 sshd[269085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:16:39,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.157.26.210', 'timestamp': 1670364999.4618292, 'message': 'Dec  7 00:16:38 hqnl0246134 sshd[269085]: Failed password for root from 43.157.26.210 port 42170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:16:41,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365001.4641347, 'message': 'Dec  7 00:16:40 hqnl0246134 sshd[269089]: Invalid user test from 143.198.39.194 port 52182', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:16:41,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365001.4643865, 'message': 'Dec  7 00:16:40 hqnl0246134 sshd[269089]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.39.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:16:41,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365001.464504, 'message': 'Dec  7 00:16:40 hqnl0246134 sshd[269089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:16:41,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:16:41,693] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:16:41,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:16:41,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 00:16:45,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365005.4866452, 'message': 'Dec  7 00:16:43 hqnl0246134 sshd[269089]: Failed password for invalid user test from 143.198.39.194 port 52182 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:16:47,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365007.4980326, 'message': 'Dec  7 00:16:45 hqnl0246134 sshd[269089]: Disconnected from invalid user test 143.198.39.194 port 52182 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 00:16:47,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365007.498943, 'message': 'Dec  7 00:16:46 hqnl0246134 sshd[269095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 00:16:49,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365009.5084727, 'message': 'Dec  7 00:16:48 hqnl0246134 sshd[269095]: Failed password for root from 61.177.173.18 port 30602 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-07 00:16:49,866] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:16:49,867] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:17:11,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:17:11,276] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0374 seconds
INFO    [2022-12-07 00:17:15,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365035.5608768, 'message': 'Dec  7 00:17:13 hqnl0246134 sshd[269128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 93.153.192.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 00:17:15,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365035.5611997, 'message': 'Dec  7 00:17:13 hqnl0246134 sshd[269128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.153.192.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:17:15,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365035.5614276, 'message': 'Dec  7 00:17:15 hqnl0246134 sshd[269128]: Failed password for root from 93.153.192.254 port 44168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:17:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:17:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:17:17,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:17:18,011] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 00:17:20,640] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:17:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:17:20,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:17:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 00:17:25,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670365045.5988393, 'message': 'Dec  7 00:17:25 hqnl0246134 sshd[269140]: Invalid user glenn from 43.153.30.50 port 55662', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 00:17:25,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.30.50', 'timestamp': 1670365045.5990937, 'message': 'Dec  7 00:17:25 hqnl0246134 sshd[269140]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.30.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:17:25,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.30.50', 'timestamp': 1670365045.599336, 'message': 'Dec  7 00:17:25 hqnl0246134 sshd[269140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.30.50 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:17:27,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365047.6015267, 'message': 'Dec  7 00:17:25 hqnl0246134 sshd[269142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.240.88.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 00:17:27,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670365047.6020458, 'message': 'Dec  7 00:17:27 hqnl0246134 sshd[269140]: Failed password for invalid user glenn from 43.153.30.50 port 55662 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 00:17:27,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365047.6019073, 'message': 'Dec  7 00:17:25 hqnl0246134 sshd[269142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:17:27,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365047.6021698, 'message': 'Dec  7 00:17:27 hqnl0246134 sshd[269142]: Failed password for root from 45.240.88.36 port 33184 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:17:29,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.30.50', 'timestamp': 1670365049.607222, 'message': 'Dec  7 00:17:28 hqnl0246134 sshd[269140]: Disconnected from invalid user glenn 43.153.30.50 port 55662 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 00:17:33,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365053.619801, 'message': 'Dec  7 00:17:32 hqnl0246134 sshd[269153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:17:35,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365055.6226335, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269153]: Failed password for root from 61.177.173.18 port 42295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 00:17:35,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670365055.622851, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269158]: Invalid user lx from 51.178.139.28 port 51042', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 00:17:35,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670365055.6232433, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269156]: Invalid user admin from 189.8.68.56 port 51460', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 00:17:35,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.178.139.28', 'timestamp': 1670365055.6229796, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.178.139.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 00:17:35,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.8.68.56', 'timestamp': 1670365055.6233792, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269156]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.8.68.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 00:17:35,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.178.139.28', 'timestamp': 1670365055.6231232, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.139.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:17:35,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.8.68.56', 'timestamp': 1670365055.6234927, 'message': 'Dec  7 00:17:34 hqnl0246134 sshd[269156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.8.68.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 00:17:37,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670365057.6248786, 'message': 'Dec  7 00:17:36 hqnl0246134 sshd[269158]: Failed password for invalid user lx from 51.178.139.28 port 51042 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-07 00:17:37,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670365057.6251502, 'message': 'Dec  7 00:17:36 hqnl0246134 sshd[269156]: Failed password for invalid user admin from 189.8.68.56 port 51460 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 00:17:37,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365057.625552, 'message': 'Dec  7 00:17:36 hqnl0246134 sshd[269153]: Failed password for root from 61.177.173.18 port 42295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-07 00:17:37,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.178.139.28', 'timestamp': 1670365057.6253445, 'message': 'Dec  7 00:17:36 hqnl0246134 sshd[269158]: Disconnected from invalid user lx 51.178.139.28 port 51042 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:17:39,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.8.68.56', 'timestamp': 1670365059.627177, 'message': 'Dec  7 00:17:38 hqnl0246134 sshd[269156]: Disconnected from invalid user admin 189.8.68.56 port 51460 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 00:17:39,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365059.6274576, 'message': 'Dec  7 00:17:39 hqnl0246134 sshd[269153]: Failed password for root from 61.177.173.18 port 42295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 00:17:41,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365061.6297452, 'message': 'Dec  7 00:17:41 hqnl0246134 sshd[269162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 00:17:43,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365063.6325104, 'message': 'Dec  7 00:17:42 hqnl0246134 sshd[269162]: Failed password for root from 165.227.166.207 port 35362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 00:17:49,877] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:17:49,877] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:17:53,244] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:17:53,310] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:17:53,311] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:17:53,311] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:17:53,311] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:17:53,312] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:17:53,321] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:17:53,335] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0231 seconds
WARNING [2022-12-07 00:17:53,342] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:17:53,346] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:17:53,363] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0335 seconds
INFO    [2022-12-07 00:17:53,365] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0320 seconds
WARNING [2022-12-07 00:18:11,253] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:18:11,284] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0406 seconds
INFO    [2022-12-07 00:18:13,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365093.6770737, 'message': 'Dec  7 00:18:13 hqnl0246134 sshd[269187]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.225.255.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 00:18:13,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365093.677438, 'message': 'Dec  7 00:18:13 hqnl0246134 sshd[269187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.255.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:18:15,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365095.6779146, 'message': 'Dec  7 00:18:15 hqnl0246134 sshd[269187]: Failed password for root from 14.225.255.28 port 52176 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:18:17,987] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:18:17,987] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:18:17,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:18:18,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-07 00:18:19,792] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:18:19,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 00:18:19,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365099.6832457, 'message': 'Dec  7 00:18:18 hqnl0246134 sshd[269191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1252 seconds
INFO    [2022-12-07 00:18:19,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.217.131.233', 'timestamp': 1670365099.6836665, 'message': 'Dec  7 00:18:19 hqnl0246134 sshd[269202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.217.131.233 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1269 seconds
INFO    [2022-12-07 00:18:19,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365099.6839235, 'message': 'Dec  7 00:18:19 hqnl0246134 sshd[269198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1278 seconds
WARNING [2022-12-07 00:18:19,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:18:19,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365099.6835203, 'message': 'Dec  7 00:18:18 hqnl0246134 sshd[269191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0598 seconds
INFO    [2022-12-07 00:18:19,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0598 seconds
INFO    [2022-12-07 00:18:19,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.217.131.233', 'timestamp': 1670365099.683773, 'message': 'Dec  7 00:18:19 hqnl0246134 sshd[269202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 00:18:20,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:18:20,587] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:18:20,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:18:20,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 00:18:21,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365101.685564, 'message': 'Dec  7 00:18:20 hqnl0246134 sshd[269191]: Failed password for root from 61.177.173.37 port 36930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 00:18:21,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.217.131.233', 'timestamp': 1670365101.6866713, 'message': 'Dec  7 00:18:20 hqnl0246134 sshd[269202]: Failed password for root from 206.217.131.233 port 46686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 00:18:21,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365101.6868305, 'message': 'Dec  7 00:18:20 hqnl0246134 sshd[269198]: Failed password for root from 61.177.173.18 port 62470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 00:18:23,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365103.687827, 'message': 'Dec  7 00:18:22 hqnl0246134 sshd[269191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 00:18:23,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365103.6880383, 'message': 'Dec  7 00:18:23 hqnl0246134 sshd[269198]: Failed password for root from 61.177.173.18 port 62470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 00:18:25,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365105.690437, 'message': 'Dec  7 00:18:24 hqnl0246134 sshd[269191]: Failed password for root from 61.177.173.37 port 36930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:18:26,294] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:18:26,295] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:18:26,296] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 00:18:27,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365107.6932194, 'message': 'Dec  7 00:18:26 hqnl0246134 sshd[269191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 00:18:27,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365107.6936433, 'message': 'Dec  7 00:18:27 hqnl0246134 sshd[269198]: Failed password for root from 61.177.173.18 port 62470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 00:18:29,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365109.696084, 'message': 'Dec  7 00:18:28 hqnl0246134 sshd[269191]: Failed password for root from 61.177.173.37 port 36930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:18:31,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365111.69858, 'message': 'Dec  7 00:18:30 hqnl0246134 sshd[269219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 00:18:31,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365111.6987987, 'message': 'Dec  7 00:18:30 hqnl0246134 sshd[269219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:18:33,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365113.7004218, 'message': 'Dec  7 00:18:32 hqnl0246134 sshd[269219]: Failed password for root from 61.177.173.37 port 31322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:18:35,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365115.7029417, 'message': 'Dec  7 00:18:34 hqnl0246134 sshd[269219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 00:18:37,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365117.7069542, 'message': 'Dec  7 00:18:36 hqnl0246134 sshd[269219]: Failed password for root from 61.177.173.37 port 31322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:18:37,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365117.7071292, 'message': 'Dec  7 00:18:37 hqnl0246134 sshd[269219]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:18:39,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365119.7107062, 'message': 'Dec  7 00:18:38 hqnl0246134 sshd[269219]: Failed password for root from 61.177.173.37 port 31322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:18:41,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365121.7132902, 'message': 'Dec  7 00:18:40 hqnl0246134 sshd[269223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:18:41,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365121.7134902, 'message': 'Dec  7 00:18:40 hqnl0246134 sshd[269223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 00:18:43,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365123.715778, 'message': 'Dec  7 00:18:43 hqnl0246134 sshd[269223]: Failed password for root from 61.177.173.37 port 53947 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:18:45,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365125.719465, 'message': 'Dec  7 00:18:45 hqnl0246134 sshd[269223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:18:47,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365127.7221513, 'message': 'Dec  7 00:18:47 hqnl0246134 sshd[269223]: Failed password for root from 61.177.173.37 port 53947 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 00:18:49,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365129.7242408, 'message': 'Dec  7 00:18:49 hqnl0246134 sshd[269223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 00:18:49,882] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:18:49,883] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:18:51,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365131.7291052, 'message': 'Dec  7 00:18:51 hqnl0246134 sshd[269223]: Failed password for root from 61.177.173.37 port 53947 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:18:53,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365133.73107, 'message': 'Dec  7 00:18:53 hqnl0246134 sshd[269226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:18:53,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365133.7312856, 'message': 'Dec  7 00:18:53 hqnl0246134 sshd[269226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:18:55,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365135.7329266, 'message': 'Dec  7 00:18:55 hqnl0246134 sshd[269226]: Failed password for root from 61.177.173.37 port 37753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:18:57,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365137.7355154, 'message': 'Dec  7 00:18:57 hqnl0246134 sshd[269226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 00:18:59,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365139.7358468, 'message': 'Dec  7 00:18:59 hqnl0246134 sshd[269226]: Failed password for root from 61.177.173.37 port 37753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:19:03,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365143.7421608, 'message': 'Dec  7 00:19:01 hqnl0246134 sshd[269226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:19:03,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365143.7423675, 'message': 'Dec  7 00:19:03 hqnl0246134 sshd[269226]: Failed password for root from 61.177.173.37 port 37753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 00:19:05,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365145.7451434, 'message': 'Dec  7 00:19:05 hqnl0246134 sshd[269245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 00:19:05,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365145.7453806, 'message': 'Dec  7 00:19:05 hqnl0246134 sshd[269245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 00:19:07,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365147.7501001, 'message': 'Dec  7 00:19:05 hqnl0246134 sshd[269247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 00:19:07,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365147.75034, 'message': 'Dec  7 00:19:07 hqnl0246134 sshd[269245]: Failed password for root from 61.177.173.37 port 24175 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 00:19:09,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365149.7551758, 'message': 'Dec  7 00:19:08 hqnl0246134 sshd[269247]: Failed password for root from 61.177.173.18 port 23944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 00:19:09,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365149.755368, 'message': 'Dec  7 00:19:09 hqnl0246134 sshd[269245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 00:19:11,254] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:19:11,275] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-07 00:19:11,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365151.7587233, 'message': 'Dec  7 00:19:11 hqnl0246134 sshd[269245]: Failed password for root from 61.177.173.37 port 24175 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:19:13,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365153.761721, 'message': 'Dec  7 00:19:11 hqnl0246134 sshd[269245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 00:19:13,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365153.762247, 'message': 'Dec  7 00:19:12 hqnl0246134 sshd[269247]: Failed password for root from 61.177.173.18 port 23944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 00:19:15,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670365155.7633553, 'message': 'Dec  7 00:19:14 hqnl0246134 sshd[269245]: Failed password for root from 61.177.173.37 port 24175 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1028 seconds
INFO    [2022-12-07 00:19:15,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365155.7638798, 'message': 'Dec  7 00:19:14 hqnl0246134 sshd[269247]: Failed password for root from 61.177.173.18 port 23944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1021 seconds
INFO    [2022-12-07 00:19:17,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365157.76595, 'message': 'Dec  7 00:19:16 hqnl0246134 sshd[269279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 00:19:18,813] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:19:18,814] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:19:18,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:19:18,834] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 00:19:19,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.39.194', 'timestamp': 1670365159.767126, 'message': 'Dec  7 00:19:19 hqnl0246134 sshd[269279]: Failed password for root from 143.198.39.194 port 46890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 00:19:21,691] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:19:21,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:19:21,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:19:21,709] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 00:19:29,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365169.78006, 'message': 'Dec  7 00:19:28 hqnl0246134 sshd[269298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 00:19:31,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365171.7817855, 'message': 'Dec  7 00:19:30 hqnl0246134 sshd[269298]: Failed password for root from 165.227.166.207 port 45666 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:19:35,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:19:35,211] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:19:35,219] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:19:35,230] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 00:19:49,885] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:19:49,887] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:19:55,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365195.80823, 'message': 'Dec  7 00:19:53 hqnl0246134 sshd[269308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 00:19:57,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365197.8069456, 'message': 'Dec  7 00:19:56 hqnl0246134 sshd[269308]: Failed password for root from 61.177.173.18 port 42825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 00:19:57,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365197.8072808, 'message': 'Dec  7 00:19:57 hqnl0246134 sshd[269312]: Invalid user sonar from 93.153.192.254 port 32840', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 00:19:57,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365197.8074522, 'message': 'Dec  7 00:19:57 hqnl0246134 sshd[269312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 93.153.192.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:19:57,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365197.8075807, 'message': 'Dec  7 00:19:57 hqnl0246134 sshd[269312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.153.192.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 00:19:59,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365199.8075187, 'message': 'Dec  7 00:19:59 hqnl0246134 sshd[269312]: Failed password for invalid user sonar from 93.153.192.254 port 32840 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 00:20:01,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365201.8124342, 'message': 'Dec  7 00:20:00 hqnl0246134 sshd[269308]: Failed password for root from 61.177.173.18 port 42825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1122 seconds
INFO    [2022-12-07 00:20:01,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '93.153.192.254', 'timestamp': 1670365201.812807, 'message': 'Dec  7 00:20:01 hqnl0246134 sshd[269312]: Disconnected from invalid user sonar 93.153.192.254 port 32840 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1125 seconds
INFO    [2022-12-07 00:20:05,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365205.8189952, 'message': 'Dec  7 00:20:04 hqnl0246134 sshd[269308]: Failed password for root from 61.177.173.18 port 42825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-07 00:20:11,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:20:11,308] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0538 seconds
INFO    [2022-12-07 00:20:13,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365213.8322453, 'message': 'Dec  7 00:20:13 hqnl0246134 sshd[269349]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.240.88.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:20:13,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365213.8325398, 'message': 'Dec  7 00:20:13 hqnl0246134 sshd[269349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:20:15,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.240.88.36', 'timestamp': 1670365215.8369498, 'message': 'Dec  7 00:20:15 hqnl0246134 sshd[269349]: Failed password for root from 45.240.88.36 port 50258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:20:17,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:20:17,766] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:20:17,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:20:17,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 00:20:17,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365217.839821, 'message': 'Dec  7 00:20:16 hqnl0246134 sshd[269353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.147.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:20:17,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365217.8400066, 'message': 'Dec  7 00:20:16 hqnl0246134 sshd[269353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.147.235  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:20:19,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365219.8417697, 'message': 'Dec  7 00:20:19 hqnl0246134 sshd[269353]: Failed password for root from 138.197.147.235 port 59280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:20:20,312] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:20:20,313] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:20:20,320] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:20:20,331] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:20:43,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365243.8833063, 'message': 'Dec  7 00:20:42 hqnl0246134 sshd[269375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 00:20:45,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365245.8846722, 'message': 'Dec  7 00:20:44 hqnl0246134 sshd[269375]: Failed password for root from 61.177.173.18 port 64036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 00:20:49,891] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:20:49,892] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:21:11,266] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:21:11,298] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0407 seconds
INFO    [2022-12-07 00:21:17,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:21:17,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:21:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:21:17,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 00:21:20,558] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:21:20,559] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:21:20,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:21:20,579] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 00:21:25,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365285.9312038, 'message': 'Dec  7 00:21:24 hqnl0246134 sshd[269413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 00:21:27,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365287.933224, 'message': 'Dec  7 00:21:26 hqnl0246134 sshd[269413]: Failed password for root from 165.227.166.207 port 55954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 00:21:30,557] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:21:30,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:21:30,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:21:30,579] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 00:21:31,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365291.9360468, 'message': 'Dec  7 00:21:30 hqnl0246134 sshd[269427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 00:21:33,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365293.9404988, 'message': 'Dec  7 00:21:32 hqnl0246134 sshd[269427]: Failed password for root from 61.177.173.18 port 25296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-07 00:21:33,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365293.94073, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269423]: Invalid user epg from 20.218.109.19 port 47506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-07 00:21:33,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365293.9411876, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269432]: Invalid user install from 20.40.81.0 port 41570', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 00:21:34,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365293.9408915, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.218.109.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 00:21:34,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365293.9413722, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 00:21:34,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365293.9410179, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.218.109.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 00:21:34,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365293.9415076, 'message': 'Dec  7 00:21:33 hqnl0246134 sshd[269432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 00:21:35,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365295.942958, 'message': 'Dec  7 00:21:35 hqnl0246134 sshd[269423]: Failed password for invalid user epg from 20.218.109.19 port 47506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:21:38,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365297.9597375, 'message': 'Dec  7 00:21:36 hqnl0246134 sshd[269432]: Failed password for invalid user install from 20.40.81.0 port 41570 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1051 seconds
INFO    [2022-12-07 00:21:38,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365297.9598997, 'message': 'Dec  7 00:21:36 hqnl0246134 sshd[269427]: Failed password for root from 61.177.173.18 port 25296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1064 seconds
INFO    [2022-12-07 00:21:38,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365297.9600377, 'message': 'Dec  7 00:21:37 hqnl0246134 sshd[269423]: Disconnected from invalid user epg 20.218.109.19 port 47506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1070 seconds
INFO    [2022-12-07 00:21:38,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365297.9601521, 'message': 'Dec  7 00:21:37 hqnl0246134 sshd[269435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.68.156.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1069 seconds
INFO    [2022-12-07 00:21:38,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365297.9602509, 'message': 'Dec  7 00:21:37 hqnl0246134 sshd[269435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.68.156.60  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 00:21:39,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365299.9574556, 'message': 'Dec  7 00:21:38 hqnl0246134 sshd[269432]: Disconnected from invalid user install 20.40.81.0 port 41570 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 00:21:39,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365299.957999, 'message': 'Dec  7 00:21:39 hqnl0246134 sshd[269435]: Failed password for root from 189.68.156.60 port 51081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 00:21:41,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365301.965265, 'message': 'Dec  7 00:21:40 hqnl0246134 sshd[269427]: Failed password for root from 61.177.173.18 port 25296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 00:21:49,896] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:21:49,897] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:21:54,080] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 00:22:11,268] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:22:11,293] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-07 00:22:16,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365336.0281096, 'message': 'Dec  7 00:22:15 hqnl0246134 sshd[269465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:22:17,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:22:17,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:22:17,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:22:17,965] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 00:22:18,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365338.0289354, 'message': 'Dec  7 00:22:17 hqnl0246134 sshd[269465]: Failed password for root from 61.177.173.18 port 34667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 00:22:20,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:22:20,710] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:22:20,719] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:22:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 00:22:22,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365342.0407417, 'message': 'Dec  7 00:22:20 hqnl0246134 sshd[269465]: Failed password for root from 61.177.173.18 port 34667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 00:22:22,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365342.040943, 'message': 'Dec  7 00:22:21 hqnl0246134 sshd[269475]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 00:22:22,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365342.0411232, 'message': 'Dec  7 00:22:21 hqnl0246134 sshd[269475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:22:24,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365344.0474846, 'message': 'Dec  7 00:22:23 hqnl0246134 sshd[269475]: Failed password for root from 61.177.173.53 port 44089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 00:22:26,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365346.0505788, 'message': 'Dec  7 00:22:25 hqnl0246134 sshd[269465]: Failed password for root from 61.177.173.18 port 34667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:22:26,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365346.0507722, 'message': 'Dec  7 00:22:25 hqnl0246134 sshd[269475]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:22:28,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365348.0652874, 'message': 'Dec  7 00:22:26 hqnl0246134 sshd[269475]: Failed password for root from 61.177.173.53 port 44089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 00:22:28,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365348.0657022, 'message': 'Dec  7 00:22:27 hqnl0246134 sshd[269475]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:22:30,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365350.0667999, 'message': 'Dec  7 00:22:29 hqnl0246134 sshd[269475]: Failed password for root from 61.177.173.53 port 44089 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 00:22:30,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365350.0670946, 'message': 'Dec  7 00:22:29 hqnl0246134 sshd[269490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:22:30,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365350.0672903, 'message': 'Dec  7 00:22:29 hqnl0246134 sshd[269490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:22:32,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365352.075306, 'message': 'Dec  7 00:22:31 hqnl0246134 sshd[269490]: Failed password for root from 43.157.26.210 port 51980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 00:22:32,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365352.0755334, 'message': 'Dec  7 00:22:31 hqnl0246134 sshd[269492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 00:22:32,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365352.0756707, 'message': 'Dec  7 00:22:31 hqnl0246134 sshd[269492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 00:22:34,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365354.0775902, 'message': 'Dec  7 00:22:33 hqnl0246134 sshd[269492]: Failed password for root from 61.177.173.53 port 63234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 00:22:36,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365356.0810716, 'message': 'Dec  7 00:22:35 hqnl0246134 sshd[269492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 00:22:38,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365358.1689568, 'message': 'Dec  7 00:22:37 hqnl0246134 sshd[269492]: Failed password for root from 61.177.173.53 port 63234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:22:38,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365358.1691692, 'message': 'Dec  7 00:22:37 hqnl0246134 sshd[269492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:22:40,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670365360.0952816, 'message': 'Dec  7 00:22:39 hqnl0246134 sshd[269492]: Failed password for root from 61.177.173.53 port 63234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:22:42,598] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:22:42,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:22:42,606] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:22:42,617] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 00:22:49,905] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:22:49,907] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:23:04,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365384.1406624, 'message': 'Dec  7 00:23:03 hqnl0246134 sshd[269523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.147.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-07 00:23:04,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365384.1418736, 'message': 'Dec  7 00:23:03 hqnl0246134 sshd[269521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0686 seconds
INFO    [2022-12-07 00:23:04,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365384.1415427, 'message': 'Dec  7 00:23:03 hqnl0246134 sshd[269523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.147.235  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 00:23:06,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365386.141443, 'message': 'Dec  7 00:23:05 hqnl0246134 sshd[269523]: Failed password for root from 138.197.147.235 port 42578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 00:23:06,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365386.1417718, 'message': 'Dec  7 00:23:05 hqnl0246134 sshd[269521]: Failed password for root from 61.177.173.18 port 63214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 00:23:08,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365388.2864904, 'message': 'Dec  7 00:23:08 hqnl0246134 sshd[269521]: Failed password for root from 61.177.173.18 port 63214 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 00:23:11,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:23:11,295] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-07 00:23:14,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365394.147792, 'message': 'Dec  7 00:23:12 hqnl0246134 sshd[269521]: Failed password for root from 61.177.173.18 port 63214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:23:16,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365396.1501935, 'message': 'Dec  7 00:23:14 hqnl0246134 sshd[269548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:23:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:23:17,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:23:18,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:23:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-07 00:23:18,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365398.1523192, 'message': 'Dec  7 00:23:16 hqnl0246134 sshd[269548]: Failed password for root from 165.227.166.207 port 38006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 00:23:20,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:23:20,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:23:20,830] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:23:20,842] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-07 00:23:49,909] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:23:49,910] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:23:50,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365430.232821, 'message': 'Dec  7 00:23:49 hqnl0246134 sshd[269570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 00:23:50,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365430.2335095, 'message': 'Dec  7 00:23:49 hqnl0246134 sshd[269572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.225.255.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 00:23:50,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365430.23375, 'message': 'Dec  7 00:23:49 hqnl0246134 sshd[269572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.255.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:23:52,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365432.2345395, 'message': 'Dec  7 00:23:50 hqnl0246134 sshd[269570]: Failed password for root from 61.177.173.18 port 21040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1304 seconds
INFO    [2022-12-07 00:23:52,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365432.2348297, 'message': 'Dec  7 00:23:51 hqnl0246134 sshd[269572]: Failed password for root from 14.225.255.28 port 34868 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1306 seconds
INFO    [2022-12-07 00:23:54,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365434.2364564, 'message': 'Dec  7 00:23:53 hqnl0246134 sshd[269570]: Failed password for root from 61.177.173.18 port 21040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 00:23:54,759] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:23:54,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:23:54,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:23:54,779] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 00:23:58,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365438.2409105, 'message': 'Dec  7 00:23:57 hqnl0246134 sshd[269570]: Failed password for root from 61.177.173.18 port 21040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-07 00:24:11,282] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:24:11,320] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0517 seconds
INFO    [2022-12-07 00:24:18,136] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:24:18,137] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:24:18,144] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:24:18,156] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 00:24:20,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:24:20,841] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:24:20,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:24:20,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 00:24:36,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365476.2807689, 'message': 'Dec  7 00:24:35 hqnl0246134 sshd[269623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 00:24:38,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365478.2816188, 'message': 'Dec  7 00:24:37 hqnl0246134 sshd[269623]: Failed password for root from 61.177.173.18 port 43509 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:24:46,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365486.288742, 'message': 'Dec  7 00:24:44 hqnl0246134 sshd[269627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 00:24:46,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365486.2889671, 'message': 'Dec  7 00:24:44 hqnl0246134 sshd[269627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:24:46,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365486.2891774, 'message': 'Dec  7 00:24:46 hqnl0246134 sshd[269627]: Failed password for root from 20.40.81.0 port 33734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
WARNING [2022-12-07 00:24:49,913] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:24:49,914] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:24:54,300] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:24:54,373] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:24:54,374] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:24:54,374] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:24:54,374] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:24:54,375] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:24:54,390] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:24:54,419] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0437 seconds
WARNING [2022-12-07 00:24:54,432] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:24:54,436] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:24:54,458] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0489 seconds
INFO    [2022-12-07 00:24:54,459] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0445 seconds
INFO    [2022-12-07 00:25:04,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365504.3061223, 'message': 'Dec  7 00:25:03 hqnl0246134 sshd[269659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:25:04,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365504.306928, 'message': 'Dec  7 00:25:03 hqnl0246134 sshd[269659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 00:25:06,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365506.3064845, 'message': 'Dec  7 00:25:05 hqnl0246134 sshd[269659]: Failed password for root from 43.157.26.210 port 40906 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 00:25:06,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365506.306775, 'message': 'Dec  7 00:25:06 hqnl0246134 sshd[269661]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.68.156.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:25:06,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365506.306974, 'message': 'Dec  7 00:25:06 hqnl0246134 sshd[269661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.68.156.60  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 00:25:08,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365508.3063805, 'message': 'Dec  7 00:25:08 hqnl0246134 sshd[269661]: Failed password for root from 189.68.156.60 port 27789 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:25:08,471] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:25:08,472] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:25:08,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:25:08,491] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-07 00:25:11,281] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:25:11,305] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-07 00:25:12,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365512.3197985, 'message': 'Dec  7 00:25:10 hqnl0246134 sshd[269674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:25:14,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365514.321814, 'message': 'Dec  7 00:25:12 hqnl0246134 sshd[269674]: Failed password for root from 165.227.166.207 port 48312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:25:17,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:25:17,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:25:17,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:25:17,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-07 00:25:20,562] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:25:20,562] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:25:20,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:25:20,583] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:25:24,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365524.3311663, 'message': 'Dec  7 00:25:22 hqnl0246134 sshd[269692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 00:25:26,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365526.3318536, 'message': 'Dec  7 00:25:24 hqnl0246134 sshd[269692]: Failed password for root from 61.177.173.18 port 10213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 00:25:30,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365530.350438, 'message': 'Dec  7 00:25:27 hqnl0246134 sshd[269692]: Failed password for root from 61.177.173.18 port 10213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:25:31,835] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:25:31,835] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:25:31,836] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 00:25:32,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365532.3530474, 'message': 'Dec  7 00:25:30 hqnl0246134 sshd[269692]: Failed password for root from 61.177.173.18 port 10213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 00:25:42,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365542.362382, 'message': 'Dec  7 00:25:40 hqnl0246134 sshd[269708]: Invalid user b from 138.197.147.235 port 38456', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:25:42,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365542.3655183, 'message': 'Dec  7 00:25:40 hqnl0246134 sshd[269708]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.147.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:25:42,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365542.3657415, 'message': 'Dec  7 00:25:40 hqnl0246134 sshd[269708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.147.235 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:25:44,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365544.3675992, 'message': 'Dec  7 00:25:42 hqnl0246134 sshd[269708]: Failed password for invalid user b from 138.197.147.235 port 38456 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:25:44,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.147.235', 'timestamp': 1670365544.3677979, 'message': 'Dec  7 00:25:43 hqnl0246134 sshd[269708]: Disconnected from invalid user b 138.197.147.235 port 38456 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 00:25:49,917] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:25:49,918] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:26:10,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365570.4096603, 'message': 'Dec  7 00:26:09 hqnl0246134 sshd[269728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
WARNING [2022-12-07 00:26:11,288] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:26:11,308] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0282 seconds
INFO    [2022-12-07 00:26:12,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365572.4164789, 'message': 'Dec  7 00:26:11 hqnl0246134 sshd[269728]: Failed password for root from 61.177.173.18 port 28292 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:26:18,027] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:26:18,028] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:26:18,036] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:26:18,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 00:26:18,755] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:26:18,756] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:26:18,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:26:18,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 00:26:20,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:26:20,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:26:20,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:26:20,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0341 seconds
WARNING [2022-12-07 00:26:49,921] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:26:49,922] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:26:56,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365616.474273, 'message': 'Dec  7 00:26:56 hqnl0246134 sshd[269757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 00:26:58,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365618.4750965, 'message': 'Dec  7 00:26:58 hqnl0246134 sshd[269757]: Failed password for root from 61.177.173.18 port 41401 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 00:27:04,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365624.481008, 'message': 'Dec  7 00:27:03 hqnl0246134 sshd[269757]: Failed password for root from 61.177.173.18 port 41401 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 00:27:10,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365630.49007, 'message': 'Dec  7 00:27:07 hqnl0246134 sshd[269757]: Failed password for root from 61.177.173.18 port 41401 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 00:27:10,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365630.490415, 'message': 'Dec  7 00:27:08 hqnl0246134 sshd[269783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
WARNING [2022-12-07 00:27:11,300] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:27:11,333] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0465 seconds
INFO    [2022-12-07 00:27:12,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365632.4931376, 'message': 'Dec  7 00:27:10 hqnl0246134 sshd[269783]: Failed password for root from 165.227.166.207 port 58594 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:27:17,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:27:17,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:27:17,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:27:17,917] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 00:27:20,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:27:20,503] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:27:20,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:27:20,523] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 00:27:24,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365644.5060995, 'message': 'Dec  7 00:27:23 hqnl0246134 sshd[269797]: Invalid user webadmin from 14.225.255.28 port 52362', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:27:24,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365644.5064669, 'message': 'Dec  7 00:27:23 hqnl0246134 sshd[269797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.225.255.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 00:27:24,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365644.5066695, 'message': 'Dec  7 00:27:23 hqnl0246134 sshd[269797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.255.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:27:26,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365646.5070062, 'message': 'Dec  7 00:27:25 hqnl0246134 sshd[269797]: Failed password for invalid user webadmin from 14.225.255.28 port 52362 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:27:28,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365648.509379, 'message': 'Dec  7 00:27:27 hqnl0246134 sshd[269797]: Disconnected from invalid user webadmin 14.225.255.28 port 52362 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 00:27:30,562] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:27:30,563] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:27:30,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:27:30,583] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 00:27:44,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365664.5330794, 'message': 'Dec  7 00:27:43 hqnl0246134 sshd[269816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:27:46,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365666.5336866, 'message': 'Dec  7 00:27:44 hqnl0246134 sshd[269816]: Failed password for root from 61.177.173.18 port 55690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 00:27:48,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365668.5378284, 'message': 'Dec  7 00:27:46 hqnl0246134 sshd[269816]: Failed password for root from 61.177.173.18 port 55690 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 00:27:48,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365668.538062, 'message': 'Dec  7 00:27:47 hqnl0246134 sshd[269819]: Invalid user console from 43.157.26.210 port 58066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 00:27:48,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365668.5383027, 'message': 'Dec  7 00:27:47 hqnl0246134 sshd[269819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.26.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:27:48,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365668.5384881, 'message': 'Dec  7 00:27:47 hqnl0246134 sshd[269819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 00:27:49,926] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:27:49,927] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:27:50,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365670.53819, 'message': 'Dec  7 00:27:50 hqnl0246134 sshd[269819]: Failed password for invalid user console from 43.157.26.210 port 58066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 00:27:50,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365670.5384085, 'message': 'Dec  7 00:27:50 hqnl0246134 sshd[269816]: Failed password for root from 61.177.173.18 port 55690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:27:54,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.26.210', 'timestamp': 1670365674.5421786, 'message': 'Dec  7 00:27:52 hqnl0246134 sshd[269819]: Disconnected from invalid user console 43.157.26.210 port 58066 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:28:04,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365684.565585, 'message': 'Dec  7 00:28:02 hqnl0246134 sshd[269861]: Invalid user composer from 20.218.109.19 port 40192', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 00:28:04,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365684.5662751, 'message': 'Dec  7 00:28:03 hqnl0246134 sshd[269861]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.218.109.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 00:28:04,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365684.5666084, 'message': 'Dec  7 00:28:03 hqnl0246134 sshd[269861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.218.109.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 00:28:06,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365686.5663917, 'message': 'Dec  7 00:28:05 hqnl0246134 sshd[269861]: Failed password for invalid user composer from 20.218.109.19 port 40192 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:28:06,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.218.109.19', 'timestamp': 1670365686.5666516, 'message': 'Dec  7 00:28:06 hqnl0246134 sshd[269861]: Disconnected from invalid user composer 20.218.109.19 port 40192 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 00:28:11,301] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:28:11,330] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-07 00:28:12,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365692.580221, 'message': 'Dec  7 00:28:10 hqnl0246134 sshd[269864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.40.81.0 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:28:12,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365692.580534, 'message': 'Dec  7 00:28:10 hqnl0246134 sshd[269864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:28:14,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.40.81.0', 'timestamp': 1670365694.5826714, 'message': 'Dec  7 00:28:13 hqnl0246134 sshd[269864]: Failed password for root from 20.40.81.0 port 36284 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:28:17,803] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:28:17,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:28:17,812] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:28:17,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 00:28:20,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:28:20,362] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:28:20,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:28:20,384] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 00:28:30,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365710.607438, 'message': 'Dec  7 00:28:30 hqnl0246134 sshd[269887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:28:32,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365712.6105313, 'message': 'Dec  7 00:28:32 hqnl0246134 sshd[269887]: Failed password for root from 61.177.173.18 port 21610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 00:28:40,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365720.6224113, 'message': 'Dec  7 00:28:38 hqnl0246134 sshd[269890]: Invalid user matteo from 189.68.156.60 port 23376', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:28:40,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365720.622686, 'message': 'Dec  7 00:28:38 hqnl0246134 sshd[269890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 189.68.156.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:28:40,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365720.6230087, 'message': 'Dec  7 00:28:38 hqnl0246134 sshd[269890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.68.156.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 00:28:40,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365720.6231987, 'message': 'Dec  7 00:28:40 hqnl0246134 sshd[269890]: Failed password for invalid user matteo from 189.68.156.60 port 23376 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:28:40,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '189.68.156.60', 'timestamp': 1670365720.6233723, 'message': 'Dec  7 00:28:40 hqnl0246134 sshd[269890]: Disconnected from invalid user matteo 189.68.156.60 port 23376 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 00:28:49,932] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:28:49,932] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:29:08,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365748.6570287, 'message': 'Dec  7 00:29:07 hqnl0246134 sshd[269910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 00:29:10,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365750.6583624, 'message': 'Dec  7 00:29:10 hqnl0246134 sshd[269910]: Failed password for root from 165.227.166.207 port 40642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
WARNING [2022-12-07 00:29:11,312] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:29:11,352] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0527 seconds
INFO    [2022-12-07 00:29:12,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365752.6613398, 'message': 'Dec  7 00:29:12 hqnl0246134 sshd[269912]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.240.118.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 00:29:12,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365752.6615539, 'message': 'Dec  7 00:29:12 hqnl0246134 sshd[269912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.240.118.172  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:29:14,383] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:29:14,384] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:29:14,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:29:14,404] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 00:29:14,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365754.6635745, 'message': 'Dec  7 00:29:14 hqnl0246134 sshd[269912]: Failed password for mysql from 91.240.118.172 port 26453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:29:16,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365756.6677287, 'message': 'Dec  7 00:29:15 hqnl0246134 sshd[269920]: Invalid user natalia from 91.240.118.172 port 29708', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 00:29:16,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365756.6682494, 'message': 'Dec  7 00:29:15 hqnl0246134 sshd[269920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.240.118.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 00:29:16,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365756.668559, 'message': 'Dec  7 00:29:15 hqnl0246134 sshd[269920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.240.118.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 00:29:17,765] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:29:17,765] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:29:17,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:29:17,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 00:29:18,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365758.671439, 'message': 'Dec  7 00:29:17 hqnl0246134 sshd[269920]: Failed password for invalid user natalia from 91.240.118.172 port 29708 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 00:29:18,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365758.6719384, 'message': 'Dec  7 00:29:17 hqnl0246134 sshd[269923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-07 00:29:18,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365758.67213, 'message': 'Dec  7 00:29:18 hqnl0246134 sshd[269920]: Disconnected from invalid user natalia 91.240.118.172 port 29708 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:29:18,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365758.6724238, 'message': 'Dec  7 00:29:18 hqnl0246134 sshd[269930]: Invalid user peter from 91.240.118.172 port 32984', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:29:20,434] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:29:20,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:29:20,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:29:20,452] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:29:20,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365760.6699746, 'message': 'Dec  7 00:29:18 hqnl0246134 sshd[269930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.240.118.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0655 seconds
INFO    [2022-12-07 00:29:20,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365760.6703255, 'message': 'Dec  7 00:29:19 hqnl0246134 sshd[269923]: Failed password for root from 61.177.173.18 port 47139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0668 seconds
INFO    [2022-12-07 00:29:20,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365760.670209, 'message': 'Dec  7 00:29:18 hqnl0246134 sshd[269930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.240.118.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 00:29:22,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365762.6734214, 'message': 'Dec  7 00:29:20 hqnl0246134 sshd[269930]: Failed password for invalid user peter from 91.240.118.172 port 32984 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:29:22,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365762.6743782, 'message': 'Dec  7 00:29:20 hqnl0246134 sshd[269930]: Disconnected from invalid user peter 91.240.118.172 port 32984 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 00:29:22,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365762.6748652, 'message': 'Dec  7 00:29:22 hqnl0246134 sshd[269923]: Failed password for root from 61.177.173.18 port 47139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 00:29:22,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365762.6744852, 'message': 'Dec  7 00:29:21 hqnl0246134 sshd[269936]: Invalid user pi from 91.240.118.172 port 35542', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:29:22,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365762.6746254, 'message': 'Dec  7 00:29:21 hqnl0246134 sshd[269936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.240.118.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:29:22,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365762.67475, 'message': 'Dec  7 00:29:21 hqnl0246134 sshd[269936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.240.118.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:29:24,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365764.6742342, 'message': 'Dec  7 00:29:23 hqnl0246134 sshd[269936]: Failed password for invalid user pi from 91.240.118.172 port 35542 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:29:24,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365764.6744182, 'message': 'Dec  7 00:29:23 hqnl0246134 sshd[269936]: Disconnected from invalid user pi 91.240.118.172 port 35542 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:29:24,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365764.6745644, 'message': 'Dec  7 00:29:23 hqnl0246134 sshd[269938]: Invalid user pi from 91.240.118.172 port 37989', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:29:24,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365764.6746922, 'message': 'Dec  7 00:29:24 hqnl0246134 sshd[269938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.240.118.172 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:29:24,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365764.6748111, 'message': 'Dec  7 00:29:24 hqnl0246134 sshd[269938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.240.118.172 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:29:26,491] defence360agent.files: Updating all files
INFO    [2022-12-07 00:29:26,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365766.6780052, 'message': 'Dec  7 00:29:25 hqnl0246134 sshd[269938]: Failed password for invalid user pi from 91.240.118.172 port 37989 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 00:29:26,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365766.6782198, 'message': 'Dec  7 00:29:26 hqnl0246134 sshd[269923]: Failed password for root from 61.177.173.18 port 47139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 00:29:26,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.240.118.172', 'timestamp': 1670365766.6783552, 'message': 'Dec  7 00:29:26 hqnl0246134 sshd[269938]: Disconnected from invalid user pi 91.240.118.172 port 37989 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 00:29:26,785] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:26,786] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 00:29:27,122] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:27,122] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 00:29:27,446] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:27,447] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 00:29:27,734] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:27,734] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 00:29:27,734] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 00:29:27,992] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 22:29:27 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E54D0E44A831E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 00:29:27,993] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 00:29:27,994] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 00:29:28,567] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:28,567] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 00:29:28,825] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:28,825] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 00:29:29,098] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:29,099] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 00:29:29,440] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:29,441] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 00:29:29,830] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 00:29:29,831] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-07 00:29:49,935] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:29:49,937] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:30:06,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365806.7435033, 'message': 'Dec  7 00:30:05 hqnl0246134 sshd[269982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 00:30:08,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365808.7472267, 'message': 'Dec  7 00:30:07 hqnl0246134 sshd[269982]: Failed password for root from 61.177.173.18 port 17671 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 00:30:11,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:30:11,331] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0276 seconds
INFO    [2022-12-07 00:30:17,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:30:17,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:30:17,775] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:30:17,793] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-07 00:30:20,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:30:20,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:30:20,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:30:20,552] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 00:30:48,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365848.8068657, 'message': 'Dec  7 00:30:48 hqnl0246134 sshd[270016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 00:30:48,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365848.8073888, 'message': 'Dec  7 00:30:48 hqnl0246134 sshd[270016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-07 00:30:49,946] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:30:49,947] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:30:50,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365850.8084898, 'message': 'Dec  7 00:30:50 hqnl0246134 sshd[270018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.225.255.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 00:30:50,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365850.8088076, 'message': 'Dec  7 00:30:50 hqnl0246134 sshd[270016]: Failed password for root from 61.177.173.46 port 51082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-07 00:30:50,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365850.8089309, 'message': 'Dec  7 00:30:50 hqnl0246134 sshd[270020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 00:30:50,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365850.8086934, 'message': 'Dec  7 00:30:50 hqnl0246134 sshd[270018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.255.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:30:52,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.225.255.28', 'timestamp': 1670365852.8112948, 'message': 'Dec  7 00:30:52 hqnl0246134 sshd[270018]: Failed password for root from 14.225.255.28 port 41600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 00:30:52,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365852.8115175, 'message': 'Dec  7 00:30:52 hqnl0246134 sshd[270016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 00:30:52,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365852.8116329, 'message': 'Dec  7 00:30:52 hqnl0246134 sshd[270020]: Failed password for root from 61.177.173.18 port 25504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 00:30:54,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365854.8144467, 'message': 'Dec  7 00:30:54 hqnl0246134 sshd[270016]: Failed password for root from 61.177.173.46 port 51082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 00:30:54,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365854.8147695, 'message': 'Dec  7 00:30:54 hqnl0246134 sshd[270016]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 00:30:56,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365856.814299, 'message': 'Dec  7 00:30:56 hqnl0246134 sshd[270020]: Failed password for root from 61.177.173.18 port 25504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:30:56,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365856.8145483, 'message': 'Dec  7 00:30:56 hqnl0246134 sshd[270016]: Failed password for root from 61.177.173.46 port 51082 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 00:30:57,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:30:57,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:30:57,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:30:57,113] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 00:30:58,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365858.8147683, 'message': 'Dec  7 00:30:58 hqnl0246134 sshd[270020]: Failed password for root from 61.177.173.18 port 25504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 00:30:58,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365858.815232, 'message': 'Dec  7 00:30:58 hqnl0246134 sshd[270027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 00:30:58,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365858.8153617, 'message': 'Dec  7 00:30:58 hqnl0246134 sshd[270027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 00:31:00,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365860.8186233, 'message': 'Dec  7 00:31:00 hqnl0246134 sshd[270027]: Failed password for root from 61.177.173.46 port 21466 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:31:02,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365862.820977, 'message': 'Dec  7 00:31:02 hqnl0246134 sshd[270027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 00:31:04,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365864.8221538, 'message': 'Dec  7 00:31:04 hqnl0246134 sshd[270027]: Failed password for root from 61.177.173.46 port 21466 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 00:31:06,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365866.8248248, 'message': 'Dec  7 00:31:05 hqnl0246134 sshd[270027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:31:08,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670365868.8263004, 'message': 'Dec  7 00:31:07 hqnl0246134 sshd[270027]: Failed password for root from 61.177.173.46 port 21466 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 00:31:11,316] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:31:11,343] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0360 seconds
INFO    [2022-12-07 00:31:12,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365872.833503, 'message': 'Dec  7 00:31:12 hqnl0246134 sshd[270046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:31:14,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365874.835341, 'message': 'Dec  7 00:31:14 hqnl0246134 sshd[270046]: Failed password for root from 165.227.166.207 port 50928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 00:31:17,781] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:31:17,782] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:31:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:31:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:31:20,513] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:31:20,513] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:31:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:31:20,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 00:31:38,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365898.866776, 'message': 'Dec  7 00:31:36 hqnl0246134 sshd[270066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:31:38,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365898.8672059, 'message': 'Dec  7 00:31:38 hqnl0246134 sshd[270066]: Failed password for root from 61.177.173.18 port 41597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 00:31:49,953] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:31:49,954] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:31:54,083] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 00:32:11,328] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:32:11,374] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0634 seconds
INFO    [2022-12-07 00:32:14,654] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:32:14,719] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:32:14,720] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:32:14,720] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:32:14,720] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:32:14,721] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:32:14,729] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:32:14,746] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0247 seconds
WARNING [2022-12-07 00:32:14,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:32:14,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:32:14,772] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-07 00:32:14,774] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0298 seconds
INFO    [2022-12-07 00:32:17,877] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:32:17,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:32:17,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:32:17,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 00:32:21,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:32:21,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:32:21,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:32:21,253] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0821 seconds
INFO    [2022-12-07 00:32:26,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365946.922283, 'message': 'Dec  7 00:32:24 hqnl0246134 sshd[270110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 00:32:28,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365948.922344, 'message': 'Dec  7 00:32:27 hqnl0246134 sshd[270110]: Failed password for root from 61.177.173.18 port 64302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:32:32,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365952.9268425, 'message': 'Dec  7 00:32:31 hqnl0246134 sshd[270110]: Failed password for root from 61.177.173.18 port 64302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 00:32:36,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365956.9304695, 'message': 'Dec  7 00:32:35 hqnl0246134 sshd[270110]: Failed password for root from 61.177.173.18 port 64302 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:32:38,880] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:32:38,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:32:38,890] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:32:38,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
WARNING [2022-12-07 00:32:49,958] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:32:49,959] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:32:50,985] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:32:50,986] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:32:50,986] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 00:33:11,322] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:33:11,341] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-07 00:33:12,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365992.9691422, 'message': 'Dec  7 00:33:12 hqnl0246134 sshd[270147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:33:17,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670365996.9730158, 'message': 'Dec  7 00:33:15 hqnl0246134 sshd[270147]: Failed password for root from 61.177.173.18 port 24954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 00:33:17,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365996.9732816, 'message': 'Dec  7 00:33:15 hqnl0246134 sshd[270149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 00:33:17,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:33:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:33:17,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:33:17,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 00:33:19,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670365998.9743066, 'message': 'Dec  7 00:33:17 hqnl0246134 sshd[270149]: Failed password for root from 165.227.166.207 port 32996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 00:33:20,557] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:33:20,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:33:20,565] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:33:20,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 00:33:21,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366000.9771779, 'message': 'Dec  7 00:33:19 hqnl0246134 sshd[270147]: Failed password for root from 61.177.173.18 port 24954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 00:33:25,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366004.982009, 'message': 'Dec  7 00:33:23 hqnl0246134 sshd[270147]: Failed password for root from 61.177.173.18 port 24954 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 00:33:45,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366024.9926605, 'message': 'Dec  7 00:33:43 hqnl0246134 sshd[270195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 00:33:45,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366024.9934099, 'message': 'Dec  7 00:33:43 hqnl0246134 sshd[270195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 00:33:47,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366026.9933202, 'message': 'Dec  7 00:33:46 hqnl0246134 sshd[270195]: Failed password for root from 61.177.173.36 port 64726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:33:49,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366028.9963396, 'message': 'Dec  7 00:33:47 hqnl0246134 sshd[270195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
WARNING [2022-12-07 00:33:49,962] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:33:49,963] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:33:51,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366030.9987295, 'message': 'Dec  7 00:33:49 hqnl0246134 sshd[270195]: Failed password for root from 61.177.173.36 port 64726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 00:33:51,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366030.9989681, 'message': 'Dec  7 00:33:49 hqnl0246134 sshd[270195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:33:53,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366033.0011191, 'message': 'Dec  7 00:33:52 hqnl0246134 sshd[270195]: Failed password for root from 61.177.173.36 port 64726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:33:56,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:33:56,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:33:56,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:33:56,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 00:33:57,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366037.004143, 'message': 'Dec  7 00:33:55 hqnl0246134 sshd[270202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:33:57,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366037.0045028, 'message': 'Dec  7 00:33:55 hqnl0246134 sshd[270202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:33:59,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366039.007164, 'message': 'Dec  7 00:33:58 hqnl0246134 sshd[270202]: Failed password for root from 61.177.173.36 port 33950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:34:01,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366041.0097795, 'message': 'Dec  7 00:34:00 hqnl0246134 sshd[270202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:34:03,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366043.0123243, 'message': 'Dec  7 00:34:01 hqnl0246134 sshd[270215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 00:34:03,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366043.012551, 'message': 'Dec  7 00:34:02 hqnl0246134 sshd[270202]: Failed password for root from 61.177.173.36 port 33950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 00:34:05,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366045.0143094, 'message': 'Dec  7 00:34:04 hqnl0246134 sshd[270215]: Failed password for root from 61.177.173.18 port 51285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 00:34:05,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366045.0145452, 'message': 'Dec  7 00:34:04 hqnl0246134 sshd[270202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 00:34:07,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366047.016738, 'message': 'Dec  7 00:34:06 hqnl0246134 sshd[270202]: Failed password for root from 61.177.173.36 port 33950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 00:34:09,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366049.017958, 'message': 'Dec  7 00:34:08 hqnl0246134 sshd[270215]: Failed password for root from 61.177.173.18 port 51285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:34:11,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366051.0203226, 'message': 'Dec  7 00:34:10 hqnl0246134 sshd[270229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:34:11,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366051.0205264, 'message': 'Dec  7 00:34:10 hqnl0246134 sshd[270229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 00:34:11,327] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:34:11,349] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-07 00:34:13,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366053.0305896, 'message': 'Dec  7 00:34:12 hqnl0246134 sshd[270215]: Failed password for root from 61.177.173.18 port 51285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 00:34:13,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366053.0308485, 'message': 'Dec  7 00:34:12 hqnl0246134 sshd[270229]: Failed password for root from 61.177.173.36 port 13784 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 00:34:13,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366053.0310357, 'message': 'Dec  7 00:34:12 hqnl0246134 sshd[270229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:34:17,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366057.0325658, 'message': 'Dec  7 00:34:15 hqnl0246134 sshd[270229]: Failed password for root from 61.177.173.36 port 13784 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 00:34:17,855] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:34:17,856] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:34:17,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:34:17,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 00:34:19,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366059.0349731, 'message': 'Dec  7 00:34:17 hqnl0246134 sshd[270229]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 00:34:19,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366059.0351448, 'message': 'Dec  7 00:34:18 hqnl0246134 sshd[270236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 00:34:19,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366059.0352597, 'message': 'Dec  7 00:34:18 hqnl0246134 sshd[270236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 00:34:20,547] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:34:20,548] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:34:20,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:34:20,570] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 00:34:21,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670366061.0354438, 'message': 'Dec  7 00:34:19 hqnl0246134 sshd[270229]: Failed password for root from 61.177.173.36 port 13784 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:34:23,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366063.039598, 'message': 'Dec  7 00:34:21 hqnl0246134 sshd[270236]: Failed password for root from 61.177.173.52 port 60205 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 00:34:49,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366089.07534, 'message': 'Dec  7 00:34:47 hqnl0246134 sshd[270254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-07 00:34:49,966] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:34:49,967] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:34:51,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366091.076078, 'message': 'Dec  7 00:34:49 hqnl0246134 sshd[270254]: Failed password for root from 61.177.173.18 port 59668 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 00:34:59,251] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:34:59,252] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:34:59,260] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:34:59,274] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 00:35:03,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670366103.0915582, 'message': 'Dec  7 00:35:02 hqnl0246134 sshd[270288]: Invalid user guest from 152.89.196.220 port 28912', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 00:35:03,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670366103.0920794, 'message': 'Dec  7 00:35:02 hqnl0246134 sshd[270288]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:35:03,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670366103.0926049, 'message': 'Dec  7 00:35:02 hqnl0246134 sshd[270288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:35:05,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670366105.0942469, 'message': 'Dec  7 00:35:04 hqnl0246134 sshd[270288]: Failed password for invalid user guest from 152.89.196.220 port 28912 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 00:35:07,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670366107.0968711, 'message': 'Dec  7 00:35:05 hqnl0246134 sshd[270288]: Disconnected from invalid user guest 152.89.196.220 port 28912 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 00:35:11,329] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:35:11,352] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0306 seconds
INFO    [2022-12-07 00:35:15,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366115.1059773, 'message': 'Dec  7 00:35:15 hqnl0246134 sshd[270301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:35:17,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366117.1083262, 'message': 'Dec  7 00:35:16 hqnl0246134 sshd[270301]: Failed password for root from 165.227.166.207 port 43278 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 00:35:17,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:35:17,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:35:17,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:35:17,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 00:35:20,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:35:20,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:35:20,509] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:35:20,521] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:35:35,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366135.1290069, 'message': 'Dec  7 00:35:34 hqnl0246134 sshd[270325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 00:35:37,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366137.1299274, 'message': 'Dec  7 00:35:36 hqnl0246134 sshd[270325]: Failed password for root from 61.177.173.18 port 26518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 00:35:49,970] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:35:49,972] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:36:07,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366167.1657057, 'message': 'Dec  7 00:36:07 hqnl0246134 sshd[270343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 00:36:07,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366167.166222, 'message': 'Dec  7 00:36:07 hqnl0246134 sshd[270343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 00:36:09,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366169.166345, 'message': 'Dec  7 00:36:09 hqnl0246134 sshd[270343]: Failed password for root from 61.177.172.114 port 30400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:36:11,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366171.168356, 'message': 'Dec  7 00:36:11 hqnl0246134 sshd[270343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
WARNING [2022-12-07 00:36:11,337] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:36:11,371] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-07 00:36:15,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366175.1728153, 'message': 'Dec  7 00:36:13 hqnl0246134 sshd[270343]: Failed password for root from 61.177.172.114 port 30400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 00:36:15,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366175.1731205, 'message': 'Dec  7 00:36:13 hqnl0246134 sshd[270343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 00:36:17,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366177.1736572, 'message': 'Dec  7 00:36:15 hqnl0246134 sshd[270343]: Failed password for root from 61.177.172.114 port 30400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 00:36:17,987] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:36:17,987] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:36:17,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:36:18,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 00:36:20,514] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:36:20,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:36:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:36:20,534] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 00:36:20,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:36:20,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:36:20,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:36:20,928] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 00:36:21,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366181.1781595, 'message': 'Dec  7 00:36:19 hqnl0246134 sshd[270354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 00:36:21,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366181.1785321, 'message': 'Dec  7 00:36:20 hqnl0246134 sshd[270359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 00:36:21,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366181.1783829, 'message': 'Dec  7 00:36:19 hqnl0246134 sshd[270354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:36:21,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366181.1786397, 'message': 'Dec  7 00:36:21 hqnl0246134 sshd[270354]: Failed password for root from 61.177.172.114 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:36:23,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366183.1806173, 'message': 'Dec  7 00:36:21 hqnl0246134 sshd[270354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 00:36:23,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366183.180805, 'message': 'Dec  7 00:36:22 hqnl0246134 sshd[270359]: Failed password for root from 61.177.173.18 port 42723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 00:36:25,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366185.1848378, 'message': 'Dec  7 00:36:23 hqnl0246134 sshd[270354]: Failed password for root from 61.177.172.114 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 00:36:25,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366185.1850395, 'message': 'Dec  7 00:36:24 hqnl0246134 sshd[270359]: Failed password for root from 61.177.173.18 port 42723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 00:36:27,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366187.1858282, 'message': 'Dec  7 00:36:25 hqnl0246134 sshd[270354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 00:36:27,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366187.1860464, 'message': 'Dec  7 00:36:26 hqnl0246134 sshd[270359]: Failed password for root from 61.177.173.18 port 42723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 00:36:29,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366189.1883593, 'message': 'Dec  7 00:36:28 hqnl0246134 sshd[270354]: Failed password for root from 61.177.172.114 port 23962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 00:36:33,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366193.1926112, 'message': 'Dec  7 00:36:31 hqnl0246134 sshd[270371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 00:36:33,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366193.1931422, 'message': 'Dec  7 00:36:31 hqnl0246134 sshd[270371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 00:36:35,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366195.1944714, 'message': 'Dec  7 00:36:33 hqnl0246134 sshd[270371]: Failed password for root from 61.177.172.114 port 11580 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-07 00:36:37,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366197.1960208, 'message': 'Dec  7 00:36:35 hqnl0246134 sshd[270371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 00:36:39,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366199.198312, 'message': 'Dec  7 00:36:37 hqnl0246134 sshd[270371]: Failed password for root from 61.177.172.114 port 11580 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:36:39,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366199.1986613, 'message': 'Dec  7 00:36:38 hqnl0246134 sshd[270371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 00:36:41,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366201.2010634, 'message': 'Dec  7 00:36:39 hqnl0246134 sshd[270371]: Failed password for root from 61.177.172.114 port 11580 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 00:36:43,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366203.2034647, 'message': 'Dec  7 00:36:41 hqnl0246134 sshd[270386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:36:43,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366203.203709, 'message': 'Dec  7 00:36:41 hqnl0246134 sshd[270386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:36:45,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366205.2058992, 'message': 'Dec  7 00:36:43 hqnl0246134 sshd[270386]: Failed password for root from 61.177.172.114 port 25489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:36:45,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366205.206144, 'message': 'Dec  7 00:36:44 hqnl0246134 sshd[270386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:36:47,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366207.20857, 'message': 'Dec  7 00:36:46 hqnl0246134 sshd[270386]: Failed password for root from 61.177.172.114 port 25489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:36:47,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366207.2088614, 'message': 'Dec  7 00:36:46 hqnl0246134 sshd[270386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 00:36:49,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670366209.2100832, 'message': 'Dec  7 00:36:48 hqnl0246134 sshd[270386]: Failed password for root from 61.177.172.114 port 25489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 00:36:49,975] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:36:49,975] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:37:07,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366227.2322006, 'message': 'Dec  7 00:37:06 hqnl0246134 sshd[270412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 00:37:09,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366229.2362585, 'message': 'Dec  7 00:37:08 hqnl0246134 sshd[270412]: Failed password for root from 61.177.173.18 port 59322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:37:11,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366231.2387052, 'message': 'Dec  7 00:37:10 hqnl0246134 sshd[270414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 00:37:11,336] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:37:11,356] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0271 seconds
INFO    [2022-12-07 00:37:13,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366233.2414844, 'message': 'Dec  7 00:37:12 hqnl0246134 sshd[270412]: Failed password for root from 61.177.173.18 port 59322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 00:37:13,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366233.2417426, 'message': 'Dec  7 00:37:13 hqnl0246134 sshd[270414]: Failed password for root from 165.227.166.207 port 53530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 00:37:17,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366237.244624, 'message': 'Dec  7 00:37:16 hqnl0246134 sshd[270412]: Failed password for root from 61.177.173.18 port 59322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 00:37:18,016] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:37:18,016] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:37:18,024] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:37:18,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 00:37:20,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:37:20,891] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:37:20,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:37:20,910] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-07 00:37:49,980] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:37:49,982] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:37:55,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366275.2873538, 'message': 'Dec  7 00:37:53 hqnl0246134 sshd[270443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:37:55,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366275.2881484, 'message': 'Dec  7 00:37:55 hqnl0246134 sshd[270443]: Failed password for root from 61.177.173.18 port 26426 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:38:02,774] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:38:02,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:38:02,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:38:02,804] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
WARNING [2022-12-07 00:38:11,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:38:11,356] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0237 seconds
INFO    [2022-12-07 00:38:17,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:38:17,968] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:38:17,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:38:17,994] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-07 00:38:19,384] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:38:19,457] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:38:19,457] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:38:19,458] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:38:19,458] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:38:19,458] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:38:19,467] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:38:19,482] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0236 seconds
WARNING [2022-12-07 00:38:19,490] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:38:19,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:38:19,510] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0334 seconds
INFO    [2022-12-07 00:38:19,511] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0316 seconds
INFO    [2022-12-07 00:38:20,754] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:38:20,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:38:20,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:38:20,774] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 00:38:43,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366323.35995, 'message': 'Dec  7 00:38:41 hqnl0246134 sshd[270488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 00:38:45,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366325.3647223, 'message': 'Dec  7 00:38:43 hqnl0246134 sshd[270488]: Failed password for root from 61.177.173.18 port 48451 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 00:38:49,992] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:38:49,994] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:38:56,791] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:38:56,792] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:38:56,793] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 00:39:09,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366349.4092135, 'message': 'Dec  7 00:39:09 hqnl0246134 sshd[270636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
WARNING [2022-12-07 00:39:11,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:39:11,363] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0277 seconds
INFO    [2022-12-07 00:39:11,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366351.409576, 'message': 'Dec  7 00:39:11 hqnl0246134 sshd[270636]: Failed password for root from 165.227.166.207 port 35626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:39:13,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:39:13,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:39:13,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:39:13,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-07 00:39:17,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:39:17,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:39:17,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:39:17,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 00:39:20,416] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:39:20,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:39:20,424] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:39:20,435] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 00:39:29,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366369.4303951, 'message': 'Dec  7 00:39:29 hqnl0246134 sshd[270655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:39:33,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366373.4359188, 'message': 'Dec  7 00:39:31 hqnl0246134 sshd[270655]: Failed password for root from 61.177.173.18 port 10135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 00:39:33,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366373.437642, 'message': 'Dec  7 00:39:32 hqnl0246134 sshd[270659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 00:39:33,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366373.437839, 'message': 'Dec  7 00:39:32 hqnl0246134 sshd[270659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 00:39:35,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366375.439595, 'message': 'Dec  7 00:39:34 hqnl0246134 sshd[270659]: Failed password for root from 61.177.173.46 port 22314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:39:35,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366375.4397788, 'message': 'Dec  7 00:39:34 hqnl0246134 sshd[270659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 00:39:37,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366377.4435518, 'message': 'Dec  7 00:39:35 hqnl0246134 sshd[270655]: Failed password for root from 61.177.173.18 port 10135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 00:39:37,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366377.4437468, 'message': 'Dec  7 00:39:37 hqnl0246134 sshd[270659]: Failed password for root from 61.177.173.46 port 22314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 00:39:39,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366379.4478655, 'message': 'Dec  7 00:39:39 hqnl0246134 sshd[270659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 00:39:41,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366381.4507868, 'message': 'Dec  7 00:39:40 hqnl0246134 sshd[270655]: Failed password for root from 61.177.173.18 port 10135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 00:39:41,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366381.4516573, 'message': 'Dec  7 00:39:40 hqnl0246134 sshd[270659]: Failed password for root from 61.177.173.46 port 22314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 00:39:43,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366383.454419, 'message': 'Dec  7 00:39:42 hqnl0246134 sshd[270670]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:39:43,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366383.4546542, 'message': 'Dec  7 00:39:42 hqnl0246134 sshd[270670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:39:45,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366385.4576523, 'message': 'Dec  7 00:39:45 hqnl0246134 sshd[270670]: Failed password for root from 61.177.173.46 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 00:39:47,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366387.460872, 'message': 'Dec  7 00:39:47 hqnl0246134 sshd[270670]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:39:49,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366389.463595, 'message': 'Dec  7 00:39:49 hqnl0246134 sshd[270670]: Failed password for root from 61.177.173.46 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 00:39:49,998] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:39:49,999] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:39:51,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366391.466235, 'message': 'Dec  7 00:39:49 hqnl0246134 sshd[270670]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 00:39:53,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670366393.468669, 'message': 'Dec  7 00:39:51 hqnl0246134 sshd[270670]: Failed password for root from 61.177.173.46 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
WARNING [2022-12-07 00:40:11,360] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:40:11,396] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0532 seconds
INFO    [2022-12-07 00:40:17,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366417.5215728, 'message': 'Dec  7 00:40:17 hqnl0246134 sshd[270715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 00:40:17,958] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:40:17,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:40:17,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:40:17,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 00:40:19,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366419.522413, 'message': 'Dec  7 00:40:19 hqnl0246134 sshd[270715]: Failed password for root from 61.177.173.18 port 31160 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:40:20,807] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:40:20,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:40:20,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:40:20,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:40:23,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366423.5255103, 'message': 'Dec  7 00:40:23 hqnl0246134 sshd[270715]: Failed password for root from 61.177.173.18 port 31160 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:40:27,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366427.5267012, 'message': 'Dec  7 00:40:25 hqnl0246134 sshd[270715]: Failed password for root from 61.177.173.18 port 31160 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
WARNING [2022-12-07 00:40:50,005] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:40:50,006] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:41:03,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366463.573159, 'message': 'Dec  7 00:41:03 hqnl0246134 sshd[270781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 00:41:05,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366465.5786064, 'message': 'Dec  7 00:41:05 hqnl0246134 sshd[270781]: Failed password for root from 61.177.173.18 port 39415 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 00:41:11,361] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:41:11,389] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-07 00:41:14,787] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:41:14,788] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:41:14,795] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:41:14,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:41:15,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366475.5994396, 'message': 'Dec  7 00:41:14 hqnl0246134 sshd[270787]: Invalid user wangwei from 165.227.166.207 port 45914', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:41:15,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366475.599663, 'message': 'Dec  7 00:41:14 hqnl0246134 sshd[270787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:41:17,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366477.6026413, 'message': 'Dec  7 00:41:16 hqnl0246134 sshd[270787]: Failed password for invalid user wangwei from 165.227.166.207 port 45914 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 00:41:17,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366477.609264, 'message': 'Dec  7 00:41:17 hqnl0246134 sshd[270787]: Disconnected from invalid user wangwei 165.227.166.207 port 45914 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:41:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:41:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:41:17,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:41:17,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0356 seconds
INFO    [2022-12-07 00:41:20,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:41:20,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:41:20,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:41:20,938] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-07 00:41:50,010] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:41:50,011] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:41:51,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366511.6600811, 'message': 'Dec  7 00:41:50 hqnl0246134 sshd[270816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 00:41:53,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366513.6589746, 'message': 'Dec  7 00:41:53 hqnl0246134 sshd[270816]: Failed password for root from 61.177.173.18 port 63432 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
WARNING [2022-12-07 00:41:54,086] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 00:42:11,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:42:11,491] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.1316 seconds
INFO    [2022-12-07 00:42:17,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:42:17,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:42:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:42:17,884] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 00:42:20,466] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:42:20,466] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:42:20,473] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:42:20,485] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 00:42:37,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366557.7302904, 'message': 'Dec  7 00:42:36 hqnl0246134 sshd[270866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 00:42:39,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366559.730417, 'message': 'Dec  7 00:42:38 hqnl0246134 sshd[270866]: Failed password for root from 61.177.173.18 port 23220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 00:42:48,175] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:42:48,175] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:42:48,184] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:42:48,196] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
WARNING [2022-12-07 00:42:50,015] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:42:50,016] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:43:11,374] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:43:11,395] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0303 seconds
INFO    [2022-12-07 00:43:13,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366593.7752345, 'message': 'Dec  7 00:43:11 hqnl0246134 sshd[270893]: Invalid user grid from 165.227.166.207 port 56264', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:43:13,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366593.7754734, 'message': 'Dec  7 00:43:11 hqnl0246134 sshd[270893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:43:13,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366593.7756305, 'message': 'Dec  7 00:43:13 hqnl0246134 sshd[270893]: Failed password for invalid user grid from 165.227.166.207 port 56264 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:43:15,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366595.7773345, 'message': 'Dec  7 00:43:15 hqnl0246134 sshd[270893]: Disconnected from invalid user grid 165.227.166.207 port 56264 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:43:17,794] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:43:17,794] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:43:17,802] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:43:17,814] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 00:43:20,566] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:43:20,566] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:43:20,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:43:20,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 00:43:23,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366603.783756, 'message': 'Dec  7 00:43:23 hqnl0246134 sshd[270906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:43:25,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366605.7908475, 'message': 'Dec  7 00:43:25 hqnl0246134 sshd[270906]: Failed password for root from 61.177.173.18 port 39339 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 00:43:29,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366609.7947383, 'message': 'Dec  7 00:43:27 hqnl0246134 sshd[270906]: Failed password for root from 61.177.173.18 port 39339 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 00:43:29,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366609.7951667, 'message': 'Dec  7 00:43:29 hqnl0246134 sshd[270906]: Failed password for root from 61.177.173.18 port 39339 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:43:35,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366615.8067954, 'message': 'Dec  7 00:43:34 hqnl0246134 sshd[270917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 00:43:35,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366615.8072472, 'message': 'Dec  7 00:43:34 hqnl0246134 sshd[270917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:43:37,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366617.8144023, 'message': 'Dec  7 00:43:36 hqnl0246134 sshd[270917]: Failed password for root from 61.177.173.48 port 24385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 00:43:37,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366617.814781, 'message': 'Dec  7 00:43:36 hqnl0246134 sshd[270917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 00:43:39,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366619.8189528, 'message': 'Dec  7 00:43:39 hqnl0246134 sshd[270917]: Failed password for root from 61.177.173.48 port 24385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:43:41,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366621.8258245, 'message': 'Dec  7 00:43:41 hqnl0246134 sshd[270917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 00:43:43,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366623.834191, 'message': 'Dec  7 00:43:43 hqnl0246134 sshd[270917]: Failed password for root from 61.177.173.48 port 24385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:43:45,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366625.8384275, 'message': 'Dec  7 00:43:44 hqnl0246134 sshd[270919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:43:45,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366625.8386662, 'message': 'Dec  7 00:43:44 hqnl0246134 sshd[270919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:43:47,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366627.8422585, 'message': 'Dec  7 00:43:47 hqnl0246134 sshd[270919]: Failed password for root from 61.177.173.48 port 53458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:43:49,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366629.8458478, 'message': 'Dec  7 00:43:49 hqnl0246134 sshd[270919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
WARNING [2022-12-07 00:43:50,018] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:43:50,019] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:43:51,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366631.848278, 'message': 'Dec  7 00:43:51 hqnl0246134 sshd[270919]: Failed password for root from 61.177.173.48 port 53458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 00:43:51,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366631.848497, 'message': 'Dec  7 00:43:51 hqnl0246134 sshd[270919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 00:43:53,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366633.8500824, 'message': 'Dec  7 00:43:53 hqnl0246134 sshd[270919]: Failed password for root from 61.177.173.48 port 53458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 00:43:55,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366635.8518407, 'message': 'Dec  7 00:43:55 hqnl0246134 sshd[270926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 00:43:55,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366635.8520234, 'message': 'Dec  7 00:43:55 hqnl0246134 sshd[270926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:43:56,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:43:56,954] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:43:56,961] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:43:56,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 00:43:57,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366637.8574672, 'message': 'Dec  7 00:43:57 hqnl0246134 sshd[270926]: Failed password for root from 61.177.173.48 port 29424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:43:59,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366639.8578012, 'message': 'Dec  7 00:43:59 hqnl0246134 sshd[270926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 00:44:01,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366641.8617616, 'message': 'Dec  7 00:44:01 hqnl0246134 sshd[270926]: Failed password for root from 61.177.173.48 port 29424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:44:03,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366643.8644047, 'message': 'Dec  7 00:44:01 hqnl0246134 sshd[270926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:44:03,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670366643.864745, 'message': 'Dec  7 00:44:03 hqnl0246134 sshd[270926]: Failed password for root from 61.177.173.48 port 29424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:44:09,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366649.8721874, 'message': 'Dec  7 00:44:09 hqnl0246134 sshd[270948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
WARNING [2022-12-07 00:44:11,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:44:11,410] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0425 seconds
INFO    [2022-12-07 00:44:11,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366651.8746357, 'message': 'Dec  7 00:44:11 hqnl0246134 sshd[270948]: Failed password for root from 61.177.173.18 port 54266 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 00:44:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:44:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:44:17,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:44:17,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 00:44:20,519] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:44:20,520] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:44:20,529] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:44:20,543] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
WARNING [2022-12-07 00:44:50,024] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:44:50,026] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:44:59,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366699.955609, 'message': 'Dec  7 00:44:58 hqnl0246134 sshd[270974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 00:45:01,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366701.9566395, 'message': 'Dec  7 00:45:00 hqnl0246134 sshd[270974]: Failed password for root from 61.177.173.18 port 24802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 00:45:03,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366703.9594927, 'message': 'Dec  7 00:45:02 hqnl0246134 sshd[270974]: Failed password for root from 61.177.173.18 port 24802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 00:45:07,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366707.9675014, 'message': 'Dec  7 00:45:07 hqnl0246134 sshd[270974]: Failed password for root from 61.177.173.18 port 24802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 00:45:07,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366707.9676857, 'message': 'Dec  7 00:45:07 hqnl0246134 sshd[271008]: Invalid user novinhost from 165.227.166.207 port 38244', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 00:45:08,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366707.9678726, 'message': 'Dec  7 00:45:07 hqnl0246134 sshd[271008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 00:45:09,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366709.9713306, 'message': 'Dec  7 00:45:09 hqnl0246134 sshd[271008]: Failed password for invalid user novinhost from 165.227.166.207 port 38244 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 00:45:11,384] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:45:11,405] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 00:45:11,597] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:45:11,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:45:11,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:45:11,616] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 00:45:11,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366711.9738371, 'message': 'Dec  7 00:45:11 hqnl0246134 sshd[271008]: Disconnected from invalid user novinhost 165.227.166.207 port 38244 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:45:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:45:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:45:17,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:45:17,923] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 00:45:20,548] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:45:20,548] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:45:20,559] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:45:20,570] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 00:45:31,335] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:45:34,033] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:45:34,034] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:45:34,035] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:45:34,035] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:45:34,035] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:45:34,049] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:45:34,069] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0323 seconds
WARNING [2022-12-07 00:45:34,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:45:34,081] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:45:34,101] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0400 seconds
INFO    [2022-12-07 00:45:34,103] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0373 seconds
INFO    [2022-12-07 00:45:46,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366746.0180879, 'message': 'Dec  7 00:45:45 hqnl0246134 sshd[271041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 00:45:48,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366748.0207806, 'message': 'Dec  7 00:45:46 hqnl0246134 sshd[271041]: Failed password for root from 61.177.173.18 port 32159 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 00:45:50,029] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:45:50,030] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:46:05,175] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:46:05,176] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:46:05,177] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 00:46:11,388] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:46:11,410] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 00:46:17,737] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:46:17,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:46:17,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:46:17,759] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 00:46:20,239] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:46:20,239] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:46:20,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:46:20,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 00:46:36,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366796.0811758, 'message': 'Dec  7 00:46:34 hqnl0246134 sshd[271072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 00:46:38,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366798.0831373, 'message': 'Dec  7 00:46:36 hqnl0246134 sshd[271072]: Failed password for root from 61.177.173.18 port 55552 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 00:46:46,189] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:46:46,189] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:46:46,196] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:46:46,207] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-07 00:46:50,032] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:46:50,033] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:47:00,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366820.105865, 'message': 'Dec  7 00:46:58 hqnl0246134 sshd[271092]: Invalid user flw from 165.227.166.207 port 48554', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:47:00,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366820.1060922, 'message': 'Dec  7 00:46:58 hqnl0246134 sshd[271092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 00:47:02,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366822.109569, 'message': 'Dec  7 00:47:00 hqnl0246134 sshd[271092]: Failed password for invalid user flw from 165.227.166.207 port 48554 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:47:02,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366822.109893, 'message': 'Dec  7 00:47:02 hqnl0246134 sshd[271092]: Disconnected from invalid user flw 165.227.166.207 port 48554 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:47:10,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366830.1152585, 'message': 'Dec  7 00:47:08 hqnl0246134 sshd[271120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 00:47:10,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366830.115627, 'message': 'Dec  7 00:47:08 hqnl0246134 sshd[271120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 00:47:11,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:47:11,409] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0260 seconds
INFO    [2022-12-07 00:47:12,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366832.1171215, 'message': 'Dec  7 00:47:11 hqnl0246134 sshd[271120]: Failed password for root from 61.177.172.98 port 27905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 00:47:14,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366834.12036, 'message': 'Dec  7 00:47:12 hqnl0246134 sshd[271120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 00:47:16,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366836.1221645, 'message': 'Dec  7 00:47:14 hqnl0246134 sshd[271120]: Failed password for root from 61.177.172.98 port 27905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 00:47:16,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366836.1225564, 'message': 'Dec  7 00:47:15 hqnl0246134 sshd[271120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 00:47:17,925] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:47:17,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:47:17,935] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:47:17,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 00:47:18,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366838.123921, 'message': 'Dec  7 00:47:16 hqnl0246134 sshd[271120]: Failed password for root from 61.177.172.98 port 27905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:47:20,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366840.1269262, 'message': 'Dec  7 00:47:19 hqnl0246134 sshd[271128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:47:20,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366840.1271958, 'message': 'Dec  7 00:47:19 hqnl0246134 sshd[271128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:47:20,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:47:20,709] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:47:20,717] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:47:20,729] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 00:47:22,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366842.1299512, 'message': 'Dec  7 00:47:22 hqnl0246134 sshd[271128]: Failed password for root from 61.177.172.98 port 62656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 00:47:24,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366844.132646, 'message': 'Dec  7 00:47:22 hqnl0246134 sshd[271135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 00:47:24,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366844.1330235, 'message': 'Dec  7 00:47:23 hqnl0246134 sshd[271128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 00:47:24,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366844.1332085, 'message': 'Dec  7 00:47:24 hqnl0246134 sshd[271135]: Failed password for root from 61.177.173.18 port 25464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:47:26,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366846.1338024, 'message': 'Dec  7 00:47:25 hqnl0246134 sshd[271128]: Failed password for root from 61.177.172.98 port 62656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:47:28,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366848.1384678, 'message': 'Dec  7 00:47:26 hqnl0246134 sshd[271128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 00:47:28,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366848.1386683, 'message': 'Dec  7 00:47:26 hqnl0246134 sshd[271135]: Failed password for root from 61.177.173.18 port 25464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 00:47:30,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366850.145009, 'message': 'Dec  7 00:47:28 hqnl0246134 sshd[271128]: Failed password for root from 61.177.172.98 port 62656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 00:47:30,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366850.1452954, 'message': 'Dec  7 00:47:28 hqnl0246134 sshd[271135]: Failed password for root from 61.177.173.18 port 25464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-07 00:47:34,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366854.1491463, 'message': 'Dec  7 00:47:32 hqnl0246134 sshd[271138]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 00:47:34,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366854.1497736, 'message': 'Dec  7 00:47:32 hqnl0246134 sshd[271138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 00:47:36,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366856.1510298, 'message': 'Dec  7 00:47:34 hqnl0246134 sshd[271138]: Failed password for root from 61.177.172.98 port 45384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 00:47:38,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366858.1564505, 'message': 'Dec  7 00:47:37 hqnl0246134 sshd[271138]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:47:40,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366860.1606634, 'message': 'Dec  7 00:47:38 hqnl0246134 sshd[271138]: Failed password for root from 61.177.172.98 port 45384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:47:40,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366860.160886, 'message': 'Dec  7 00:47:39 hqnl0246134 sshd[271138]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:47:42,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366862.1667523, 'message': 'Dec  7 00:47:41 hqnl0246134 sshd[271138]: Failed password for root from 61.177.172.98 port 45384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 00:47:44,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366864.1688006, 'message': 'Dec  7 00:47:43 hqnl0246134 sshd[271152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 00:47:44,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366864.1689773, 'message': 'Dec  7 00:47:43 hqnl0246134 sshd[271152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:47:46,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366866.172875, 'message': 'Dec  7 00:47:45 hqnl0246134 sshd[271152]: Failed password for root from 61.177.172.98 port 58357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 00:47:48,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366868.1738071, 'message': 'Dec  7 00:47:47 hqnl0246134 sshd[271152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 00:47:50,045] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:47:50,046] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:47:50,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366870.175613, 'message': 'Dec  7 00:47:49 hqnl0246134 sshd[271152]: Failed password for root from 61.177.172.98 port 58357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 00:47:52,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366872.1776278, 'message': 'Dec  7 00:47:50 hqnl0246134 sshd[271152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:47:54,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670366874.1788986, 'message': 'Dec  7 00:47:52 hqnl0246134 sshd[271152]: Failed password for root from 61.177.172.98 port 58357 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 00:47:55,677] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:47:55,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:47:55,688] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:47:55,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-07 00:47:56,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366876.1811886, 'message': 'Dec  7 00:47:55 hqnl0246134 sshd[271157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:47:56,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366876.181511, 'message': 'Dec  7 00:47:55 hqnl0246134 sshd[271157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 00:47:58,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366878.1856413, 'message': 'Dec  7 00:47:57 hqnl0246134 sshd[271157]: Failed password for root from 61.177.173.51 port 62683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 00:48:00,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366880.1911314, 'message': 'Dec  7 00:47:59 hqnl0246134 sshd[271157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:48:02,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366882.1962345, 'message': 'Dec  7 00:48:01 hqnl0246134 sshd[271157]: Failed password for root from 61.177.173.51 port 62683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:48:02,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366882.1964295, 'message': 'Dec  7 00:48:01 hqnl0246134 sshd[271157]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:48:04,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366884.1982985, 'message': 'Dec  7 00:48:03 hqnl0246134 sshd[271157]: Failed password for root from 61.177.173.51 port 62683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 00:48:06,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366886.2008235, 'message': 'Dec  7 00:48:05 hqnl0246134 sshd[271178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 00:48:06,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366886.201093, 'message': 'Dec  7 00:48:05 hqnl0246134 sshd[271178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:48:08,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366888.201796, 'message': 'Dec  7 00:48:08 hqnl0246134 sshd[271180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 00:48:08,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366888.2020001, 'message': 'Dec  7 00:48:08 hqnl0246134 sshd[271178]: Failed password for root from 61.177.173.51 port 44525 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 00:48:10,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366890.2042916, 'message': 'Dec  7 00:48:09 hqnl0246134 sshd[271178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 00:48:11,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:48:11,416] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-07 00:48:12,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366892.2060323, 'message': 'Dec  7 00:48:10 hqnl0246134 sshd[271180]: Failed password for root from 61.177.173.18 port 33849 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 00:48:12,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366892.2062533, 'message': 'Dec  7 00:48:11 hqnl0246134 sshd[271178]: Failed password for root from 61.177.173.51 port 44525 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 00:48:14,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366894.2082078, 'message': 'Dec  7 00:48:12 hqnl0246134 sshd[271178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 00:48:16,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366896.2126036, 'message': 'Dec  7 00:48:14 hqnl0246134 sshd[271180]: Failed password for root from 61.177.173.18 port 33849 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0576 seconds
INFO    [2022-12-07 00:48:16,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670366896.2128742, 'message': 'Dec  7 00:48:14 hqnl0246134 sshd[271178]: Failed password for root from 61.177.173.51 port 44525 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 00:48:18,116] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:48:18,117] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:48:18,130] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:48:18,152] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-07 00:48:18,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366898.2124934, 'message': 'Dec  7 00:48:17 hqnl0246134 sshd[271180]: Failed password for root from 61.177.173.18 port 33849 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 00:48:20,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:48:20,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:48:20,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:48:20,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-07 00:48:50,053] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:48:50,055] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:48:50,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366930.2540016, 'message': 'Dec  7 00:48:49 hqnl0246134 sshd[271231]: Invalid user a from 165.227.166.207 port 58846', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 00:48:50,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366930.2550423, 'message': 'Dec  7 00:48:49 hqnl0246134 sshd[271231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 00:48:52,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366932.253815, 'message': 'Dec  7 00:48:52 hqnl0246134 sshd[271231]: Failed password for invalid user a from 165.227.166.207 port 58846 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 00:48:54,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670366934.2570336, 'message': 'Dec  7 00:48:53 hqnl0246134 sshd[271231]: Disconnected from invalid user a 165.227.166.207 port 58846 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 00:48:54,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366934.2574284, 'message': 'Dec  7 00:48:53 hqnl0246134 sshd[271234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 00:48:56,144] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:48:56,145] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:48:56,154] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:48:56,167] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 00:48:56,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366936.257551, 'message': 'Dec  7 00:48:55 hqnl0246134 sshd[271234]: Failed password for root from 61.177.173.18 port 45890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 00:48:58,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366938.2612462, 'message': 'Dec  7 00:48:57 hqnl0246134 sshd[271234]: Failed password for root from 61.177.173.18 port 45890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:49:02,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366942.2688081, 'message': 'Dec  7 00:48:59 hqnl0246134 sshd[271234]: Failed password for root from 61.177.173.18 port 45890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 00:49:11,405] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:49:11,437] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0433 seconds
INFO    [2022-12-07 00:49:17,741] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:49:17,742] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:49:17,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:49:17,759] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0163 seconds
INFO    [2022-12-07 00:49:20,307] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:49:20,308] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:49:20,314] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:49:20,325] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 00:49:42,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366982.3399055, 'message': 'Dec  7 00:49:41 hqnl0246134 sshd[271278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 00:49:44,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670366984.3416924, 'message': 'Dec  7 00:49:42 hqnl0246134 sshd[271278]: Failed password for root from 61.177.173.18 port 13816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:49:48,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366988.3470302, 'message': 'Dec  7 00:49:47 hqnl0246134 sshd[271281]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:49:48,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366988.347253, 'message': 'Dec  7 00:49:47 hqnl0246134 sshd[271281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 00:49:50,058] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:49:50,059] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:49:50,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670366990.3509386, 'message': 'Dec  7 00:49:49 hqnl0246134 sshd[271281]: Failed password for root from 61.177.173.52 port 20369 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 00:50:11,409] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:50:11,430] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-07 00:50:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:50:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:50:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:50:18,003] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 00:50:20,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:50:20,675] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:50:20,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:50:20,695] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 00:50:28,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367028.399591, 'message': 'Dec  7 00:50:27 hqnl0246134 sshd[271336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 00:50:30,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367030.3994658, 'message': 'Dec  7 00:50:29 hqnl0246134 sshd[271336]: Failed password for root from 61.177.173.18 port 28301 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1162 seconds
INFO    [2022-12-07 00:50:38,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367038.4092076, 'message': 'Dec  7 00:50:37 hqnl0246134 sshd[271350]: Invalid user aa from 165.227.166.207 port 40894', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 00:50:38,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367038.4099886, 'message': 'Dec  7 00:50:37 hqnl0246134 sshd[271350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:50:39,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:50:39,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:50:39,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:50:39,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 00:50:40,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367040.410448, 'message': 'Dec  7 00:50:39 hqnl0246134 sshd[271350]: Failed password for invalid user aa from 165.227.166.207 port 40894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:50:42,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367042.4139447, 'message': 'Dec  7 00:50:40 hqnl0246134 sshd[271350]: Disconnected from invalid user aa 165.227.166.207 port 40894 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 00:50:50,062] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:50:50,063] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:51:11,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:51:11,435] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-07 00:51:16,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367076.4645305, 'message': 'Dec  7 00:51:15 hqnl0246134 sshd[271374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 00:51:18,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367078.4675574, 'message': 'Dec  7 00:51:17 hqnl0246134 sshd[271374]: Failed password for root from 61.177.173.18 port 50796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:51:19,946] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:51:19,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:51:19,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:51:19,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 00:51:22,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367082.472901, 'message': 'Dec  7 00:51:21 hqnl0246134 sshd[271374]: Failed password for root from 61.177.173.18 port 50796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:51:22,597] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:51:22,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:51:22,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:51:22,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 00:51:24,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367084.4742663, 'message': 'Dec  7 00:51:24 hqnl0246134 sshd[271374]: Failed password for root from 61.177.173.18 port 50796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:51:40,128] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 00:51:40,131] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 00:51:41,015] im360.plugins.pam: PAM module has been enabled for dovecot-pam
WARNING [2022-12-07 00:51:50,068] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:51:50,069] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:51:54,090] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 00:51:58,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670367118.5115948, 'message': 'Dec  7 00:51:57 hqnl0246134 sshd[271414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 00:51:58,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670367118.5120595, 'message': 'Dec  7 00:51:57 hqnl0246134 sshd[271414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 00:52:00,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670367120.513251, 'message': 'Dec  7 00:51:59 hqnl0246134 sshd[271414]: Failed password for root from 61.177.173.52 port 50536 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 00:52:00,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670367120.5135689, 'message': 'Dec  7 00:52:00 hqnl0246134 sshd[271414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:52:02,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670367122.5158787, 'message': 'Dec  7 00:52:02 hqnl0246134 sshd[271414]: Failed password for root from 61.177.173.52 port 50536 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 00:52:04,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367124.5197797, 'message': 'Dec  7 00:52:03 hqnl0246134 sshd[271433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1065 seconds
INFO    [2022-12-07 00:52:05,185] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:52:05,185] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:52:05,193] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:52:05,205] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 00:52:06,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367126.51999, 'message': 'Dec  7 00:52:06 hqnl0246134 sshd[271433]: Failed password for root from 61.177.173.18 port 17128 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-07 00:52:11,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:52:11,436] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0284 seconds
INFO    [2022-12-07 00:52:18,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:52:18,489] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:52:18,505] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:52:18,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 00:52:21,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:52:21,287] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:52:21,294] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:52:21,306] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 00:52:22,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367142.5380955, 'message': 'Dec  7 00:52:22 hqnl0246134 sshd[271462]: Invalid user aaden from 165.227.166.207 port 51188', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 00:52:24,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367144.5383496, 'message': 'Dec  7 00:52:22 hqnl0246134 sshd[271462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:52:26,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367146.540759, 'message': 'Dec  7 00:52:25 hqnl0246134 sshd[271462]: Failed password for invalid user aaden from 165.227.166.207 port 51188 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:52:26,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367146.5409322, 'message': 'Dec  7 00:52:25 hqnl0246134 sshd[271462]: Disconnected from invalid user aaden 165.227.166.207 port 51188 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 00:52:50,071] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:52:50,072] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:52:51,846] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:52:51,922] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:52:51,923] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:52:51,924] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:52:51,924] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:52:51,925] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:52:51,942] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:52:51,970] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0445 seconds
WARNING [2022-12-07 00:52:51,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:52:51,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:52:51,999] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0370 seconds
INFO    [2022-12-07 00:52:52,001] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0331 seconds
INFO    [2022-12-07 00:52:52,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367172.569816, 'message': 'Dec  7 00:52:50 hqnl0246134 sshd[271479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:52:54,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367174.570343, 'message': 'Dec  7 00:52:52 hqnl0246134 sshd[271479]: Failed password for root from 61.177.173.18 port 24809 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 00:53:11,426] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:53:11,461] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0503 seconds
INFO    [2022-12-07 00:53:17,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:53:17,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:53:17,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:53:17,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 00:53:22,055] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:53:22,056] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:53:22,057] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 00:53:22,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:53:22,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:53:22,944] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:53:22,990] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0815 seconds
INFO    [2022-12-07 00:53:24,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367204.6049576, 'message': 'Dec  7 00:53:24 hqnl0246134 sshd[271520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0659 seconds
INFO    [2022-12-07 00:53:24,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367204.6052096, 'message': 'Dec  7 00:53:24 hqnl0246134 sshd[271520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0876 seconds
INFO    [2022-12-07 00:53:26,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367206.6057055, 'message': 'Dec  7 00:53:26 hqnl0246134 sshd[271520]: Failed password for root from 61.177.173.48 port 53225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0922 seconds
INFO    [2022-12-07 00:53:26,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367206.6059108, 'message': 'Dec  7 00:53:26 hqnl0246134 sshd[271520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 00:53:28,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367208.6078684, 'message': 'Dec  7 00:53:27 hqnl0246134 sshd[271520]: Failed password for root from 61.177.173.48 port 53225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 00:53:30,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367210.6099896, 'message': 'Dec  7 00:53:28 hqnl0246134 sshd[271520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 00:53:32,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367212.6129346, 'message': 'Dec  7 00:53:30 hqnl0246134 sshd[271520]: Failed password for root from 61.177.173.48 port 53225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:53:34,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367214.6145215, 'message': 'Dec  7 00:53:34 hqnl0246134 sshd[271529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 00:53:34,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367214.614855, 'message': 'Dec  7 00:53:34 hqnl0246134 sshd[271529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 00:53:35,575] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:53:35,576] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:53:35,586] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:53:35,600] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-07 00:53:38,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367218.6186132, 'message': 'Dec  7 00:53:37 hqnl0246134 sshd[271529]: Failed password for root from 61.177.173.48 port 32541 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 00:53:38,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367218.6189804, 'message': 'Dec  7 00:53:38 hqnl0246134 sshd[271543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 00:53:40,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367220.6210153, 'message': 'Dec  7 00:53:39 hqnl0246134 sshd[271529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 00:53:40,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367220.6212761, 'message': 'Dec  7 00:53:39 hqnl0246134 sshd[271543]: Failed password for root from 61.177.173.18 port 48326 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 00:53:40,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367220.6213882, 'message': 'Dec  7 00:53:40 hqnl0246134 sshd[271529]: Failed password for root from 61.177.173.48 port 32541 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:53:42,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367222.6257653, 'message': 'Dec  7 00:53:41 hqnl0246134 sshd[271529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 00:53:42,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367222.626035, 'message': 'Dec  7 00:53:42 hqnl0246134 sshd[271543]: Failed password for root from 61.177.173.18 port 48326 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 00:53:44,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367224.630303, 'message': 'Dec  7 00:53:43 hqnl0246134 sshd[271529]: Failed password for root from 61.177.173.48 port 32541 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 00:53:44,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367224.6305504, 'message': 'Dec  7 00:53:44 hqnl0246134 sshd[271543]: Failed password for root from 61.177.173.18 port 48326 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 00:53:46,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367226.6372495, 'message': 'Dec  7 00:53:44 hqnl0246134 sshd[271545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 00:53:46,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367226.637425, 'message': 'Dec  7 00:53:44 hqnl0246134 sshd[271545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:53:48,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367228.6380963, 'message': 'Dec  7 00:53:47 hqnl0246134 sshd[271545]: Failed password for root from 61.177.173.48 port 17785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
WARNING [2022-12-07 00:53:50,074] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:53:50,075] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:53:50,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367230.640023, 'message': 'Dec  7 00:53:49 hqnl0246134 sshd[271545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:53:50,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367230.6402738, 'message': 'Dec  7 00:53:50 hqnl0246134 sshd[271545]: Failed password for root from 61.177.173.48 port 17785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 00:53:52,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367232.641495, 'message': 'Dec  7 00:53:51 hqnl0246134 sshd[271545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:53:54,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670367234.644353, 'message': 'Dec  7 00:53:53 hqnl0246134 sshd[271545]: Failed password for root from 61.177.173.48 port 17785 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 00:54:10,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367250.6665015, 'message': 'Dec  7 00:54:08 hqnl0246134 sshd[271567]: Invalid user abc from 165.227.166.207 port 33250', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 00:54:10,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367250.667035, 'message': 'Dec  7 00:54:08 hqnl0246134 sshd[271567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 00:54:11,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:54:11,441] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0274 seconds
INFO    [2022-12-07 00:54:12,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367252.6682706, 'message': 'Dec  7 00:54:10 hqnl0246134 sshd[271567]: Failed password for invalid user abc from 165.227.166.207 port 33250 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:54:12,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367252.6684732, 'message': 'Dec  7 00:54:11 hqnl0246134 sshd[271567]: Disconnected from invalid user abc 165.227.166.207 port 33250 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 00:54:17,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:54:17,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:54:17,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:54:17,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 00:54:20,455] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:54:20,456] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:54:20,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:54:20,497] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
INFO    [2022-12-07 00:54:24,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367264.6803942, 'message': 'Dec  7 00:54:23 hqnl0246134 sshd[271582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 00:54:26,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367266.681859, 'message': 'Dec  7 00:54:25 hqnl0246134 sshd[271582]: Failed password for root from 61.177.173.18 port 55881 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:54:30,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367270.686527, 'message': 'Dec  7 00:54:30 hqnl0246134 sshd[271582]: Failed password for root from 61.177.173.18 port 55881 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:54:34,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367274.6903172, 'message': 'Dec  7 00:54:32 hqnl0246134 sshd[271582]: Failed password for root from 61.177.173.18 port 55881 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 00:54:50,079] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:54:50,081] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:55:11,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:55:11,449] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-07 00:55:17,794] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:55:17,795] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:55:17,801] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:55:17,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 00:55:20,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:55:20,612] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:55:20,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:55:20,630] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-07 00:55:50,086] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:55:50,088] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:55:54,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367354.7793634, 'message': 'Dec  7 00:55:54 hqnl0246134 sshd[271670]: Invalid user admin from 165.227.166.207 port 43538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 00:55:54,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367354.7801173, 'message': 'Dec  7 00:55:54 hqnl0246134 sshd[271670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 00:55:56,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367356.7784796, 'message': 'Dec  7 00:55:56 hqnl0246134 sshd[271670]: Failed password for invalid user admin from 165.227.166.207 port 43538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 00:55:58,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367358.7809458, 'message': 'Dec  7 00:55:57 hqnl0246134 sshd[271670]: Disconnected from invalid user admin 165.227.166.207 port 43538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 00:56:00,601] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:56:00,602] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:56:00,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:56:00,623] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-07 00:56:11,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:56:11,460] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-07 00:56:16,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367376.8044007, 'message': 'Dec  7 00:56:14 hqnl0246134 sshd[271697]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 00:56:16,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367376.8047729, 'message': 'Dec  7 00:56:14 hqnl0246134 sshd[271697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 00:56:16,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367376.8049762, 'message': 'Dec  7 00:56:16 hqnl0246134 sshd[271697]: Failed password for root from 61.177.173.53 port 47344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 00:56:17,792] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:56:17,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:56:17,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:56:17,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 00:56:20,426] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:56:20,426] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:56:20,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:56:20,449] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 00:56:20,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367380.8081899, 'message': 'Dec  7 00:56:18 hqnl0246134 sshd[271697]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 00:56:22,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367382.809653, 'message': 'Dec  7 00:56:21 hqnl0246134 sshd[271697]: Failed password for root from 61.177.173.53 port 47344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 00:56:24,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367384.8118076, 'message': 'Dec  7 00:56:23 hqnl0246134 sshd[271697]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:56:26,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367386.814011, 'message': 'Dec  7 00:56:25 hqnl0246134 sshd[271697]: Failed password for root from 61.177.173.53 port 47344 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 00:56:30,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367390.8184187, 'message': 'Dec  7 00:56:29 hqnl0246134 sshd[271711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 00:56:30,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367390.8186624, 'message': 'Dec  7 00:56:29 hqnl0246134 sshd[271711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:56:32,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367392.8208816, 'message': 'Dec  7 00:56:31 hqnl0246134 sshd[271711]: Failed password for root from 61.177.173.53 port 16553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 00:56:34,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367394.823459, 'message': 'Dec  7 00:56:33 hqnl0246134 sshd[271711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 00:56:36,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367396.8260782, 'message': 'Dec  7 00:56:35 hqnl0246134 sshd[271711]: Failed password for root from 61.177.173.53 port 16553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 00:56:38,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367398.8286111, 'message': 'Dec  7 00:56:38 hqnl0246134 sshd[271711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 00:56:40,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367400.8297122, 'message': 'Dec  7 00:56:40 hqnl0246134 sshd[271724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 00:56:40,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670367400.8300009, 'message': 'Dec  7 00:56:40 hqnl0246134 sshd[271711]: Failed password for root from 61.177.173.53 port 16553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 00:56:42,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367402.8325217, 'message': 'Dec  7 00:56:42 hqnl0246134 sshd[271724]: Failed password for root from 61.177.173.18 port 48744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 00:56:46,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367406.8365898, 'message': 'Dec  7 00:56:46 hqnl0246134 sshd[271724]: Failed password for root from 61.177.173.18 port 48744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 00:56:50,091] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:56:50,092] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:56:50,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367410.8402224, 'message': 'Dec  7 00:56:48 hqnl0246134 sshd[271724]: Failed password for root from 61.177.173.18 port 48744 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-07 00:57:11,435] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:57:11,466] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-07 00:57:17,939] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:57:17,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:57:17,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:57:17,972] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0313 seconds
INFO    [2022-12-07 00:57:20,535] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:57:20,535] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:57:20,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:57:20,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 00:57:34,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367454.8941236, 'message': 'Dec  7 00:57:34 hqnl0246134 sshd[271770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 00:57:34,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367454.8943994, 'message': 'Dec  7 00:57:34 hqnl0246134 sshd[271770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 00:57:36,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367456.9004374, 'message': 'Dec  7 00:57:35 hqnl0246134 sshd[271770]: Failed password for root from 61.177.172.114 port 24235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 00:57:36,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367456.9007714, 'message': 'Dec  7 00:57:36 hqnl0246134 sshd[271770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 00:57:38,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367458.904483, 'message': 'Dec  7 00:57:38 hqnl0246134 sshd[271770]: Failed password for root from 61.177.172.114 port 24235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 00:57:38,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367458.9046988, 'message': 'Dec  7 00:57:38 hqnl0246134 sshd[271780]: Invalid user alex from 165.227.166.207 port 53810', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 00:57:38,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367458.904809, 'message': 'Dec  7 00:57:38 hqnl0246134 sshd[271780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 00:57:40,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367460.9062054, 'message': 'Dec  7 00:57:40 hqnl0246134 sshd[271780]: Failed password for invalid user alex from 165.227.166.207 port 53810 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 00:57:40,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367460.906402, 'message': 'Dec  7 00:57:40 hqnl0246134 sshd[271770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 00:57:40,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367460.9065561, 'message': 'Dec  7 00:57:40 hqnl0246134 sshd[271780]: Disconnected from invalid user alex 165.227.166.207 port 53810 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 00:57:42,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367462.9083931, 'message': 'Dec  7 00:57:42 hqnl0246134 sshd[271770]: Failed password for root from 61.177.172.114 port 24235 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 00:57:43,199] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:57:43,199] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:57:43,209] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:57:43,220] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 00:57:44,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367464.9103963, 'message': 'Dec  7 00:57:44 hqnl0246134 sshd[271789]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 00:57:44,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367464.9106889, 'message': 'Dec  7 00:57:44 hqnl0246134 sshd[271789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 00:57:46,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367466.9124167, 'message': 'Dec  7 00:57:46 hqnl0246134 sshd[271789]: Failed password for root from 61.177.172.114 port 59072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 00:57:48,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367468.91368, 'message': 'Dec  7 00:57:48 hqnl0246134 sshd[271789]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
WARNING [2022-12-07 00:57:50,095] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:57:50,096] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 00:57:52,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367472.9184537, 'message': 'Dec  7 00:57:51 hqnl0246134 sshd[271789]: Failed password for root from 61.177.172.114 port 59072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0731 seconds
INFO    [2022-12-07 00:57:54,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367474.922586, 'message': 'Dec  7 00:57:53 hqnl0246134 sshd[271789]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 00:57:56,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367476.9253545, 'message': 'Dec  7 00:57:55 hqnl0246134 sshd[271789]: Failed password for root from 61.177.172.114 port 59072 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 00:57:58,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367478.9286985, 'message': 'Dec  7 00:57:58 hqnl0246134 sshd[271795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 00:57:58,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367478.9289176, 'message': 'Dec  7 00:57:58 hqnl0246134 sshd[271795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 00:58:02,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367482.9366932, 'message': 'Dec  7 00:58:01 hqnl0246134 sshd[271795]: Failed password for root from 61.177.172.114 port 22303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 00:58:04,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367484.9407964, 'message': 'Dec  7 00:58:03 hqnl0246134 sshd[271795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 00:58:06,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367486.9418683, 'message': 'Dec  7 00:58:05 hqnl0246134 sshd[271795]: Failed password for root from 61.177.172.114 port 22303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 00:58:08,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367488.9443996, 'message': 'Dec  7 00:58:07 hqnl0246134 sshd[271795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 00:58:10,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367490.9464734, 'message': 'Dec  7 00:58:09 hqnl0246134 sshd[271795]: Failed password for root from 61.177.172.114 port 22303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-07 00:58:11,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:58:11,462] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-07 00:58:12,440] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 00:58:12,515] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 00:58:12,516] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 00:58:12,516] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 00:58:12,516] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 00:58:12,516] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 00:58:12,526] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 00:58:12,541] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0236 seconds
WARNING [2022-12-07 00:58:12,548] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 00:58:12,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:58:12,568] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0325 seconds
INFO    [2022-12-07 00:58:12,570] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0305 seconds
INFO    [2022-12-07 00:58:14,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367494.950423, 'message': 'Dec  7 00:58:13 hqnl0246134 sshd[271821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 00:58:14,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367494.9506218, 'message': 'Dec  7 00:58:13 hqnl0246134 sshd[271821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 00:58:16,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367496.9512613, 'message': 'Dec  7 00:58:15 hqnl0246134 sshd[271821]: Failed password for root from 61.177.172.114 port 21827 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 00:58:16,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367496.9515216, 'message': 'Dec  7 00:58:15 hqnl0246134 sshd[271821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:58:17,895] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:58:17,896] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:58:17,903] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:58:17,914] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 00:58:18,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367498.9516063, 'message': 'Dec  7 00:58:18 hqnl0246134 sshd[271821]: Failed password for root from 61.177.172.114 port 21827 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 00:58:20,491] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:58:20,492] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:58:20,499] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:58:20,511] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 00:58:20,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367500.9556959, 'message': 'Dec  7 00:58:19 hqnl0246134 sshd[271821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 00:58:22,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670367502.959556, 'message': 'Dec  7 00:58:22 hqnl0246134 sshd[271821]: Failed password for root from 61.177.172.114 port 21827 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 00:58:42,646] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 00:58:42,648] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 00:58:42,649] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 00:58:50,099] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:58:50,100] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 00:59:11,450] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:59:11,475] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-07 00:59:17,985] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:59:17,986] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:59:17,995] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:59:18,007] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 00:59:20,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:59:20,790] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:59:20,802] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:59:20,816] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 00:59:29,836] defence360agent.files: Updating all files
INFO    [2022-12-07 00:59:30,115] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:30,116] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 00:59:30,402] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:30,402] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 00:59:30,724] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:30,724] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 00:59:31,417] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:31,418] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 00:59:31,418] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 00:59:31,685] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 22:59:31 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E5674D8601FA9'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 00:59:31,688] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 00:59:31,688] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 00:59:32,303] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:32,303] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 00:59:32,619] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:32,619] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 00:59:32,886] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:32,886] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 00:59:33,272] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:33,273] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 00:59:33,656] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 00:59:33,658] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 00:59:35,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367575.0303638, 'message': 'Dec  7 00:59:33 hqnl0246134 sshd[271881]: Invalid user app from 165.227.166.207 port 35876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 00:59:35,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367575.0305915, 'message': 'Dec  7 00:59:33 hqnl0246134 sshd[271881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 00:59:37,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367577.0330043, 'message': 'Dec  7 00:59:36 hqnl0246134 sshd[271881]: Failed password for invalid user app from 165.227.166.207 port 35876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 00:59:39,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367579.0342076, 'message': 'Dec  7 00:59:37 hqnl0246134 sshd[271881]: Disconnected from invalid user app 165.227.166.207 port 35876 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 00:59:39,526] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 00:59:39,527] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 00:59:39,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 00:59:39,546] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 00:59:50,102] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 00:59:50,103] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:00:11,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:00:11,487] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0433 seconds
INFO    [2022-12-07 01:00:18,662] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:00:18,663] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:00:18,671] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:00:18,683] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 01:00:21,986] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:00:21,986] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:00:22,038] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:00:22,050] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 01:00:23,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367623.070894, 'message': 'Dec  7 01:00:23 hqnl0246134 sshd[271970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 01:00:27,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367627.076741, 'message': 'Dec  7 01:00:25 hqnl0246134 sshd[271970]: Failed password for root from 61.177.173.18 port 52521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:00:31,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367631.0801437, 'message': 'Dec  7 01:00:29 hqnl0246134 sshd[271970]: Failed password for root from 61.177.173.18 port 52521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 01:00:35,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367635.0906672, 'message': 'Dec  7 01:00:31 hqnl0246134 sshd[271970]: Failed password for root from 61.177.173.18 port 52521 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 01:00:50,106] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:00:50,108] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:01:07,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367667.1337988, 'message': 'Dec  7 01:01:06 hqnl0246134 sshd[272013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0820 seconds
INFO    [2022-12-07 01:01:09,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367669.1348336, 'message': 'Dec  7 01:01:08 hqnl0246134 sshd[272013]: Failed password for root from 61.177.173.18 port 36443 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 01:01:11,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367671.1383002, 'message': 'Dec  7 01:01:10 hqnl0246134 sshd[272013]: Failed password for root from 61.177.173.18 port 36443 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-07 01:01:11,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:01:11,492] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-07 01:01:15,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367675.1504772, 'message': 'Dec  7 01:01:13 hqnl0246134 sshd[272013]: Failed password for root from 61.177.173.18 port 36443 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-07 01:01:21,568] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:01:21,569] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:01:21,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:01:21,592] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 01:01:27,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:01:27,687] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:01:27,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:01:27,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-07 01:01:31,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367691.166398, 'message': 'Dec  7 01:01:29 hqnl0246134 sshd[272041]: Invalid user centos from 165.227.166.207 port 46218', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 01:01:31,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367691.1667573, 'message': 'Dec  7 01:01:29 hqnl0246134 sshd[272041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:01:33,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367693.1683195, 'message': 'Dec  7 01:01:31 hqnl0246134 sshd[272041]: Failed password for invalid user centos from 165.227.166.207 port 46218 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:01:33,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367693.168526, 'message': 'Dec  7 01:01:32 hqnl0246134 sshd[272041]: Disconnected from invalid user centos 165.227.166.207 port 46218 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-07 01:01:50,115] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:01:50,117] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:01:53,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367713.1956344, 'message': 'Dec  7 01:01:51 hqnl0246134 sshd[272063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-07 01:01:54,094] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 01:01:55,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367715.1946516, 'message': 'Dec  7 01:01:53 hqnl0246134 sshd[272063]: Failed password for root from 61.177.173.18 port 58726 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 01:02:05,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:02:05,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:02:05,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:02:05,329] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
WARNING [2022-12-07 01:02:11,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:02:11,490] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-07 01:02:20,416] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:02:20,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:02:20,425] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:02:20,438] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 01:02:25,172] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:02:25,172] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:02:25,180] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:02:25,192] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 01:02:35,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367755.2396333, 'message': 'Dec  7 01:02:35 hqnl0246134 sshd[272119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:02:37,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367757.2377615, 'message': 'Dec  7 01:02:36 hqnl0246134 sshd[272119]: Failed password for root from 61.177.173.18 port 12770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 01:02:50,122] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:02:50,124] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:03:11,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367791.304812, 'message': 'Dec  7 01:03:09 hqnl0246134 sshd[272142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 01:03:11,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367791.305649, 'message': 'Dec  7 01:03:09 hqnl0246134 sshd[272142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:03:11,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367791.3058167, 'message': 'Dec  7 01:03:11 hqnl0246134 sshd[272142]: Failed password for root from 61.177.173.39 port 38943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
WARNING [2022-12-07 01:03:11,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:03:11,480] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0265 seconds
INFO    [2022-12-07 01:03:13,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367793.304555, 'message': 'Dec  7 01:03:12 hqnl0246134 sshd[272156]: Invalid user chenwei from 165.227.166.207 port 56472', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 01:03:13,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367793.3048894, 'message': 'Dec  7 01:03:12 hqnl0246134 sshd[272156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 01:03:15,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367795.3175092, 'message': 'Dec  7 01:03:13 hqnl0246134 sshd[272142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 01:03:15,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367795.3177364, 'message': 'Dec  7 01:03:14 hqnl0246134 sshd[272156]: Failed password for invalid user chenwei from 165.227.166.207 port 56472 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 01:03:15,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367795.317869, 'message': 'Dec  7 01:03:15 hqnl0246134 sshd[272142]: Failed password for root from 61.177.173.39 port 38943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 01:03:17,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367797.308838, 'message': 'Dec  7 01:03:15 hqnl0246134 sshd[272142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-07 01:03:17,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367797.309092, 'message': 'Dec  7 01:03:16 hqnl0246134 sshd[272156]: Disconnected from invalid user chenwei 165.227.166.207 port 56472 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-07 01:03:18,561] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:03:18,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:03:18,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:03:18,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0330 seconds
INFO    [2022-12-07 01:03:19,132] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:03:19,132] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:03:19,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:03:19,209] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0661 seconds
INFO    [2022-12-07 01:03:19,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367799.3102121, 'message': 'Dec  7 01:03:17 hqnl0246134 sshd[272142]: Failed password for root from 61.177.173.39 port 38943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-07 01:03:21,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367801.3123655, 'message': 'Dec  7 01:03:20 hqnl0246134 sshd[272175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:03:23,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367803.3136046, 'message': 'Dec  7 01:03:22 hqnl0246134 sshd[272175]: Failed password for root from 61.177.173.18 port 36531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:03:23,446] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:03:23,447] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:03:23,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:03:23,467] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 01:03:25,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367805.316767, 'message': 'Dec  7 01:03:24 hqnl0246134 sshd[272175]: Failed password for root from 61.177.173.18 port 36531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:03:29,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367809.3228068, 'message': 'Dec  7 01:03:26 hqnl0246134 sshd[272175]: Failed password for root from 61.177.173.18 port 36531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:03:31,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367811.3251717, 'message': 'Dec  7 01:03:31 hqnl0246134 sshd[272180]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 01:03:31,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367811.3254569, 'message': 'Dec  7 01:03:31 hqnl0246134 sshd[272180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:03:33,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367813.3270426, 'message': 'Dec  7 01:03:32 hqnl0246134 sshd[272180]: Failed password for root from 61.177.173.39 port 43566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 01:03:35,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367815.3296616, 'message': 'Dec  7 01:03:33 hqnl0246134 sshd[272180]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 01:03:35,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367815.330205, 'message': 'Dec  7 01:03:35 hqnl0246134 sshd[272180]: Failed password for root from 61.177.173.39 port 43566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:03:37,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367817.3297331, 'message': 'Dec  7 01:03:35 hqnl0246134 sshd[272180]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:03:39,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367819.3339748, 'message': 'Dec  7 01:03:38 hqnl0246134 sshd[272180]: Failed password for root from 61.177.173.39 port 43566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 01:03:43,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367823.3367188, 'message': 'Dec  7 01:03:42 hqnl0246134 sshd[272193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 01:03:43,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367823.337121, 'message': 'Dec  7 01:03:42 hqnl0246134 sshd[272193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 01:03:45,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367825.4851515, 'message': 'Dec  7 01:03:44 hqnl0246134 sshd[272193]: Failed password for root from 61.177.173.39 port 16960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:03:47,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367827.3407564, 'message': 'Dec  7 01:03:46 hqnl0246134 sshd[272193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:03:49,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367829.346157, 'message': 'Dec  7 01:03:48 hqnl0246134 sshd[272193]: Failed password for root from 61.177.173.39 port 16960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 01:03:50,127] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:03:50,128] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:03:51,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367831.347599, 'message': 'Dec  7 01:03:50 hqnl0246134 sshd[272193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:03:53,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670367833.349599, 'message': 'Dec  7 01:03:53 hqnl0246134 sshd[272193]: Failed password for root from 61.177.173.39 port 16960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:04:07,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367847.3658066, 'message': 'Dec  7 01:04:05 hqnl0246134 sshd[272205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 01:04:09,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367849.3674624, 'message': 'Dec  7 01:04:07 hqnl0246134 sshd[272205]: Failed password for root from 61.177.173.18 port 58662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
WARNING [2022-12-07 01:04:11,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:04:11,512] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0537 seconds
INFO    [2022-12-07 01:04:18,136] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:04:18,137] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:04:18,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:04:18,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 01:04:21,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:04:21,369] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:04:21,376] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:04:21,389] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 01:04:27,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367867.3884792, 'message': 'Dec  7 01:04:26 hqnl0246134 sshd[272230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:04:27,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367867.388781, 'message': 'Dec  7 01:04:26 hqnl0246134 sshd[272230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:04:29,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367869.3886056, 'message': 'Dec  7 01:04:28 hqnl0246134 sshd[272230]: Failed password for root from 61.177.173.51 port 13308 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 01:04:29,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367869.3888667, 'message': 'Dec  7 01:04:28 hqnl0246134 sshd[272230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:04:31,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367871.3907487, 'message': 'Dec  7 01:04:30 hqnl0246134 sshd[272230]: Failed password for root from 61.177.173.51 port 13308 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 01:04:31,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367871.3911583, 'message': 'Dec  7 01:04:31 hqnl0246134 sshd[272230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:04:33,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367873.3937447, 'message': 'Dec  7 01:04:32 hqnl0246134 sshd[272230]: Failed password for root from 61.177.173.51 port 13308 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:04:35,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367875.3959913, 'message': 'Dec  7 01:04:35 hqnl0246134 sshd[272236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 01:04:35,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367875.3963869, 'message': 'Dec  7 01:04:35 hqnl0246134 sshd[272236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:04:36,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:04:36,605] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:04:36,612] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:04:36,624] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 01:04:37,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367877.3974326, 'message': 'Dec  7 01:04:37 hqnl0246134 sshd[272236]: Failed password for root from 61.177.173.51 port 32743 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 01:04:39,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367879.4005225, 'message': 'Dec  7 01:04:37 hqnl0246134 sshd[272236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 01:04:39,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367879.4008539, 'message': 'Dec  7 01:04:39 hqnl0246134 sshd[272236]: Failed password for root from 61.177.173.51 port 32743 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 01:04:41,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367881.4004114, 'message': 'Dec  7 01:04:39 hqnl0246134 sshd[272236]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:04:43,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670367883.402392, 'message': 'Dec  7 01:04:41 hqnl0246134 sshd[272236]: Failed password for root from 61.177.173.51 port 32743 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 01:04:50,130] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:04:50,131] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:04:53,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367893.415399, 'message': 'Dec  7 01:04:51 hqnl0246134 sshd[272254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 01:04:55,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367895.4176745, 'message': 'Dec  7 01:04:53 hqnl0246134 sshd[272254]: Failed password for root from 61.177.173.18 port 25924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-07 01:04:55,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367895.4181185, 'message': 'Dec  7 01:04:54 hqnl0246134 sshd[272257]: Invalid user code87 from 165.227.166.207 port 38514', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-07 01:04:55,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367895.4182596, 'message': 'Dec  7 01:04:54 hqnl0246134 sshd[272257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:04:57,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367897.4192278, 'message': 'Dec  7 01:04:56 hqnl0246134 sshd[272254]: Failed password for root from 61.177.173.18 port 25924 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 01:04:57,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367897.4196289, 'message': 'Dec  7 01:04:56 hqnl0246134 sshd[272257]: Failed password for invalid user code87 from 165.227.166.207 port 38514 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 01:04:59,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670367899.4211817, 'message': 'Dec  7 01:04:58 hqnl0246134 sshd[272257]: Disconnected from invalid user code87 165.227.166.207 port 38514 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 01:05:01,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367901.424162, 'message': 'Dec  7 01:05:00 hqnl0246134 sshd[272254]: Failed password for root from 61.177.173.18 port 25924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0525 seconds
WARNING [2022-12-07 01:05:11,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:05:11,509] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-07 01:05:18,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:05:18,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:05:18,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:05:18,326] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 01:05:21,503] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:05:21,504] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:05:21,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:05:21,524] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 01:05:37,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367937.477397, 'message': 'Dec  7 01:05:36 hqnl0246134 sshd[272345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 01:05:37,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367937.47823, 'message': 'Dec  7 01:05:37 hqnl0246134 sshd[272348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 01:05:37,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367937.4784024, 'message': 'Dec  7 01:05:37 hqnl0246134 sshd[272348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:05:39,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367939.478484, 'message': 'Dec  7 01:05:39 hqnl0246134 sshd[272345]: Failed password for root from 61.177.173.18 port 43465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 01:05:41,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367941.4808953, 'message': 'Dec  7 01:05:39 hqnl0246134 sshd[272348]: Failed password for root from 61.177.173.37 port 55725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 01:05:43,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367943.4818869, 'message': 'Dec  7 01:05:41 hqnl0246134 sshd[272348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 01:05:43,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367943.4821005, 'message': 'Dec  7 01:05:43 hqnl0246134 sshd[272345]: Failed password for root from 61.177.173.18 port 43465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 01:05:45,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367945.4863226, 'message': 'Dec  7 01:05:43 hqnl0246134 sshd[272348]: Failed password for root from 61.177.173.37 port 55725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-07 01:05:45,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367945.4869025, 'message': 'Dec  7 01:05:45 hqnl0246134 sshd[272345]: Failed password for root from 61.177.173.18 port 43465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 01:05:45,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367945.4866977, 'message': 'Dec  7 01:05:43 hqnl0246134 sshd[272348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:05:45,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367945.4871447, 'message': 'Dec  7 01:05:45 hqnl0246134 sshd[272348]: Failed password for root from 61.177.173.37 port 55725 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:05:48,616] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:05:48,617] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:05:48,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:05:48,638] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 01:05:49,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367949.5132911, 'message': 'Dec  7 01:05:47 hqnl0246134 sshd[272360]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 01:05:49,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367949.5137246, 'message': 'Dec  7 01:05:47 hqnl0246134 sshd[272360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
WARNING [2022-12-07 01:05:50,134] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:05:50,135] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:05:51,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367951.5166087, 'message': 'Dec  7 01:05:50 hqnl0246134 sshd[272360]: Failed password for root from 61.177.173.37 port 20759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 01:05:53,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367953.5191145, 'message': 'Dec  7 01:05:51 hqnl0246134 sshd[272360]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 01:05:55,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367955.5213745, 'message': 'Dec  7 01:05:53 hqnl0246134 sshd[272360]: Failed password for root from 61.177.173.37 port 20759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-07 01:05:57,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367957.5240138, 'message': 'Dec  7 01:05:56 hqnl0246134 sshd[272360]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 01:05:59,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367959.5267227, 'message': 'Dec  7 01:05:58 hqnl0246134 sshd[272360]: Failed password for root from 61.177.173.37 port 20759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 01:06:01,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367961.5292299, 'message': 'Dec  7 01:05:59 hqnl0246134 sshd[272371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 01:06:01,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367961.5294385, 'message': 'Dec  7 01:05:59 hqnl0246134 sshd[272371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 01:06:03,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367963.5315242, 'message': 'Dec  7 01:06:02 hqnl0246134 sshd[272371]: Failed password for root from 61.177.173.37 port 51610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 01:06:05,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367965.5353584, 'message': 'Dec  7 01:06:04 hqnl0246134 sshd[272371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 01:06:07,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367967.5374866, 'message': 'Dec  7 01:06:06 hqnl0246134 sshd[272371]: Failed password for root from 61.177.173.37 port 51610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:06:07,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367967.5376778, 'message': 'Dec  7 01:06:06 hqnl0246134 sshd[272371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:06:08,477] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:06:08,546] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:06:08,546] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:06:08,546] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:06:08,547] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:06:08,547] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:06:08,559] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:06:08,576] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0282 seconds
WARNING [2022-12-07 01:06:08,586] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:06:08,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:06:08,605] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0351 seconds
INFO    [2022-12-07 01:06:08,607] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0333 seconds
INFO    [2022-12-07 01:06:09,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367969.5400507, 'message': 'Dec  7 01:06:08 hqnl0246134 sshd[272371]: Failed password for root from 61.177.173.37 port 51610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 01:06:11,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:06:11,500] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0272 seconds
INFO    [2022-12-07 01:06:13,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367973.5453706, 'message': 'Dec  7 01:06:12 hqnl0246134 sshd[272389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 01:06:13,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367973.5456247, 'message': 'Dec  7 01:06:12 hqnl0246134 sshd[272389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:06:15,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367975.5480602, 'message': 'Dec  7 01:06:15 hqnl0246134 sshd[272389]: Failed password for root from 61.177.173.37 port 35348 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 01:06:17,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367977.549682, 'message': 'Dec  7 01:06:16 hqnl0246134 sshd[272389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 01:06:18,427] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:06:18,428] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:06:18,436] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:06:18,448] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 01:06:19,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367979.552878, 'message': 'Dec  7 01:06:19 hqnl0246134 sshd[272389]: Failed password for root from 61.177.173.37 port 35348 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 01:06:21,343] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:06:21,344] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:06:21,352] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:06:21,364] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 01:06:21,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367981.5539305, 'message': 'Dec  7 01:06:21 hqnl0246134 sshd[272389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:06:23,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367983.5577452, 'message': 'Dec  7 01:06:22 hqnl0246134 sshd[272403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 01:06:23,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367983.5580964, 'message': 'Dec  7 01:06:22 hqnl0246134 sshd[272389]: Failed password for root from 61.177.173.37 port 35348 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 01:06:25,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367985.5584497, 'message': 'Dec  7 01:06:24 hqnl0246134 sshd[272403]: Failed password for root from 61.177.173.18 port 17625 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 01:06:25,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367985.5588675, 'message': 'Dec  7 01:06:24 hqnl0246134 sshd[272406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 01:06:25,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367985.5590866, 'message': 'Dec  7 01:06:24 hqnl0246134 sshd[272406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:06:27,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367987.5606923, 'message': 'Dec  7 01:06:27 hqnl0246134 sshd[272403]: Failed password for root from 61.177.173.18 port 17625 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:06:27,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367987.5609782, 'message': 'Dec  7 01:06:27 hqnl0246134 sshd[272406]: Failed password for root from 61.177.173.37 port 19652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 01:06:29,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367989.561937, 'message': 'Dec  7 01:06:29 hqnl0246134 sshd[272406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 01:06:31,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670367991.568105, 'message': 'Dec  7 01:06:31 hqnl0246134 sshd[272403]: Failed password for root from 61.177.173.18 port 17625 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 01:06:31,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367991.5683968, 'message': 'Dec  7 01:06:31 hqnl0246134 sshd[272406]: Failed password for root from 61.177.173.37 port 19652 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 01:06:31,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367991.568624, 'message': 'Dec  7 01:06:31 hqnl0246134 sshd[272406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:06:33,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670367993.5732348, 'message': 'Dec  7 01:06:33 hqnl0246134 sshd[272406]: Failed password for root from 61.177.173.37 port 19652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 01:06:38,788] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:06:38,789] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:06:38,790] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 01:06:45,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368005.5886426, 'message': 'Dec  7 01:06:43 hqnl0246134 sshd[272440]: Invalid user composer from 165.227.166.207 port 48874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 01:06:45,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368005.5906506, 'message': 'Dec  7 01:06:43 hqnl0246134 sshd[272440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:06:45,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368005.5908594, 'message': 'Dec  7 01:06:45 hqnl0246134 sshd[272440]: Failed password for invalid user composer from 165.227.166.207 port 48874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:06:45,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368005.591041, 'message': 'Dec  7 01:06:45 hqnl0246134 sshd[272440]: Disconnected from invalid user composer 165.227.166.207 port 48874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 01:06:50,139] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:06:50,139] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:07:07,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368027.6159658, 'message': 'Dec  7 01:07:06 hqnl0246134 sshd[272465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 01:07:09,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368029.6150799, 'message': 'Dec  7 01:07:08 hqnl0246134 sshd[272465]: Failed password for root from 61.177.173.18 port 36760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0483 seconds
WARNING [2022-12-07 01:07:11,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:07:11,515] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-07 01:07:18,757] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:07:18,758] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:07:18,769] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:07:18,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-07 01:07:18,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:07:18,910] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:07:18,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:07:18,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 01:07:22,086] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:07:22,087] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:07:22,094] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:07:22,105] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-07 01:07:50,144] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:07:50,145] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:07:51,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368071.673139, 'message': 'Dec  7 01:07:49 hqnl0246134 sshd[272508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 01:07:51,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368071.6735516, 'message': 'Dec  7 01:07:51 hqnl0246134 sshd[272508]: Failed password for root from 61.177.173.18 port 49441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:08:07,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368087.7022874, 'message': 'Dec  7 01:08:06 hqnl0246134 sshd[272523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 01:08:07,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368087.7030103, 'message': 'Dec  7 01:08:06 hqnl0246134 sshd[272523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 01:08:09,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368089.7037187, 'message': 'Dec  7 01:08:08 hqnl0246134 sshd[272523]: Failed password for root from 61.177.172.114 port 57194 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 01:08:09,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368089.704225, 'message': 'Dec  7 01:08:08 hqnl0246134 sshd[272523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 01:08:11,495] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:08:11,932] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.4511 seconds
INFO    [2022-12-07 01:08:11,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368091.9142537, 'message': 'Dec  7 01:08:10 hqnl0246134 sshd[272523]: Failed password for root from 61.177.172.114 port 57194 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 01:08:11,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368091.9144263, 'message': 'Dec  7 01:08:10 hqnl0246134 sshd[272523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:08:13,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368093.706451, 'message': 'Dec  7 01:08:12 hqnl0246134 sshd[272523]: Failed password for root from 61.177.172.114 port 57194 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:08:15,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368095.7072554, 'message': 'Dec  7 01:08:14 hqnl0246134 sshd[272540]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 01:08:15,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368095.7075682, 'message': 'Dec  7 01:08:14 hqnl0246134 sshd[272540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:08:17,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368097.7121139, 'message': 'Dec  7 01:08:15 hqnl0246134 sshd[272540]: Failed password for root from 61.177.172.114 port 14328 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:08:17,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368097.7123277, 'message': 'Dec  7 01:08:16 hqnl0246134 sshd[272540]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 01:08:18,414] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:08:18,414] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:08:18,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:08:18,436] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 01:08:19,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368099.7140334, 'message': 'Dec  7 01:08:18 hqnl0246134 sshd[272540]: Failed password for root from 61.177.172.114 port 14328 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:08:19,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368099.7142003, 'message': 'Dec  7 01:08:19 hqnl0246134 sshd[272540]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:08:21,523] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:08:21,524] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:08:21,532] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:08:21,543] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 01:08:21,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368101.7163846, 'message': 'Dec  7 01:08:21 hqnl0246134 sshd[272540]: Failed password for root from 61.177.172.114 port 14328 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 01:08:25,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368105.722874, 'message': 'Dec  7 01:08:24 hqnl0246134 sshd[272556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 01:08:25,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368105.723287, 'message': 'Dec  7 01:08:24 hqnl0246134 sshd[272556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:08:26,306] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:08:26,307] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:08:26,314] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:08:26,326] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 01:08:27,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368107.727263, 'message': 'Dec  7 01:08:26 hqnl0246134 sshd[272556]: Failed password for root from 61.177.172.114 port 43709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 01:08:29,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368109.729461, 'message': 'Dec  7 01:08:29 hqnl0246134 sshd[272556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:08:31,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368111.7332659, 'message': 'Dec  7 01:08:30 hqnl0246134 sshd[272556]: Failed password for root from 61.177.172.114 port 43709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:08:31,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368111.7368207, 'message': 'Dec  7 01:08:31 hqnl0246134 sshd[272556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:08:35,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368115.7382486, 'message': 'Dec  7 01:08:33 hqnl0246134 sshd[272556]: Failed password for root from 61.177.172.114 port 43709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 01:08:35,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368115.7386267, 'message': 'Dec  7 01:08:33 hqnl0246134 sshd[272562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 01:08:35,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368115.7387874, 'message': 'Dec  7 01:08:35 hqnl0246134 sshd[272562]: Failed password for root from 61.177.173.18 port 19921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:08:37,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368117.7410836, 'message': 'Dec  7 01:08:37 hqnl0246134 sshd[272564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:08:37,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368117.7413223, 'message': 'Dec  7 01:08:37 hqnl0246134 sshd[272564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:08:39,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368119.7466574, 'message': 'Dec  7 01:08:38 hqnl0246134 sshd[272562]: Failed password for root from 61.177.173.18 port 19921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:08:39,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368119.7471836, 'message': 'Dec  7 01:08:39 hqnl0246134 sshd[272564]: Failed password for root from 61.177.172.114 port 42307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:08:39,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368119.7473314, 'message': 'Dec  7 01:08:39 hqnl0246134 sshd[272564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:08:41,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368121.7462137, 'message': 'Dec  7 01:08:41 hqnl0246134 sshd[272564]: Failed password for root from 61.177.172.114 port 42307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:08:43,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368123.7485676, 'message': 'Dec  7 01:08:41 hqnl0246134 sshd[272564]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 01:08:43,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368123.7487578, 'message': 'Dec  7 01:08:42 hqnl0246134 sshd[272562]: Failed password for root from 61.177.173.18 port 19921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 01:08:43,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368123.748937, 'message': 'Dec  7 01:08:42 hqnl0246134 sshd[272574]: Invalid user czh from 165.227.166.207 port 59108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 01:08:43,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368123.7490711, 'message': 'Dec  7 01:08:42 hqnl0246134 sshd[272574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:08:45,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670368125.7498174, 'message': 'Dec  7 01:08:44 hqnl0246134 sshd[272564]: Failed password for root from 61.177.172.114 port 42307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 01:08:45,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368125.750071, 'message': 'Dec  7 01:08:44 hqnl0246134 sshd[272574]: Failed password for invalid user czh from 165.227.166.207 port 59108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 01:08:47,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368127.7521174, 'message': 'Dec  7 01:08:45 hqnl0246134 sshd[272574]: Disconnected from invalid user czh 165.227.166.207 port 59108 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 01:08:50,148] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:08:50,149] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:09:11,500] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:09:11,525] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-07 01:09:18,234] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:09:18,234] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:09:18,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:09:18,267] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0290 seconds
INFO    [2022-12-07 01:09:19,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368159.7935517, 'message': 'Dec  7 01:09:19 hqnl0246134 sshd[272737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:09:21,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368161.7942848, 'message': 'Dec  7 01:09:21 hqnl0246134 sshd[272737]: Failed password for root from 61.177.173.18 port 44414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 01:09:22,070] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:09:22,071] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:09:22,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:09:22,106] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-07 01:09:25,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368165.7978303, 'message': 'Dec  7 01:09:25 hqnl0246134 sshd[272737]: Failed password for root from 61.177.173.18 port 44414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:09:29,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368169.8026874, 'message': 'Dec  7 01:09:28 hqnl0246134 sshd[272737]: Failed password for root from 61.177.173.18 port 44414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:09:33,089] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:09:33,090] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:09:33,098] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:09:33,110] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
WARNING [2022-12-07 01:09:50,151] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:09:50,153] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:10:05,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368205.8409317, 'message': 'Dec  7 01:10:05 hqnl0246134 sshd[272788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 01:10:07,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368207.8407216, 'message': 'Dec  7 01:10:07 hqnl0246134 sshd[272788]: Failed password for root from 61.177.173.18 port 13682 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
WARNING [2022-12-07 01:10:12,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:10:12,248] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.7327 seconds
INFO    [2022-12-07 01:10:18,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:10:18,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:10:18,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:10:18,671] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 01:10:21,683] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:10:21,683] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:10:21,691] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:10:21,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 01:10:39,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368239.889076, 'message': 'Dec  7 01:10:39 hqnl0246134 sshd[272827]: Invalid user db2inst1 from 165.227.166.207 port 41170', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 01:10:39,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368239.8901386, 'message': 'Dec  7 01:10:39 hqnl0246134 sshd[272827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:10:41,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368241.891489, 'message': 'Dec  7 01:10:41 hqnl0246134 sshd[272827]: Failed password for invalid user db2inst1 from 165.227.166.207 port 41170 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 01:10:43,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368243.894783, 'message': 'Dec  7 01:10:43 hqnl0246134 sshd[272827]: Disconnected from invalid user db2inst1 165.227.166.207 port 41170 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:10:46,719] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:10:46,724] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:10:46,733] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:10:46,749] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
WARNING [2022-12-07 01:10:50,156] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:10:50,157] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:10:51,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368251.902298, 'message': 'Dec  7 01:10:51 hqnl0246134 sshd[272843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 01:10:53,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368253.9044893, 'message': 'Dec  7 01:10:53 hqnl0246134 sshd[272843]: Failed password for root from 61.177.173.18 port 32875 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 01:11:11,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:11:11,587] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0658 seconds
INFO    [2022-12-07 01:11:18,379] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:11:18,380] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:11:18,392] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:11:18,409] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
INFO    [2022-12-07 01:11:22,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:11:22,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:11:22,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:11:22,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 01:11:39,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368299.9628189, 'message': 'Dec  7 01:11:38 hqnl0246134 sshd[272880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 01:11:41,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368301.9622622, 'message': 'Dec  7 01:11:41 hqnl0246134 sshd[272880]: Failed password for root from 61.177.173.18 port 58424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-07 01:11:50,161] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:11:50,163] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:11:54,100] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 01:12:11,537] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:12:11,561] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-07 01:12:18,063] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:12:18,064] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:12:18,071] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:12:18,085] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 01:12:20,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:12:20,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:12:20,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:12:20,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 01:12:26,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368346.0645216, 'message': 'Dec  7 01:12:25 hqnl0246134 sshd[272928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:12:30,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368350.0752003, 'message': 'Dec  7 01:12:28 hqnl0246134 sshd[272928]: Failed password for root from 61.177.173.18 port 24256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 01:12:32,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368352.0774596, 'message': 'Dec  7 01:12:31 hqnl0246134 sshd[272928]: Failed password for root from 61.177.173.18 port 24256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 01:12:36,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368356.0815296, 'message': 'Dec  7 01:12:35 hqnl0246134 sshd[272928]: Failed password for root from 61.177.173.18 port 24256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 01:12:38,684] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:12:38,684] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:12:38,692] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:12:38,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 01:12:40,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368360.0871384, 'message': 'Dec  7 01:12:38 hqnl0246134 sshd[272947]: Invalid user dell from 165.227.166.207 port 51450', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 01:12:40,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368360.087533, 'message': 'Dec  7 01:12:38 hqnl0246134 sshd[272947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:12:42,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368362.08921, 'message': 'Dec  7 01:12:40 hqnl0246134 sshd[272947]: Failed password for invalid user dell from 165.227.166.207 port 51450 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 01:12:42,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368362.089395, 'message': 'Dec  7 01:12:41 hqnl0246134 sshd[272947]: Disconnected from invalid user dell 165.227.166.207 port 51450 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 01:12:50,167] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:12:50,168] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:12:54,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368374.1070611, 'message': 'Dec  7 01:12:53 hqnl0246134 sshd[272965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 01:12:54,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368374.1076543, 'message': 'Dec  7 01:12:53 hqnl0246134 sshd[272965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 01:12:56,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368376.1082075, 'message': 'Dec  7 01:12:55 hqnl0246134 sshd[272965]: Failed password for root from 61.177.173.50 port 26036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:12:58,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368378.1106327, 'message': 'Dec  7 01:12:57 hqnl0246134 sshd[272965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 01:13:00,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368380.1132255, 'message': 'Dec  7 01:12:59 hqnl0246134 sshd[272965]: Failed password for root from 61.177.173.50 port 26036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:13:00,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368380.113444, 'message': 'Dec  7 01:13:00 hqnl0246134 sshd[272965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:13:02,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368382.1158566, 'message': 'Dec  7 01:13:01 hqnl0246134 sshd[272967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:13:02,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368382.1160712, 'message': 'Dec  7 01:13:01 hqnl0246134 sshd[272967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:13:02,371] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 01:13:02,382] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:13:02,394] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0187 seconds
INFO    [2022-12-07 01:13:04,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368384.1178355, 'message': 'Dec  7 01:13:02 hqnl0246134 sshd[272965]: Failed password for root from 61.177.173.50 port 26036 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 01:13:04,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368384.1180518, 'message': 'Dec  7 01:13:03 hqnl0246134 sshd[272967]: Failed password for root from 61.177.173.39 port 21724 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 01:13:06,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368386.1208234, 'message': 'Dec  7 01:13:05 hqnl0246134 sshd[272967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 01:13:06,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368386.1210272, 'message': 'Dec  7 01:13:06 hqnl0246134 sshd[272987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 01:13:06,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368386.1212022, 'message': 'Dec  7 01:13:06 hqnl0246134 sshd[272987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:13:08,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368388.123226, 'message': 'Dec  7 01:13:07 hqnl0246134 sshd[272967]: Failed password for root from 61.177.173.39 port 21724 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:13:08,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368388.1235373, 'message': 'Dec  7 01:13:07 hqnl0246134 sshd[272987]: Failed password for root from 61.177.173.50 port 14172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 01:13:08,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368388.1237154, 'message': 'Dec  7 01:13:08 hqnl0246134 sshd[272967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 01:13:10,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368390.1401675, 'message': 'Dec  7 01:13:08 hqnl0246134 sshd[272987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0716 seconds
INFO    [2022-12-07 01:13:10,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368390.140565, 'message': 'Dec  7 01:13:09 hqnl0246134 sshd[272967]: Failed password for root from 61.177.173.39 port 21724 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0712 seconds
WARNING [2022-12-07 01:13:11,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:13:11,597] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0655 seconds
INFO    [2022-12-07 01:13:12,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368392.1291773, 'message': 'Dec  7 01:13:10 hqnl0246134 sshd[272987]: Failed password for root from 61.177.173.50 port 14172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 01:13:12,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368392.1295729, 'message': 'Dec  7 01:13:11 hqnl0246134 sshd[272991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 01:13:12,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368392.1296995, 'message': 'Dec  7 01:13:12 hqnl0246134 sshd[272999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 01:13:12,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368392.1293743, 'message': 'Dec  7 01:13:10 hqnl0246134 sshd[272987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:13:12,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368392.129862, 'message': 'Dec  7 01:13:12 hqnl0246134 sshd[272999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 01:13:12,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670368392.1299865, 'message': 'Dec  7 01:13:12 hqnl0246134 sshd[272987]: Failed password for root from 61.177.173.50 port 14172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:13:14,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368394.1302414, 'message': 'Dec  7 01:13:12 hqnl0246134 sshd[272991]: Failed password for root from 61.177.173.18 port 49035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 01:13:14,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368394.1304305, 'message': 'Dec  7 01:13:13 hqnl0246134 sshd[272999]: Failed password for root from 61.177.173.39 port 50385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 01:13:14,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368394.1305664, 'message': 'Dec  7 01:13:14 hqnl0246134 sshd[272999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 01:13:16,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368396.1356924, 'message': 'Dec  7 01:13:15 hqnl0246134 sshd[272991]: Failed password for root from 61.177.173.18 port 49035 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:13:18,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368398.1373622, 'message': 'Dec  7 01:13:16 hqnl0246134 sshd[272999]: Failed password for root from 61.177.173.39 port 50385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 01:13:20,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368400.1380534, 'message': 'Dec  7 01:13:18 hqnl0246134 sshd[272999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 01:13:20,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368400.1383562, 'message': 'Dec  7 01:13:19 hqnl0246134 sshd[272991]: Failed password for root from 61.177.173.18 port 49035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 01:13:20,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:13:20,772] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:13:20,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:13:20,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-07 01:13:22,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368402.1403284, 'message': 'Dec  7 01:13:20 hqnl0246134 sshd[272999]: Failed password for root from 61.177.173.39 port 50385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 01:13:23,906] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:13:24,000] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:13:24,001] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:13:24,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:13:24,082] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:13:24,082] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:13:24,083] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:13:24,083] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:13:24,083] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:13:24,091] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0884 seconds
INFO    [2022-12-07 01:13:24,830] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:13:24,865] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.7809 seconds
WARNING [2022-12-07 01:13:24,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:13:24,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:13:24,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368404.8342738, 'message': 'Dec  7 01:13:22 hqnl0246134 sshd[273030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 01:13:24,916] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0581 seconds
INFO    [2022-12-07 01:13:24,921] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0547 seconds
INFO    [2022-12-07 01:13:24,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368404.834562, 'message': 'Dec  7 01:13:22 hqnl0246134 sshd[273030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 01:13:24,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368404.8346944, 'message': 'Dec  7 01:13:23 hqnl0246134 sshd[273030]: Failed password for root from 61.177.173.39 port 30067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:13:26,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368406.1460578, 'message': 'Dec  7 01:13:24 hqnl0246134 sshd[273030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 01:13:28,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368408.149283, 'message': 'Dec  7 01:13:27 hqnl0246134 sshd[273030]: Failed password for root from 61.177.173.39 port 30067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 01:13:30,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368410.152684, 'message': 'Dec  7 01:13:28 hqnl0246134 sshd[273030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 01:13:32,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368412.155006, 'message': 'Dec  7 01:13:30 hqnl0246134 sshd[273030]: Failed password for root from 61.177.173.39 port 30067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
WARNING [2022-12-07 01:13:50,178] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:13:50,179] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:13:54,213] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:13:54,214] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:13:54,215] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-07 01:13:58,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368438.198673, 'message': 'Dec  7 01:13:56 hqnl0246134 sshd[273053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 01:13:58,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368438.1991467, 'message': 'Dec  7 01:13:57 hqnl0246134 sshd[273053]: Failed password for root from 61.177.173.18 port 63678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:14:02,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368442.2018807, 'message': 'Dec  7 01:13:59 hqnl0246134 sshd[273053]: Failed password for root from 61.177.173.18 port 63678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:14:04,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368444.2043085, 'message': 'Dec  7 01:14:02 hqnl0246134 sshd[273053]: Failed password for root from 61.177.173.18 port 63678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:14:07,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:14:07,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:14:07,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:14:07,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-07 01:14:11,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:14:11,569] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-07 01:14:17,948] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:14:17,948] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:14:17,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:14:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 01:14:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:14:20,735] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:14:20,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:14:20,754] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 01:14:26,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368466.2231998, 'message': 'Dec  7 01:14:24 hqnl0246134 sshd[273096]: Invalid user dell from 165.227.166.207 port 33508', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 01:14:26,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368466.2237015, 'message': 'Dec  7 01:14:25 hqnl0246134 sshd[273096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:14:28,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368468.2257464, 'message': 'Dec  7 01:14:26 hqnl0246134 sshd[273096]: Failed password for invalid user dell from 165.227.166.207 port 33508 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:14:28,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368468.226052, 'message': 'Dec  7 01:14:28 hqnl0246134 sshd[273096]: Disconnected from invalid user dell 165.227.166.207 port 33508 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:14:40,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368480.240371, 'message': 'Dec  7 01:14:40 hqnl0246134 sshd[273100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 01:14:42,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368482.2435892, 'message': 'Dec  7 01:14:42 hqnl0246134 sshd[273100]: Failed password for root from 61.177.173.18 port 24158 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-07 01:14:50,182] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:14:50,184] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:15:11,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:15:11,579] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0407 seconds
INFO    [2022-12-07 01:15:16,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670368516.286979, 'message': 'Dec  7 01:15:15 hqnl0246134 sshd[273158]: Invalid user test from 152.89.196.220 port 60364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0797 seconds
INFO    [2022-12-07 01:15:16,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.89.196.220', 'timestamp': 1670368516.2878032, 'message': 'Dec  7 01:15:15 hqnl0246134 sshd[273158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.89.196.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-07 01:15:16,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.89.196.220', 'timestamp': 1670368516.2880816, 'message': 'Dec  7 01:15:15 hqnl0246134 sshd[273158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.196.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 01:15:18,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670368518.2851286, 'message': 'Dec  7 01:15:17 hqnl0246134 sshd[273158]: Failed password for invalid user test from 152.89.196.220 port 60364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-07 01:15:18,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.89.196.220', 'timestamp': 1670368518.285506, 'message': 'Dec  7 01:15:17 hqnl0246134 sshd[273158]: Disconnected from invalid user test 152.89.196.220 port 60364 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:15:18,564] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:15:18,565] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:15:18,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:15:18,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 01:15:20,638] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:15:20,638] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:15:20,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:15:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 01:15:22,916] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:15:22,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:15:22,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:15:22,940] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 01:15:26,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368526.2929592, 'message': 'Dec  7 01:15:24 hqnl0246134 sshd[273178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 01:15:28,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368528.2953713, 'message': 'Dec  7 01:15:26 hqnl0246134 sshd[273178]: Failed password for root from 61.177.173.18 port 42895 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 01:15:30,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368530.2964797, 'message': 'Dec  7 01:15:28 hqnl0246134 sshd[273178]: Failed password for root from 61.177.173.18 port 42895 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 01:15:32,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368532.2987874, 'message': 'Dec  7 01:15:31 hqnl0246134 sshd[273178]: Failed password for root from 61.177.173.18 port 42895 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-07 01:15:50,187] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:15:50,188] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:16:10,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368570.3447423, 'message': 'Dec  7 01:16:09 hqnl0246134 sshd[273204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 01:16:11,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:16:11,580] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-07 01:16:12,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368572.3445046, 'message': 'Dec  7 01:16:11 hqnl0246134 sshd[273204]: Failed password for root from 61.177.173.18 port 59196 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:16:18,339] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:16:18,339] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:16:18,359] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:16:18,371] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 01:16:21,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:16:21,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:16:21,794] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:16:21,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0618 seconds
INFO    [2022-12-07 01:16:26,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368586.359843, 'message': 'Dec  7 01:16:25 hqnl0246134 sshd[273229]: Invalid user dell from 165.227.166.207 port 43792', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:16:26,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368586.3601804, 'message': 'Dec  7 01:16:25 hqnl0246134 sshd[273229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 01:16:30,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368590.3634186, 'message': 'Dec  7 01:16:28 hqnl0246134 sshd[273229]: Failed password for invalid user dell from 165.227.166.207 port 43792 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 01:16:30,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368590.3638182, 'message': 'Dec  7 01:16:29 hqnl0246134 sshd[273229]: Disconnected from invalid user dell 165.227.166.207 port 43792 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
WARNING [2022-12-07 01:16:50,193] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:16:50,195] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:16:56,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368616.3879879, 'message': 'Dec  7 01:16:56 hqnl0246134 sshd[273243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 01:16:58,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368618.3891184, 'message': 'Dec  7 01:16:57 hqnl0246134 sshd[273243]: Failed password for root from 61.177.173.18 port 34116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-07 01:17:02,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368622.3956795, 'message': 'Dec  7 01:17:00 hqnl0246134 sshd[273243]: Failed password for root from 61.177.173.18 port 34116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 01:17:06,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368626.4033961, 'message': 'Dec  7 01:17:04 hqnl0246134 sshd[273243]: Failed password for root from 61.177.173.18 port 34116 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 01:17:08,020] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:17:08,021] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:17:08,031] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:17:08,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-07 01:17:11,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:17:11,598] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0491 seconds
INFO    [2022-12-07 01:17:16,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670368636.413859, 'message': 'Dec  7 01:17:16 hqnl0246134 sshd[273277]: Invalid user vnc from 196.1.114.254 port 41817', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:17:18,260] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:17:18,261] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:17:18,270] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:17:18,284] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 01:17:18,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '196.1.114.254', 'timestamp': 1670368638.4947376, 'message': 'Dec  7 01:17:16 hqnl0246134 sshd[273277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 196.1.114.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:17:18,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '196.1.114.254', 'timestamp': 1670368638.4949603, 'message': 'Dec  7 01:17:16 hqnl0246134 sshd[273277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.1.114.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:17:18,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670368638.4951048, 'message': 'Dec  7 01:17:18 hqnl0246134 sshd[273277]: Failed password for invalid user vnc from 196.1.114.254 port 41817 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:17:20,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670368640.4164257, 'message': 'Dec  7 01:17:19 hqnl0246134 sshd[273277]: Disconnected from invalid user vnc 196.1.114.254 port 41817 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 01:17:21,205] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:17:21,205] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:17:21,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:17:21,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 01:17:36,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670368656.4400973, 'message': 'Dec  7 01:17:34 hqnl0246134 sshd[273290]: Invalid user appadmin from 36.255.8.153 port 50640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:17:36,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670368656.4409916, 'message': 'Dec  7 01:17:34 hqnl0246134 sshd[273290]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 01:17:36,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670368656.4411979, 'message': 'Dec  7 01:17:34 hqnl0246134 sshd[273290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 01:17:38,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670368658.4389896, 'message': 'Dec  7 01:17:36 hqnl0246134 sshd[273290]: Failed password for invalid user appadmin from 36.255.8.153 port 50640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 01:17:38,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670368658.4392414, 'message': 'Dec  7 01:17:37 hqnl0246134 sshd[273290]: Disconnected from invalid user appadmin 36.255.8.153 port 50640 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 01:17:42,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368662.4426048, 'message': 'Dec  7 01:17:41 hqnl0246134 sshd[273295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 01:17:44,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368664.4432175, 'message': 'Dec  7 01:17:44 hqnl0246134 sshd[273295]: Failed password for root from 61.177.173.18 port 47569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-07 01:17:50,198] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:17:50,200] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:18:11,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:18:12,678] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 1.1224 seconds
INFO    [2022-12-07 01:18:18,254] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:18:18,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:18:18,274] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:18:18,297] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0391 seconds
INFO    [2022-12-07 01:18:21,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:18:21,323] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:18:21,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:18:21,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 01:18:28,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368708.495776, 'message': 'Dec  7 01:18:26 hqnl0246134 sshd[273336]: Invalid user dell from 165.227.166.207 port 54096', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 01:18:28,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368708.4963717, 'message': 'Dec  7 01:18:28 hqnl0246134 sshd[273338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 01:18:28,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368708.4960322, 'message': 'Dec  7 01:18:26 hqnl0246134 sshd[273336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 01:18:28,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368708.4962444, 'message': 'Dec  7 01:18:27 hqnl0246134 sshd[273336]: Failed password for invalid user dell from 165.227.166.207 port 54096 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:18:28,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368708.4964802, 'message': 'Dec  7 01:18:28 hqnl0246134 sshd[273336]: Disconnected from invalid user dell 165.227.166.207 port 54096 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 01:18:30,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368710.4961164, 'message': 'Dec  7 01:18:30 hqnl0246134 sshd[273338]: Failed password for root from 61.177.173.18 port 19799 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0725 seconds
INFO    [2022-12-07 01:18:31,623] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:18:31,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:18:31,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:18:31,645] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 01:18:34,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368714.5047529, 'message': 'Dec  7 01:18:34 hqnl0246134 sshd[273338]: Failed password for root from 61.177.173.18 port 19799 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 01:18:40,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368720.5149083, 'message': 'Dec  7 01:18:36 hqnl0246134 sshd[273338]: Failed password for root from 61.177.173.18 port 19799 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0415 seconds
WARNING [2022-12-07 01:18:50,204] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:18:50,206] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:18:56,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368736.5293026, 'message': 'Dec  7 01:18:56 hqnl0246134 sshd[273379]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 01:18:56,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368736.5353608, 'message': 'Dec  7 01:18:56 hqnl0246134 sshd[273379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 01:19:00,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368740.5331094, 'message': 'Dec  7 01:18:58 hqnl0246134 sshd[273379]: Failed password for root from 46.101.123.135 port 35644 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:19:00,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670368740.5333002, 'message': 'Dec  7 01:18:59 hqnl0246134 sshd[273383]: Invalid user teste from 165.22.246.215 port 43522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:19:00,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.246.215', 'timestamp': 1670368740.5369043, 'message': 'Dec  7 01:18:59 hqnl0246134 sshd[273383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.246.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:19:00,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.246.215', 'timestamp': 1670368740.5370424, 'message': 'Dec  7 01:18:59 hqnl0246134 sshd[273383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.246.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:19:02,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670368742.5358129, 'message': 'Dec  7 01:19:01 hqnl0246134 sshd[273383]: Failed password for invalid user teste from 165.22.246.215 port 43522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:19:02,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670368742.5367193, 'message': 'Dec  7 01:19:02 hqnl0246134 sshd[273383]: Disconnected from invalid user teste 165.22.246.215 port 43522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 01:19:11,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:19:11,719] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.1579 seconds
INFO    [2022-12-07 01:19:12,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368752.5471766, 'message': 'Dec  7 01:19:12 hqnl0246134 sshd[273399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 01:19:14,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368754.5496185, 'message': 'Dec  7 01:19:14 hqnl0246134 sshd[273399]: Failed password for root from 61.177.173.18 port 30436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:19:18,325] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:19:18,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:19:18,333] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:19:18,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 01:19:18,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368758.5599842, 'message': 'Dec  7 01:19:15 hqnl0246134 sshd[273399]: Failed password for root from 61.177.173.18 port 30436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:19:20,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368760.561958, 'message': 'Dec  7 01:19:18 hqnl0246134 sshd[273399]: Failed password for root from 61.177.173.18 port 30436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:19:20,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:19:20,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:19:20,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:19:20,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-07 01:19:50,210] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:19:50,211] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:19:56,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368796.599194, 'message': 'Dec  7 01:19:56 hqnl0246134 sshd[273431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 01:19:58,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368798.601638, 'message': 'Dec  7 01:19:58 hqnl0246134 sshd[273431]: Failed password for root from 61.177.173.18 port 55059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 01:20:02,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368802.6168725, 'message': 'Dec  7 01:20:00 hqnl0246134 sshd[273431]: Failed password for root from 61.177.173.18 port 55059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0774 seconds
INFO    [2022-12-07 01:20:04,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368804.6166732, 'message': 'Dec  7 01:20:02 hqnl0246134 sshd[273431]: Failed password for root from 61.177.173.18 port 55059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 01:20:08,056] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:20:08,057] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:20:08,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:20:08,082] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
WARNING [2022-12-07 01:20:11,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:20:11,597] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0280 seconds
INFO    [2022-12-07 01:20:18,183] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:20:18,185] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:20:18,202] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:20:18,216] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 01:20:20,973] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:20:20,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:20:20,982] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:20:20,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 01:20:24,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368824.64068, 'message': 'Dec  7 01:20:23 hqnl0246134 sshd[273489]: Invalid user dell from 165.227.166.207 port 36150', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 01:20:24,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368824.641053, 'message': 'Dec  7 01:20:23 hqnl0246134 sshd[273489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:20:26,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368826.6437752, 'message': 'Dec  7 01:20:25 hqnl0246134 sshd[273489]: Failed password for invalid user dell from 165.227.166.207 port 36150 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:20:28,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368828.646047, 'message': 'Dec  7 01:20:26 hqnl0246134 sshd[273489]: Disconnected from invalid user dell 165.227.166.207 port 36150 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 01:20:38,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670368838.656791, 'message': 'Dec  7 01:20:36 hqnl0246134 sshd[273494]: Invalid user oracle from 41.185.26.240 port 45360', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 01:20:38,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.185.26.240', 'timestamp': 1670368838.6570184, 'message': 'Dec  7 01:20:37 hqnl0246134 sshd[273494]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.185.26.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:20:38,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.185.26.240', 'timestamp': 1670368838.6571329, 'message': 'Dec  7 01:20:37 hqnl0246134 sshd[273494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 01:20:38,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670368838.6572506, 'message': 'Dec  7 01:20:38 hqnl0246134 sshd[273494]: Failed password for invalid user oracle from 41.185.26.240 port 45360 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:20:40,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368840.6614556, 'message': 'Dec  7 01:20:39 hqnl0246134 sshd[273496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:20:40,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670368840.6618218, 'message': 'Dec  7 01:20:40 hqnl0246134 sshd[273494]: Disconnected from invalid user oracle 41.185.26.240 port 45360 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 01:20:42,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368842.663516, 'message': 'Dec  7 01:20:41 hqnl0246134 sshd[273496]: Failed password for root from 61.177.173.18 port 17579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
WARNING [2022-12-07 01:20:50,215] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:20:50,216] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:20:54,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368854.6749103, 'message': 'Dec  7 01:20:53 hqnl0246134 sshd[273509]: Invalid user alvin from 46.101.123.135 port 34864', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 01:20:54,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368854.6753728, 'message': 'Dec  7 01:20:53 hqnl0246134 sshd[273509]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:20:54,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368854.6756032, 'message': 'Dec  7 01:20:53 hqnl0246134 sshd[273509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:20:56,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368856.6769638, 'message': 'Dec  7 01:20:55 hqnl0246134 sshd[273509]: Failed password for invalid user alvin from 46.101.123.135 port 34864 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 01:20:56,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670368856.6774223, 'message': 'Dec  7 01:20:55 hqnl0246134 sshd[273511]: Invalid user skaner from 45.230.236.11 port 57148', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 01:20:56,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368856.6772373, 'message': 'Dec  7 01:20:55 hqnl0246134 sshd[273509]: Disconnected from invalid user alvin 46.101.123.135 port 34864 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 01:20:56,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.230.236.11', 'timestamp': 1670368856.677549, 'message': 'Dec  7 01:20:56 hqnl0246134 sshd[273511]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.230.236.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 01:20:56,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.230.236.11', 'timestamp': 1670368856.677666, 'message': 'Dec  7 01:20:56 hqnl0246134 sshd[273511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.230.236.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:20:58,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670368858.6778853, 'message': 'Dec  7 01:20:57 hqnl0246134 sshd[273511]: Failed password for invalid user skaner from 45.230.236.11 port 57148 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 01:21:00,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670368860.6809754, 'message': 'Dec  7 01:20:59 hqnl0246134 sshd[273511]: Disconnected from invalid user skaner 45.230.236.11 port 57148 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:21:02,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368862.6822686, 'message': 'Dec  7 01:21:02 hqnl0246134 sshd[273513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:21:02,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368862.682476, 'message': 'Dec  7 01:21:02 hqnl0246134 sshd[273513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:21:04,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368864.6890776, 'message': 'Dec  7 01:21:04 hqnl0246134 sshd[273513]: Failed password for root from 61.177.173.46 port 23745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 01:21:06,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368866.6931133, 'message': 'Dec  7 01:21:04 hqnl0246134 sshd[273513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:21:07,109] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:21:07,179] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:21:07,180] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:21:07,180] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:21:07,180] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:21:07,181] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:21:07,191] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:21:07,209] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0277 seconds
WARNING [2022-12-07 01:21:07,216] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:21:07,218] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:21:07,235] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0337 seconds
INFO    [2022-12-07 01:21:07,237] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0305 seconds
INFO    [2022-12-07 01:21:08,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368868.696433, 'message': 'Dec  7 01:21:06 hqnl0246134 sshd[273513]: Failed password for root from 61.177.173.46 port 23745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:21:10,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368870.6990635, 'message': 'Dec  7 01:21:09 hqnl0246134 sshd[273513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-07 01:21:11,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:21:11,615] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0430 seconds
INFO    [2022-12-07 01:21:12,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368872.702005, 'message': 'Dec  7 01:21:11 hqnl0246134 sshd[273513]: Failed password for root from 61.177.173.46 port 23745 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 01:21:12,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368872.7023664, 'message': 'Dec  7 01:21:12 hqnl0246134 sshd[273522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 01:21:12,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368872.702543, 'message': 'Dec  7 01:21:12 hqnl0246134 sshd[273522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:21:14,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368874.7018437, 'message': 'Dec  7 01:21:13 hqnl0246134 sshd[273525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0640 seconds
INFO    [2022-12-07 01:21:14,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368874.7023287, 'message': 'Dec  7 01:21:14 hqnl0246134 sshd[273522]: Failed password for root from 61.177.173.52 port 46690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0645 seconds
INFO    [2022-12-07 01:21:14,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368874.7021294, 'message': 'Dec  7 01:21:14 hqnl0246134 sshd[273525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:21:15,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:21:15,040] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:21:15,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:21:15,071] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-07 01:21:16,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368876.7046204, 'message': 'Dec  7 01:21:15 hqnl0246134 sshd[273525]: Failed password for root from 61.177.173.46 port 57746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 01:21:16,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368876.7048793, 'message': 'Dec  7 01:21:16 hqnl0246134 sshd[273522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:21:18,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368878.708552, 'message': 'Dec  7 01:21:16 hqnl0246134 sshd[273525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 01:21:18,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368878.7088432, 'message': 'Dec  7 01:21:18 hqnl0246134 sshd[273522]: Failed password for root from 61.177.173.52 port 46690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:21:18,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368878.7090108, 'message': 'Dec  7 01:21:18 hqnl0246134 sshd[273525]: Failed password for root from 61.177.173.46 port 57746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 01:21:20,140] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:21:20,143] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:21:20,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:21:20,164] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 01:21:20,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368880.7145958, 'message': 'Dec  7 01:21:18 hqnl0246134 sshd[273522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 01:21:20,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368880.7148893, 'message': 'Dec  7 01:21:19 hqnl0246134 sshd[273525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 01:21:20,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368880.7150953, 'message': 'Dec  7 01:21:20 hqnl0246134 sshd[273522]: Failed password for root from 61.177.173.52 port 46690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:21:22,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670368882.7170775, 'message': 'Dec  7 01:21:21 hqnl0246134 sshd[273525]: Failed password for root from 61.177.173.46 port 57746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 01:21:22,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368882.717309, 'message': 'Dec  7 01:21:22 hqnl0246134 sshd[273549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:21:22,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368882.7174308, 'message': 'Dec  7 01:21:22 hqnl0246134 sshd[273549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 01:21:24,181] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:21:24,182] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:21:24,189] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:21:24,201] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 01:21:24,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368884.7183926, 'message': 'Dec  7 01:21:24 hqnl0246134 sshd[273552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 01:21:26,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368886.7204702, 'message': 'Dec  7 01:21:24 hqnl0246134 sshd[273549]: Failed password for root from 61.177.173.52 port 25824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:21:26,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368886.7207427, 'message': 'Dec  7 01:21:25 hqnl0246134 sshd[273552]: Failed password for root from 61.177.173.18 port 44086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:21:28,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368888.7227142, 'message': 'Dec  7 01:21:26 hqnl0246134 sshd[273549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 01:21:28,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368888.7230124, 'message': 'Dec  7 01:21:28 hqnl0246134 sshd[273552]: Failed password for root from 61.177.173.18 port 44086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 01:21:30,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368890.7268043, 'message': 'Dec  7 01:21:29 hqnl0246134 sshd[273549]: Failed password for root from 61.177.173.52 port 25824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 01:21:32,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368892.7291214, 'message': 'Dec  7 01:21:31 hqnl0246134 sshd[273549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 01:21:32,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368892.736931, 'message': 'Dec  7 01:21:32 hqnl0246134 sshd[273552]: Failed password for root from 61.177.173.18 port 44086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:21:34,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670368894.7322552, 'message': 'Dec  7 01:21:33 hqnl0246134 sshd[273549]: Failed password for root from 61.177.173.52 port 25824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 01:21:37,307] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:21:37,308] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:21:37,309] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 01:21:50,219] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:21:50,221] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:21:52,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368912.778, 'message': 'Dec  7 01:21:51 hqnl0246134 sshd[273577]: Invalid user bdos from 46.101.123.135 port 51364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 01:21:52,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368912.7786334, 'message': 'Dec  7 01:21:51 hqnl0246134 sshd[273577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:21:52,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368912.778842, 'message': 'Dec  7 01:21:51 hqnl0246134 sshd[273577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:21:52,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368912.7789924, 'message': 'Dec  7 01:21:52 hqnl0246134 sshd[273577]: Failed password for invalid user bdos from 46.101.123.135 port 51364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 01:21:54,102] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 01:21:54,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368914.777781, 'message': 'Dec  7 01:21:53 hqnl0246134 sshd[273577]: Disconnected from invalid user bdos 46.101.123.135 port 51364 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 01:22:10,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368930.806681, 'message': 'Dec  7 01:22:09 hqnl0246134 sshd[273594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
WARNING [2022-12-07 01:22:11,583] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:22:11,612] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0372 seconds
INFO    [2022-12-07 01:22:12,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368932.8129177, 'message': 'Dec  7 01:22:11 hqnl0246134 sshd[273594]: Failed password for root from 61.177.173.18 port 13300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 01:22:18,492] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:22:18,493] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:22:18,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:22:18,533] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0371 seconds
INFO    [2022-12-07 01:22:18,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368938.8191912, 'message': 'Dec  7 01:22:18 hqnl0246134 sshd[273614]: Invalid user dell from 165.227.166.207 port 46396', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:22:18,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368938.820003, 'message': 'Dec  7 01:22:18 hqnl0246134 sshd[273614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:22:20,822] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:22:20,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:22:20,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:22:20,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-07 01:22:20,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368940.8241673, 'message': 'Dec  7 01:22:20 hqnl0246134 sshd[273614]: Failed password for invalid user dell from 165.227.166.207 port 46396 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 01:22:21,864] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:22:21,865] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:22:21,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:22:21,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 01:22:22,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670368942.8223407, 'message': 'Dec  7 01:22:21 hqnl0246134 sshd[273614]: Disconnected from invalid user dell 165.227.166.207 port 46396 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 01:22:36,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368956.8380961, 'message': 'Dec  7 01:22:34 hqnl0246134 sshd[273626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 01:22:36,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368956.838562, 'message': 'Dec  7 01:22:34 hqnl0246134 sshd[273626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:22:36,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368956.8387442, 'message': 'Dec  7 01:22:36 hqnl0246134 sshd[273626]: Failed password for root from 61.177.173.39 port 18061 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 01:22:38,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368958.8381553, 'message': 'Dec  7 01:22:37 hqnl0246134 sshd[273626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:22:40,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368960.8393743, 'message': 'Dec  7 01:22:39 hqnl0246134 sshd[273626]: Failed password for root from 61.177.173.39 port 18061 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 01:22:42,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368962.8455467, 'message': 'Dec  7 01:22:41 hqnl0246134 sshd[273626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 01:22:44,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368964.842046, 'message': 'Dec  7 01:22:43 hqnl0246134 sshd[273626]: Failed password for root from 61.177.173.39 port 18061 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:22:48,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368968.846466, 'message': 'Dec  7 01:22:47 hqnl0246134 sshd[273637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 01:22:48,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368968.8468611, 'message': 'Dec  7 01:22:47 hqnl0246134 sshd[273637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
WARNING [2022-12-07 01:22:50,224] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:22:50,225] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:22:50,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368970.8485904, 'message': 'Dec  7 01:22:49 hqnl0246134 sshd[273637]: Failed password for root from 61.177.173.39 port 20157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:22:50,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368970.8488302, 'message': 'Dec  7 01:22:50 hqnl0246134 sshd[273639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.123.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 01:22:50,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368970.8489747, 'message': 'Dec  7 01:22:50 hqnl0246134 sshd[273639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.123.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:22:52,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368972.852674, 'message': 'Dec  7 01:22:51 hqnl0246134 sshd[273637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 01:22:52,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.123.135', 'timestamp': 1670368972.8530788, 'message': 'Dec  7 01:22:52 hqnl0246134 sshd[273639]: Failed password for root from 46.101.123.135 port 39602 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 01:22:54,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368974.8539937, 'message': 'Dec  7 01:22:53 hqnl0246134 sshd[273641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 01:22:54,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368974.8542674, 'message': 'Dec  7 01:22:53 hqnl0246134 sshd[273637]: Failed password for root from 61.177.173.39 port 20157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 01:22:56,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368976.8560307, 'message': 'Dec  7 01:22:55 hqnl0246134 sshd[273641]: Failed password for root from 61.177.173.18 port 25573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 01:22:56,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368976.8562896, 'message': 'Dec  7 01:22:56 hqnl0246134 sshd[273637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 01:22:58,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368978.8577518, 'message': 'Dec  7 01:22:58 hqnl0246134 sshd[273637]: Failed password for root from 61.177.173.39 port 20157 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 01:23:00,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368980.8611293, 'message': 'Dec  7 01:22:59 hqnl0246134 sshd[273641]: Failed password for root from 61.177.173.18 port 25573 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 01:23:02,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368982.863584, 'message': 'Dec  7 01:23:01 hqnl0246134 sshd[273644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 01:23:02,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670368982.8639212, 'message': 'Dec  7 01:23:02 hqnl0246134 sshd[273641]: Failed password for root from 61.177.173.18 port 25573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 01:23:02,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368982.8638022, 'message': 'Dec  7 01:23:01 hqnl0246134 sshd[273644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:23:04,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368984.865525, 'message': 'Dec  7 01:23:04 hqnl0246134 sshd[273644]: Failed password for root from 61.177.173.39 port 32757 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 01:23:06,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368986.8702893, 'message': 'Dec  7 01:23:06 hqnl0246134 sshd[273644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:23:08,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368988.871643, 'message': 'Dec  7 01:23:07 hqnl0246134 sshd[273644]: Failed password for root from 61.177.173.39 port 32757 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 01:23:08,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368988.871849, 'message': 'Dec  7 01:23:08 hqnl0246134 sshd[273644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:23:10,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670368990.8741293, 'message': 'Dec  7 01:23:10 hqnl0246134 sshd[273644]: Failed password for root from 61.177.173.39 port 32757 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
WARNING [2022-12-07 01:23:11,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:23:11,625] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0464 seconds
INFO    [2022-12-07 01:23:18,064] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:23:18,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:23:18,081] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:23:18,095] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-07 01:23:20,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:23:20,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:23:20,989] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:23:21,000] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 01:23:40,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369020.908746, 'message': 'Dec  7 01:23:40 hqnl0246134 sshd[273705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 01:23:42,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369022.9084952, 'message': 'Dec  7 01:23:42 hqnl0246134 sshd[273705]: Failed password for root from 61.177.173.18 port 50086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-07 01:23:50,228] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:23:50,229] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:23:54,367] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:23:54,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:23:54,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:23:54,399] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
WARNING [2022-12-07 01:24:11,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:24:11,635] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-07 01:24:18,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:24:18,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:24:18,362] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:24:18,375] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0273 seconds
INFO    [2022-12-07 01:24:18,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369058.9468837, 'message': 'Dec  7 01:24:18 hqnl0246134 sshd[273751]: Invalid user demo from 165.227.166.207 port 56732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:24:18,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369058.947205, 'message': 'Dec  7 01:24:18 hqnl0246134 sshd[273751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:24:20,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369060.9500573, 'message': 'Dec  7 01:24:20 hqnl0246134 sshd[273751]: Failed password for invalid user demo from 165.227.166.207 port 56732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:24:21,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369060.950343, 'message': 'Dec  7 01:24:20 hqnl0246134 sshd[273751]: Disconnected from invalid user demo 165.227.166.207 port 56732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 01:24:21,589] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:24:21,589] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:24:21,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:24:21,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 01:24:28,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369068.9625828, 'message': 'Dec  7 01:24:27 hqnl0246134 sshd[273759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 01:24:30,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369070.9647145, 'message': 'Dec  7 01:24:29 hqnl0246134 sshd[273759]: Failed password for root from 61.177.173.18 port 12076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 01:24:50,233] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:24:50,235] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:25:11,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:25:11,625] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 01:25:15,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369115.0206866, 'message': 'Dec  7 01:25:13 hqnl0246134 sshd[273804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:25:17,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369117.0217092, 'message': 'Dec  7 01:25:16 hqnl0246134 sshd[273804]: Failed password for root from 61.177.173.18 port 30969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:25:18,481] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:25:18,481] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:25:18,488] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:25:18,500] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 01:25:21,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369121.0244007, 'message': 'Dec  7 01:25:20 hqnl0246134 sshd[273804]: Failed password for root from 61.177.173.18 port 30969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:25:21,456] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:25:21,457] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:25:21,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:25:21,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 01:25:25,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369125.0298839, 'message': 'Dec  7 01:25:24 hqnl0246134 sshd[273804]: Failed password for root from 61.177.173.18 port 30969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 01:25:29,315] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:25:29,316] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:25:29,323] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:25:29,342] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
WARNING [2022-12-07 01:25:50,260] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:25:50,261] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:26:01,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369161.080158, 'message': 'Dec  7 01:26:00 hqnl0246134 sshd[273849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 01:26:03,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369163.0822077, 'message': 'Dec  7 01:26:02 hqnl0246134 sshd[273849]: Failed password for root from 61.177.173.18 port 55698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-07 01:26:11,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:26:11,620] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0262 seconds
INFO    [2022-12-07 01:26:17,782] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:26:17,783] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:26:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:26:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 01:26:20,444] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:26:20,445] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:26:20,452] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:26:20,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 01:26:21,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369181.1051354, 'message': 'Dec  7 01:26:20 hqnl0246134 sshd[273875]: Invalid user demo from 165.227.166.207 port 38774', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:26:21,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369181.1053557, 'message': 'Dec  7 01:26:20 hqnl0246134 sshd[273875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 01:26:23,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369183.10745, 'message': 'Dec  7 01:26:22 hqnl0246134 sshd[273875]: Failed password for invalid user demo from 165.227.166.207 port 38774 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 01:26:25,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369185.110111, 'message': 'Dec  7 01:26:24 hqnl0246134 sshd[273875]: Disconnected from invalid user demo 165.227.166.207 port 38774 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:26:35,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369195.1252303, 'message': 'Dec  7 01:26:34 hqnl0246134 sshd[273880]: Invalid user eagle from 24.62.135.19 port 58896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 01:26:35,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369195.129816, 'message': 'Dec  7 01:26:34 hqnl0246134 sshd[273880]: pam_imunify(sshd:auth): [IM360_RBL] The IP 24.62.135.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:26:35,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369195.1300473, 'message': 'Dec  7 01:26:34 hqnl0246134 sshd[273880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.62.135.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:26:37,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369197.12722, 'message': 'Dec  7 01:26:35 hqnl0246134 sshd[273880]: Failed password for invalid user eagle from 24.62.135.19 port 58896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:26:37,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369197.1287477, 'message': 'Dec  7 01:26:35 hqnl0246134 sshd[273880]: Disconnected from invalid user eagle 24.62.135.19 port 58896 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:26:38,431] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:26:38,432] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:26:38,445] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:26:38,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
INFO    [2022-12-07 01:26:45,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369205.1425674, 'message': 'Dec  7 01:26:43 hqnl0246134 sshd[273887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 01:26:47,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369207.1418655, 'message': 'Dec  7 01:26:45 hqnl0246134 sshd[273887]: Failed password for root from 61.177.173.18 port 58377 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 01:26:50,264] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:26:50,265] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:27:11,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:27:11,654] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0552 seconds
INFO    [2022-12-07 01:27:17,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:27:17,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:27:17,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:27:17,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 01:27:20,385] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:27:20,385] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:27:20,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:27:20,523] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1371 seconds
INFO    [2022-12-07 01:27:31,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369251.2147737, 'message': 'Dec  7 01:27:29 hqnl0246134 sshd[273940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 01:27:33,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369253.2165647, 'message': 'Dec  7 01:27:31 hqnl0246134 sshd[273940]: Failed password for root from 61.177.173.18 port 28615 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 01:27:50,269] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:27:50,270] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:28:11,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:28:11,642] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-07 01:28:15,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369295.2728634, 'message': 'Dec  7 01:28:15 hqnl0246134 sshd[273971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 01:28:17,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369297.2738812, 'message': 'Dec  7 01:28:15 hqnl0246134 sshd[273982]: Invalid user oracle from 165.227.166.207 port 49084', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 01:28:17,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369297.274296, 'message': 'Dec  7 01:28:16 hqnl0246134 sshd[273971]: Failed password for root from 61.177.173.18 port 54382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 01:28:17,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369297.2740726, 'message': 'Dec  7 01:28:15 hqnl0246134 sshd[273982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 01:28:18,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:28:18,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:28:18,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:28:18,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-07 01:28:19,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369299.2762089, 'message': 'Dec  7 01:28:17 hqnl0246134 sshd[273982]: Failed password for invalid user oracle from 165.227.166.207 port 49084 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 01:28:19,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369299.2764459, 'message': 'Dec  7 01:28:18 hqnl0246134 sshd[273971]: Failed password for root from 61.177.173.18 port 54382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 01:28:19,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369299.276577, 'message': 'Dec  7 01:28:19 hqnl0246134 sshd[273982]: Disconnected from invalid user oracle 165.227.166.207 port 49084 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 01:28:21,401] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:28:21,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:28:21,431] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:28:21,468] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0551 seconds
INFO    [2022-12-07 01:28:23,263] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:28:23,264] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:28:23,279] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:28:23,331] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0661 seconds
INFO    [2022-12-07 01:28:23,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369303.2802925, 'message': 'Dec  7 01:28:21 hqnl0246134 sshd[273971]: Failed password for root from 61.177.173.18 port 54382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0660 seconds
WARNING [2022-12-07 01:28:50,273] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:28:50,274] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:29:00,730] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:29:00,805] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:29:00,807] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:29:00,807] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:29:00,807] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:29:00,808] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:29:00,832] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:29:00,865] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0545 seconds
WARNING [2022-12-07 01:29:00,877] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:29:00,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:29:00,896] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0420 seconds
INFO    [2022-12-07 01:29:00,897] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0373 seconds
INFO    [2022-12-07 01:29:01,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369341.330062, 'message': 'Dec  7 01:29:00 hqnl0246134 sshd[274020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 01:29:03,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369343.3323383, 'message': 'Dec  7 01:29:02 hqnl0246134 sshd[274020]: Failed password for root from 61.177.173.18 port 14998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
WARNING [2022-12-07 01:29:11,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:29:11,658] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0477 seconds
INFO    [2022-12-07 01:29:17,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369357.3470528, 'message': 'Dec  7 01:29:16 hqnl0246134 sshd[274042]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.246.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:29:17,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369357.3474042, 'message': 'Dec  7 01:29:16 hqnl0246134 sshd[274042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.246.215  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:29:17,960] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:29:17,961] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:29:17,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:29:17,990] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-07 01:29:19,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369359.3491118, 'message': 'Dec  7 01:29:18 hqnl0246134 sshd[274047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 01:29:19,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369359.349723, 'message': 'Dec  7 01:29:19 hqnl0246134 sshd[274042]: Failed password for root from 165.22.246.215 port 39612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 01:29:19,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369359.349498, 'message': 'Dec  7 01:29:18 hqnl0246134 sshd[274047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 01:29:20,607] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:29:20,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:29:20,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:29:20,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 01:29:21,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369361.3531444, 'message': 'Dec  7 01:29:20 hqnl0246134 sshd[274047]: Failed password for root from 61.177.173.46 port 20982 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:29:21,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369361.3533423, 'message': 'Dec  7 01:29:20 hqnl0246134 sshd[274047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:29:23,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369363.355843, 'message': 'Dec  7 01:29:23 hqnl0246134 sshd[274047]: Failed password for root from 61.177.173.46 port 20982 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:29:25,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369365.35788, 'message': 'Dec  7 01:29:24 hqnl0246134 sshd[274047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:29:27,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369367.36013, 'message': 'Dec  7 01:29:27 hqnl0246134 sshd[274047]: Failed password for root from 61.177.173.46 port 20982 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:29:30,932] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:29:30,933] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:29:30,934] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 01:29:31,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369371.3652267, 'message': 'Dec  7 01:29:30 hqnl0246134 sshd[274062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:29:31,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369371.3655083, 'message': 'Dec  7 01:29:30 hqnl0246134 sshd[274062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:29:32,064] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:29:32,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:29:32,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:29:32,083] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 01:29:33,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369373.3660297, 'message': 'Dec  7 01:29:32 hqnl0246134 sshd[274062]: Failed password for root from 61.177.173.46 port 19826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 01:29:33,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369373.3662946, 'message': 'Dec  7 01:29:33 hqnl0246134 sshd[274062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 01:29:33,660] defence360agent.files: Updating all files
INFO    [2022-12-07 01:29:34,011] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:34,011] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 01:29:34,355] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:34,356] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 01:29:34,681] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:34,681] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 01:29:35,046] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:35,047] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 01:29:35,047] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 01:29:35,365] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 23:29:35 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E5818CC7868F3'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 01:29:35,367] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 01:29:35,367] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 01:29:35,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369375.656558, 'message': 'Dec  7 01:29:34 hqnl0246134 sshd[274062]: Failed password for root from 61.177.173.46 port 19826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 01:29:35,921] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:35,922] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 01:29:36,236] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:36,236] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 01:29:36,505] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:36,505] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 01:29:37,078] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:37,079] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 01:29:37,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369377.3729494, 'message': 'Dec  7 01:29:35 hqnl0246134 sshd[274062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 01:29:37,623] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 01:29:37,624] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 01:29:39,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670369379.3752286, 'message': 'Dec  7 01:29:37 hqnl0246134 sshd[274062]: Failed password for root from 61.177.173.46 port 19826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:29:45,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369385.3813124, 'message': 'Dec  7 01:29:44 hqnl0246134 sshd[274069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 01:29:45,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369385.3818128, 'message': 'Dec  7 01:29:44 hqnl0246134 sshd[274069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:29:47,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369387.3827708, 'message': 'Dec  7 01:29:45 hqnl0246134 sshd[274077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 01:29:47,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369387.3833058, 'message': 'Dec  7 01:29:47 hqnl0246134 sshd[274069]: Failed password for root from 61.177.172.19 port 31010 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-07 01:29:47,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369387.383125, 'message': 'Dec  7 01:29:47 hqnl0246134 sshd[274077]: Failed password for root from 61.177.173.18 port 31033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:29:49,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369389.3846948, 'message': 'Dec  7 01:29:48 hqnl0246134 sshd[274069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
WARNING [2022-12-07 01:29:50,278] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:29:50,278] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:29:51,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369391.3863328, 'message': 'Dec  7 01:29:49 hqnl0246134 sshd[274077]: Failed password for root from 61.177.173.18 port 31033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:29:51,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369391.3865476, 'message': 'Dec  7 01:29:50 hqnl0246134 sshd[274069]: Failed password for root from 61.177.172.19 port 31010 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 01:29:51,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369391.386671, 'message': 'Dec  7 01:29:51 hqnl0246134 sshd[274069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:29:53,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369393.3883147, 'message': 'Dec  7 01:29:53 hqnl0246134 sshd[274069]: Failed password for root from 61.177.172.19 port 31010 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 01:29:55,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369395.3923547, 'message': 'Dec  7 01:29:53 hqnl0246134 sshd[274077]: Failed password for root from 61.177.173.18 port 31033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:29:57,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369397.3951337, 'message': 'Dec  7 01:29:56 hqnl0246134 sshd[274085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:29:57,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369397.3953047, 'message': 'Dec  7 01:29:56 hqnl0246134 sshd[274085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:29:59,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369399.3984563, 'message': 'Dec  7 01:29:59 hqnl0246134 sshd[274085]: Failed password for root from 61.177.172.19 port 23624 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 01:30:01,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369401.4007995, 'message': 'Dec  7 01:30:01 hqnl0246134 sshd[274085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 01:30:05,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369405.4049184, 'message': 'Dec  7 01:30:03 hqnl0246134 sshd[274085]: Failed password for root from 61.177.172.19 port 23624 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 01:30:07,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369407.4055061, 'message': 'Dec  7 01:30:05 hqnl0246134 sshd[274085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 01:30:09,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369409.414796, 'message': 'Dec  7 01:30:07 hqnl0246134 sshd[274111]: Invalid user deploy from 165.227.166.207 port 59370', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 01:30:09,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369409.4158468, 'message': 'Dec  7 01:30:08 hqnl0246134 sshd[274085]: Failed password for root from 61.177.172.19 port 23624 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 01:30:09,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369409.415724, 'message': 'Dec  7 01:30:07 hqnl0246134 sshd[274111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 01:30:11,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369411.4101105, 'message': 'Dec  7 01:30:10 hqnl0246134 sshd[274111]: Failed password for invalid user deploy from 165.227.166.207 port 59370 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
WARNING [2022-12-07 01:30:11,622] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:30:11,649] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0351 seconds
INFO    [2022-12-07 01:30:13,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369413.414785, 'message': 'Dec  7 01:30:11 hqnl0246134 sshd[274117]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 01:30:13,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369413.4151134, 'message': 'Dec  7 01:30:11 hqnl0246134 sshd[274119]: Invalid user stunnel from 41.185.26.240 port 37630', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 01:30:13,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369413.4149985, 'message': 'Dec  7 01:30:11 hqnl0246134 sshd[274117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 01:30:13,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369413.415468, 'message': 'Dec  7 01:30:12 hqnl0246134 sshd[274111]: Disconnected from invalid user deploy 165.227.166.207 port 59370 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 01:30:13,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369413.4152339, 'message': 'Dec  7 01:30:11 hqnl0246134 sshd[274119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.185.26.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-07 01:30:13,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369413.4153657, 'message': 'Dec  7 01:30:11 hqnl0246134 sshd[274119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 01:30:15,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369415.4168198, 'message': 'Dec  7 01:30:13 hqnl0246134 sshd[274117]: Failed password for root from 61.177.172.19 port 23666 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0707 seconds
INFO    [2022-12-07 01:30:15,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369415.4173005, 'message': 'Dec  7 01:30:14 hqnl0246134 sshd[274119]: Failed password for invalid user stunnel from 41.185.26.240 port 37630 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0714 seconds
INFO    [2022-12-07 01:30:17,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369417.4178152, 'message': 'Dec  7 01:30:15 hqnl0246134 sshd[274117]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:30:17,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369417.4179819, 'message': 'Dec  7 01:30:16 hqnl0246134 sshd[274119]: Disconnected from invalid user stunnel 41.185.26.240 port 37630 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:30:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:30:17,887] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:30:17,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:30:17,913] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-07 01:30:19,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369419.4216123, 'message': 'Dec  7 01:30:17 hqnl0246134 sshd[274117]: Failed password for root from 61.177.172.19 port 23666 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:30:19,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369419.4218225, 'message': 'Dec  7 01:30:18 hqnl0246134 sshd[274117]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:30:20,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:30:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:30:20,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:30:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 01:30:21,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369421.425132, 'message': 'Dec  7 01:30:20 hqnl0246134 sshd[274117]: Failed password for root from 61.177.172.19 port 23666 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:30:25,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369425.4285598, 'message': 'Dec  7 01:30:23 hqnl0246134 sshd[274146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:30:25,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369425.428892, 'message': 'Dec  7 01:30:23 hqnl0246134 sshd[274146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 01:30:27,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369427.4300354, 'message': 'Dec  7 01:30:26 hqnl0246134 sshd[274146]: Failed password for root from 61.177.172.19 port 60283 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:30:29,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369429.4332304, 'message': 'Dec  7 01:30:28 hqnl0246134 sshd[274146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:30:31,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369431.434162, 'message': 'Dec  7 01:30:30 hqnl0246134 sshd[274146]: Failed password for root from 61.177.172.19 port 60283 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-07 01:30:31,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369431.4344943, 'message': 'Dec  7 01:30:31 hqnl0246134 sshd[274150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-07 01:30:33,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369433.437841, 'message': 'Dec  7 01:30:32 hqnl0246134 sshd[274146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-07 01:30:33,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369433.4381797, 'message': 'Dec  7 01:30:33 hqnl0246134 sshd[274150]: Failed password for root from 61.177.173.18 port 51520 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 01:30:35,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670369435.4373975, 'message': 'Dec  7 01:30:34 hqnl0246134 sshd[274146]: Failed password for root from 61.177.172.19 port 60283 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:30:37,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369437.440911, 'message': 'Dec  7 01:30:35 hqnl0246134 sshd[274150]: Failed password for root from 61.177.173.18 port 51520 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:30:39,589] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:30:39,590] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:30:39,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:30:39,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 01:30:41,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369441.4459105, 'message': 'Dec  7 01:30:40 hqnl0246134 sshd[274150]: Failed password for root from 61.177.173.18 port 51520 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 01:30:50,281] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:30:50,283] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:31:11,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:31:11,660] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0417 seconds
INFO    [2022-12-07 01:31:19,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369479.4982815, 'message': 'Dec  7 01:31:18 hqnl0246134 sshd[274193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 01:31:19,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:31:19,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:31:19,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:31:19,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 01:31:21,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369481.5013604, 'message': 'Dec  7 01:31:20 hqnl0246134 sshd[274193]: Failed password for root from 61.177.173.18 port 18264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 01:31:22,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:31:22,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:31:22,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:31:22,815] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 01:31:23,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369483.5060441, 'message': 'Dec  7 01:31:23 hqnl0246134 sshd[274193]: Failed password for root from 61.177.173.18 port 18264 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 01:31:27,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369487.512802, 'message': 'Dec  7 01:31:26 hqnl0246134 sshd[274193]: Failed password for root from 61.177.173.18 port 18264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
WARNING [2022-12-07 01:31:50,288] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:31:50,289] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:31:54,113] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 01:31:57,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369517.5869765, 'message': 'Dec  7 01:31:57 hqnl0246134 sshd[274246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 01:31:57,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369517.587492, 'message': 'Dec  7 01:31:57 hqnl0246134 sshd[274246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:31:59,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369519.588693, 'message': 'Dec  7 01:31:59 hqnl0246134 sshd[274246]: Failed password for root from 61.177.173.48 port 12981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:31:59,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369519.5889657, 'message': 'Dec  7 01:31:59 hqnl0246134 sshd[274246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 01:32:01,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369521.5966551, 'message': 'Dec  7 01:32:01 hqnl0246134 sshd[274250]: Invalid user design from 165.227.166.207 port 41424', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 01:32:01,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369521.5969462, 'message': 'Dec  7 01:32:01 hqnl0246134 sshd[274250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 01:32:03,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369523.604377, 'message': 'Dec  7 01:32:01 hqnl0246134 sshd[274246]: Failed password for root from 61.177.173.48 port 12981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-07 01:32:03,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369523.6049101, 'message': 'Dec  7 01:32:02 hqnl0246134 sshd[274250]: Failed password for invalid user design from 165.227.166.207 port 41424 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 01:32:03,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369523.605046, 'message': 'Dec  7 01:32:03 hqnl0246134 sshd[274252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 01:32:03,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369523.6047602, 'message': 'Dec  7 01:32:01 hqnl0246134 sshd[274246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 01:32:03,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369523.6051483, 'message': 'Dec  7 01:32:03 hqnl0246134 sshd[274246]: Failed password for root from 61.177.173.48 port 12981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 01:32:05,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369525.606241, 'message': 'Dec  7 01:32:03 hqnl0246134 sshd[274250]: Disconnected from invalid user design 165.227.166.207 port 41424 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 01:32:05,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369525.606418, 'message': 'Dec  7 01:32:05 hqnl0246134 sshd[274252]: Failed password for root from 61.177.173.18 port 38131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-07 01:32:05,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369525.60653, 'message': 'Dec  7 01:32:05 hqnl0246134 sshd[274271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-07 01:32:05,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369525.6066613, 'message': 'Dec  7 01:32:05 hqnl0246134 sshd[274271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:32:07,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369527.6083012, 'message': 'Dec  7 01:32:07 hqnl0246134 sshd[274271]: Failed password for root from 61.177.173.48 port 27962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:32:08,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:32:08,362] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:32:08,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:32:08,384] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 01:32:09,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369529.6111515, 'message': 'Dec  7 01:32:07 hqnl0246134 sshd[274271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 01:32:09,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369529.6116972, 'message': 'Dec  7 01:32:09 hqnl0246134 sshd[274252]: Failed password for root from 61.177.173.18 port 38131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
WARNING [2022-12-07 01:32:11,632] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:32:11,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369531.613002, 'message': 'Dec  7 01:32:09 hqnl0246134 sshd[274271]: Failed password for root from 61.177.173.48 port 27962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 01:32:11,661] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0406 seconds
INFO    [2022-12-07 01:32:13,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369533.6135666, 'message': 'Dec  7 01:32:11 hqnl0246134 sshd[274271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 01:32:15,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369535.6167357, 'message': 'Dec  7 01:32:13 hqnl0246134 sshd[274252]: Failed password for root from 61.177.173.18 port 38131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-07 01:32:15,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369535.61725, 'message': 'Dec  7 01:32:14 hqnl0246134 sshd[274271]: Failed password for root from 61.177.173.48 port 27962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-07 01:32:17,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:32:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:32:17,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:32:17,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 01:32:19,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369539.6222231, 'message': 'Dec  7 01:32:17 hqnl0246134 sshd[274289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 01:32:19,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369539.622681, 'message': 'Dec  7 01:32:18 hqnl0246134 sshd[274277]: Invalid user weblogic from 24.62.135.19 port 59336', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 01:32:19,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369539.6225185, 'message': 'Dec  7 01:32:17 hqnl0246134 sshd[274289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 01:32:19,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369539.6228516, 'message': 'Dec  7 01:32:18 hqnl0246134 sshd[274277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 24.62.135.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 01:32:19,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369539.6230068, 'message': 'Dec  7 01:32:18 hqnl0246134 sshd[274277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.62.135.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 01:32:21,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369541.6220095, 'message': 'Dec  7 01:32:19 hqnl0246134 sshd[274277]: Failed password for invalid user weblogic from 24.62.135.19 port 59336 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 01:32:21,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369541.6222484, 'message': 'Dec  7 01:32:19 hqnl0246134 sshd[274289]: Failed password for root from 61.177.173.48 port 23458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 01:32:21,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369541.6223588, 'message': 'Dec  7 01:32:20 hqnl0246134 sshd[274277]: Disconnected from invalid user weblogic 24.62.135.19 port 59336 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:32:22,468] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:32:22,468] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:32:22,475] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:32:22,486] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 01:32:23,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369543.6269355, 'message': 'Dec  7 01:32:22 hqnl0246134 sshd[274289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:32:25,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369545.6293445, 'message': 'Dec  7 01:32:24 hqnl0246134 sshd[274289]: Failed password for root from 61.177.173.48 port 23458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:32:27,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369547.6391618, 'message': 'Dec  7 01:32:26 hqnl0246134 sshd[274289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 01:32:29,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670369549.6481228, 'message': 'Dec  7 01:32:28 hqnl0246134 sshd[274289]: Failed password for root from 61.177.173.48 port 23458 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 01:32:33,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369553.6554308, 'message': 'Dec  7 01:32:31 hqnl0246134 sshd[274300]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:32:33,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369553.6557496, 'message': 'Dec  7 01:32:31 hqnl0246134 sshd[274300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:32:35,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369555.6576624, 'message': 'Dec  7 01:32:34 hqnl0246134 sshd[274300]: Failed password for root from 36.255.8.153 port 57664 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:32:47,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369567.6879413, 'message': 'Dec  7 01:32:46 hqnl0246134 sshd[274312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 01:32:49,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369569.69432, 'message': 'Dec  7 01:32:48 hqnl0246134 sshd[274312]: Failed password for root from 61.177.173.18 port 50752 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 01:32:50,293] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:32:50,294] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:33:05,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369585.7291129, 'message': 'Dec  7 01:33:04 hqnl0246134 sshd[274328]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.246.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:33:05,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369585.729407, 'message': 'Dec  7 01:33:04 hqnl0246134 sshd[274328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.246.215  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 01:33:07,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369587.73056, 'message': 'Dec  7 01:33:06 hqnl0246134 sshd[274328]: Failed password for root from 165.22.246.215 port 41762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:33:08,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:33:08,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:33:08,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:33:08,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
WARNING [2022-12-07 01:33:11,639] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:33:11,686] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0609 seconds
INFO    [2022-12-07 01:33:17,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:33:17,800] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:33:17,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:33:17,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0370 seconds
INFO    [2022-12-07 01:33:17,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369597.8027904, 'message': 'Dec  7 01:33:17 hqnl0246134 sshd[274347]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.185.26.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 01:33:17,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369597.8030934, 'message': 'Dec  7 01:33:17 hqnl0246134 sshd[274347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:33:19,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369599.76276, 'message': 'Dec  7 01:33:19 hqnl0246134 sshd[274347]: Failed password for root from 41.185.26.240 port 51102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 01:33:20,558] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:33:20,559] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:33:20,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:33:20,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 01:33:31,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369611.7869685, 'message': 'Dec  7 01:33:31 hqnl0246134 sshd[274359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 01:33:33,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369613.7965987, 'message': 'Dec  7 01:33:32 hqnl0246134 sshd[274359]: Failed password for root from 61.177.173.18 port 21818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:33:49,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369629.8273504, 'message': 'Dec  7 01:33:48 hqnl0246134 sshd[274372]: Invalid user design from 165.227.166.207 port 51714', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 01:33:49,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369629.828712, 'message': 'Dec  7 01:33:48 hqnl0246134 sshd[274372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 01:33:50,303] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:33:50,304] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:33:51,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369631.8258243, 'message': 'Dec  7 01:33:50 hqnl0246134 sshd[274372]: Failed password for invalid user design from 165.227.166.207 port 51714 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:33:51,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369631.8260217, 'message': 'Dec  7 01:33:51 hqnl0246134 sshd[274372]: Disconnected from invalid user design 165.227.166.207 port 51714 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 01:34:11,636] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:34:11,665] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0372 seconds
INFO    [2022-12-07 01:34:17,953] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:34:17,954] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:34:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:34:17,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-07 01:34:17,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369657.9563777, 'message': 'Dec  7 01:34:16 hqnl0246134 sshd[274388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 01:34:19,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369659.8851917, 'message': 'Dec  7 01:34:18 hqnl0246134 sshd[274388]: Failed password for root from 61.177.173.18 port 42039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:34:20,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:34:20,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:34:20,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:34:20,479] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 01:34:23,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369663.8967056, 'message': 'Dec  7 01:34:22 hqnl0246134 sshd[274388]: Failed password for root from 61.177.173.18 port 42039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:34:25,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369665.8978965, 'message': 'Dec  7 01:34:24 hqnl0246134 sshd[274388]: Failed password for root from 61.177.173.18 port 42039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:34:27,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:34:27,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:34:27,587] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:34:27,598] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-07 01:34:50,307] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:34:50,309] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:34:59,225] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:34:59,294] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:34:59,294] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:34:59,294] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:34:59,295] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:34:59,295] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:34:59,345] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:34:59,369] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0732 seconds
WARNING [2022-12-07 01:34:59,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:34:59,383] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:34:59,409] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0466 seconds
INFO    [2022-12-07 01:34:59,411] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0447 seconds
INFO    [2022-12-07 01:35:02,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369701.9770856, 'message': 'Dec  7 01:35:00 hqnl0246134 sshd[274428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 01:35:03,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369703.9661417, 'message': 'Dec  7 01:35:03 hqnl0246134 sshd[274428]: Failed password for root from 61.177.173.18 port 55874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 01:35:08,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369707.9740765, 'message': 'Dec  7 01:35:06 hqnl0246134 sshd[274450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-07 01:35:08,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369707.9778454, 'message': 'Dec  7 01:35:06 hqnl0246134 sshd[274428]: Failed password for root from 61.177.173.18 port 55874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 01:35:08,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369707.9776947, 'message': 'Dec  7 01:35:06 hqnl0246134 sshd[274450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 01:35:10,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369709.9795988, 'message': 'Dec  7 01:35:08 hqnl0246134 sshd[274428]: Failed password for root from 61.177.173.18 port 55874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 01:35:10,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369709.9798677, 'message': 'Dec  7 01:35:08 hqnl0246134 sshd[274450]: Failed password for root from 36.255.8.153 port 56298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0444 seconds
WARNING [2022-12-07 01:35:11,638] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:35:11,661] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-07 01:35:18,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:35:18,012] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:35:18,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:35:18,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 01:35:20,704] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:35:20,705] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:35:20,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:35:20,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 01:35:40,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369740.0255508, 'message': 'Dec  7 01:35:38 hqnl0246134 sshd[274483]: Invalid user dmkim from 165.227.166.207 port 33744', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:35:40,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369740.025821, 'message': 'Dec  7 01:35:38 hqnl0246134 sshd[274483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 01:35:41,733] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:35:41,734] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:35:41,735] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 01:35:42,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369742.0263412, 'message': 'Dec  7 01:35:40 hqnl0246134 sshd[274483]: Failed password for invalid user dmkim from 165.227.166.207 port 33744 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 01:35:42,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369742.0265598, 'message': 'Dec  7 01:35:41 hqnl0246134 sshd[274483]: Disconnected from invalid user dmkim 165.227.166.207 port 33744 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 01:35:43,841] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:35:43,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:35:43,855] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:35:43,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0320 seconds
INFO    [2022-12-07 01:35:48,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369748.034327, 'message': 'Dec  7 01:35:48 hqnl0246134 sshd[274499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-07 01:35:50,312] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:35:50,313] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:35:52,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369752.0377843, 'message': 'Dec  7 01:35:50 hqnl0246134 sshd[274499]: Failed password for root from 61.177.173.18 port 28952 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:36:06,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369766.0555499, 'message': 'Dec  7 01:36:06 hqnl0246134 sshd[274512]: Invalid user candy from 165.22.246.215 port 48354', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:36:06,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369766.0559936, 'message': 'Dec  7 01:36:06 hqnl0246134 sshd[274512]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.246.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 01:36:06,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369766.0561597, 'message': 'Dec  7 01:36:06 hqnl0246134 sshd[274512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.246.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:36:10,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369770.058722, 'message': 'Dec  7 01:36:08 hqnl0246134 sshd[274512]: Failed password for invalid user candy from 165.22.246.215 port 48354 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:36:10,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.246.215', 'timestamp': 1670369770.0591402, 'message': 'Dec  7 01:36:09 hqnl0246134 sshd[274512]: Disconnected from invalid user candy 165.22.246.215 port 48354 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 01:36:11,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:36:11,666] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-07 01:36:18,246] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:36:18,247] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:36:18,256] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:36:18,269] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 01:36:20,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:36:20,980] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:36:20,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:36:20,999] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 01:36:28,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369788.0804777, 'message': 'Dec  7 01:36:27 hqnl0246134 sshd[274533]: Invalid user ding from 41.185.26.240 port 36344', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 01:36:28,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369788.0807106, 'message': 'Dec  7 01:36:27 hqnl0246134 sshd[274533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.185.26.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 01:36:28,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369788.0808907, 'message': 'Dec  7 01:36:27 hqnl0246134 sshd[274533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 01:36:30,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369790.0829, 'message': 'Dec  7 01:36:29 hqnl0246134 sshd[274533]: Failed password for invalid user ding from 41.185.26.240 port 36344 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 01:36:32,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.185.26.240', 'timestamp': 1670369792.085077, 'message': 'Dec  7 01:36:30 hqnl0246134 sshd[274533]: Disconnected from invalid user ding 41.185.26.240 port 36344 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 01:36:36,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369796.0891232, 'message': 'Dec  7 01:36:34 hqnl0246134 sshd[274537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:36:38,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369798.089654, 'message': 'Dec  7 01:36:37 hqnl0246134 sshd[274537]: Failed password for root from 61.177.173.18 port 43067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 01:36:50,316] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:36:50,317] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:37:02,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369822.1192956, 'message': 'Dec  7 01:37:00 hqnl0246134 sshd[274550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 01:37:02,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369822.1198738, 'message': 'Dec  7 01:37:00 hqnl0246134 sshd[274550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:37:04,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369824.1224973, 'message': 'Dec  7 01:37:02 hqnl0246134 sshd[274550]: Failed password for root from 61.177.172.104 port 55647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 01:37:06,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369826.1250627, 'message': 'Dec  7 01:37:04 hqnl0246134 sshd[274550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:37:08,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369828.1293545, 'message': 'Dec  7 01:37:07 hqnl0246134 sshd[274550]: Failed password for root from 61.177.172.104 port 55647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 01:37:10,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670369830.1300626, 'message': 'Dec  7 01:37:08 hqnl0246134 sshd[274567]: Invalid user tiina from 196.1.114.254 port 48706', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 01:37:10,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369830.130545, 'message': 'Dec  7 01:37:08 hqnl0246134 sshd[274550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 01:37:10,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '196.1.114.254', 'timestamp': 1670369830.1302397, 'message': 'Dec  7 01:37:08 hqnl0246134 sshd[274567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 196.1.114.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:37:10,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '196.1.114.254', 'timestamp': 1670369830.130388, 'message': 'Dec  7 01:37:08 hqnl0246134 sshd[274567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.1.114.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 01:37:11,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:37:11,676] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0381 seconds
INFO    [2022-12-07 01:37:12,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670369832.1326015, 'message': 'Dec  7 01:37:10 hqnl0246134 sshd[274567]: Failed password for invalid user tiina from 196.1.114.254 port 48706 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:37:12,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369832.1330068, 'message': 'Dec  7 01:37:10 hqnl0246134 sshd[274550]: Failed password for root from 61.177.172.104 port 55647 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 01:37:12,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '196.1.114.254', 'timestamp': 1670369832.1328874, 'message': 'Dec  7 01:37:10 hqnl0246134 sshd[274567]: Disconnected from invalid user tiina 196.1.114.254 port 48706 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:37:13,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:37:13,128] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:37:13,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:37:13,147] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 01:37:14,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369834.1341789, 'message': 'Dec  7 01:37:12 hqnl0246134 sshd[274573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:37:14,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369834.1343708, 'message': 'Dec  7 01:37:12 hqnl0246134 sshd[274573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:37:16,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369836.1365488, 'message': 'Dec  7 01:37:15 hqnl0246134 sshd[274573]: Failed password for root from 61.177.172.104 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 01:37:16,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369836.1369874, 'message': 'Dec  7 01:37:15 hqnl0246134 sshd[274569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 24.62.135.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 01:37:16,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369836.1371827, 'message': 'Dec  7 01:37:15 hqnl0246134 sshd[274569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.62.135.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 01:37:17,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:37:17,835] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:37:17,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:37:17,853] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 01:37:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369838.1380208, 'message': 'Dec  7 01:37:17 hqnl0246134 sshd[274573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 01:37:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '24.62.135.19', 'timestamp': 1670369838.1381984, 'message': 'Dec  7 01:37:17 hqnl0246134 sshd[274569]: Failed password for root from 24.62.135.19 port 54446 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 01:37:20,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369840.1407988, 'message': 'Dec  7 01:37:19 hqnl0246134 sshd[274573]: Failed password for root from 61.177.172.104 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 01:37:20,522] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:37:20,523] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:37:20,529] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:37:20,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 01:37:22,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369842.210593, 'message': 'Dec  7 01:37:21 hqnl0246134 sshd[274573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 01:37:22,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369842.210846, 'message': 'Dec  7 01:37:21 hqnl0246134 sshd[274597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 01:37:24,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369844.1460006, 'message': 'Dec  7 01:37:23 hqnl0246134 sshd[274573]: Failed password for root from 61.177.172.104 port 41385 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-07 01:37:24,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369844.146295, 'message': 'Dec  7 01:37:23 hqnl0246134 sshd[274597]: Failed password for root from 61.177.173.18 port 13177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 01:37:26,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369846.1479304, 'message': 'Dec  7 01:37:25 hqnl0246134 sshd[274599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 01:37:26,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369846.1481688, 'message': 'Dec  7 01:37:25 hqnl0246134 sshd[274599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 01:37:28,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369848.151026, 'message': 'Dec  7 01:37:26 hqnl0246134 sshd[274597]: Failed password for root from 61.177.173.18 port 13177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 01:37:28,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369848.151216, 'message': 'Dec  7 01:37:27 hqnl0246134 sshd[274599]: Failed password for root from 61.177.172.104 port 37003 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 01:37:30,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369850.1548085, 'message': 'Dec  7 01:37:28 hqnl0246134 sshd[274601]: Invalid user dspace from 165.227.166.207 port 44060', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 01:37:30,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369850.155238, 'message': 'Dec  7 01:37:29 hqnl0246134 sshd[274599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-07 01:37:30,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369850.1550627, 'message': 'Dec  7 01:37:28 hqnl0246134 sshd[274601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 01:37:32,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369852.1570432, 'message': 'Dec  7 01:37:31 hqnl0246134 sshd[274597]: Failed password for root from 61.177.173.18 port 13177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 01:37:32,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369852.1572776, 'message': 'Dec  7 01:37:31 hqnl0246134 sshd[274601]: Failed password for invalid user dspace from 165.227.166.207 port 44060 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 01:37:32,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369852.1574702, 'message': 'Dec  7 01:37:32 hqnl0246134 sshd[274603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-07 01:37:32,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369852.157613, 'message': 'Dec  7 01:37:32 hqnl0246134 sshd[274603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 01:37:34,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369854.1587188, 'message': 'Dec  7 01:37:32 hqnl0246134 sshd[274599]: Failed password for root from 61.177.172.104 port 37003 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0696 seconds
INFO    [2022-12-07 01:37:34,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369854.1589727, 'message': 'Dec  7 01:37:33 hqnl0246134 sshd[274601]: Disconnected from invalid user dspace 165.227.166.207 port 44060 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0699 seconds
INFO    [2022-12-07 01:37:34,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369854.1590867, 'message': 'Dec  7 01:37:33 hqnl0246134 sshd[274603]: Failed password for root from 61.177.173.50 port 24734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0698 seconds
INFO    [2022-12-07 01:37:34,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369854.1592157, 'message': 'Dec  7 01:37:34 hqnl0246134 sshd[274603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:37:36,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369856.160314, 'message': 'Dec  7 01:37:34 hqnl0246134 sshd[274599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 01:37:36,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369856.160499, 'message': 'Dec  7 01:37:35 hqnl0246134 sshd[274603]: Failed password for root from 61.177.173.50 port 24734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:37:36,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369856.1606114, 'message': 'Dec  7 01:37:36 hqnl0246134 sshd[274599]: Failed password for root from 61.177.172.104 port 37003 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 01:37:38,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369858.1652985, 'message': 'Dec  7 01:37:36 hqnl0246134 sshd[274603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 01:37:40,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369860.166308, 'message': 'Dec  7 01:37:38 hqnl0246134 sshd[274610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 01:37:40,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369860.1666107, 'message': 'Dec  7 01:37:38 hqnl0246134 sshd[274603]: Failed password for root from 61.177.173.50 port 24734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 01:37:40,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369860.166496, 'message': 'Dec  7 01:37:38 hqnl0246134 sshd[274610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:37:42,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369862.1685038, 'message': 'Dec  7 01:37:40 hqnl0246134 sshd[274610]: Failed password for root from 61.177.172.104 port 30017 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:37:42,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369862.1686828, 'message': 'Dec  7 01:37:40 hqnl0246134 sshd[274610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:37:44,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369864.1713252, 'message': 'Dec  7 01:37:42 hqnl0246134 sshd[274612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:37:44,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369864.1716065, 'message': 'Dec  7 01:37:43 hqnl0246134 sshd[274610]: Failed password for root from 61.177.172.104 port 30017 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 01:37:44,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369864.1714954, 'message': 'Dec  7 01:37:42 hqnl0246134 sshd[274612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:37:46,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369866.1763868, 'message': 'Dec  7 01:37:44 hqnl0246134 sshd[274612]: Failed password for root from 61.177.173.50 port 11878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 01:37:46,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369866.1767387, 'message': 'Dec  7 01:37:44 hqnl0246134 sshd[274610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 01:37:48,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369868.1788697, 'message': 'Dec  7 01:37:46 hqnl0246134 sshd[274612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:37:48,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369868.1790407, 'message': 'Dec  7 01:37:46 hqnl0246134 sshd[274610]: Failed password for root from 61.177.172.104 port 30017 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 01:37:50,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369870.1808844, 'message': 'Dec  7 01:37:48 hqnl0246134 sshd[274622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 01:37:50,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369870.1895661, 'message': 'Dec  7 01:37:48 hqnl0246134 sshd[274612]: Failed password for root from 61.177.173.50 port 11878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 01:37:50,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369870.1894174, 'message': 'Dec  7 01:37:48 hqnl0246134 sshd[274622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 01:37:50,320] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:37:50,321] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:37:52,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369872.28998, 'message': 'Dec  7 01:37:50 hqnl0246134 sshd[274612]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 01:37:52,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369872.29021, 'message': 'Dec  7 01:37:51 hqnl0246134 sshd[274622]: Failed password for root from 61.177.172.104 port 54924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 01:37:54,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670369874.1824315, 'message': 'Dec  7 01:37:52 hqnl0246134 sshd[274612]: Failed password for root from 61.177.173.50 port 11878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 01:37:54,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369874.18262, 'message': 'Dec  7 01:37:53 hqnl0246134 sshd[274622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 01:37:56,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369876.1844661, 'message': 'Dec  7 01:37:54 hqnl0246134 sshd[274625]: Invalid user mas from 36.255.8.153 port 56132', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 01:37:56,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369876.1849651, 'message': 'Dec  7 01:37:55 hqnl0246134 sshd[274622]: Failed password for root from 61.177.172.104 port 54924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 01:37:56,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369876.1846888, 'message': 'Dec  7 01:37:54 hqnl0246134 sshd[274625]: pam_imunify(sshd:auth): [IM360_RBL] The IP 36.255.8.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:37:56,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369876.1848576, 'message': 'Dec  7 01:37:54 hqnl0246134 sshd[274625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.153 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 01:37:58,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369878.1858006, 'message': 'Dec  7 01:37:56 hqnl0246134 sshd[274625]: Failed password for invalid user mas from 36.255.8.153 port 56132 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 01:37:58,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369878.1861596, 'message': 'Dec  7 01:37:57 hqnl0246134 sshd[274622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:37:58,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '36.255.8.153', 'timestamp': 1670369878.1860423, 'message': 'Dec  7 01:37:56 hqnl0246134 sshd[274625]: Disconnected from invalid user mas 36.255.8.153 port 56132 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 01:38:00,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670369880.1898682, 'message': 'Dec  7 01:37:58 hqnl0246134 sshd[274622]: Failed password for root from 61.177.172.104 port 54924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:38:00,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '47.254.201.78', 'timestamp': 1670369880.1900556, 'message': 'Dec  7 01:37:59 hqnl0246134 sshd[274627]: Invalid user gb from 47.254.201.78 port 57762', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 01:38:00,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '47.254.201.78', 'timestamp': 1670369880.1901677, 'message': 'Dec  7 01:37:59 hqnl0246134 sshd[274627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.201.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 01:38:04,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '47.254.201.78', 'timestamp': 1670369884.196362, 'message': 'Dec  7 01:38:02 hqnl0246134 sshd[274627]: Failed password for invalid user gb from 47.254.201.78 port 57762 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 01:38:04,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '47.254.201.78', 'timestamp': 1670369884.19683, 'message': 'Dec  7 01:38:02 hqnl0246134 sshd[274627]: Disconnected from invalid user gb 47.254.201.78 port 57762 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:38:06,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369886.1974356, 'message': 'Dec  7 01:38:06 hqnl0246134 sshd[274639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:38:08,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369888.1995609, 'message': 'Dec  7 01:38:08 hqnl0246134 sshd[274639]: Failed password for root from 61.177.173.18 port 18826 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 01:38:11,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:38:11,684] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0410 seconds
INFO    [2022-12-07 01:38:17,435] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:38:17,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:38:17,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:38:17,460] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-07 01:38:17,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:38:18,000] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:38:18,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:38:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 01:38:20,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670369900.2130923, 'message': 'Dec  7 01:38:19 hqnl0246134 sshd[274663]: Invalid user Admin from 45.230.236.11 port 60964', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 01:38:20,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.230.236.11', 'timestamp': 1670369900.2134593, 'message': 'Dec  7 01:38:20 hqnl0246134 sshd[274663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.230.236.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:38:20,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.230.236.11', 'timestamp': 1670369900.2136176, 'message': 'Dec  7 01:38:20 hqnl0246134 sshd[274663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.230.236.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 01:38:20,548] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:38:20,548] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:38:20,556] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:38:20,567] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 01:38:22,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670369902.214448, 'message': 'Dec  7 01:38:21 hqnl0246134 sshd[274663]: Failed password for invalid user Admin from 45.230.236.11 port 60964 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:38:24,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.230.236.11', 'timestamp': 1670369904.2180974, 'message': 'Dec  7 01:38:22 hqnl0246134 sshd[274663]: Disconnected from invalid user Admin 45.230.236.11 port 60964 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-07 01:38:50,325] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:38:50,326] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:38:52,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369932.2586246, 'message': 'Dec  7 01:38:51 hqnl0246134 sshd[274684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 01:38:54,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369934.260437, 'message': 'Dec  7 01:38:52 hqnl0246134 sshd[274684]: Failed password for root from 61.177.173.18 port 34465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 01:38:55,472] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:38:55,542] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:38:55,542] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:38:55,542] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:38:55,543] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:38:55,543] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:38:55,552] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:38:55,569] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0252 seconds
WARNING [2022-12-07 01:38:55,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:38:55,578] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:38:55,595] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0320 seconds
INFO    [2022-12-07 01:38:55,596] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0299 seconds
WARNING [2022-12-07 01:39:11,658] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:39:11,683] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-07 01:39:18,487] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:39:18,489] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:39:18,504] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:39:18,525] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0342 seconds
INFO    [2022-12-07 01:39:20,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369960.2867181, 'message': 'Dec  7 01:39:18 hqnl0246134 sshd[274839]: Invalid user ecell from 165.227.166.207 port 54346', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:39:20,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369960.2870543, 'message': 'Dec  7 01:39:18 hqnl0246134 sshd[274839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:39:21,287] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:39:21,287] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:39:21,294] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:39:21,306] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 01:39:22,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369962.2910275, 'message': 'Dec  7 01:39:20 hqnl0246134 sshd[274839]: Failed password for invalid user ecell from 165.227.166.207 port 54346 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:39:24,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670369964.2941551, 'message': 'Dec  7 01:39:22 hqnl0246134 sshd[274839]: Disconnected from invalid user ecell 165.227.166.207 port 54346 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 01:39:24,969] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:39:24,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:39:24,978] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:39:24,989] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 01:39:31,114] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:39:31,114] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:39:31,115] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 01:39:38,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369978.316967, 'message': 'Dec  7 01:39:37 hqnl0246134 sshd[274855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 01:39:40,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670369980.3199666, 'message': 'Dec  7 01:39:39 hqnl0246134 sshd[274855]: Failed password for root from 61.177.173.18 port 59366 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 01:39:50,330] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:39:50,331] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:40:11,672] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:40:11,701] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0442 seconds
INFO    [2022-12-07 01:40:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:40:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:40:17,867] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:40:17,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0335 seconds
INFO    [2022-12-07 01:40:20,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:40:20,616] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:40:20,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:40:20,634] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 01:40:22,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370022.3695552, 'message': 'Dec  7 01:40:21 hqnl0246134 sshd[274922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 01:40:22,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370022.3698218, 'message': 'Dec  7 01:40:21 hqnl0246134 sshd[274926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 01:40:22,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370022.3713684, 'message': 'Dec  7 01:40:22 hqnl0246134 sshd[274926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:40:24,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370024.372378, 'message': 'Dec  7 01:40:23 hqnl0246134 sshd[274922]: Failed password for root from 61.177.173.18 port 18336 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:40:24,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370024.3725467, 'message': 'Dec  7 01:40:23 hqnl0246134 sshd[274926]: Failed password for root from 61.177.172.108 port 42931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 01:40:26,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370026.3775604, 'message': 'Dec  7 01:40:25 hqnl0246134 sshd[274922]: Failed password for root from 61.177.173.18 port 18336 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 01:40:26,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370026.3778508, 'message': 'Dec  7 01:40:26 hqnl0246134 sshd[274926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 01:40:28,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370028.3777108, 'message': 'Dec  7 01:40:27 hqnl0246134 sshd[274922]: Failed password for root from 61.177.173.18 port 18336 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 01:40:28,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370028.3779356, 'message': 'Dec  7 01:40:27 hqnl0246134 sshd[274926]: Failed password for root from 61.177.172.108 port 42931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 01:40:30,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370030.3803763, 'message': 'Dec  7 01:40:28 hqnl0246134 sshd[274926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 01:40:30,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370030.380561, 'message': 'Dec  7 01:40:30 hqnl0246134 sshd[274926]: Failed password for root from 61.177.172.108 port 42931 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:40:32,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370032.382535, 'message': 'Dec  7 01:40:32 hqnl0246134 sshd[274931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:40:32,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370032.3827083, 'message': 'Dec  7 01:40:32 hqnl0246134 sshd[274931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 01:40:34,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370034.3851743, 'message': 'Dec  7 01:40:33 hqnl0246134 sshd[274931]: Failed password for root from 61.177.172.108 port 26197 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:40:36,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370036.3857055, 'message': 'Dec  7 01:40:34 hqnl0246134 sshd[274931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 01:40:38,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370038.3885105, 'message': 'Dec  7 01:40:36 hqnl0246134 sshd[274931]: Failed password for root from 61.177.172.108 port 26197 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 01:40:38,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370038.3887115, 'message': 'Dec  7 01:40:36 hqnl0246134 sshd[274931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 01:40:40,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370040.3915505, 'message': 'Dec  7 01:40:39 hqnl0246134 sshd[274931]: Failed password for root from 61.177.172.108 port 26197 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 01:40:44,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370044.397653, 'message': 'Dec  7 01:40:42 hqnl0246134 sshd[274933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:40:44,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370044.3978817, 'message': 'Dec  7 01:40:42 hqnl0246134 sshd[274933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 01:40:46,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370046.400218, 'message': 'Dec  7 01:40:44 hqnl0246134 sshd[274933]: Failed password for root from 61.177.172.108 port 12355 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:40:48,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370048.403014, 'message': 'Dec  7 01:40:47 hqnl0246134 sshd[274933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 01:40:50,334] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:40:50,334] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:40:50,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370050.4068482, 'message': 'Dec  7 01:40:48 hqnl0246134 sshd[274933]: Failed password for root from 61.177.172.108 port 12355 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:40:50,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370050.4070263, 'message': 'Dec  7 01:40:49 hqnl0246134 sshd[274933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:40:52,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370052.4096632, 'message': 'Dec  7 01:40:50 hqnl0246134 sshd[274933]: Failed password for root from 61.177.172.108 port 12355 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 01:40:54,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370054.4104834, 'message': 'Dec  7 01:40:53 hqnl0246134 sshd[274945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:40:54,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370054.4107263, 'message': 'Dec  7 01:40:53 hqnl0246134 sshd[274945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:40:56,029] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:40:56,030] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:40:56,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:40:56,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 01:40:56,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370056.4123154, 'message': 'Dec  7 01:40:55 hqnl0246134 sshd[274945]: Failed password for root from 61.177.172.108 port 36276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:40:58,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370058.414695, 'message': 'Dec  7 01:40:57 hqnl0246134 sshd[274945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:41:00,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370060.4173322, 'message': 'Dec  7 01:40:59 hqnl0246134 sshd[274945]: Failed password for root from 61.177.172.108 port 36276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 01:41:00,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370060.417587, 'message': 'Dec  7 01:40:59 hqnl0246134 sshd[274945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 01:41:02,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370062.4179163, 'message': 'Dec  7 01:41:01 hqnl0246134 sshd[274945]: Failed password for root from 61.177.172.108 port 36276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 01:41:08,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370068.429249, 'message': 'Dec  7 01:41:06 hqnl0246134 sshd[274962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 01:41:10,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370070.4317925, 'message': 'Dec  7 01:41:08 hqnl0246134 sshd[274962]: Failed password for root from 61.177.173.18 port 40981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 01:41:11,671] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:41:11,700] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0394 seconds
INFO    [2022-12-07 01:41:12,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370072.4339073, 'message': 'Dec  7 01:41:11 hqnl0246134 sshd[274965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:41:12,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370072.434102, 'message': 'Dec  7 01:41:11 hqnl0246134 sshd[274965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:41:14,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370074.4364073, 'message': 'Dec  7 01:41:12 hqnl0246134 sshd[274962]: Failed password for root from 61.177.173.18 port 40981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 01:41:14,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370074.436597, 'message': 'Dec  7 01:41:13 hqnl0246134 sshd[274965]: Failed password for root from 61.177.173.35 port 55656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 01:41:14,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370074.4367356, 'message': 'Dec  7 01:41:13 hqnl0246134 sshd[274967]: Invalid user escheduler from 165.227.166.207 port 36402', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 01:41:14,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370074.4369054, 'message': 'Dec  7 01:41:13 hqnl0246134 sshd[274967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:41:16,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370076.4388523, 'message': 'Dec  7 01:41:14 hqnl0246134 sshd[274962]: Failed password for root from 61.177.173.18 port 40981 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0777 seconds
INFO    [2022-12-07 01:41:16,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370076.4391944, 'message': 'Dec  7 01:41:15 hqnl0246134 sshd[274967]: Failed password for invalid user escheduler from 165.227.166.207 port 36402 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0779 seconds
INFO    [2022-12-07 01:41:16,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370076.439408, 'message': 'Dec  7 01:41:15 hqnl0246134 sshd[274965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0774 seconds
INFO    [2022-12-07 01:41:18,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370078.4414184, 'message': 'Dec  7 01:41:17 hqnl0246134 sshd[274967]: Disconnected from invalid user escheduler 165.227.166.207 port 36402 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 01:41:18,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370078.4419742, 'message': 'Dec  7 01:41:17 hqnl0246134 sshd[274965]: Failed password for root from 61.177.173.35 port 55656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 01:41:18,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370078.4421597, 'message': 'Dec  7 01:41:18 hqnl0246134 sshd[274965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 01:41:20,008] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:41:20,009] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:41:20,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:41:20,028] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 01:41:22,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370082.4440563, 'message': 'Dec  7 01:41:20 hqnl0246134 sshd[274965]: Failed password for root from 61.177.173.35 port 55656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 01:41:22,813] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:41:22,813] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:41:22,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:41:22,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1216 seconds
INFO    [2022-12-07 01:41:24,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370084.447278, 'message': 'Dec  7 01:41:24 hqnl0246134 sshd[274988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:41:24,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370084.447613, 'message': 'Dec  7 01:41:24 hqnl0246134 sshd[274988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 01:41:26,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370086.4470334, 'message': 'Dec  7 01:41:26 hqnl0246134 sshd[274988]: Failed password for root from 61.177.173.35 port 50260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 01:41:30,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370090.4528491, 'message': 'Dec  7 01:41:28 hqnl0246134 sshd[274988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:41:32,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370092.455474, 'message': 'Dec  7 01:41:30 hqnl0246134 sshd[274988]: Failed password for root from 61.177.173.35 port 50260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:41:34,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370094.4576526, 'message': 'Dec  7 01:41:32 hqnl0246134 sshd[274988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:41:36,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370096.4603, 'message': 'Dec  7 01:41:34 hqnl0246134 sshd[274988]: Failed password for root from 61.177.173.35 port 50260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:41:38,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370098.4618053, 'message': 'Dec  7 01:41:36 hqnl0246134 sshd[274991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:41:38,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370098.4622319, 'message': 'Dec  7 01:41:36 hqnl0246134 sshd[274991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:41:40,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370100.4643836, 'message': 'Dec  7 01:41:39 hqnl0246134 sshd[274991]: Failed password for root from 61.177.173.35 port 42808 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:41:42,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370102.466049, 'message': 'Dec  7 01:41:41 hqnl0246134 sshd[274991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 01:41:44,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370104.4689286, 'message': 'Dec  7 01:41:43 hqnl0246134 sshd[274991]: Failed password for root from 61.177.173.35 port 42808 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:41:44,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370104.4731824, 'message': 'Dec  7 01:41:43 hqnl0246134 sshd[274991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:41:46,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670370106.4720292, 'message': 'Dec  7 01:41:44 hqnl0246134 sshd[274991]: Failed password for root from 61.177.173.35 port 42808 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 01:41:50,337] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:41:50,338] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:41:52,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370112.487284, 'message': 'Dec  7 01:41:50 hqnl0246134 sshd[275004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.230.236.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 01:41:52,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370112.4881556, 'message': 'Dec  7 01:41:52 hqnl0246134 sshd[275006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 01:41:52,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370112.4880285, 'message': 'Dec  7 01:41:50 hqnl0246134 sshd[275004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.230.236.11  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 01:41:54,117] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 01:41:54,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370114.489998, 'message': 'Dec  7 01:41:52 hqnl0246134 sshd[275004]: Failed password for root from 45.230.236.11 port 51088 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 01:41:54,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370114.4901788, 'message': 'Dec  7 01:41:54 hqnl0246134 sshd[275006]: Failed password for root from 61.177.173.18 port 64394 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 01:41:55,595] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:41:55,596] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:41:55,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:41:55,621] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 01:41:58,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370118.4949791, 'message': 'Dec  7 01:41:57 hqnl0246134 sshd[275006]: Failed password for root from 61.177.173.18 port 64394 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:42:02,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670370122.500381, 'message': 'Dec  7 01:42:00 hqnl0246134 sshd[275015]: Invalid user admin from 24.62.135.19 port 37900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1077 seconds
INFO    [2022-12-07 01:42:02,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370122.500922, 'message': 'Dec  7 01:42:01 hqnl0246134 sshd[275006]: Failed password for root from 61.177.173.18 port 64394 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1090 seconds
INFO    [2022-12-07 01:42:02,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '24.62.135.19', 'timestamp': 1670370122.5005543, 'message': 'Dec  7 01:42:00 hqnl0246134 sshd[275015]: pam_imunify(sshd:auth): [IM360_RBL] The IP 24.62.135.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 01:42:02,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '24.62.135.19', 'timestamp': 1670370122.500734, 'message': 'Dec  7 01:42:00 hqnl0246134 sshd[275015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.62.135.19 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 01:42:04,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670370124.5029964, 'message': 'Dec  7 01:42:03 hqnl0246134 sshd[275015]: Failed password for invalid user admin from 24.62.135.19 port 37900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:42:06,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '24.62.135.19', 'timestamp': 1670370126.505617, 'message': 'Dec  7 01:42:04 hqnl0246134 sshd[275015]: Disconnected from invalid user admin 24.62.135.19 port 37900 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 01:42:11,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:42:11,705] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-07 01:42:17,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:42:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:42:17,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:42:17,940] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0235 seconds
INFO    [2022-12-07 01:42:22,702] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:42:22,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:42:22,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:42:22,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 01:42:38,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370158.5393472, 'message': 'Dec  7 01:42:38 hqnl0246134 sshd[275059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 01:42:40,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370160.5419335, 'message': 'Dec  7 01:42:40 hqnl0246134 sshd[275059]: Failed password for root from 61.177.173.18 port 29114 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 01:42:42,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '196.1.114.253', 'timestamp': 1670370162.5429566, 'message': 'Dec  7 01:42:41 hqnl0246134 sshd[275061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 196.1.114.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:42:42,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '196.1.114.253', 'timestamp': 1670370162.5431514, 'message': 'Dec  7 01:42:41 hqnl0246134 sshd[275061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.1.114.253  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 01:42:44,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370164.5441678, 'message': 'Dec  7 01:42:42 hqnl0246134 sshd[275059]: Failed password for root from 61.177.173.18 port 29114 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 01:42:44,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '196.1.114.253', 'timestamp': 1670370164.5445604, 'message': 'Dec  7 01:42:44 hqnl0246134 sshd[275061]: Failed password for root from 196.1.114.253 port 45507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:42:48,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370168.5486233, 'message': 'Dec  7 01:42:47 hqnl0246134 sshd[275059]: Failed password for root from 61.177.173.18 port 29114 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
WARNING [2022-12-07 01:42:50,341] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:42:50,341] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:43:10,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370190.5758421, 'message': 'Dec  7 01:43:09 hqnl0246134 sshd[275112]: Invalid user es from 165.227.166.207 port 46750', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 01:43:10,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370190.5761952, 'message': 'Dec  7 01:43:09 hqnl0246134 sshd[275112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 01:43:11,682] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:43:11,712] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0380 seconds
INFO    [2022-12-07 01:43:12,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370192.576332, 'message': 'Dec  7 01:43:11 hqnl0246134 sshd[275112]: Failed password for invalid user es from 165.227.166.207 port 46750 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 01:43:14,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370194.577519, 'message': 'Dec  7 01:43:13 hqnl0246134 sshd[275112]: Disconnected from invalid user es 165.227.166.207 port 46750 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:43:16,642] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:43:16,643] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:43:16,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:43:16,665] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 01:43:17,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:43:17,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:43:17,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:43:17,886] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 01:43:18,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370198.5820644, 'message': 'Dec  7 01:43:17 hqnl0246134 sshd[275132]: Invalid user sonos from 109.167.200.10 port 34498', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:43:18,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370198.5840132, 'message': 'Dec  7 01:43:17 hqnl0246134 sshd[275132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.167.200.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:43:18,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370198.584175, 'message': 'Dec  7 01:43:17 hqnl0246134 sshd[275132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.167.200.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:43:20,571] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:43:20,571] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:43:20,578] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:43:20,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-07 01:43:20,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370200.5816455, 'message': 'Dec  7 01:43:19 hqnl0246134 sshd[275132]: Failed password for invalid user sonos from 109.167.200.10 port 34498 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 01:43:22,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370202.5856063, 'message': 'Dec  7 01:43:21 hqnl0246134 sshd[275132]: Disconnected from invalid user sonos 109.167.200.10 port 34498 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-07 01:43:22,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370202.585943, 'message': 'Dec  7 01:43:21 hqnl0246134 sshd[275141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.185.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-07 01:43:22,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370202.5861108, 'message': 'Dec  7 01:43:21 hqnl0246134 sshd[275141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.185.60  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 01:43:24,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370204.5878913, 'message': 'Dec  7 01:43:23 hqnl0246134 sshd[275141]: Failed password for root from 143.110.185.60 port 48226 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:43:26,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370206.5919287, 'message': 'Dec  7 01:43:25 hqnl0246134 sshd[275143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:43:28,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370208.5936291, 'message': 'Dec  7 01:43:26 hqnl0246134 sshd[275143]: Failed password for root from 61.177.173.18 port 52225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 01:43:30,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370210.5964231, 'message': 'Dec  7 01:43:29 hqnl0246134 sshd[275143]: Failed password for root from 61.177.173.18 port 52225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:43:34,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370214.6005569, 'message': 'Dec  7 01:43:33 hqnl0246134 sshd[275143]: Failed password for root from 61.177.173.18 port 52225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 01:43:50,345] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:43:50,346] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:44:11,688] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:44:11,723] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0438 seconds
INFO    [2022-12-07 01:44:12,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370252.6469676, 'message': 'Dec  7 01:44:11 hqnl0246134 sshd[275176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:44:14,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370254.6502469, 'message': 'Dec  7 01:44:13 hqnl0246134 sshd[275176]: Failed password for root from 61.177.173.18 port 16023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 01:44:16,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370256.650326, 'message': 'Dec  7 01:44:14 hqnl0246134 sshd[275178]: Invalid user jenkins from 195.239.97.254 port 38592', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 01:44:16,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370256.6508462, 'message': 'Dec  7 01:44:16 hqnl0246134 sshd[275176]: Failed password for root from 61.177.173.18 port 16023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 01:44:16,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370256.6505556, 'message': 'Dec  7 01:44:14 hqnl0246134 sshd[275178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 195.239.97.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 01:44:16,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370256.6507232, 'message': 'Dec  7 01:44:14 hqnl0246134 sshd[275178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.239.97.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 01:44:17,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:44:17,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:44:17,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:44:17,862] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
INFO    [2022-12-07 01:44:18,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370258.6530979, 'message': 'Dec  7 01:44:16 hqnl0246134 sshd[275178]: Failed password for invalid user jenkins from 195.239.97.254 port 38592 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 01:44:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:44:20,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:44:20,565] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:44:20,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-07 01:44:20,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370260.6548457, 'message': 'Dec  7 01:44:18 hqnl0246134 sshd[275178]: Disconnected from invalid user jenkins 195.239.97.254 port 38592 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0551 seconds
INFO    [2022-12-07 01:44:20,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370260.6552439, 'message': 'Dec  7 01:44:20 hqnl0246134 sshd[275176]: Failed password for root from 61.177.173.18 port 16023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-07 01:44:25,204] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:44:25,205] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:44:25,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:44:25,224] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
WARNING [2022-12-07 01:44:50,349] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:44:50,351] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:44:58,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370298.7037024, 'message': 'Dec  7 01:44:57 hqnl0246134 sshd[275226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:45:00,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370300.705251, 'message': 'Dec  7 01:44:58 hqnl0246134 sshd[275226]: Failed password for root from 61.177.173.18 port 31690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:45:02,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370302.708549, 'message': 'Dec  7 01:45:01 hqnl0246134 sshd[275226]: Failed password for root from 61.177.173.18 port 31690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 01:45:02,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370302.7089012, 'message': 'Dec  7 01:45:02 hqnl0246134 sshd[275243]: Invalid user ftpuser from 165.227.166.207 port 56990', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-07 01:45:02,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370302.7091522, 'message': 'Dec  7 01:45:02 hqnl0246134 sshd[275243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 01:45:06,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370306.7146614, 'message': 'Dec  7 01:45:04 hqnl0246134 sshd[275243]: Failed password for invalid user ftpuser from 165.227.166.207 port 56990 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 01:45:06,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370306.7150638, 'message': 'Dec  7 01:45:05 hqnl0246134 sshd[275226]: Failed password for root from 61.177.173.18 port 31690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 01:45:06,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370306.7148824, 'message': 'Dec  7 01:45:05 hqnl0246134 sshd[275243]: Disconnected from invalid user ftpuser 165.227.166.207 port 56990 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 01:45:11,691] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:45:11,715] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-07 01:45:17,912] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:45:17,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:45:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:45:17,937] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 01:45:20,682] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:45:20,683] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:45:20,691] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:45:20,707] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 01:45:20,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370320.7262404, 'message': 'Dec  7 01:45:19 hqnl0246134 sshd[275277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.230.236.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:45:20,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370320.7264814, 'message': 'Dec  7 01:45:19 hqnl0246134 sshd[275277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.230.236.11  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:45:20,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.230.236.11', 'timestamp': 1670370320.7266254, 'message': 'Dec  7 01:45:20 hqnl0246134 sshd[275277]: Failed password for root from 45.230.236.11 port 41120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:45:26,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370326.7323177, 'message': 'Dec  7 01:45:26 hqnl0246134 sshd[275285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 01:45:26,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370326.7326388, 'message': 'Dec  7 01:45:26 hqnl0246134 sshd[275285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:45:28,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370328.7341683, 'message': 'Dec  7 01:45:28 hqnl0246134 sshd[275285]: Failed password for root from 61.177.173.49 port 43699 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 01:45:28,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370328.7344465, 'message': 'Dec  7 01:45:28 hqnl0246134 sshd[275285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 01:45:30,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370330.736398, 'message': 'Dec  7 01:45:30 hqnl0246134 sshd[275285]: Failed password for root from 61.177.173.49 port 43699 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:45:34,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370334.7420003, 'message': 'Dec  7 01:45:32 hqnl0246134 sshd[275285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 01:45:34,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370334.7423282, 'message': 'Dec  7 01:45:34 hqnl0246134 sshd[275285]: Failed password for root from 61.177.173.49 port 43699 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:45:38,094] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:45:38,095] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:45:38,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:45:38,138] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0402 seconds
INFO    [2022-12-07 01:45:38,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370338.7464006, 'message': 'Dec  7 01:45:37 hqnl0246134 sshd[275295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:45:38,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370338.746627, 'message': 'Dec  7 01:45:37 hqnl0246134 sshd[275295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:45:40,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370340.7493749, 'message': 'Dec  7 01:45:39 hqnl0246134 sshd[275295]: Failed password for root from 61.177.173.49 port 20751 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 01:45:40,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370340.7496247, 'message': 'Dec  7 01:45:39 hqnl0246134 sshd[275295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 01:45:42,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370342.7499952, 'message': 'Dec  7 01:45:41 hqnl0246134 sshd[275295]: Failed password for root from 61.177.173.49 port 20751 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 01:45:42,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370342.7503488, 'message': 'Dec  7 01:45:42 hqnl0246134 sshd[275301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 01:45:42,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370342.7501936, 'message': 'Dec  7 01:45:42 hqnl0246134 sshd[275295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:45:44,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670370344.7528427, 'message': 'Dec  7 01:45:44 hqnl0246134 sshd[275295]: Failed password for root from 61.177.173.49 port 20751 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 01:45:44,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370344.7531183, 'message': 'Dec  7 01:45:44 hqnl0246134 sshd[275301]: Failed password for root from 61.177.173.18 port 52191 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
WARNING [2022-12-07 01:45:50,354] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:45:50,355] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:46:04,235] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:46:04,309] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:46:04,310] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:46:04,310] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:46:04,310] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:46:04,310] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:46:04,321] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:46:04,337] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0265 seconds
WARNING [2022-12-07 01:46:04,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:46:04,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:46:04,363] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0313 seconds
INFO    [2022-12-07 01:46:04,365] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0293 seconds
WARNING [2022-12-07 01:46:11,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:46:11,714] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0276 seconds
INFO    [2022-12-07 01:46:17,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:46:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:46:18,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:46:18,015] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0984 seconds
INFO    [2022-12-07 01:46:20,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:46:20,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:46:20,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:46:20,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 01:46:26,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370386.8105786, 'message': 'Dec  7 01:46:25 hqnl0246134 sshd[275342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:46:28,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370388.815634, 'message': 'Dec  7 01:46:27 hqnl0246134 sshd[275342]: Failed password for root from 61.177.173.18 port 63444 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 01:46:28,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370388.8158753, 'message': 'Dec  7 01:46:27 hqnl0246134 sshd[275345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 01:46:28,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370388.8160584, 'message': 'Dec  7 01:46:27 hqnl0246134 sshd[275345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 01:46:30,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370390.8198545, 'message': 'Dec  7 01:46:29 hqnl0246134 sshd[275345]: Failed password for root from 45.93.201.82 port 52408 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 01:46:30,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370390.8200834, 'message': 'Dec  7 01:46:29 hqnl0246134 sshd[275342]: Failed password for root from 61.177.173.18 port 63444 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 01:46:34,456] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:46:34,456] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:46:34,457] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 01:46:34,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370394.8267386, 'message': 'Dec  7 01:46:32 hqnl0246134 sshd[275342]: Failed password for root from 61.177.173.18 port 63444 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 01:46:34,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370394.8270383, 'message': 'Dec  7 01:46:34 hqnl0246134 sshd[275345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 01:46:36,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370396.8262837, 'message': 'Dec  7 01:46:36 hqnl0246134 sshd[275345]: Failed password for root from 45.93.201.82 port 52408 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:46:42,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370402.8327787, 'message': 'Dec  7 01:46:41 hqnl0246134 sshd[275345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:46:44,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670370404.8346546, 'message': 'Dec  7 01:46:43 hqnl0246134 sshd[275345]: Failed password for root from 45.93.201.82 port 52408 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-07 01:46:50,358] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:46:50,359] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:46:51,932] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:46:51,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:46:51,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:46:51,953] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 01:47:02,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370422.8529787, 'message': 'Dec  7 01:47:01 hqnl0246134 sshd[275386]: Invalid user git from 165.227.166.207 port 39050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 01:47:02,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370422.853442, 'message': 'Dec  7 01:47:01 hqnl0246134 sshd[275386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:47:04,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370424.854422, 'message': 'Dec  7 01:47:03 hqnl0246134 sshd[275386]: Failed password for invalid user git from 165.227.166.207 port 39050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:47:04,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370424.854609, 'message': 'Dec  7 01:47:03 hqnl0246134 sshd[275386]: Disconnected from invalid user git 165.227.166.207 port 39050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 01:47:11,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:47:11,725] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 01:47:12,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370432.8664389, 'message': 'Dec  7 01:47:11 hqnl0246134 sshd[275406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:47:14,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370434.8690083, 'message': 'Dec  7 01:47:13 hqnl0246134 sshd[275406]: Failed password for root from 61.177.173.18 port 33190 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:47:17,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:47:17,754] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:47:17,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:47:17,774] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 01:47:20,493] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:47:20,493] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:47:20,504] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:47:20,517] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 01:47:24,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370444.877037, 'message': 'Dec  7 01:47:23 hqnl0246134 sshd[275427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.182.17.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:47:24,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370444.8773456, 'message': 'Dec  7 01:47:23 hqnl0246134 sshd[275427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:47:26,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370446.8808565, 'message': 'Dec  7 01:47:26 hqnl0246134 sshd[275427]: Failed password for root from 107.182.17.78 port 42754 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 01:47:50,364] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:47:50,365] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:47:58,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370478.9232748, 'message': 'Dec  7 01:47:58 hqnl0246134 sshd[275442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:48:00,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370480.9246647, 'message': 'Dec  7 01:48:00 hqnl0246134 sshd[275442]: Failed password for root from 61.177.173.18 port 57101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:48:02,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370482.9261646, 'message': 'Dec  7 01:48:02 hqnl0246134 sshd[275442]: Failed password for root from 61.177.173.18 port 57101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:48:08,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370488.934352, 'message': 'Dec  7 01:48:06 hqnl0246134 sshd[275442]: Failed password for root from 61.177.173.18 port 57101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:48:09,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:48:09,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:48:09,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:48:09,852] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-07 01:48:11,707] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:48:11,727] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0279 seconds
INFO    [2022-12-07 01:48:16,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '196.1.114.252', 'timestamp': 1670370496.9417508, 'message': 'Dec  7 01:48:16 hqnl0246134 sshd[275462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 196.1.114.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:48:16,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '196.1.114.252', 'timestamp': 1670370496.9420164, 'message': 'Dec  7 01:48:16 hqnl0246134 sshd[275462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.1.114.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:48:17,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:48:17,731] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:48:17,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:48:17,751] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 01:48:18,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '196.1.114.252', 'timestamp': 1670370498.942715, 'message': 'Dec  7 01:48:18 hqnl0246134 sshd[275462]: Failed password for root from 196.1.114.252 port 58424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 01:48:20,394] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:48:20,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:48:20,401] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:48:20,412] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 01:48:45,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370524.9815423, 'message': 'Dec  7 01:48:43 hqnl0246134 sshd[275486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 01:48:47,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370526.9825706, 'message': 'Dec  7 01:48:45 hqnl0246134 sshd[275486]: Failed password for root from 61.177.173.18 port 11787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 01:48:50,368] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:48:50,369] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:48:59,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370538.997285, 'message': 'Dec  7 01:48:58 hqnl0246134 sshd[275500]: Invalid user git from 165.227.166.207 port 49336', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 01:48:59,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370538.9979782, 'message': 'Dec  7 01:48:58 hqnl0246134 sshd[275500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 01:49:01,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370540.998052, 'message': 'Dec  7 01:49:00 hqnl0246134 sshd[275500]: Failed password for invalid user git from 165.227.166.207 port 49336 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:49:01,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370540.998293, 'message': 'Dec  7 01:49:00 hqnl0246134 sshd[275500]: Disconnected from invalid user git 165.227.166.207 port 49336 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:49:09,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370549.0075917, 'message': 'Dec  7 01:49:07 hqnl0246134 sshd[275510]: Invalid user centor from 43.156.42.200 port 41704', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 01:49:09,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370549.007821, 'message': 'Dec  7 01:49:07 hqnl0246134 sshd[275510]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.42.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 01:49:09,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370549.0079916, 'message': 'Dec  7 01:49:07 hqnl0246134 sshd[275510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.42.200 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 01:49:11,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370551.0095596, 'message': 'Dec  7 01:49:10 hqnl0246134 sshd[275510]: Failed password for invalid user centor from 43.156.42.200 port 41704 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-07 01:49:11,713] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:49:11,763] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0585 seconds
INFO    [2022-12-07 01:49:13,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370553.0122888, 'message': 'Dec  7 01:49:12 hqnl0246134 sshd[275510]: Disconnected from invalid user centor 43.156.42.200 port 41704 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 01:49:14,984] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:49:14,985] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:49:14,995] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:49:15,007] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 01:49:17,718] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:49:17,718] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:49:17,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:49:17,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 01:49:20,227] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:49:20,228] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:49:20,237] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:49:20,250] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 01:49:33,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370573.038151, 'message': 'Dec  7 01:49:31 hqnl0246134 sshd[275539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 01:49:35,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370575.0407357, 'message': 'Dec  7 01:49:33 hqnl0246134 sshd[275539]: Failed password for root from 61.177.173.18 port 27164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 01:49:50,372] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:49:50,374] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:49:55,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370595.0702758, 'message': 'Dec  7 01:49:53 hqnl0246134 sshd[275553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.167.200.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 01:49:55,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370595.0709143, 'message': 'Dec  7 01:49:53 hqnl0246134 sshd[275553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.167.200.10  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 01:49:57,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370597.0719216, 'message': 'Dec  7 01:49:55 hqnl0246134 sshd[275553]: Failed password for root from 109.167.200.10 port 37094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 01:50:11,719] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:50:11,743] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 01:50:17,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:50:17,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:50:17,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:50:17,945] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 01:50:19,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370619.1066306, 'message': 'Dec  7 01:50:18 hqnl0246134 sshd[275587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 01:50:21,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370621.110506, 'message': 'Dec  7 01:50:20 hqnl0246134 sshd[275587]: Failed password for root from 61.177.173.18 port 53813 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 01:50:22,507] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:50:22,508] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:50:22,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:50:22,531] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 01:50:25,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370625.1175346, 'message': 'Dec  7 01:50:24 hqnl0246134 sshd[275587]: Failed password for root from 61.177.173.18 port 53813 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 01:50:29,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370629.1263957, 'message': 'Dec  7 01:50:28 hqnl0246134 sshd[275587]: Failed password for root from 61.177.173.18 port 53813 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 01:50:37,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370637.1445227, 'message': 'Dec  7 01:50:35 hqnl0246134 sshd[275610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 01:50:37,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370637.1448154, 'message': 'Dec  7 01:50:35 hqnl0246134 sshd[275610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:50:37,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370637.1450374, 'message': 'Dec  7 01:50:37 hqnl0246134 sshd[275610]: Failed password for root from 61.177.173.36 port 21101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:50:39,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370639.1474605, 'message': 'Dec  7 01:50:37 hqnl0246134 sshd[275610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:50:41,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370641.150153, 'message': 'Dec  7 01:50:39 hqnl0246134 sshd[275610]: Failed password for root from 61.177.173.36 port 21101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 01:50:43,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370643.1531394, 'message': 'Dec  7 01:50:41 hqnl0246134 sshd[275610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:50:45,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370645.1669216, 'message': 'Dec  7 01:50:44 hqnl0246134 sshd[275610]: Failed password for root from 61.177.173.36 port 21101 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:50:47,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370647.1598172, 'message': 'Dec  7 01:50:46 hqnl0246134 sshd[275615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 01:50:47,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370647.1600049, 'message': 'Dec  7 01:50:46 hqnl0246134 sshd[275615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:50:48,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:50:48,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:50:48,826] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:50:48,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-07 01:50:49,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370649.1631336, 'message': 'Dec  7 01:50:47 hqnl0246134 sshd[275619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-07 01:50:49,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370649.1636536, 'message': 'Dec  7 01:50:48 hqnl0246134 sshd[275615]: Failed password for root from 61.177.172.108 port 25005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-07 01:50:49,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370649.1634898, 'message': 'Dec  7 01:50:47 hqnl0246134 sshd[275619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
WARNING [2022-12-07 01:50:50,378] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:50:50,379] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:50:51,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370651.1656785, 'message': 'Dec  7 01:50:49 hqnl0246134 sshd[275619]: Failed password for root from 61.177.173.36 port 23023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:50:51,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370651.1658835, 'message': 'Dec  7 01:50:49 hqnl0246134 sshd[275632]: Invalid user asecruc from 195.239.97.254 port 35740', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 01:50:51,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370651.1662533, 'message': 'Dec  7 01:50:50 hqnl0246134 sshd[275619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 01:50:51,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370651.1660075, 'message': 'Dec  7 01:50:49 hqnl0246134 sshd[275632]: pam_imunify(sshd:auth): [IM360_RBL] The IP 195.239.97.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 01:50:51,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370651.1663537, 'message': 'Dec  7 01:50:50 hqnl0246134 sshd[275615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 01:50:51,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370651.1661437, 'message': 'Dec  7 01:50:49 hqnl0246134 sshd[275632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.239.97.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 01:50:53,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370653.1695058, 'message': 'Dec  7 01:50:51 hqnl0246134 sshd[275632]: Failed password for invalid user asecruc from 195.239.97.254 port 35740 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-07 01:50:53,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370653.1697555, 'message': 'Dec  7 01:50:51 hqnl0246134 sshd[275634]: Invalid user git from 165.227.166.207 port 59598', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-07 01:50:53,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370653.170084, 'message': 'Dec  7 01:50:52 hqnl0246134 sshd[275619]: Failed password for root from 61.177.173.36 port 23023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-07 01:50:53,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370653.1698992, 'message': 'Dec  7 01:50:51 hqnl0246134 sshd[275634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0584 seconds
INFO    [2022-12-07 01:50:53,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370653.170345, 'message': 'Dec  7 01:50:52 hqnl0246134 sshd[275615]: Failed password for root from 61.177.172.108 port 25005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-07 01:50:53,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370653.1704588, 'message': 'Dec  7 01:50:52 hqnl0246134 sshd[275632]: Disconnected from invalid user asecruc 195.239.97.254 port 35740 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0593 seconds
INFO    [2022-12-07 01:50:53,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370653.1702154, 'message': 'Dec  7 01:50:52 hqnl0246134 sshd[275619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0586 seconds
INFO    [2022-12-07 01:50:53,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370653.170581, 'message': 'Dec  7 01:50:52 hqnl0246134 sshd[275615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 01:50:55,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370655.1713347, 'message': 'Dec  7 01:50:54 hqnl0246134 sshd[275634]: Failed password for invalid user git from 165.227.166.207 port 59598 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-07 01:50:55,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370655.1720235, 'message': 'Dec  7 01:50:54 hqnl0246134 sshd[275619]: Failed password for root from 61.177.173.36 port 23023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 01:50:55,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370655.1721382, 'message': 'Dec  7 01:50:55 hqnl0246134 sshd[275615]: Failed password for root from 61.177.172.108 port 25005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 01:50:57,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370657.175392, 'message': 'Dec  7 01:50:55 hqnl0246134 sshd[275634]: Disconnected from invalid user git 165.227.166.207 port 59598 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 01:50:59,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370659.1770191, 'message': 'Dec  7 01:50:58 hqnl0246134 sshd[275637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:50:59,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370659.1772723, 'message': 'Dec  7 01:50:58 hqnl0246134 sshd[275637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 01:51:01,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370661.179297, 'message': 'Dec  7 01:50:59 hqnl0246134 sshd[275639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 01:51:01,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370661.1797378, 'message': 'Dec  7 01:51:00 hqnl0246134 sshd[275637]: Failed password for root from 61.177.173.36 port 54694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 01:51:01,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370661.1795802, 'message': 'Dec  7 01:50:59 hqnl0246134 sshd[275639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 01:51:01,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370661.1798592, 'message': 'Dec  7 01:51:00 hqnl0246134 sshd[275637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 01:51:03,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370663.1807535, 'message': 'Dec  7 01:51:01 hqnl0246134 sshd[275639]: Failed password for root from 61.177.172.108 port 61404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 01:51:03,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370663.1812692, 'message': 'Dec  7 01:51:02 hqnl0246134 sshd[275637]: Failed password for root from 61.177.173.36 port 54694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 01:51:03,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370663.1811242, 'message': 'Dec  7 01:51:01 hqnl0246134 sshd[275639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0566 seconds
INFO    [2022-12-07 01:51:03,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370663.1814153, 'message': 'Dec  7 01:51:03 hqnl0246134 sshd[275637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-07 01:51:05,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370665.182012, 'message': 'Dec  7 01:51:03 hqnl0246134 sshd[275649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 01:51:05,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370665.1822712, 'message': 'Dec  7 01:51:03 hqnl0246134 sshd[275639]: Failed password for root from 61.177.172.108 port 61404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 01:51:05,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370665.1824384, 'message': 'Dec  7 01:51:04 hqnl0246134 sshd[275639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 01:51:07,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670370667.183853, 'message': 'Dec  7 01:51:05 hqnl0246134 sshd[275637]: Failed password for root from 61.177.173.36 port 54694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 01:51:07,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370667.1840446, 'message': 'Dec  7 01:51:05 hqnl0246134 sshd[275649]: Failed password for root from 61.177.173.18 port 11441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-07 01:51:07,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370667.184157, 'message': 'Dec  7 01:51:06 hqnl0246134 sshd[275639]: Failed password for root from 61.177.172.108 port 61404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-07 01:51:11,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370671.1919599, 'message': 'Dec  7 01:51:10 hqnl0246134 sshd[275649]: Failed password for root from 61.177.173.18 port 11441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0250 seconds
WARNING [2022-12-07 01:51:11,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:51:11,749] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0362 seconds
INFO    [2022-12-07 01:51:15,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370675.1999013, 'message': 'Dec  7 01:51:14 hqnl0246134 sshd[275649]: Failed password for root from 61.177.173.18 port 11441 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 01:51:17,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:51:17,883] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:51:17,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:51:17,918] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
INFO    [2022-12-07 01:51:20,584] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:51:20,585] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:51:20,597] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:51:20,611] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-07 01:51:40,134] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 01:51:40,136] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 01:51:41,006] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 01:51:43,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370703.2312613, 'message': 'Dec  7 01:51:42 hqnl0246134 sshd[275678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 01:51:43,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370703.2316585, 'message': 'Dec  7 01:51:42 hqnl0246134 sshd[275678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:51:45,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370705.2322853, 'message': 'Dec  7 01:51:44 hqnl0246134 sshd[275678]: Failed password for root from 61.177.172.108 port 22274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:51:47,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370707.2353609, 'message': 'Dec  7 01:51:46 hqnl0246134 sshd[275678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 01:51:49,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370709.23765, 'message': 'Dec  7 01:51:48 hqnl0246134 sshd[275695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 01:51:49,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370709.2380135, 'message': 'Dec  7 01:51:48 hqnl0246134 sshd[275678]: Failed password for root from 61.177.172.108 port 22274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 01:51:49,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370709.2381501, 'message': 'Dec  7 01:51:49 hqnl0246134 sshd[275678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 01:51:50,384] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:51:50,385] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:51:51,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370711.2420022, 'message': 'Dec  7 01:51:49 hqnl0246134 sshd[275695]: Failed password for root from 61.177.173.18 port 23178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 01:51:53,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370713.2481825, 'message': 'Dec  7 01:51:51 hqnl0246134 sshd[275678]: Failed password for root from 61.177.172.108 port 22274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 01:51:53,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370713.2484632, 'message': 'Dec  7 01:51:52 hqnl0246134 sshd[275705]: Invalid user damian from 107.182.17.78 port 35950', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 01:51:53,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370713.2489414, 'message': 'Dec  7 01:51:52 hqnl0246134 sshd[275695]: Failed password for root from 61.177.173.18 port 23178 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 01:51:53,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370713.2486072, 'message': 'Dec  7 01:51:52 hqnl0246134 sshd[275705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.182.17.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:51:53,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370713.2487347, 'message': 'Dec  7 01:51:52 hqnl0246134 sshd[275705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 01:51:54,119] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 01:51:55,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370715.2504597, 'message': 'Dec  7 01:51:54 hqnl0246134 sshd[275705]: Failed password for invalid user damian from 107.182.17.78 port 35950 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:51:55,547] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:51:55,612] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:51:55,613] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:51:55,613] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:51:55,613] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:51:55,613] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:51:55,623] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:51:55,639] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0250 seconds
WARNING [2022-12-07 01:51:55,650] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:51:55,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:51:55,672] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0382 seconds
INFO    [2022-12-07 01:51:55,673] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0365 seconds
INFO    [2022-12-07 01:51:56,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:51:56,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:51:56,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:51:56,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0319 seconds
INFO    [2022-12-07 01:51:57,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370717.2536154, 'message': 'Dec  7 01:51:55 hqnl0246134 sshd[275705]: Disconnected from invalid user damian 107.182.17.78 port 35950 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 01:51:57,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370717.253892, 'message': 'Dec  7 01:51:56 hqnl0246134 sshd[275695]: Failed password for root from 61.177.173.18 port 23178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
WARNING [2022-12-07 01:52:11,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:52:11,762] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0438 seconds
INFO    [2022-12-07 01:52:17,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370737.2962856, 'message': 'Dec  7 01:52:16 hqnl0246134 sshd[275753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 01:52:17,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370737.2965455, 'message': 'Dec  7 01:52:16 hqnl0246134 sshd[275753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:52:19,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370739.3019388, 'message': 'Dec  7 01:52:18 hqnl0246134 sshd[275753]: Failed password for root from 61.177.172.108 port 61921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-07 01:52:19,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:52:19,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:52:19,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:52:19,852] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 01:52:21,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370741.300637, 'message': 'Dec  7 01:52:21 hqnl0246134 sshd[275753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 01:52:22,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:52:22,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:52:22,369] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:52:22,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 01:52:23,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370743.303028, 'message': 'Dec  7 01:52:22 hqnl0246134 sshd[275753]: Failed password for root from 61.177.172.108 port 61921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 01:52:25,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370745.305542, 'message': 'Dec  7 01:52:23 hqnl0246134 sshd[275753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:52:25,747] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:52:25,748] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:52:25,748] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 01:52:27,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670370747.310981, 'message': 'Dec  7 01:52:25 hqnl0246134 sshd[275753]: Failed password for root from 61.177.172.108 port 61921 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 01:52:33,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370753.3186705, 'message': 'Dec  7 01:52:33 hqnl0246134 sshd[275775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 01:52:35,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370755.3221757, 'message': 'Dec  7 01:52:34 hqnl0246134 sshd[275775]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:52:35,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370755.322418, 'message': 'Dec  7 01:52:34 hqnl0246134 sshd[275777]: Invalid user server from 109.167.200.10 port 54102', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 01:52:35,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370755.3226187, 'message': 'Dec  7 01:52:34 hqnl0246134 sshd[275777]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.167.200.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:52:35,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370755.322753, 'message': 'Dec  7 01:52:34 hqnl0246134 sshd[275777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.167.200.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 01:52:37,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370757.3242714, 'message': 'Dec  7 01:52:36 hqnl0246134 sshd[275777]: Failed password for invalid user server from 109.167.200.10 port 54102 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 01:52:37,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370757.3253036, 'message': 'Dec  7 01:52:37 hqnl0246134 sshd[275775]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 01:52:37,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370757.3244805, 'message': 'Dec  7 01:52:36 hqnl0246134 sshd[275777]: Disconnected from invalid user server 109.167.200.10 port 54102 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:52:41,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370761.3294082, 'message': 'Dec  7 01:52:39 hqnl0246134 sshd[275775]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 01:52:43,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370763.3300798, 'message': 'Dec  7 01:52:42 hqnl0246134 sshd[275781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.42.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:52:43,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370763.3304296, 'message': 'Dec  7 01:52:42 hqnl0246134 sshd[275783]: Invalid user xxaifwq from 165.227.166.207 port 41724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 01:52:43,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370763.3302708, 'message': 'Dec  7 01:52:42 hqnl0246134 sshd[275781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.42.200  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 01:52:43,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370763.332994, 'message': 'Dec  7 01:52:42 hqnl0246134 sshd[275783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 01:52:45,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370765.334691, 'message': 'Dec  7 01:52:44 hqnl0246134 sshd[275781]: Failed password for root from 43.156.42.200 port 34566 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 01:52:45,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370765.335235, 'message': 'Dec  7 01:52:44 hqnl0246134 sshd[275783]: Failed password for invalid user xxaifwq from 165.227.166.207 port 41724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 01:52:47,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370767.3372765, 'message': 'Dec  7 01:52:45 hqnl0246134 sshd[275783]: Disconnected from invalid user xxaifwq 165.227.166.207 port 41724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 01:52:47,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370767.3385577, 'message': 'Dec  7 01:52:47 hqnl0246134 sshd[275786]: Invalid user vikas from 143.110.185.60 port 34482', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-07 01:52:47,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370767.3387613, 'message': 'Dec  7 01:52:47 hqnl0246134 sshd[275786]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.185.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:52:47,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370767.3389602, 'message': 'Dec  7 01:52:47 hqnl0246134 sshd[275786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.185.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 01:52:50,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:52:50,389] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:52:51,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370771.3426015, 'message': 'Dec  7 01:52:49 hqnl0246134 sshd[275786]: Failed password for invalid user vikas from 143.110.185.60 port 34482 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 01:52:51,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370771.3429344, 'message': 'Dec  7 01:52:50 hqnl0246134 sshd[275786]: Disconnected from invalid user vikas 143.110.185.60 port 34482 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 01:53:11,733] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:53:11,762] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-07 01:53:18,023] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:53:18,024] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:53:18,031] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:53:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 01:53:19,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370799.390352, 'message': 'Dec  7 01:53:18 hqnl0246134 sshd[275810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 01:53:20,683] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:53:20,684] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:53:20,692] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:53:20,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 01:53:21,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370801.395211, 'message': 'Dec  7 01:53:20 hqnl0246134 sshd[275810]: Failed password for root from 61.177.173.18 port 15007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:53:23,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370803.400877, 'message': 'Dec  7 01:53:22 hqnl0246134 sshd[275810]: Failed password for root from 61.177.173.18 port 15007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 01:53:27,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370807.4070044, 'message': 'Dec  7 01:53:24 hqnl0246134 sshd[275810]: Failed password for root from 61.177.173.18 port 15007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 01:53:27,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370807.4072804, 'message': 'Dec  7 01:53:25 hqnl0246134 sshd[275828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 01:53:27,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370807.4074633, 'message': 'Dec  7 01:53:25 hqnl0246134 sshd[275828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 01:53:29,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370809.4100657, 'message': 'Dec  7 01:53:27 hqnl0246134 sshd[275828]: Failed password for root from 61.177.173.46 port 10290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:53:29,954] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:53:29,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:53:29,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:53:29,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 01:53:31,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370811.4123921, 'message': 'Dec  7 01:53:29 hqnl0246134 sshd[275828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 01:53:33,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370813.414048, 'message': 'Dec  7 01:53:31 hqnl0246134 sshd[275828]: Failed password for root from 61.177.173.46 port 10290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:53:35,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370815.416488, 'message': 'Dec  7 01:53:34 hqnl0246134 sshd[275828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 01:53:37,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370817.4196334, 'message': 'Dec  7 01:53:35 hqnl0246134 sshd[275828]: Failed password for root from 61.177.173.46 port 10290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 01:53:39,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370819.42225, 'message': 'Dec  7 01:53:38 hqnl0246134 sshd[275836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 01:53:39,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370819.4225564, 'message': 'Dec  7 01:53:38 hqnl0246134 sshd[275836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 01:53:41,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370821.4252138, 'message': 'Dec  7 01:53:39 hqnl0246134 sshd[275836]: Failed password for root from 61.177.173.46 port 63485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:53:41,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370821.4254, 'message': 'Dec  7 01:53:40 hqnl0246134 sshd[275836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 01:53:43,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370823.4288464, 'message': 'Dec  7 01:53:42 hqnl0246134 sshd[275836]: Failed password for root from 61.177.173.46 port 63485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 01:53:43,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370823.4291878, 'message': 'Dec  7 01:53:42 hqnl0246134 sshd[275836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 01:53:45,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670370825.4296243, 'message': 'Dec  7 01:53:44 hqnl0246134 sshd[275836]: Failed password for root from 61.177.173.46 port 63485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 01:53:47,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370827.4321294, 'message': 'Dec  7 01:53:46 hqnl0246134 sshd[275840]: pam_imunify(sshd:auth): [IM360_RBL] The IP 195.239.97.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:53:47,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370827.4323587, 'message': 'Dec  7 01:53:46 hqnl0246134 sshd[275840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.239.97.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 01:53:49,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '195.239.97.254', 'timestamp': 1670370829.4330356, 'message': 'Dec  7 01:53:48 hqnl0246134 sshd[275840]: Failed password for root from 195.239.97.254 port 52798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 01:53:50,393] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:53:50,394] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:54:03,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370843.4513533, 'message': 'Dec  7 01:54:03 hqnl0246134 sshd[275861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 01:54:05,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370845.4523578, 'message': 'Dec  7 01:54:04 hqnl0246134 sshd[275861]: Failed password for root from 61.177.173.18 port 38514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 01:54:11,738] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:54:11,760] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-07 01:54:17,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:54:17,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:54:17,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:54:17,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 01:54:20,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:54:20,587] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:54:20,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:54:20,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 01:54:39,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370879.511294, 'message': 'Dec  7 01:54:38 hqnl0246134 sshd[275892]: Invalid user lsfadmin from 165.227.166.207 port 51976', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 01:54:39,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370879.51177, 'message': 'Dec  7 01:54:38 hqnl0246134 sshd[275892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 01:54:41,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370881.517418, 'message': 'Dec  7 01:54:40 hqnl0246134 sshd[275892]: Failed password for invalid user lsfadmin from 165.227.166.207 port 51976 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:54:43,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370883.5177627, 'message': 'Dec  7 01:54:42 hqnl0246134 sshd[275892]: Disconnected from invalid user lsfadmin 165.227.166.207 port 51976 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 01:54:44,430] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:54:44,430] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:54:44,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:54:44,450] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 01:54:49,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370889.525903, 'message': 'Dec  7 01:54:48 hqnl0246134 sshd[275899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 01:54:50,396] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:54:50,397] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:54:51,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370891.5290046, 'message': 'Dec  7 01:54:50 hqnl0246134 sshd[275899]: Failed password for root from 61.177.173.18 port 49453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 01:55:11,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:55:11,784] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0503 seconds
INFO    [2022-12-07 01:55:13,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370913.5572503, 'message': 'Dec  7 01:55:12 hqnl0246134 sshd[275943]: Invalid user test7 from 109.167.200.10 port 42874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 01:55:13,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370913.5584712, 'message': 'Dec  7 01:55:12 hqnl0246134 sshd[275943]: pam_imunify(sshd:auth): [IM360_RBL] The IP 109.167.200.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:55:13,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370913.558599, 'message': 'Dec  7 01:55:12 hqnl0246134 sshd[275943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.167.200.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 01:55:15,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370915.5583577, 'message': 'Dec  7 01:55:14 hqnl0246134 sshd[275943]: Failed password for invalid user test7 from 109.167.200.10 port 42874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 01:55:17,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '109.167.200.10', 'timestamp': 1670370917.5609245, 'message': 'Dec  7 01:55:16 hqnl0246134 sshd[275943]: Disconnected from invalid user test7 109.167.200.10 port 42874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:55:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:55:17,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:55:17,997] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:55:18,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-07 01:55:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:55:20,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:55:20,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:55:20,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 01:55:35,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370935.5822957, 'message': 'Dec  7 01:55:35 hqnl0246134 sshd[275968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 01:55:37,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370937.5837274, 'message': 'Dec  7 01:55:37 hqnl0246134 sshd[275968]: Failed password for root from 61.177.173.18 port 17675 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 01:55:45,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370945.5974932, 'message': 'Dec  7 01:55:44 hqnl0246134 sshd[275971]: Invalid user vikas from 43.156.42.200 port 53564', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 01:55:45,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370945.5977702, 'message': 'Dec  7 01:55:44 hqnl0246134 sshd[275971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.42.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:55:45,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370945.598003, 'message': 'Dec  7 01:55:44 hqnl0246134 sshd[275971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.42.200 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 01:55:47,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370947.5995438, 'message': 'Dec  7 01:55:46 hqnl0246134 sshd[275971]: Failed password for invalid user vikas from 43.156.42.200 port 53564 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 01:55:49,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670370949.6038716, 'message': 'Dec  7 01:55:48 hqnl0246134 sshd[275971]: Disconnected from invalid user vikas 43.156.42.200 port 53564 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 01:55:50,401] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:55:50,402] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:55:55,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370955.6116767, 'message': 'Dec  7 01:55:53 hqnl0246134 sshd[275983]: Invalid user centor from 143.110.185.60 port 46428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 01:55:55,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370955.6120002, 'message': 'Dec  7 01:55:53 hqnl0246134 sshd[275983]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.185.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:55:55,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370955.612135, 'message': 'Dec  7 01:55:53 hqnl0246134 sshd[275983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.185.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 01:55:57,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370957.6161377, 'message': 'Dec  7 01:55:55 hqnl0246134 sshd[275983]: Failed password for invalid user centor from 143.110.185.60 port 46428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 01:55:57,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370957.6164968, 'message': 'Dec  7 01:55:56 hqnl0246134 sshd[275985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.182.17.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 01:55:57,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670370957.6163507, 'message': 'Dec  7 01:55:56 hqnl0246134 sshd[275983]: Disconnected from invalid user centor 143.110.185.60 port 46428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 01:55:57,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370957.616618, 'message': 'Dec  7 01:55:56 hqnl0246134 sshd[275985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 01:55:59,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.182.17.78', 'timestamp': 1670370959.6188416, 'message': 'Dec  7 01:55:58 hqnl0246134 sshd[275985]: Failed password for root from 107.182.17.78 port 53948 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-07 01:56:11,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:56:11,770] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 01:56:17,698] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:56:17,699] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:56:17,707] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:56:17,718] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 01:56:20,211] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:56:20,211] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:56:20,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:56:20,299] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0863 seconds
INFO    [2022-12-07 01:56:23,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370983.6479118, 'message': 'Dec  7 01:56:22 hqnl0246134 sshd[276016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 01:56:25,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370985.6503823, 'message': 'Dec  7 01:56:23 hqnl0246134 sshd[276016]: Failed password for root from 61.177.173.18 port 35998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 01:56:25,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370985.650631, 'message': 'Dec  7 01:56:23 hqnl0246134 sshd[276018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 01:56:25,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370985.6507657, 'message': 'Dec  7 01:56:23 hqnl0246134 sshd[276018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 01:56:27,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370987.655919, 'message': 'Dec  7 01:56:26 hqnl0246134 sshd[276018]: Failed password for root from 61.177.173.52 port 63203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 01:56:27,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370987.6562233, 'message': 'Dec  7 01:56:26 hqnl0246134 sshd[276016]: Failed password for root from 61.177.173.18 port 35998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 01:56:29,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370989.6593163, 'message': 'Dec  7 01:56:28 hqnl0246134 sshd[276018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:56:29,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370989.6595173, 'message': 'Dec  7 01:56:29 hqnl0246134 sshd[276018]: Failed password for root from 61.177.173.52 port 63203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 01:56:31,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670370991.6624935, 'message': 'Dec  7 01:56:29 hqnl0246134 sshd[276016]: Failed password for root from 61.177.173.18 port 35998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 01:56:31,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370991.662671, 'message': 'Dec  7 01:56:30 hqnl0246134 sshd[276018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 01:56:33,299] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:56:33,299] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:56:33,308] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:56:33,320] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 01:56:33,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370993.6652637, 'message': 'Dec  7 01:56:33 hqnl0246134 sshd[276018]: Failed password for root from 61.177.173.52 port 63203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:56:37,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370997.6839623, 'message': 'Dec  7 01:56:36 hqnl0246134 sshd[276028]: Invalid user git from 165.227.166.207 port 34034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 01:56:37,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370997.6846194, 'message': 'Dec  7 01:56:36 hqnl0246134 sshd[276026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 01:56:37,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370997.684436, 'message': 'Dec  7 01:56:36 hqnl0246134 sshd[276028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 01:56:37,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370997.6847823, 'message': 'Dec  7 01:56:36 hqnl0246134 sshd[276026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 01:56:39,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670370999.6866791, 'message': 'Dec  7 01:56:38 hqnl0246134 sshd[276028]: Failed password for invalid user git from 165.227.166.207 port 34034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 01:56:39,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670370999.6870463, 'message': 'Dec  7 01:56:39 hqnl0246134 sshd[276026]: Failed password for root from 61.177.173.52 port 56031 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 01:56:41,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371001.6932807, 'message': 'Dec  7 01:56:40 hqnl0246134 sshd[276028]: Disconnected from invalid user git 165.227.166.207 port 34034 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 01:56:41,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371001.6935947, 'message': 'Dec  7 01:56:41 hqnl0246134 sshd[276026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 01:56:45,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371005.7052214, 'message': 'Dec  7 01:56:43 hqnl0246134 sshd[276026]: Failed password for root from 61.177.173.52 port 56031 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 01:56:45,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371005.7056751, 'message': 'Dec  7 01:56:45 hqnl0246134 sshd[276026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 01:56:47,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670371007.7180817, 'message': 'Dec  7 01:56:47 hqnl0246134 sshd[276033]: Invalid user admin from 195.239.97.254 port 41618', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 01:56:47,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '195.239.97.254', 'timestamp': 1670371007.718437, 'message': 'Dec  7 01:56:47 hqnl0246134 sshd[276033]: pam_imunify(sshd:auth): [IM360_RBL] The IP 195.239.97.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 01:56:47,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '195.239.97.254', 'timestamp': 1670371007.718615, 'message': 'Dec  7 01:56:47 hqnl0246134 sshd[276033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.239.97.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 01:56:49,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371009.7199414, 'message': 'Dec  7 01:56:48 hqnl0246134 sshd[276026]: Failed password for root from 61.177.173.52 port 56031 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:56:49,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670371009.7202218, 'message': 'Dec  7 01:56:49 hqnl0246134 sshd[276033]: Failed password for invalid user admin from 195.239.97.254 port 41618 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
WARNING [2022-12-07 01:56:50,404] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:56:50,405] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:56:51,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '195.239.97.254', 'timestamp': 1670371011.723213, 'message': 'Dec  7 01:56:51 hqnl0246134 sshd[276033]: Disconnected from invalid user admin 195.239.97.254 port 41618 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 01:56:51,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371011.7236562, 'message': 'Dec  7 01:56:51 hqnl0246134 sshd[276035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 01:56:51,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371011.7238424, 'message': 'Dec  7 01:56:51 hqnl0246134 sshd[276035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 01:56:53,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371013.727033, 'message': 'Dec  7 01:56:52 hqnl0246134 sshd[276035]: Failed password for root from 61.177.173.52 port 43227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 01:56:55,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371015.7302601, 'message': 'Dec  7 01:56:53 hqnl0246134 sshd[276035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 01:56:57,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371017.733061, 'message': 'Dec  7 01:56:56 hqnl0246134 sshd[276035]: Failed password for root from 61.177.173.52 port 43227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 01:56:59,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371019.735986, 'message': 'Dec  7 01:56:58 hqnl0246134 sshd[276035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 01:57:01,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670371021.7380345, 'message': 'Dec  7 01:57:00 hqnl0246134 sshd[276035]: Failed password for root from 61.177.173.52 port 43227 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 01:57:07,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371027.7469857, 'message': 'Dec  7 01:57:07 hqnl0246134 sshd[276065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
WARNING [2022-12-07 01:57:11,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:57:11,783] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0425 seconds
INFO    [2022-12-07 01:57:11,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371031.7518346, 'message': 'Dec  7 01:57:09 hqnl0246134 sshd[276065]: Failed password for root from 61.177.173.18 port 51179 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 01:57:17,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:57:17,828] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:57:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:57:17,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-07 01:57:20,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:57:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:57:20,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:57:20,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0235 seconds
WARNING [2022-12-07 01:57:50,411] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:57:50,412] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:57:55,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371075.8375812, 'message': 'Dec  7 01:57:53 hqnl0246134 sshd[276102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 01:57:57,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371077.8401752, 'message': 'Dec  7 01:57:55 hqnl0246134 sshd[276102]: Failed password for root from 61.177.173.18 port 20039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:58:01,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371081.843334, 'message': 'Dec  7 01:58:00 hqnl0246134 sshd[276102]: Failed password for root from 61.177.173.18 port 20039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 01:58:03,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371083.8458564, 'message': 'Dec  7 01:58:02 hqnl0246134 sshd[276102]: Failed password for root from 61.177.173.18 port 20039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:58:05,275] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:58:05,276] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:58:05,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:58:05,296] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-07 01:58:11,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:58:11,777] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0295 seconds
INFO    [2022-12-07 01:58:14,283] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 01:58:14,354] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 01:58:14,355] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 01:58:14,355] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 01:58:14,355] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 01:58:14,356] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 01:58:14,369] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 01:58:14,386] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0299 seconds
WARNING [2022-12-07 01:58:14,392] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 01:58:14,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:58:14,411] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0303 seconds
INFO    [2022-12-07 01:58:14,412] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0283 seconds
INFO    [2022-12-07 01:58:18,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:58:18,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:58:18,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:58:18,042] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 01:58:20,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:58:20,860] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:58:20,870] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:58:20,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 01:58:29,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670371109.8950028, 'message': 'Dec  7 01:58:28 hqnl0246134 sshd[276145]: Invalid user cyrus from 143.110.185.60 port 58366', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 01:58:29,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.110.185.60', 'timestamp': 1670371109.895241, 'message': 'Dec  7 01:58:28 hqnl0246134 sshd[276145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.110.185.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:58:29,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.110.185.60', 'timestamp': 1670371109.8953896, 'message': 'Dec  7 01:58:28 hqnl0246134 sshd[276145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.185.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 01:58:31,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670371111.8976657, 'message': 'Dec  7 01:58:30 hqnl0246134 sshd[276145]: Failed password for invalid user cyrus from 143.110.185.60 port 58366 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 01:58:33,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.110.185.60', 'timestamp': 1670371113.898329, 'message': 'Dec  7 01:58:32 hqnl0246134 sshd[276145]: Disconnected from invalid user cyrus 143.110.185.60 port 58366 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 01:58:33,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371113.8985229, 'message': 'Dec  7 01:58:32 hqnl0246134 sshd[276147]: Invalid user gitlab from 165.227.166.207 port 44328', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 01:58:33,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371113.8986592, 'message': 'Dec  7 01:58:32 hqnl0246134 sshd[276147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 01:58:35,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371115.9017057, 'message': 'Dec  7 01:58:34 hqnl0246134 sshd[276147]: Failed password for invalid user gitlab from 165.227.166.207 port 44328 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 01:58:35,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670371115.9019237, 'message': 'Dec  7 01:58:35 hqnl0246134 sshd[276149]: Invalid user cyrus from 43.156.42.200 port 58216', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 01:58:35,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371115.902278, 'message': 'Dec  7 01:58:35 hqnl0246134 sshd[276147]: Disconnected from invalid user gitlab 165.227.166.207 port 44328 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 01:58:35,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.42.200', 'timestamp': 1670371115.9020712, 'message': 'Dec  7 01:58:35 hqnl0246134 sshd[276149]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.42.200 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 01:58:35,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.42.200', 'timestamp': 1670371115.902176, 'message': 'Dec  7 01:58:35 hqnl0246134 sshd[276149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.42.200 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 01:58:37,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670371117.9025848, 'message': 'Dec  7 01:58:36 hqnl0246134 sshd[276149]: Failed password for invalid user cyrus from 43.156.42.200 port 58216 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 01:58:37,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.42.200', 'timestamp': 1670371117.9029005, 'message': 'Dec  7 01:58:37 hqnl0246134 sshd[276149]: Disconnected from invalid user cyrus 43.156.42.200 port 58216 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 01:58:41,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371121.908361, 'message': 'Dec  7 01:58:40 hqnl0246134 sshd[276154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 01:58:43,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371123.9104793, 'message': 'Dec  7 01:58:42 hqnl0246134 sshd[276154]: Failed password for root from 61.177.173.18 port 47930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 01:58:44,481] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 01:58:44,481] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 01:58:44,482] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 01:58:50,417] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:58:50,418] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 01:59:11,769] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:59:11,800] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0435 seconds
INFO    [2022-12-07 01:59:17,830] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:59:17,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:59:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:59:17,852] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 01:59:20,537] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:59:20,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:59:20,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:59:20,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 01:59:26,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371165.9850783, 'message': 'Dec  7 01:59:24 hqnl0246134 sshd[276195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 01:59:28,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371167.9861186, 'message': 'Dec  7 01:59:26 hqnl0246134 sshd[276195]: Failed password for root from 61.177.173.18 port 58463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 01:59:32,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371171.9924304, 'message': 'Dec  7 01:59:30 hqnl0246134 sshd[276195]: Failed password for root from 61.177.173.18 port 58463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 01:59:34,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371173.997335, 'message': 'Dec  7 01:59:32 hqnl0246134 sshd[276195]: Failed password for root from 61.177.173.18 port 58463 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 01:59:35,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 01:59:35,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 01:59:35,877] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 01:59:35,897] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
INFO    [2022-12-07 01:59:37,628] defence360agent.files: Updating all files
INFO    [2022-12-07 01:59:37,967] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:37,968] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 01:59:38,250] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:38,251] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 01:59:38,513] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:38,514] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 01:59:38,788] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:38,788] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 01:59:38,789] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 01:59:39,050] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Tue, 06 Dec 2022 23:59:39 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E59BCC073D821'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 01:59:39,052] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 01:59:39,052] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 01:59:39,611] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:39,612] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 01:59:39,934] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:39,935] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 01:59:40,196] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:40,196] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 01:59:40,534] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:40,534] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 01:59:40,913] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 01:59:40,914] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-07 01:59:50,420] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 01:59:50,421] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 01:59:54,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371194.0304947, 'message': 'Dec  7 01:59:53 hqnl0246134 sshd[276218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 01:59:54,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371194.0309227, 'message': 'Dec  7 01:59:53 hqnl0246134 sshd[276218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 01:59:56,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670371196.034492, 'message': 'Dec  7 01:59:54 hqnl0246134 sshd[276216]: Invalid user ts3 from 107.182.17.78 port 43718', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 01:59:56,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371196.035047, 'message': 'Dec  7 01:59:55 hqnl0246134 sshd[276218]: Failed password for root from 61.177.173.36 port 28842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 01:59:56,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.182.17.78', 'timestamp': 1670371196.0347483, 'message': 'Dec  7 01:59:54 hqnl0246134 sshd[276216]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.182.17.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 01:59:56,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.182.17.78', 'timestamp': 1670371196.034918, 'message': 'Dec  7 01:59:54 hqnl0246134 sshd[276216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 01:59:58,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670371198.0364466, 'message': 'Dec  7 01:59:56 hqnl0246134 sshd[276216]: Failed password for invalid user ts3 from 107.182.17.78 port 43718 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 01:59:58,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371198.0366247, 'message': 'Dec  7 01:59:57 hqnl0246134 sshd[276218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 02:00:00,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.182.17.78', 'timestamp': 1670371200.0538657, 'message': 'Dec  7 01:59:58 hqnl0246134 sshd[276216]: Disconnected from invalid user ts3 107.182.17.78 port 43718 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:00:00,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371200.0541265, 'message': 'Dec  7 01:59:59 hqnl0246134 sshd[276218]: Failed password for root from 61.177.173.36 port 28842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 02:00:02,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371202.04345, 'message': 'Dec  7 02:00:00 hqnl0246134 sshd[276218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1108 seconds
INFO    [2022-12-07 02:00:02,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371202.0437722, 'message': 'Dec  7 02:00:01 hqnl0246134 sshd[276218]: Failed password for root from 61.177.173.36 port 28842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0750 seconds
INFO    [2022-12-07 02:00:06,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371206.0533047, 'message': 'Dec  7 02:00:04 hqnl0246134 sshd[276258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 02:00:06,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371206.0537403, 'message': 'Dec  7 02:00:04 hqnl0246134 sshd[276258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:00:08,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371208.0574942, 'message': 'Dec  7 02:00:06 hqnl0246134 sshd[276258]: Failed password for root from 61.177.173.36 port 10746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 02:00:08,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371208.057915, 'message': 'Dec  7 02:00:06 hqnl0246134 sshd[276258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:00:10,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371210.0604413, 'message': 'Dec  7 02:00:08 hqnl0246134 sshd[276258]: Failed password for root from 61.177.173.36 port 10746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0576 seconds
INFO    [2022-12-07 02:00:10,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371210.061079, 'message': 'Dec  7 02:00:10 hqnl0246134 sshd[276264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-07 02:00:10,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371210.0608122, 'message': 'Dec  7 02:00:08 hqnl0246134 sshd[276258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
WARNING [2022-12-07 02:00:11,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:00:11,828] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0660 seconds
INFO    [2022-12-07 02:00:12,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371212.0643857, 'message': 'Dec  7 02:00:10 hqnl0246134 sshd[276258]: Failed password for root from 61.177.173.36 port 10746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 02:00:12,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371212.0646186, 'message': 'Dec  7 02:00:11 hqnl0246134 sshd[276264]: Failed password for root from 61.177.173.18 port 26189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 02:00:14,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371214.0676794, 'message': 'Dec  7 02:00:12 hqnl0246134 sshd[276266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 02:00:14,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371214.067963, 'message': 'Dec  7 02:00:12 hqnl0246134 sshd[276266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:00:16,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371216.0705755, 'message': 'Dec  7 02:00:14 hqnl0246134 sshd[276264]: Failed password for root from 61.177.173.18 port 26189 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 02:00:16,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371216.0708234, 'message': 'Dec  7 02:00:14 hqnl0246134 sshd[276266]: Failed password for root from 61.177.173.36 port 29859 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 02:00:16,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371216.0709996, 'message': 'Dec  7 02:00:14 hqnl0246134 sshd[276266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 02:00:17,991] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:00:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:00:17,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:00:18,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 02:00:18,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371218.0729194, 'message': 'Dec  7 02:00:16 hqnl0246134 sshd[276264]: Failed password for root from 61.177.173.18 port 26189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 02:00:18,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371218.0730994, 'message': 'Dec  7 02:00:16 hqnl0246134 sshd[276266]: Failed password for root from 61.177.173.36 port 29859 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 02:00:18,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371218.073211, 'message': 'Dec  7 02:00:17 hqnl0246134 sshd[276266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:00:20,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371220.074012, 'message': 'Dec  7 02:00:19 hqnl0246134 sshd[276266]: Failed password for root from 61.177.173.36 port 29859 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:00:20,670] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:00:20,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:00:20,678] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:00:20,689] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:00:34,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371234.1044054, 'message': 'Dec  7 02:00:33 hqnl0246134 sshd[276317]: Invalid user gpadmin from 165.227.166.207 port 54624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 02:00:34,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371234.1047318, 'message': 'Dec  7 02:00:33 hqnl0246134 sshd[276317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 02:00:36,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371236.105813, 'message': 'Dec  7 02:00:35 hqnl0246134 sshd[276317]: Failed password for invalid user gpadmin from 165.227.166.207 port 54624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 02:00:36,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371236.10601, 'message': 'Dec  7 02:00:36 hqnl0246134 sshd[276317]: Disconnected from invalid user gpadmin 165.227.166.207 port 54624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0743 seconds
INFO    [2022-12-07 02:00:39,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:00:39,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:00:39,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:00:39,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
WARNING [2022-12-07 02:00:50,425] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:00:50,426] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:00:58,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371258.1547964, 'message': 'Dec  7 02:00:56 hqnl0246134 sshd[276340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 02:01:00,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371260.159578, 'message': 'Dec  7 02:00:58 hqnl0246134 sshd[276340]: Failed password for root from 61.177.173.18 port 46528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:01:04,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371264.1716497, 'message': 'Dec  7 02:01:02 hqnl0246134 sshd[276340]: Failed password for root from 61.177.173.18 port 46528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:01:06,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371266.1747978, 'message': 'Dec  7 02:01:04 hqnl0246134 sshd[276340]: Failed password for root from 61.177.173.18 port 46528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-07 02:01:11,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:01:11,813] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0469 seconds
INFO    [2022-12-07 02:01:19,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:01:19,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:01:19,448] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:01:19,461] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 02:01:22,151] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:01:22,151] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:01:22,176] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:01:22,196] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-07 02:01:24,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371284.2127876, 'message': 'Dec  7 02:01:22 hqnl0246134 sshd[276361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 02:01:24,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371284.2131019, 'message': 'Dec  7 02:01:22 hqnl0246134 sshd[276361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 02:01:24,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371284.2133138, 'message': 'Dec  7 02:01:23 hqnl0246134 sshd[276361]: Failed password for root from 61.177.173.50 port 20504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:01:26,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371286.2792451, 'message': 'Dec  7 02:01:24 hqnl0246134 sshd[276361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 02:01:28,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371288.2193542, 'message': 'Dec  7 02:01:26 hqnl0246134 sshd[276361]: Failed password for root from 61.177.173.50 port 20504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:01:28,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371288.2195308, 'message': 'Dec  7 02:01:26 hqnl0246134 sshd[276361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:01:30,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371290.2238197, 'message': 'Dec  7 02:01:29 hqnl0246134 sshd[276361]: Failed password for root from 61.177.173.50 port 20504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:01:34,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371294.2294436, 'message': 'Dec  7 02:01:33 hqnl0246134 sshd[276375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 02:01:34,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371294.2296684, 'message': 'Dec  7 02:01:33 hqnl0246134 sshd[276375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 02:01:36,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371296.2339635, 'message': 'Dec  7 02:01:35 hqnl0246134 sshd[276375]: Failed password for root from 61.177.173.50 port 48893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:01:36,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371296.2341712, 'message': 'Dec  7 02:01:35 hqnl0246134 sshd[276375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:01:38,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371298.238355, 'message': 'Dec  7 02:01:37 hqnl0246134 sshd[276375]: Failed password for root from 61.177.173.50 port 48893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 02:01:38,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371298.2386038, 'message': 'Dec  7 02:01:37 hqnl0246134 sshd[276375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:01:40,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371300.2417803, 'message': 'Dec  7 02:01:39 hqnl0246134 sshd[276378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:01:40,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371300.2420642, 'message': 'Dec  7 02:01:39 hqnl0246134 sshd[276378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:01:42,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371302.2424536, 'message': 'Dec  7 02:01:40 hqnl0246134 sshd[276375]: Failed password for root from 61.177.173.50 port 48893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 02:01:42,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371302.2426465, 'message': 'Dec  7 02:01:41 hqnl0246134 sshd[276378]: Failed password for root from 61.177.172.108 port 34610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 02:01:42,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371302.2427597, 'message': 'Dec  7 02:01:41 hqnl0246134 sshd[276378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 02:01:44,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371304.2450693, 'message': 'Dec  7 02:01:43 hqnl0246134 sshd[276380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 02:01:44,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371304.245311, 'message': 'Dec  7 02:01:43 hqnl0246134 sshd[276378]: Failed password for root from 61.177.172.108 port 34610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-07 02:01:46,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371306.247113, 'message': 'Dec  7 02:01:45 hqnl0246134 sshd[276380]: Failed password for root from 61.177.173.18 port 64853 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 02:01:46,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371306.2473104, 'message': 'Dec  7 02:01:45 hqnl0246134 sshd[276378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 02:01:48,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371308.2503552, 'message': 'Dec  7 02:01:47 hqnl0246134 sshd[276378]: Failed password for root from 61.177.172.108 port 34610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:01:50,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371310.2533462, 'message': 'Dec  7 02:01:49 hqnl0246134 sshd[276380]: Failed password for root from 61.177.173.18 port 64853 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:01:50,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371310.2609315, 'message': 'Dec  7 02:01:49 hqnl0246134 sshd[276383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 02:01:50,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371310.2610877, 'message': 'Dec  7 02:01:49 hqnl0246134 sshd[276383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 02:01:50,429] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:01:50,430] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:01:54,122] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 02:01:54,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371314.2581925, 'message': 'Dec  7 02:01:52 hqnl0246134 sshd[276383]: Failed password for root from 61.177.172.108 port 56669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:01:54,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371314.2585561, 'message': 'Dec  7 02:01:53 hqnl0246134 sshd[276380]: Failed password for root from 61.177.173.18 port 64853 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 02:01:54,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371314.260927, 'message': 'Dec  7 02:01:54 hqnl0246134 sshd[276383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:01:54,388] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:01:54,454] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:01:54,455] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:01:54,455] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:01:54,455] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:01:54,455] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:01:54,467] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:01:54,484] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0280 seconds
WARNING [2022-12-07 02:01:54,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:01:54,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:01:54,511] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0329 seconds
INFO    [2022-12-07 02:01:54,512] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0311 seconds
INFO    [2022-12-07 02:01:56,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371316.379392, 'message': 'Dec  7 02:01:56 hqnl0246134 sshd[276383]: Failed password for root from 61.177.172.108 port 56669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:02:00,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371320.2668657, 'message': 'Dec  7 02:01:58 hqnl0246134 sshd[276383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:02:02,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371322.26971, 'message': 'Dec  7 02:02:00 hqnl0246134 sshd[276383]: Failed password for root from 61.177.172.108 port 56669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:02:04,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371324.2747416, 'message': 'Dec  7 02:02:02 hqnl0246134 sshd[276394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 02:02:04,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371324.2751102, 'message': 'Dec  7 02:02:02 hqnl0246134 sshd[276394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:02:06,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371326.2778153, 'message': 'Dec  7 02:02:04 hqnl0246134 sshd[276394]: Failed password for root from 61.177.172.108 port 40763 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 02:02:08,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371328.2819254, 'message': 'Dec  7 02:02:06 hqnl0246134 sshd[276394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:02:10,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371330.2855418, 'message': 'Dec  7 02:02:08 hqnl0246134 sshd[276394]: Failed password for root from 61.177.172.108 port 40763 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 02:02:11,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:02:11,802] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0305 seconds
INFO    [2022-12-07 02:02:12,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371332.2854633, 'message': 'Dec  7 02:02:11 hqnl0246134 sshd[276394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:02:14,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371334.287952, 'message': 'Dec  7 02:02:13 hqnl0246134 sshd[276394]: Failed password for root from 61.177.172.108 port 40763 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 02:02:18,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:02:18,068] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:02:18,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:02:18,087] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 02:02:18,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371338.292712, 'message': 'Dec  7 02:02:17 hqnl0246134 sshd[276423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:02:18,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371338.2930555, 'message': 'Dec  7 02:02:17 hqnl0246134 sshd[276423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 02:02:19,080] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:02:19,081] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:02:19,088] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:02:19,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 02:02:20,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371340.2985914, 'message': 'Dec  7 02:02:19 hqnl0246134 sshd[276423]: Failed password for root from 61.177.172.108 port 29169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:02:20,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371340.2989476, 'message': 'Dec  7 02:02:19 hqnl0246134 sshd[276423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:02:22,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371342.3014407, 'message': 'Dec  7 02:02:21 hqnl0246134 sshd[276423]: Failed password for root from 61.177.172.108 port 29169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 02:02:23,739] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:02:23,740] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:02:23,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:02:23,762] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 02:02:24,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.255.168.152', 'timestamp': 1670371344.3064523, 'message': 'Dec  7 02:02:22 hqnl0246134 sshd[276442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.255.168.152 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 02:02:24,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371344.3068533, 'message': 'Dec  7 02:02:23 hqnl0246134 sshd[276423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 02:02:24,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.255.168.152', 'timestamp': 1670371344.306638, 'message': 'Dec  7 02:02:22 hqnl0246134 sshd[276442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.168.152  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:02:24,582] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:02:24,582] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:02:24,583] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 02:02:26,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.255.168.152', 'timestamp': 1670371346.3087304, 'message': 'Dec  7 02:02:24 hqnl0246134 sshd[276442]: Failed password for root from 51.255.168.152 port 52500 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1281 seconds
INFO    [2022-12-07 02:02:26,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670371346.3089962, 'message': 'Dec  7 02:02:26 hqnl0246134 sshd[276423]: Failed password for root from 61.177.172.108 port 29169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1283 seconds
INFO    [2022-12-07 02:02:30,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371350.315054, 'message': 'Dec  7 02:02:28 hqnl0246134 sshd[276447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:02:32,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371352.3181508, 'message': 'Dec  7 02:02:30 hqnl0246134 sshd[276447]: Failed password for root from 61.177.173.18 port 15317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 02:02:38,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371358.326789, 'message': 'Dec  7 02:02:35 hqnl0246134 sshd[276447]: Failed password for root from 61.177.173.18 port 15317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 02:02:38,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371358.3270068, 'message': 'Dec  7 02:02:37 hqnl0246134 sshd[276450]: Invalid user gpadmin from 165.227.166.207 port 36678', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 02:02:38,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371358.3271322, 'message': 'Dec  7 02:02:37 hqnl0246134 sshd[276450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:02:40,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371360.3299785, 'message': 'Dec  7 02:02:39 hqnl0246134 sshd[276447]: Failed password for root from 61.177.173.18 port 15317 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 02:02:40,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371360.3301928, 'message': 'Dec  7 02:02:39 hqnl0246134 sshd[276450]: Failed password for invalid user gpadmin from 165.227.166.207 port 36678 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 02:02:40,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371360.3303177, 'message': 'Dec  7 02:02:40 hqnl0246134 sshd[276450]: Disconnected from invalid user gpadmin 165.227.166.207 port 36678 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 02:02:50,433] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:02:50,433] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:03:11,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:03:11,816] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-07 02:03:16,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371396.3702438, 'message': 'Dec  7 02:03:15 hqnl0246134 sshd[276479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 02:03:17,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:03:17,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:03:17,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:03:17,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:03:18,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371398.3730733, 'message': 'Dec  7 02:03:17 hqnl0246134 sshd[276479]: Failed password for root from 61.177.173.18 port 39396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 02:03:20,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371400.3733442, 'message': 'Dec  7 02:03:19 hqnl0246134 sshd[276479]: Failed password for root from 61.177.173.18 port 39396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:03:20,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:03:20,472] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:03:20,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:03:20,490] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 02:03:24,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371404.3782685, 'message': 'Dec  7 02:03:23 hqnl0246134 sshd[276479]: Failed password for root from 61.177.173.18 port 39396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:03:29,225] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:03:29,225] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:03:29,234] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:03:29,245] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 02:03:42,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371422.415797, 'message': 'Dec  7 02:03:41 hqnl0246134 sshd[276509]: Invalid user alvin from 194.110.134.13 port 58316', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 02:03:42,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371422.4164274, 'message': 'Dec  7 02:03:42 hqnl0246134 sshd[276509]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.110.134.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 02:03:42,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371422.4166384, 'message': 'Dec  7 02:03:42 hqnl0246134 sshd[276509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.134.13 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:03:44,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371424.4158278, 'message': 'Dec  7 02:03:44 hqnl0246134 sshd[276509]: Failed password for invalid user alvin from 194.110.134.13 port 58316 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 02:03:46,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371426.4194276, 'message': 'Dec  7 02:03:44 hqnl0246134 sshd[276509]: Disconnected from invalid user alvin 194.110.134.13 port 58316 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
WARNING [2022-12-07 02:03:50,436] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:03:50,437] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:04:02,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371442.458252, 'message': 'Dec  7 02:04:01 hqnl0246134 sshd[276525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 02:04:04,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371444.4631698, 'message': 'Dec  7 02:04:03 hqnl0246134 sshd[276525]: Failed password for root from 61.177.173.18 port 55359 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 02:04:11,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:04:11,818] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-07 02:04:18,171] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:04:18,172] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:04:18,181] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:04:18,193] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 02:04:20,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.107.61.88', 'timestamp': 1670371460.4811172, 'message': 'Dec  7 02:04:18 hqnl0246134 sshd[276567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.107.61.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:04:20,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.107.61.88', 'timestamp': 1670371460.4814122, 'message': 'Dec  7 02:04:18 hqnl0246134 sshd[276567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.107.61.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 02:04:20,941] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:04:20,942] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:04:20,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:04:20,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:04:22,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.107.61.88', 'timestamp': 1670371462.4822853, 'message': 'Dec  7 02:04:21 hqnl0246134 sshd[276567]: Failed password for root from 20.107.61.88 port 44770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 02:04:44,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371484.5397801, 'message': 'Dec  7 02:04:43 hqnl0246134 sshd[276593]: Invalid user guojing from 165.227.166.207 port 46968', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 02:04:44,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371484.5404603, 'message': 'Dec  7 02:04:43 hqnl0246134 sshd[276593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 02:04:46,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371486.548795, 'message': 'Dec  7 02:04:45 hqnl0246134 sshd[276593]: Failed password for invalid user guojing from 165.227.166.207 port 46968 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:04:48,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371488.5572314, 'message': 'Dec  7 02:04:47 hqnl0246134 sshd[276593]: Disconnected from invalid user guojing 165.227.166.207 port 46968 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0730 seconds
INFO    [2022-12-07 02:04:48,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371488.557559, 'message': 'Dec  7 02:04:47 hqnl0246134 sshd[276595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0735 seconds
INFO    [2022-12-07 02:04:50,064] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:04:50,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:04:50,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:04:50,084] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-07 02:04:50,446] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:04:50,447] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:04:50,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371490.5596697, 'message': 'Dec  7 02:04:49 hqnl0246134 sshd[276595]: Failed password for root from 61.177.173.18 port 22911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:04:52,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371492.5622132, 'message': 'Dec  7 02:04:51 hqnl0246134 sshd[276595]: Failed password for root from 61.177.173.18 port 22911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 02:04:56,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.19.166', 'timestamp': 1670371496.573286, 'message': 'Dec  7 02:04:56 hqnl0246134 sshd[276613]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.19.166 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:04:56,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371496.5736365, 'message': 'Dec  7 02:04:56 hqnl0246134 sshd[276595]: Failed password for root from 61.177.173.18 port 22911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 02:04:56,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.19.166', 'timestamp': 1670371496.5735009, 'message': 'Dec  7 02:04:56 hqnl0246134 sshd[276613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.19.166  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:04:58,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.19.166', 'timestamp': 1670371498.5755072, 'message': 'Dec  7 02:04:58 hqnl0246134 sshd[276613]: Failed password for root from 138.197.19.166 port 45734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
WARNING [2022-12-07 02:05:11,795] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:05:11,818] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-07 02:05:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:05:17,966] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:05:17,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:05:17,986] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:05:20,887] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:05:20,888] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:05:20,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:05:20,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 02:05:22,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.153.40', 'timestamp': 1670371522.602673, 'message': 'Dec  7 02:05:21 hqnl0246134 sshd[276659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.153.40 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 02:05:22,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.153.40', 'timestamp': 1670371522.6030629, 'message': 'Dec  7 02:05:21 hqnl0246134 sshd[276659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.153.40  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:05:24,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670371524.6047535, 'message': 'Dec  7 02:05:23 hqnl0246134 sshd[276672]: Invalid user nova from 159.89.8.45 port 56760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:05:24,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.153.40', 'timestamp': 1670371524.6052675, 'message': 'Dec  7 02:05:23 hqnl0246134 sshd[276659]: Failed password for root from 137.184.153.40 port 36892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:05:24,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.8.45', 'timestamp': 1670371524.6050076, 'message': 'Dec  7 02:05:23 hqnl0246134 sshd[276672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.8.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 02:05:24,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.8.45', 'timestamp': 1670371524.6051457, 'message': 'Dec  7 02:05:23 hqnl0246134 sshd[276672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.8.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:05:26,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670371526.605896, 'message': 'Dec  7 02:05:24 hqnl0246134 sshd[276672]: Failed password for invalid user nova from 159.89.8.45 port 56760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:05:26,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670371526.6066897, 'message': 'Dec  7 02:05:26 hqnl0246134 sshd[276672]: Disconnected from invalid user nova 159.89.8.45 port 56760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:05:32,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371532.612787, 'message': 'Dec  7 02:05:32 hqnl0246134 sshd[276674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:05:34,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371534.6137483, 'message': 'Dec  7 02:05:34 hqnl0246134 sshd[276674]: Failed password for root from 61.177.173.18 port 36386 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 02:05:45,782] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:05:45,864] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:05:45,865] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:05:45,865] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:05:45,865] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:05:45,865] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:05:45,877] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:05:45,902] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0353 seconds
WARNING [2022-12-07 02:05:45,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:05:45,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:05:45,953] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0620 seconds
INFO    [2022-12-07 02:05:45,956] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0583 seconds
WARNING [2022-12-07 02:05:50,450] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:05:50,451] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:06:11,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:06:11,841] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0504 seconds
INFO    [2022-12-07 02:06:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:06:17,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:06:17,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:06:17,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-07 02:06:18,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371578.6589732, 'message': 'Dec  7 02:06:17 hqnl0246134 sshd[276701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:06:20,443] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:06:20,444] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:06:20,450] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:06:20,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 02:06:20,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371580.6606362, 'message': 'Dec  7 02:06:19 hqnl0246134 sshd[276701]: Failed password for root from 61.177.173.18 port 59983 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 02:06:22,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371582.6822686, 'message': 'Dec  7 02:06:22 hqnl0246134 sshd[276701]: Failed password for root from 61.177.173.18 port 59983 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0999 seconds
INFO    [2022-12-07 02:06:24,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371584.6654668, 'message': 'Dec  7 02:06:24 hqnl0246134 sshd[276701]: Failed password for root from 61.177.173.18 port 59983 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 02:06:25,746] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:06:25,747] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:06:25,749] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 02:06:29,157] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:06:29,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:06:29,165] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:06:29,176] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 02:06:50,457] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:06:50,459] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:06:52,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371612.7105756, 'message': 'Dec  7 02:06:51 hqnl0246134 sshd[276735]: Invalid user hadoop from 165.227.166.207 port 57254', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:06:52,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371612.7113292, 'message': 'Dec  7 02:06:51 hqnl0246134 sshd[276735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:06:54,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371614.7182534, 'message': 'Dec  7 02:06:52 hqnl0246134 sshd[276735]: Failed password for invalid user hadoop from 165.227.166.207 port 57254 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 02:06:54,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371614.7186167, 'message': 'Dec  7 02:06:53 hqnl0246134 sshd[276735]: Disconnected from invalid user hadoop 165.227.166.207 port 57254 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:07:04,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371624.7420425, 'message': 'Dec  7 02:07:03 hqnl0246134 sshd[276747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 02:07:06,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371626.7439227, 'message': 'Dec  7 02:07:05 hqnl0246134 sshd[276747]: Failed password for root from 61.177.173.18 port 17719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 02:07:08,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.118.207.11', 'timestamp': 1670371628.7461631, 'message': 'Dec  7 02:07:06 hqnl0246134 sshd[276764]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.118.207.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:07:08,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.118.207.11', 'timestamp': 1670371628.7463524, 'message': 'Dec  7 02:07:06 hqnl0246134 sshd[276764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.207.11  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:07:08,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.118.207.11', 'timestamp': 1670371628.7465637, 'message': 'Dec  7 02:07:08 hqnl0246134 sshd[276764]: Failed password for root from 92.118.207.11 port 40760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:07:10,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371630.749131, 'message': 'Dec  7 02:07:09 hqnl0246134 sshd[276747]: Failed password for root from 61.177.173.18 port 17719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 02:07:11,802] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:07:11,833] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0386 seconds
INFO    [2022-12-07 02:07:16,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371636.7676284, 'message': 'Dec  7 02:07:13 hqnl0246134 sshd[276747]: Failed password for root from 61.177.173.18 port 17719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:07:19,756] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:07:19,757] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:07:19,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:07:19,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-07 02:07:22,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:07:22,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:07:22,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:07:22,488] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 02:07:24,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371644.7853346, 'message': 'Dec  7 02:07:24 hqnl0246134 sshd[276789]: Invalid user upgrade from 3.0.202.116 port 55982', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:07:26,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371646.7875824, 'message': 'Dec  7 02:07:25 hqnl0246134 sshd[276789]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:07:26,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371646.7877839, 'message': 'Dec  7 02:07:25 hqnl0246134 sshd[276789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:07:28,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371648.7941113, 'message': 'Dec  7 02:07:27 hqnl0246134 sshd[276789]: Failed password for invalid user upgrade from 3.0.202.116 port 55982 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 02:07:28,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371648.794423, 'message': 'Dec  7 02:07:28 hqnl0246134 sshd[276789]: Disconnected from invalid user upgrade 3.0.202.116 port 55982 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 02:07:30,901] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:07:30,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:07:30,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:07:30,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 02:07:40,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.106.169.34', 'timestamp': 1670371660.8262892, 'message': 'Dec  7 02:07:40 hqnl0246134 sshd[276797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.106.169.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:07:40,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.106.169.34', 'timestamp': 1670371660.826592, 'message': 'Dec  7 02:07:40 hqnl0246134 sshd[276797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.106.169.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:07:42,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.106.169.34', 'timestamp': 1670371662.8336003, 'message': 'Dec  7 02:07:42 hqnl0246134 sshd[276797]: Failed password for root from 92.106.169.34 port 52774 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 02:07:50,463] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:07:50,464] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:07:50,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371670.847686, 'message': 'Dec  7 02:07:49 hqnl0246134 sshd[276800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 02:07:52,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371672.85294, 'message': 'Dec  7 02:07:51 hqnl0246134 sshd[276800]: Failed password for root from 61.177.173.18 port 39148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 02:08:10,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371690.895417, 'message': 'Dec  7 02:08:09 hqnl0246134 sshd[276820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 02:08:10,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371690.896081, 'message': 'Dec  7 02:08:09 hqnl0246134 sshd[276820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
WARNING [2022-12-07 02:08:11,805] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:08:11,834] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0369 seconds
INFO    [2022-12-07 02:08:12,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371692.8966377, 'message': 'Dec  7 02:08:11 hqnl0246134 sshd[276820]: Failed password for root from 61.177.172.90 port 18365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:08:14,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371694.9006224, 'message': 'Dec  7 02:08:14 hqnl0246134 sshd[276820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 02:08:16,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371696.9032805, 'message': 'Dec  7 02:08:16 hqnl0246134 sshd[276820]: Failed password for root from 61.177.172.90 port 18365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 02:08:18,110] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:08:18,110] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:08:18,118] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:08:18,130] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 02:08:18,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371698.9063408, 'message': 'Dec  7 02:08:18 hqnl0246134 sshd[276820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:08:20,702] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:08:20,703] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:08:20,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:08:20,723] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 02:08:20,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371700.9097939, 'message': 'Dec  7 02:08:20 hqnl0246134 sshd[276820]: Failed password for root from 61.177.172.90 port 18365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:08:30,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371710.9224997, 'message': 'Dec  7 02:08:29 hqnl0246134 sshd[276843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 02:08:30,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371710.9231014, 'message': 'Dec  7 02:08:29 hqnl0246134 sshd[276843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:08:32,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371712.9244795, 'message': 'Dec  7 02:08:31 hqnl0246134 sshd[276843]: Failed password for root from 61.177.172.90 port 61411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:08:34,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371714.9277048, 'message': 'Dec  7 02:08:33 hqnl0246134 sshd[276843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 02:08:36,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371716.9304736, 'message': 'Dec  7 02:08:35 hqnl0246134 sshd[276845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 02:08:36,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371716.9307637, 'message': 'Dec  7 02:08:35 hqnl0246134 sshd[276843]: Failed password for root from 61.177.172.90 port 61411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 02:08:36,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371716.930906, 'message': 'Dec  7 02:08:36 hqnl0246134 sshd[276843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:08:38,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371718.9345582, 'message': 'Dec  7 02:08:37 hqnl0246134 sshd[276845]: Failed password for root from 61.177.173.18 port 53381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 02:08:38,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371718.9347444, 'message': 'Dec  7 02:08:38 hqnl0246134 sshd[276843]: Failed password for root from 61.177.172.90 port 61411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 02:08:42,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371722.9402735, 'message': 'Dec  7 02:08:41 hqnl0246134 sshd[276845]: Failed password for root from 61.177.173.18 port 53381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 02:08:42,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371722.9405708, 'message': 'Dec  7 02:08:42 hqnl0246134 sshd[276848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:08:42,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371722.9406853, 'message': 'Dec  7 02:08:42 hqnl0246134 sshd[276848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:08:44,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371724.9409964, 'message': 'Dec  7 02:08:43 hqnl0246134 sshd[276845]: Failed password for root from 61.177.173.18 port 53381 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 02:08:44,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371724.941165, 'message': 'Dec  7 02:08:44 hqnl0246134 sshd[276848]: Failed password for root from 61.177.172.90 port 37311 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 02:08:46,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371726.9417326, 'message': 'Dec  7 02:08:46 hqnl0246134 sshd[276848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 02:08:48,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371728.945553, 'message': 'Dec  7 02:08:47 hqnl0246134 sshd[276848]: Failed password for root from 61.177.172.90 port 37311 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:08:48,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371728.9458218, 'message': 'Dec  7 02:08:48 hqnl0246134 sshd[276848]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 02:08:50,467] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:08:50,467] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:08:52,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371732.9525416, 'message': 'Dec  7 02:08:51 hqnl0246134 sshd[276848]: Failed password for root from 61.177.172.90 port 37311 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:08:54,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371734.957263, 'message': 'Dec  7 02:08:54 hqnl0246134 sshd[276885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 02:08:54,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371734.9577382, 'message': 'Dec  7 02:08:54 hqnl0246134 sshd[276885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:08:55,763] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:08:55,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:08:55,771] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:08:55,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:08:56,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371736.9607687, 'message': 'Dec  7 02:08:56 hqnl0246134 sshd[276885]: Failed password for root from 61.177.172.90 port 25979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 02:08:58,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371738.963457, 'message': 'Dec  7 02:08:58 hqnl0246134 sshd[276891]: Invalid user hadoop from 165.227.166.207 port 39322', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:08:58,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371738.9636486, 'message': 'Dec  7 02:08:58 hqnl0246134 sshd[276891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 02:09:00,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371740.9673545, 'message': 'Dec  7 02:08:59 hqnl0246134 sshd[276885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:09:00,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371740.9675398, 'message': 'Dec  7 02:09:00 hqnl0246134 sshd[276891]: Failed password for invalid user hadoop from 165.227.166.207 port 39322 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 02:09:03,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371742.9716032, 'message': 'Dec  7 02:09:01 hqnl0246134 sshd[276885]: Failed password for root from 61.177.172.90 port 25979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 02:09:03,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371742.971834, 'message': 'Dec  7 02:09:02 hqnl0246134 sshd[276891]: Disconnected from invalid user hadoop 165.227.166.207 port 39322 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-07 02:09:04,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371744.9726818, 'message': 'Dec  7 02:09:03 hqnl0246134 sshd[276885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 02:09:06,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371746.97482, 'message': 'Dec  7 02:09:05 hqnl0246134 sshd[276885]: Failed password for root from 61.177.172.90 port 25979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:09:08,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371748.978897, 'message': 'Dec  7 02:09:07 hqnl0246134 sshd[277029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:09:09,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371748.9792545, 'message': 'Dec  7 02:09:07 hqnl0246134 sshd[277029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:09:10,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371750.9786775, 'message': 'Dec  7 02:09:09 hqnl0246134 sshd[277029]: Failed password for root from 61.177.172.90 port 13611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 02:09:11,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:09:11,837] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0353 seconds
INFO    [2022-12-07 02:09:13,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371752.9801226, 'message': 'Dec  7 02:09:11 hqnl0246134 sshd[277029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 02:09:13,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371752.9803505, 'message': 'Dec  7 02:09:12 hqnl0246134 sshd[277031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 02:09:13,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371752.9804752, 'message': 'Dec  7 02:09:12 hqnl0246134 sshd[277031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:09:15,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371754.9821284, 'message': 'Dec  7 02:09:14 hqnl0246134 sshd[277029]: Failed password for root from 61.177.172.90 port 13611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 02:09:17,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371756.9847815, 'message': 'Dec  7 02:09:15 hqnl0246134 sshd[277031]: Failed password for root from 61.177.173.50 port 64815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 02:09:17,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371756.9850528, 'message': 'Dec  7 02:09:16 hqnl0246134 sshd[277029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 02:09:18,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:09:18,336] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:09:18,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:09:18,364] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-07 02:09:19,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371758.987356, 'message': 'Dec  7 02:09:17 hqnl0246134 sshd[277031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-07 02:09:19,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670371758.9875817, 'message': 'Dec  7 02:09:17 hqnl0246134 sshd[277029]: Failed password for root from 61.177.172.90 port 13611 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-07 02:09:19,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371758.987771, 'message': 'Dec  7 02:09:18 hqnl0246134 sshd[277036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0550 seconds
INFO    [2022-12-07 02:09:19,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371758.9879823, 'message': 'Dec  7 02:09:18 hqnl0246134 sshd[277036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:09:21,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371760.9898536, 'message': 'Dec  7 02:09:19 hqnl0246134 sshd[277031]: Failed password for root from 61.177.173.50 port 64815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:09:21,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371760.9901695, 'message': 'Dec  7 02:09:19 hqnl0246134 sshd[277031]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:09:21,257] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:09:21,257] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:09:21,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:09:21,277] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 02:09:23,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371762.992925, 'message': 'Dec  7 02:09:21 hqnl0246134 sshd[277036]: Failed password for root from 61.177.173.36 port 12945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 02:09:23,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371762.9931526, 'message': 'Dec  7 02:09:21 hqnl0246134 sshd[277031]: Failed password for root from 61.177.173.50 port 64815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 02:09:23,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371762.9933047, 'message': 'Dec  7 02:09:21 hqnl0246134 sshd[277044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 02:09:23,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371762.993421, 'message': 'Dec  7 02:09:22 hqnl0246134 sshd[277036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 02:09:23,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371762.9935503, 'message': 'Dec  7 02:09:22 hqnl0246134 sshd[277044]: Failed password for root from 61.177.173.18 port 19899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 02:09:25,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371764.9988706, 'message': 'Dec  7 02:09:23 hqnl0246134 sshd[277049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 02:09:25,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371764.9993343, 'message': 'Dec  7 02:09:23 hqnl0246134 sshd[277049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:09:27,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371766.9982781, 'message': 'Dec  7 02:09:25 hqnl0246134 sshd[277036]: Failed password for root from 61.177.173.36 port 12945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 02:09:27,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371766.9985027, 'message': 'Dec  7 02:09:25 hqnl0246134 sshd[277049]: Failed password for root from 61.177.173.50 port 56719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 02:09:27,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371766.9986181, 'message': 'Dec  7 02:09:26 hqnl0246134 sshd[277044]: Failed password for root from 61.177.173.18 port 19899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 02:09:29,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371769.0018294, 'message': 'Dec  7 02:09:27 hqnl0246134 sshd[277036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-07 02:09:29,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371769.0022225, 'message': 'Dec  7 02:09:27 hqnl0246134 sshd[277049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-07 02:09:31,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371771.0033119, 'message': 'Dec  7 02:09:29 hqnl0246134 sshd[277036]: Failed password for root from 61.177.173.36 port 12945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 02:09:31,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371771.0035777, 'message': 'Dec  7 02:09:29 hqnl0246134 sshd[277049]: Failed password for root from 61.177.173.50 port 56719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 02:09:31,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371771.0038748, 'message': 'Dec  7 02:09:30 hqnl0246134 sshd[277044]: Failed password for root from 61.177.173.18 port 19899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 02:09:31,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371771.0037308, 'message': 'Dec  7 02:09:30 hqnl0246134 sshd[277049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:09:33,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371773.0055516, 'message': 'Dec  7 02:09:31 hqnl0246134 sshd[277060]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 02:09:33,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670371773.0058815, 'message': 'Dec  7 02:09:32 hqnl0246134 sshd[277049]: Failed password for root from 61.177.173.50 port 56719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:09:33,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371773.0057557, 'message': 'Dec  7 02:09:31 hqnl0246134 sshd[277060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:09:35,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371775.0070202, 'message': 'Dec  7 02:09:33 hqnl0246134 sshd[277060]: Failed password for root from 61.177.173.36 port 62514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:09:35,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371775.0074189, 'message': 'Dec  7 02:09:33 hqnl0246134 sshd[277064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 02:09:35,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371775.0072646, 'message': 'Dec  7 02:09:33 hqnl0246134 sshd[277060]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:09:35,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371775.0076132, 'message': 'Dec  7 02:09:33 hqnl0246134 sshd[277064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:09:35,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371775.0077724, 'message': 'Dec  7 02:09:34 hqnl0246134 sshd[277060]: Failed password for root from 61.177.173.36 port 62514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 02:09:35,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371775.007894, 'message': 'Dec  7 02:09:34 hqnl0246134 sshd[277064]: Failed password for root from 134.17.16.196 port 9393 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 02:09:37,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371777.0090232, 'message': 'Dec  7 02:09:35 hqnl0246134 sshd[277060]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 02:09:39,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371779.0111194, 'message': 'Dec  7 02:09:37 hqnl0246134 sshd[277060]: Failed password for root from 61.177.173.36 port 62514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 02:09:43,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371783.0182521, 'message': 'Dec  7 02:09:41 hqnl0246134 sshd[277067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:09:43,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371783.0184405, 'message': 'Dec  7 02:09:41 hqnl0246134 sshd[277067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 02:09:45,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371785.020928, 'message': 'Dec  7 02:09:43 hqnl0246134 sshd[277067]: Failed password for root from 61.177.173.36 port 40240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:09:45,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371785.021144, 'message': 'Dec  7 02:09:43 hqnl0246134 sshd[277067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 02:09:47,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371787.0216508, 'message': 'Dec  7 02:09:45 hqnl0246134 sshd[277067]: Failed password for root from 61.177.173.36 port 40240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:09:47,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371787.0218942, 'message': 'Dec  7 02:09:46 hqnl0246134 sshd[277067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:09:49,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670371789.022604, 'message': 'Dec  7 02:09:48 hqnl0246134 sshd[277067]: Failed password for root from 61.177.173.36 port 40240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0366 seconds
WARNING [2022-12-07 02:09:50,471] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:09:50,471] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:09:51,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.38.255.119', 'timestamp': 1670371791.0259826, 'message': 'Dec  7 02:09:50 hqnl0246134 sshd[277070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.38.255.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 02:09:51,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.38.255.119', 'timestamp': 1670371791.026261, 'message': 'Dec  7 02:09:50 hqnl0246134 sshd[277070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.38.255.119  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 02:09:53,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.38.255.119', 'timestamp': 1670371793.0261445, 'message': 'Dec  7 02:09:52 hqnl0246134 sshd[277070]: Failed password for root from 103.38.255.119 port 55572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 02:09:57,803] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:09:57,804] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:09:57,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:09:57,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 02:10:07,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670371807.0489502, 'message': 'Dec  7 02:10:06 hqnl0246134 sshd[277106]: Invalid user admin from 185.17.229.65 port 32241', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 02:10:07,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.17.229.65', 'timestamp': 1670371807.0491922, 'message': 'Dec  7 02:10:06 hqnl0246134 sshd[277106]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.17.229.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 02:10:07,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.17.229.65', 'timestamp': 1670371807.0493453, 'message': 'Dec  7 02:10:06 hqnl0246134 sshd[277106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.17.229.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 02:10:09,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371809.0502915, 'message': 'Dec  7 02:10:07 hqnl0246134 sshd[277108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 02:10:09,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670371809.0505283, 'message': 'Dec  7 02:10:08 hqnl0246134 sshd[277106]: Failed password for invalid user admin from 185.17.229.65 port 32241 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 02:10:09,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670371809.0506957, 'message': 'Dec  7 02:10:08 hqnl0246134 sshd[277106]: Disconnected from invalid user admin 185.17.229.65 port 32241 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:10:11,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371811.051618, 'message': 'Dec  7 02:10:09 hqnl0246134 sshd[277108]: Failed password for root from 61.177.173.18 port 37996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
WARNING [2022-12-07 02:10:11,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:10:11,846] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-07 02:10:18,666] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:10:18,666] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:10:18,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:10:18,686] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 02:10:21,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:10:21,324] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:10:21,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:10:21,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
INFO    [2022-12-07 02:10:23,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.35.194', 'timestamp': 1670371823.0734165, 'message': 'Dec  7 02:10:21 hqnl0246134 sshd[277132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.35.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:10:23,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.35.194', 'timestamp': 1670371823.073652, 'message': 'Dec  7 02:10:21 hqnl0246134 sshd[277132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.35.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:10:25,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.35.194', 'timestamp': 1670371825.074388, 'message': 'Dec  7 02:10:23 hqnl0246134 sshd[277132]: Failed password for root from 43.131.35.194 port 40686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:10:27,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371827.0791671, 'message': 'Dec  7 02:10:26 hqnl0246134 sshd[277142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 02:10:27,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371827.079454, 'message': 'Dec  7 02:10:26 hqnl0246134 sshd[277142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:10:29,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371829.0803628, 'message': 'Dec  7 02:10:28 hqnl0246134 sshd[277142]: Failed password for root from 3.0.202.116 port 39286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 02:10:31,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.16.6', 'timestamp': 1670371831.0847135, 'message': 'Dec  7 02:10:30 hqnl0246134 sshd[277144]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.16.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:10:31,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.16.6', 'timestamp': 1670371831.0849347, 'message': 'Dec  7 02:10:30 hqnl0246134 sshd[277144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.16.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:10:33,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.16.6', 'timestamp': 1670371833.0890982, 'message': 'Dec  7 02:10:31 hqnl0246134 sshd[277144]: Failed password for root from 128.199.16.6 port 55486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 02:10:50,476] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:10:50,478] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:10:51,200] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:10:51,269] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:10:51,270] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:10:51,270] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:10:51,270] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:10:51,270] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:10:51,281] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:10:51,298] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0272 seconds
WARNING [2022-12-07 02:10:51,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:10:51,308] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:10:51,325] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0343 seconds
INFO    [2022-12-07 02:10:51,327] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-07 02:10:53,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371853.134589, 'message': 'Dec  7 02:10:52 hqnl0246134 sshd[277148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:10:55,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371855.141498, 'message': 'Dec  7 02:10:54 hqnl0246134 sshd[277148]: Failed password for root from 61.177.173.18 port 53057 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
WARNING [2022-12-07 02:11:12,438] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:11:12,556] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.7467 seconds
INFO    [2022-12-07 02:11:17,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371877.1733747, 'message': 'Dec  7 02:11:15 hqnl0246134 sshd[277171]: Invalid user hadoop from 165.227.166.207 port 49594', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:11:17,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371877.175672, 'message': 'Dec  7 02:11:15 hqnl0246134 sshd[277171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:11:17,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371877.1759155, 'message': 'Dec  7 02:11:16 hqnl0246134 sshd[277171]: Failed password for invalid user hadoop from 165.227.166.207 port 49594 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 02:11:17,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670371877.176134, 'message': 'Dec  7 02:11:17 hqnl0246134 sshd[277171]: Disconnected from invalid user hadoop 165.227.166.207 port 49594 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 02:11:18,205] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:11:18,205] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:11:18,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:11:18,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 02:11:19,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:11:19,796] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:11:19,804] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:11:19,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0303 seconds
INFO    [2022-12-07 02:11:21,238] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:11:21,239] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:11:21,248] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:11:21,259] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:11:21,397] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:11:21,398] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:11:21,399] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 02:11:39,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371899.2024782, 'message': 'Dec  7 02:11:37 hqnl0246134 sshd[277197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 02:11:41,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371901.2014756, 'message': 'Dec  7 02:11:40 hqnl0246134 sshd[277197]: Failed password for root from 61.177.173.18 port 16829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 02:11:50,483] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:11:50,484] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:11:54,128] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 02:12:07,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371927.231002, 'message': 'Dec  7 02:12:06 hqnl0246134 sshd[277228]: Invalid user martin from 3.0.202.116 port 37732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 02:12:07,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371927.231613, 'message': 'Dec  7 02:12:06 hqnl0246134 sshd[277228]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:12:07,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371927.2318754, 'message': 'Dec  7 02:12:06 hqnl0246134 sshd[277228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:12:09,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371929.2318149, 'message': 'Dec  7 02:12:08 hqnl0246134 sshd[277228]: Failed password for invalid user martin from 3.0.202.116 port 37732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:12:09,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670371929.2320414, 'message': 'Dec  7 02:12:08 hqnl0246134 sshd[277228]: Disconnected from invalid user martin 3.0.202.116 port 37732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 02:12:11,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:12:11,843] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-07 02:12:17,930] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:12:17,930] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:12:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:12:17,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 02:12:20,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:12:20,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:12:20,809] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:12:20,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 02:12:23,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371943.245087, 'message': 'Dec  7 02:12:22 hqnl0246134 sshd[277241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:12:25,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371945.247345, 'message': 'Dec  7 02:12:24 hqnl0246134 sshd[277241]: Failed password for root from 61.177.173.18 port 37658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 02:12:29,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371949.2503216, 'message': 'Dec  7 02:12:26 hqnl0246134 sshd[277241]: Failed password for root from 61.177.173.18 port 37658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:12:31,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371951.251644, 'message': 'Dec  7 02:12:29 hqnl0246134 sshd[277241]: Failed password for root from 61.177.173.18 port 37658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 02:12:35,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371955.254382, 'message': 'Dec  7 02:12:34 hqnl0246134 sshd[277252]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:12:35,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371955.2547007, 'message': 'Dec  7 02:12:34 hqnl0246134 sshd[277252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 02:12:37,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371957.255829, 'message': 'Dec  7 02:12:36 hqnl0246134 sshd[277252]: Failed password for root from 61.177.172.124 port 44070 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 02:12:37,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371957.2562358, 'message': 'Dec  7 02:12:37 hqnl0246134 sshd[277252]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:12:39,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371959.2578294, 'message': 'Dec  7 02:12:39 hqnl0246134 sshd[277252]: Failed password for root from 61.177.172.124 port 44070 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:12:41,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371961.262076, 'message': 'Dec  7 02:12:39 hqnl0246134 sshd[277252]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:12:41,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371961.262371, 'message': 'Dec  7 02:12:40 hqnl0246134 sshd[277252]: Failed password for root from 61.177.172.124 port 44070 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:12:45,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371965.265601, 'message': 'Dec  7 02:12:43 hqnl0246134 sshd[277256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:12:45,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371965.2659423, 'message': 'Dec  7 02:12:43 hqnl0246134 sshd[277256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:12:47,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371967.2679825, 'message': 'Dec  7 02:12:45 hqnl0246134 sshd[277256]: Failed password for root from 61.177.172.124 port 61953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 02:12:49,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371969.2711158, 'message': 'Dec  7 02:12:47 hqnl0246134 sshd[277256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 02:12:49,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371969.271363, 'message': 'Dec  7 02:12:47 hqnl0246134 sshd[277259]: Invalid user impala from 194.110.134.13 port 47766', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:12:49,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371969.2715657, 'message': 'Dec  7 02:12:47 hqnl0246134 sshd[277259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.110.134.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:12:49,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371969.2716846, 'message': 'Dec  7 02:12:47 hqnl0246134 sshd[277259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.134.13 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 02:12:50,489] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:12:50,489] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:12:51,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371971.2729914, 'message': 'Dec  7 02:12:49 hqnl0246134 sshd[277256]: Failed password for root from 61.177.172.124 port 61953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 02:12:51,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371971.273202, 'message': 'Dec  7 02:12:49 hqnl0246134 sshd[277259]: Failed password for invalid user impala from 194.110.134.13 port 47766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 02:12:51,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371971.273314, 'message': 'Dec  7 02:12:49 hqnl0246134 sshd[277256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:12:51,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670371971.2734177, 'message': 'Dec  7 02:12:50 hqnl0246134 sshd[277259]: Disconnected from invalid user impala 194.110.134.13 port 47766 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:12:53,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371973.273768, 'message': 'Dec  7 02:12:51 hqnl0246134 sshd[277256]: Failed password for root from 61.177.172.124 port 61953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 02:12:53,671] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:12:53,672] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:12:53,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:12:53,702] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-07 02:12:55,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371975.2757778, 'message': 'Dec  7 02:12:53 hqnl0246134 sshd[277263]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 02:12:55,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371975.2761228, 'message': 'Dec  7 02:12:53 hqnl0246134 sshd[277263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 02:12:57,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371977.276829, 'message': 'Dec  7 02:12:55 hqnl0246134 sshd[277263]: Failed password for root from 61.177.172.124 port 34587 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:12:57,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371977.277056, 'message': 'Dec  7 02:12:56 hqnl0246134 sshd[277263]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:12:59,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371979.2795691, 'message': 'Dec  7 02:12:58 hqnl0246134 sshd[277263]: Failed password for root from 61.177.172.124 port 34587 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:12:59,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371979.2797916, 'message': 'Dec  7 02:12:58 hqnl0246134 sshd[277263]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:13:01,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371981.2836976, 'message': 'Dec  7 02:13:00 hqnl0246134 sshd[277263]: Failed password for root from 61.177.172.124 port 34587 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 02:13:03,275] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 02:13:03,282] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:13:03,301] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0249 seconds
INFO    [2022-12-07 02:13:03,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371983.285073, 'message': 'Dec  7 02:13:02 hqnl0246134 sshd[277278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 02:13:03,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371983.2852237, 'message': 'Dec  7 02:13:02 hqnl0246134 sshd[277278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:13:05,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371985.2892063, 'message': 'Dec  7 02:13:04 hqnl0246134 sshd[277278]: Failed password for root from 61.177.172.124 port 45474 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 02:13:07,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371987.2930245, 'message': 'Dec  7 02:13:05 hqnl0246134 sshd[277298]: Invalid user hb from 134.17.16.196 port 9395', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 02:13:07,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371987.2934666, 'message': 'Dec  7 02:13:06 hqnl0246134 sshd[277278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:13:07,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371987.293219, 'message': 'Dec  7 02:13:05 hqnl0246134 sshd[277298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:13:07,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371987.2933626, 'message': 'Dec  7 02:13:05 hqnl0246134 sshd[277298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:13:07,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371987.2935667, 'message': 'Dec  7 02:13:06 hqnl0246134 sshd[277298]: Failed password for invalid user hb from 134.17.16.196 port 9395 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 02:13:09,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670371989.296085, 'message': 'Dec  7 02:13:08 hqnl0246134 sshd[277298]: Disconnected from invalid user hb 134.17.16.196 port 9395 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 02:13:09,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371989.2963364, 'message': 'Dec  7 02:13:08 hqnl0246134 sshd[277278]: Failed password for root from 61.177.172.124 port 45474 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 02:13:09,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371989.2965577, 'message': 'Dec  7 02:13:08 hqnl0246134 sshd[277300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 02:13:09,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371989.2964506, 'message': 'Dec  7 02:13:08 hqnl0246134 sshd[277278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:13:11,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670371991.2977934, 'message': 'Dec  7 02:13:10 hqnl0246134 sshd[277278]: Failed password for root from 61.177.172.124 port 45474 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 02:13:11,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371991.2979863, 'message': 'Dec  7 02:13:10 hqnl0246134 sshd[277300]: Failed password for root from 61.177.173.18 port 60585 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
WARNING [2022-12-07 02:13:11,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:13:11,849] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 02:13:17,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670371997.3091288, 'message': 'Dec  7 02:13:15 hqnl0246134 sshd[277300]: Failed password for root from 61.177.173.18 port 60585 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:13:20,001] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:13:20,001] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:13:20,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:13:20,022] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 02:13:21,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372001.3143911, 'message': 'Dec  7 02:13:19 hqnl0246134 sshd[277300]: Failed password for root from 61.177.173.18 port 60585 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 02:13:21,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372001.3145907, 'message': 'Dec  7 02:13:19 hqnl0246134 sshd[277308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.107.61.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 02:13:21,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372001.3147297, 'message': 'Dec  7 02:13:19 hqnl0246134 sshd[277308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.107.61.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 02:13:22,737] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:13:22,737] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:13:22,744] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:13:22,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 02:13:23,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372003.316609, 'message': 'Dec  7 02:13:21 hqnl0246134 sshd[277308]: Failed password for root from 20.107.61.88 port 48984 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:13:25,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372005.320273, 'message': 'Dec  7 02:13:23 hqnl0246134 sshd[277316]: Invalid user hadoop from 165.227.166.207 port 59880', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 02:13:25,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372005.3206263, 'message': 'Dec  7 02:13:23 hqnl0246134 sshd[277316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 02:13:27,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372007.3212712, 'message': 'Dec  7 02:13:25 hqnl0246134 sshd[277316]: Failed password for invalid user hadoop from 165.227.166.207 port 59880 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:13:27,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372007.321447, 'message': 'Dec  7 02:13:27 hqnl0246134 sshd[277316]: Disconnected from invalid user hadoop 165.227.166.207 port 59880 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:13:29,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372009.3217063, 'message': 'Dec  7 02:13:27 hqnl0246134 sshd[277326]: Invalid user user from 185.233.36.187 port 42832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 02:13:29,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372009.32202, 'message': 'Dec  7 02:13:28 hqnl0246134 sshd[277326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.233.36.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 02:13:29,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372009.3246543, 'message': 'Dec  7 02:13:28 hqnl0246134 sshd[277326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.233.36.187 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:13:31,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372011.3227031, 'message': 'Dec  7 02:13:29 hqnl0246134 sshd[277329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.19.166 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0593 seconds
INFO    [2022-12-07 02:13:31,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372011.3232615, 'message': 'Dec  7 02:13:30 hqnl0246134 sshd[277331]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.153.40 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 02:13:31,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372011.323513, 'message': 'Dec  7 02:13:30 hqnl0246134 sshd[277326]: Failed password for invalid user user from 185.233.36.187 port 42832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0600 seconds
INFO    [2022-12-07 02:13:31,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372011.323096, 'message': 'Dec  7 02:13:29 hqnl0246134 sshd[277329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.19.166  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:13:31,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372011.323395, 'message': 'Dec  7 02:13:30 hqnl0246134 sshd[277331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.153.40  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 02:13:33,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372013.3266203, 'message': 'Dec  7 02:13:31 hqnl0246134 sshd[277329]: Failed password for root from 138.197.19.166 port 45328 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-07 02:13:33,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372013.3268802, 'message': 'Dec  7 02:13:31 hqnl0246134 sshd[277326]: Disconnected from invalid user user 185.233.36.187 port 42832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 02:13:33,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372013.3270414, 'message': 'Dec  7 02:13:32 hqnl0246134 sshd[277331]: Failed password for root from 137.184.153.40 port 54220 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 02:13:49,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670372029.351279, 'message': 'Dec  7 02:13:47 hqnl0246134 sshd[277334]: Invalid user ubuntu from 3.0.202.116 port 36180', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 02:13:49,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670372029.351855, 'message': 'Dec  7 02:13:47 hqnl0246134 sshd[277334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:13:49,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670372029.3520374, 'message': 'Dec  7 02:13:47 hqnl0246134 sshd[277334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:13:49,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670372029.3521922, 'message': 'Dec  7 02:13:49 hqnl0246134 sshd[277334]: Failed password for invalid user ubuntu from 3.0.202.116 port 36180 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 02:13:50,492] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:13:50,493] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:13:51,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372031.3537283, 'message': 'Dec  7 02:13:49 hqnl0246134 sshd[277336]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.255.168.152 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-07 02:13:51,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670372031.3573384, 'message': 'Dec  7 02:13:50 hqnl0246134 sshd[277334]: Disconnected from invalid user ubuntu 3.0.202.116 port 36180 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0549 seconds
INFO    [2022-12-07 02:13:51,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372031.3540652, 'message': 'Dec  7 02:13:49 hqnl0246134 sshd[277336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.168.152  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 02:13:53,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372033.3572164, 'message': 'Dec  7 02:13:51 hqnl0246134 sshd[277336]: Failed password for root from 51.255.168.152 port 47722 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:13:55,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372035.3584924, 'message': 'Dec  7 02:13:55 hqnl0246134 sshd[277340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 02:13:55,930] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:13:55,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:13:55,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:13:55,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 02:13:59,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372039.3648114, 'message': 'Dec  7 02:13:57 hqnl0246134 sshd[277340]: Failed password for root from 61.177.173.18 port 21787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:14:03,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372043.3702383, 'message': 'Dec  7 02:14:01 hqnl0246134 sshd[277340]: Failed password for root from 61.177.173.18 port 21787 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:14:05,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372045.372478, 'message': 'Dec  7 02:14:04 hqnl0246134 sshd[277353]: Invalid user guest1 from 159.89.8.45 port 50408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:14:05,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372045.372654, 'message': 'Dec  7 02:14:04 hqnl0246134 sshd[277353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.8.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:14:05,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372045.3728855, 'message': 'Dec  7 02:14:04 hqnl0246134 sshd[277353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.8.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:14:07,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372047.3746288, 'message': 'Dec  7 02:14:05 hqnl0246134 sshd[277353]: Failed password for invalid user guest1 from 159.89.8.45 port 50408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 02:14:07,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372047.3750176, 'message': 'Dec  7 02:14:06 hqnl0246134 sshd[277340]: Failed password for root from 61.177.173.18 port 21787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 02:14:07,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372047.3748276, 'message': 'Dec  7 02:14:05 hqnl0246134 sshd[277353]: Disconnected from invalid user guest1 159.89.8.45 port 50408 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 02:14:11,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:14:11,865] defence360agent.internals.the_sink: SensorIncidentList(<26 item(s)>) processed in 0.0463 seconds
INFO    [2022-12-07 02:14:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:14:17,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:14:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:14:17,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-07 02:14:20,523] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:14:20,523] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:14:20,530] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:14:20,540] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-07 02:14:23,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372063.3941116, 'message': 'Dec  7 02:14:23 hqnl0246134 sshd[277395]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.106.169.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:14:23,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372063.3944013, 'message': 'Dec  7 02:14:23 hqnl0246134 sshd[277395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.106.169.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 02:14:25,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372065.401212, 'message': 'Dec  7 02:14:25 hqnl0246134 sshd[277395]: Failed password for root from 92.106.169.34 port 57042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:14:43,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372083.441168, 'message': 'Dec  7 02:14:41 hqnl0246134 sshd[277407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 02:14:45,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372085.445045, 'message': 'Dec  7 02:14:43 hqnl0246134 sshd[277407]: Failed password for root from 61.177.173.18 port 34728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 02:14:50,496] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:14:50,497] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:14:51,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372091.4505885, 'message': 'Dec  7 02:14:48 hqnl0246134 sshd[277407]: Failed password for root from 61.177.173.18 port 34728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-07 02:14:51,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372091.450952, 'message': 'Dec  7 02:14:50 hqnl0246134 sshd[277412]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.35.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-07 02:14:51,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372091.4511926, 'message': 'Dec  7 02:14:50 hqnl0246134 sshd[277412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.35.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:14:53,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372093.4525692, 'message': 'Dec  7 02:14:52 hqnl0246134 sshd[277407]: Failed password for root from 61.177.173.18 port 34728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 02:14:53,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372093.4528108, 'message': 'Dec  7 02:14:53 hqnl0246134 sshd[277412]: Failed password for root from 43.131.35.194 port 39766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:14:55,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372095.455741, 'message': 'Dec  7 02:14:55 hqnl0246134 sshd[277424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.17.229.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:14:55,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372095.4561827, 'message': 'Dec  7 02:14:55 hqnl0246134 sshd[277424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.17.229.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:14:57,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372097.4589128, 'message': 'Dec  7 02:14:57 hqnl0246134 sshd[277424]: Failed password for root from 185.17.229.65 port 59512 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:15:05,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372105.4717593, 'message': 'Dec  7 02:15:04 hqnl0246134 sshd[277445]: Invalid user gerrit from 92.118.207.11 port 49174', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 02:15:05,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372105.4732761, 'message': 'Dec  7 02:15:04 hqnl0246134 sshd[277445]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.118.207.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:15:05,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372105.473397, 'message': 'Dec  7 02:15:04 hqnl0246134 sshd[277445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.207.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:15:07,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372107.477977, 'message': 'Dec  7 02:15:06 hqnl0246134 sshd[277445]: Failed password for invalid user gerrit from 92.118.207.11 port 49174 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:15:09,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372109.4827166, 'message': 'Dec  7 02:15:07 hqnl0246134 sshd[277445]: Disconnected from invalid user gerrit 92.118.207.11 port 49174 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 02:15:11,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:15:11,875] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0480 seconds
INFO    [2022-12-07 02:15:12,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:15:12,660] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:15:12,669] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:15:12,680] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 02:15:17,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:15:17,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:15:17,855] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:15:17,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:15:20,692] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:15:20,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:15:20,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:15:20,723] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-07 02:15:29,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372129.5165708, 'message': 'Dec  7 02:15:29 hqnl0246134 sshd[277483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:15:33,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372133.5264845, 'message': 'Dec  7 02:15:31 hqnl0246134 sshd[277483]: Failed password for root from 61.177.173.18 port 56497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 02:15:35,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372135.5291562, 'message': 'Dec  7 02:15:34 hqnl0246134 sshd[277485]: Invalid user hp from 165.227.166.207 port 41952', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 02:15:35,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372135.533414, 'message': 'Dec  7 02:15:35 hqnl0246134 sshd[277487]: Invalid user ken from 134.17.16.196 port 9396', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 02:15:35,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372135.5331962, 'message': 'Dec  7 02:15:34 hqnl0246134 sshd[277485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 02:15:35,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372135.5336385, 'message': 'Dec  7 02:15:35 hqnl0246134 sshd[277487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 02:15:35,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372135.5338159, 'message': 'Dec  7 02:15:35 hqnl0246134 sshd[277487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:15:37,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372137.5353794, 'message': 'Dec  7 02:15:35 hqnl0246134 sshd[277483]: Failed password for root from 61.177.173.18 port 56497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0734 seconds
INFO    [2022-12-07 02:15:37,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372137.535665, 'message': 'Dec  7 02:15:36 hqnl0246134 sshd[277485]: Failed password for invalid user hp from 165.227.166.207 port 41952 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0738 seconds
INFO    [2022-12-07 02:15:37,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372137.5367808, 'message': 'Dec  7 02:15:37 hqnl0246134 sshd[277487]: Failed password for invalid user ken from 134.17.16.196 port 9396 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0737 seconds
INFO    [2022-12-07 02:15:37,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372137.5358937, 'message': 'Dec  7 02:15:36 hqnl0246134 sshd[277485]: Disconnected from invalid user hp 165.227.166.207 port 41952 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 02:15:39,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372139.5382755, 'message': 'Dec  7 02:15:38 hqnl0246134 sshd[277487]: Disconnected from invalid user ken 134.17.16.196 port 9396 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:15:39,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372139.538488, 'message': 'Dec  7 02:15:38 hqnl0246134 sshd[277483]: Failed password for root from 61.177.173.18 port 56497 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:15:41,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372141.5407991, 'message': 'Dec  7 02:15:41 hqnl0246134 sshd[277491]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.110.134.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 02:15:41,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372141.5410194, 'message': 'Dec  7 02:15:41 hqnl0246134 sshd[277491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.134.13  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:15:45,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372145.5457225, 'message': 'Dec  7 02:15:43 hqnl0246134 sshd[277491]: Failed password for root from 194.110.134.13 port 56546 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0256 seconds
WARNING [2022-12-07 02:15:50,501] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:15:50,503] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:16:03,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372163.5739403, 'message': 'Dec  7 02:16:01 hqnl0246134 sshd[277513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.107.61.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:16:03,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372163.5744038, 'message': 'Dec  7 02:16:01 hqnl0246134 sshd[277513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.107.61.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 02:16:03,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372163.5745416, 'message': 'Dec  7 02:16:03 hqnl0246134 sshd[277513]: Failed password for root from 20.107.61.88 port 38816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 02:16:11,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:16:11,881] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0486 seconds
INFO    [2022-12-07 02:16:17,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372177.5948896, 'message': 'Dec  7 02:16:16 hqnl0246134 sshd[277516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:16:17,977] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:16:17,978] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:16:17,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:16:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 02:16:19,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372179.597929, 'message': 'Dec  7 02:16:17 hqnl0246134 sshd[277520]: Invalid user vz from 128.199.16.6 port 43734', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 02:16:19,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372179.598379, 'message': 'Dec  7 02:16:18 hqnl0246134 sshd[277516]: Failed password for root from 61.177.173.18 port 16637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 02:16:19,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372179.5984848, 'message': 'Dec  7 02:16:19 hqnl0246134 sshd[277527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.153.40 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 02:16:19,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372179.5981162, 'message': 'Dec  7 02:16:17 hqnl0246134 sshd[277520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.16.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 02:16:19,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372179.5985932, 'message': 'Dec  7 02:16:19 hqnl0246134 sshd[277527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.153.40  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:16:19,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372179.5982409, 'message': 'Dec  7 02:16:17 hqnl0246134 sshd[277520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.16.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:16:20,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:16:20,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:16:20,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:16:20,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:16:21,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372181.6001005, 'message': 'Dec  7 02:16:20 hqnl0246134 sshd[277520]: Failed password for invalid user vz from 128.199.16.6 port 43734 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 02:16:21,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372181.6005292, 'message': 'Dec  7 02:16:21 hqnl0246134 sshd[277527]: Failed password for root from 137.184.153.40 port 43740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-07 02:16:21,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372181.600378, 'message': 'Dec  7 02:16:21 hqnl0246134 sshd[277520]: Disconnected from invalid user vz 128.199.16.6 port 43734 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:16:22,013] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:16:22,187] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:16:22,187] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:16:22,188] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:16:22,188] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:16:22,188] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:16:22,197] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:16:22,212] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0233 seconds
WARNING [2022-12-07 02:16:22,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:16:22,224] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:16:22,242] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0352 seconds
INFO    [2022-12-07 02:16:22,243] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0337 seconds
INFO    [2022-12-07 02:16:23,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372183.6009822, 'message': 'Dec  7 02:16:21 hqnl0246134 sshd[277516]: Failed password for root from 61.177.173.18 port 16637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 02:16:23,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372183.6012177, 'message': 'Dec  7 02:16:22 hqnl0246134 sshd[277534]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.19.166 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:16:23,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372183.6013331, 'message': 'Dec  7 02:16:22 hqnl0246134 sshd[277534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.19.166  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:16:25,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372185.604904, 'message': 'Dec  7 02:16:24 hqnl0246134 sshd[277534]: Failed password for root from 138.197.19.166 port 34488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 02:16:25,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372185.605289, 'message': 'Dec  7 02:16:24 hqnl0246134 sshd[277516]: Failed password for root from 61.177.173.18 port 16637 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 02:16:37,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372197.6254132, 'message': 'Dec  7 02:16:36 hqnl0246134 sshd[277546]: Invalid user rex from 185.233.36.187 port 43616', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:16:37,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372197.6261578, 'message': 'Dec  7 02:16:36 hqnl0246134 sshd[277546]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.233.36.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:16:37,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372197.626266, 'message': 'Dec  7 02:16:36 hqnl0246134 sshd[277546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.233.36.187 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:16:39,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372199.6262586, 'message': 'Dec  7 02:16:39 hqnl0246134 sshd[277546]: Failed password for invalid user rex from 185.233.36.187 port 43616 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:16:41,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372201.6287427, 'message': 'Dec  7 02:16:40 hqnl0246134 sshd[277546]: Disconnected from invalid user rex 185.233.36.187 port 43616 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 02:16:44,437] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:16:44,437] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:16:44,444] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:16:44,456] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 02:16:47,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372207.6550987, 'message': 'Dec  7 02:16:46 hqnl0246134 sshd[277553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.255.168.152 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:16:47,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372207.6554341, 'message': 'Dec  7 02:16:46 hqnl0246134 sshd[277553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.168.152  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:16:49,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372209.66645, 'message': 'Dec  7 02:16:48 hqnl0246134 sshd[277553]: Failed password for root from 51.255.168.152 port 45102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
WARNING [2022-12-07 02:16:50,513] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:16:50,514] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:16:52,336] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:16:52,337] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:16:52,338] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 02:17:03,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372223.6906474, 'message': 'Dec  7 02:17:02 hqnl0246134 sshd[277566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 02:17:03,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372223.6912723, 'message': 'Dec  7 02:17:03 hqnl0246134 sshd[277566]: Failed password for root from 61.177.173.18 port 31958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 02:17:11,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:17:11,882] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0428 seconds
INFO    [2022-12-07 02:17:18,002] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:17:18,002] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:17:18,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:17:18,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 02:17:21,705] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:17:21,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:17:21,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:17:21,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 02:17:27,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372247.7334678, 'message': 'Dec  7 02:17:27 hqnl0246134 sshd[277608]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.106.169.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:17:27,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372247.7338312, 'message': 'Dec  7 02:17:27 hqnl0246134 sshd[277608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.106.169.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:17:29,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372249.7361758, 'message': 'Dec  7 02:17:29 hqnl0246134 sshd[277608]: Failed password for root from 92.106.169.34 port 46420 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:17:33,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372253.7428086, 'message': 'Dec  7 02:17:32 hqnl0246134 sshd[277611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.35.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 02:17:33,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372253.7431364, 'message': 'Dec  7 02:17:32 hqnl0246134 sshd[277611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.35.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:17:35,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372255.746982, 'message': 'Dec  7 02:17:34 hqnl0246134 sshd[277611]: Failed password for root from 43.131.35.194 port 59214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:17:41,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372261.7571976, 'message': 'Dec  7 02:17:41 hqnl0246134 sshd[277613]: Invalid user ubuntu from 92.118.207.11 port 53242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:17:41,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372261.7574217, 'message': 'Dec  7 02:17:41 hqnl0246134 sshd[277613]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.118.207.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 02:17:41,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372261.7576523, 'message': 'Dec  7 02:17:41 hqnl0246134 sshd[277613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.207.11 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 02:17:43,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372263.7606447, 'message': 'Dec  7 02:17:43 hqnl0246134 sshd[277613]: Failed password for invalid user ubuntu from 92.118.207.11 port 53242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 02:17:43,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372263.761024, 'message': 'Dec  7 02:17:43 hqnl0246134 sshd[277613]: Disconnected from invalid user ubuntu 92.118.207.11 port 53242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:17:47,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372267.7727523, 'message': 'Dec  7 02:17:47 hqnl0246134 sshd[277617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 02:17:49,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372269.777338, 'message': 'Dec  7 02:17:49 hqnl0246134 sshd[277617]: Failed password for root from 61.177.173.18 port 54337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
WARNING [2022-12-07 02:17:50,518] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:17:50,519] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:17:51,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372271.781093, 'message': 'Dec  7 02:17:51 hqnl0246134 sshd[277620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:17:53,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372273.7851906, 'message': 'Dec  7 02:17:53 hqnl0246134 sshd[277620]: Failed password for root from 165.227.166.207 port 52246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 02:17:53,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372273.785368, 'message': 'Dec  7 02:17:53 hqnl0246134 sshd[277622]: Invalid user steam from 185.17.229.65 port 10005', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 02:17:53,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372273.785798, 'message': 'Dec  7 02:17:53 hqnl0246134 sshd[277617]: Failed password for root from 61.177.173.18 port 54337 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-07 02:17:53,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372273.7855043, 'message': 'Dec  7 02:17:53 hqnl0246134 sshd[277622]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.17.229.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:17:53,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372273.78565, 'message': 'Dec  7 02:17:53 hqnl0246134 sshd[277622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.17.229.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:17:55,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372275.7891817, 'message': 'Dec  7 02:17:55 hqnl0246134 sshd[277622]: Failed password for invalid user steam from 185.17.229.65 port 10005 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:17:57,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:17:57,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:17:57,553] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:17:57,564] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 02:17:57,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372277.7906861, 'message': 'Dec  7 02:17:55 hqnl0246134 sshd[277617]: Failed password for root from 61.177.173.18 port 54337 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-07 02:17:57,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372277.7916973, 'message': 'Dec  7 02:17:56 hqnl0246134 sshd[277634]: Invalid user mysqler from 134.17.16.196 port 9397', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 02:17:57,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372277.7922008, 'message': 'Dec  7 02:17:57 hqnl0246134 sshd[277622]: Disconnected from invalid user steam 185.17.229.65 port 10005 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-07 02:17:57,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372277.7918406, 'message': 'Dec  7 02:17:56 hqnl0246134 sshd[277634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:17:57,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372277.7920322, 'message': 'Dec  7 02:17:56 hqnl0246134 sshd[277634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:17:59,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372279.793001, 'message': 'Dec  7 02:17:58 hqnl0246134 sshd[277634]: Failed password for invalid user mysqler from 134.17.16.196 port 9397 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:17:59,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.196', 'timestamp': 1670372279.793203, 'message': 'Dec  7 02:17:58 hqnl0246134 sshd[277634]: Disconnected from invalid user mysqler 134.17.16.196 port 9397 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 02:18:11,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:18:11,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372291.8234046, 'message': 'Dec  7 02:18:09 hqnl0246134 sshd[277672]: Invalid user user2 from 159.89.8.45 port 39676', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 02:18:11,899] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0586 seconds
INFO    [2022-12-07 02:18:11,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372291.8238802, 'message': 'Dec  7 02:18:10 hqnl0246134 sshd[277672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.8.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-07 02:18:11,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372291.824031, 'message': 'Dec  7 02:18:10 hqnl0246134 sshd[277672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.8.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:18:13,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372293.8280828, 'message': 'Dec  7 02:18:11 hqnl0246134 sshd[277672]: Failed password for invalid user user2 from 159.89.8.45 port 39676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:18:13,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372293.8284035, 'message': 'Dec  7 02:18:12 hqnl0246134 sshd[277672]: Disconnected from invalid user user2 159.89.8.45 port 39676 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:18:17,755] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:18:17,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:18:17,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:18:17,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 02:18:20,569] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:18:20,570] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:18:20,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:18:20,593] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 02:18:27,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372307.843464, 'message': 'Dec  7 02:18:26 hqnl0246134 sshd[277687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0571 seconds
INFO    [2022-12-07 02:18:27,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372307.844317, 'message': 'Dec  7 02:18:27 hqnl0246134 sshd[277697]: Invalid user mukesh from 194.110.134.13 port 37096', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-07 02:18:27,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372307.8440669, 'message': 'Dec  7 02:18:26 hqnl0246134 sshd[277687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 02:18:27,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372307.844595, 'message': 'Dec  7 02:18:27 hqnl0246134 sshd[277697]: pam_imunify(sshd:auth): [IM360_RBL] The IP 194.110.134.13 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 02:18:27,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372307.84482, 'message': 'Dec  7 02:18:27 hqnl0246134 sshd[277697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.134.13 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:18:29,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372309.842897, 'message': 'Dec  7 02:18:28 hqnl0246134 sshd[277687]: Failed password for root from 61.177.173.39 port 40945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:18:29,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372309.8431108, 'message': 'Dec  7 02:18:28 hqnl0246134 sshd[277697]: Failed password for invalid user mukesh from 194.110.134.13 port 37096 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:18:31,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.110.134.13', 'timestamp': 1670372311.8463893, 'message': 'Dec  7 02:18:29 hqnl0246134 sshd[277697]: Disconnected from invalid user mukesh 194.110.134.13 port 37096 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 02:18:31,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372311.8466473, 'message': 'Dec  7 02:18:30 hqnl0246134 sshd[277687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 02:18:31,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372311.8468146, 'message': 'Dec  7 02:18:31 hqnl0246134 sshd[277700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 02:18:33,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372313.8460917, 'message': 'Dec  7 02:18:32 hqnl0246134 sshd[277687]: Failed password for root from 61.177.173.39 port 40945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:18:33,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372313.8463736, 'message': 'Dec  7 02:18:33 hqnl0246134 sshd[277700]: Failed password for root from 61.177.173.18 port 63260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 02:18:35,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372315.852364, 'message': 'Dec  7 02:18:34 hqnl0246134 sshd[277687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:18:35,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372315.8532336, 'message': 'Dec  7 02:18:35 hqnl0246134 sshd[277700]: Failed password for root from 61.177.173.18 port 63260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:18:37,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372317.8542688, 'message': 'Dec  7 02:18:36 hqnl0246134 sshd[277687]: Failed password for root from 61.177.173.39 port 40945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-07 02:18:37,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372317.8578951, 'message': 'Dec  7 02:18:37 hqnl0246134 sshd[277700]: Failed password for root from 61.177.173.18 port 63260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 02:18:45,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372325.8704736, 'message': 'Dec  7 02:18:45 hqnl0246134 sshd[277704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.107.61.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:18:45,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372325.8706703, 'message': 'Dec  7 02:18:45 hqnl0246134 sshd[277704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.107.61.88  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:18:47,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.107.61.88', 'timestamp': 1670372327.8715658, 'message': 'Dec  7 02:18:47 hqnl0246134 sshd[277704]: Failed password for root from 20.107.61.88 port 56882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 02:18:50,526] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:18:50,526] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:19:01,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372341.8972216, 'message': 'Dec  7 02:19:00 hqnl0246134 sshd[277719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 02:19:01,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372341.8977368, 'message': 'Dec  7 02:19:00 hqnl0246134 sshd[277721]: Invalid user vncuser from 137.184.153.40 port 34294', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 02:19:01,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372341.8975744, 'message': 'Dec  7 02:19:00 hqnl0246134 sshd[277719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 02:19:01,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372341.8978446, 'message': 'Dec  7 02:19:00 hqnl0246134 sshd[277721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.153.40 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:19:01,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372341.8980072, 'message': 'Dec  7 02:19:00 hqnl0246134 sshd[277721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.153.40 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:19:03,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372343.8983078, 'message': 'Dec  7 02:19:02 hqnl0246134 sshd[277719]: Failed password for root from 61.177.173.39 port 36168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0498 seconds
INFO    [2022-12-07 02:19:03,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372343.8985837, 'message': 'Dec  7 02:19:03 hqnl0246134 sshd[277721]: Failed password for invalid user vncuser from 137.184.153.40 port 34294 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-07 02:19:05,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372345.901686, 'message': 'Dec  7 02:19:04 hqnl0246134 sshd[277719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 02:19:05,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.153.40', 'timestamp': 1670372345.9122443, 'message': 'Dec  7 02:19:05 hqnl0246134 sshd[277721]: Disconnected from invalid user vncuser 137.184.153.40 port 34294 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 02:19:07,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:19:07,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:19:07,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:19:07,972] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0328 seconds
INFO    [2022-12-07 02:19:07,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372347.9400675, 'message': 'Dec  7 02:19:06 hqnl0246134 sshd[277719]: Failed password for root from 61.177.173.39 port 36168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 02:19:09,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372349.9084756, 'message': 'Dec  7 02:19:08 hqnl0246134 sshd[277719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 02:19:11,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:19:11,881] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-07 02:19:11,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372351.9097867, 'message': 'Dec  7 02:19:10 hqnl0246134 sshd[277719]: Failed password for root from 61.177.173.39 port 36168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:19:13,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372353.91304, 'message': 'Dec  7 02:19:12 hqnl0246134 sshd[277737]: Invalid user jan from 138.197.19.166 port 51890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 02:19:13,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372353.9134357, 'message': 'Dec  7 02:19:12 hqnl0246134 sshd[277739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.233.36.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 02:19:13,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372353.913218, 'message': 'Dec  7 02:19:12 hqnl0246134 sshd[277737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.197.19.166 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 02:19:13,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372353.9138212, 'message': 'Dec  7 02:19:12 hqnl0246134 sshd[277739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.233.36.187  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 02:19:14,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372353.9133308, 'message': 'Dec  7 02:19:12 hqnl0246134 sshd[277737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.19.166 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:19:15,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372355.9166622, 'message': 'Dec  7 02:19:13 hqnl0246134 sshd[277737]: Failed password for invalid user jan from 138.197.19.166 port 51890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 02:19:15,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372355.9169488, 'message': 'Dec  7 02:19:14 hqnl0246134 sshd[277739]: Failed password for root from 185.233.36.187 port 56222 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 02:19:15,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372355.9170632, 'message': 'Dec  7 02:19:14 hqnl0246134 sshd[277736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 02:19:15,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.197.19.166', 'timestamp': 1670372355.9173, 'message': 'Dec  7 02:19:15 hqnl0246134 sshd[277737]: Disconnected from invalid user jan 138.197.19.166 port 51890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 02:19:15,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372355.917196, 'message': 'Dec  7 02:19:14 hqnl0246134 sshd[277736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 02:19:17,810] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:19:17,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:19:17,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:19:17,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0236 seconds
INFO    [2022-12-07 02:19:17,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372357.9189067, 'message': 'Dec  7 02:19:17 hqnl0246134 sshd[277736]: Failed password for root from 61.177.173.39 port 63519 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 02:19:17,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372357.9191916, 'message': 'Dec  7 02:19:17 hqnl0246134 sshd[277744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 02:19:19,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372359.921206, 'message': 'Dec  7 02:19:19 hqnl0246134 sshd[277736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-07 02:19:19,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372359.921449, 'message': 'Dec  7 02:19:19 hqnl0246134 sshd[277744]: Failed password for root from 61.177.173.18 port 31256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-07 02:19:20,852] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:19:20,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:19:20,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:19:20,871] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 02:19:21,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372361.9225597, 'message': 'Dec  7 02:19:20 hqnl0246134 sshd[277752]: Invalid user ts3srv from 128.199.16.6 port 33056', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 02:19:21,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372361.9230626, 'message': 'Dec  7 02:19:21 hqnl0246134 sshd[277736]: Failed password for root from 61.177.173.39 port 63519 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 02:19:21,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372361.9227798, 'message': 'Dec  7 02:19:20 hqnl0246134 sshd[277752]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.16.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 02:19:21,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372361.923192, 'message': 'Dec  7 02:19:21 hqnl0246134 sshd[277736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 02:19:22,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372361.9229198, 'message': 'Dec  7 02:19:20 hqnl0246134 sshd[277752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.16.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:19:22,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372361.9233346, 'message': 'Dec  7 02:19:21 hqnl0246134 sshd[277752]: Failed password for invalid user ts3srv from 128.199.16.6 port 33056 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:19:24,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372363.9294434, 'message': 'Dec  7 02:19:22 hqnl0246134 sshd[277752]: Disconnected from invalid user ts3srv 128.199.16.6 port 33056 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0749 seconds
INFO    [2022-12-07 02:19:24,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670372363.9298768, 'message': 'Dec  7 02:19:23 hqnl0246134 sshd[277736]: Failed password for root from 61.177.173.39 port 63519 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0754 seconds
INFO    [2022-12-07 02:19:24,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372363.9301143, 'message': 'Dec  7 02:19:23 hqnl0246134 sshd[277744]: Failed password for root from 61.177.173.18 port 31256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0748 seconds
INFO    [2022-12-07 02:19:29,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372369.9436316, 'message': 'Dec  7 02:19:27 hqnl0246134 sshd[277744]: Failed password for root from 61.177.173.18 port 31256 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 02:19:31,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372371.9486465, 'message': 'Dec  7 02:19:31 hqnl0246134 sshd[277769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.255.168.152 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:19:31,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372371.9488766, 'message': 'Dec  7 02:19:31 hqnl0246134 sshd[277769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.168.152  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:19:33,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.255.168.152', 'timestamp': 1670372373.9525936, 'message': 'Dec  7 02:19:32 hqnl0246134 sshd[277769]: Failed password for root from 51.255.168.152 port 41258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 02:19:50,532] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:19:50,533] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:20:04,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372404.001531, 'message': 'Dec  7 02:20:03 hqnl0246134 sshd[277806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 02:20:06,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372406.0060208, 'message': 'Dec  7 02:20:04 hqnl0246134 sshd[277809]: Invalid user huawei from 165.227.166.207 port 34300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:20:06,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372406.006215, 'message': 'Dec  7 02:20:04 hqnl0246134 sshd[277809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:20:08,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372408.008519, 'message': 'Dec  7 02:20:06 hqnl0246134 sshd[277806]: Failed password for root from 61.177.173.18 port 49539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 02:20:08,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372408.0087237, 'message': 'Dec  7 02:20:07 hqnl0246134 sshd[277809]: Failed password for invalid user huawei from 165.227.166.207 port 34300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:20:10,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372410.011904, 'message': 'Dec  7 02:20:09 hqnl0246134 sshd[277809]: Disconnected from invalid user huawei 165.227.166.207 port 34300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 02:20:11,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:20:11,889] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-07 02:20:12,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372412.0152895, 'message': 'Dec  7 02:20:10 hqnl0246134 sshd[277806]: Failed password for root from 61.177.173.18 port 49539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 02:20:14,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372414.0176275, 'message': 'Dec  7 02:20:12 hqnl0246134 sshd[277821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.118.207.11 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 02:20:14,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372414.0181642, 'message': 'Dec  7 02:20:12 hqnl0246134 sshd[277806]: Failed password for root from 61.177.173.18 port 49539 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 02:20:14,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372414.01794, 'message': 'Dec  7 02:20:12 hqnl0246134 sshd[277821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.207.11  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 02:20:16,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.118.207.11', 'timestamp': 1670372416.0187628, 'message': 'Dec  7 02:20:15 hqnl0246134 sshd[277821]: Failed password for root from 92.118.207.11 port 50572 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 02:20:17,555] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:20:17,556] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:20:17,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:20:17,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0427 seconds
INFO    [2022-12-07 02:20:18,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372418.0207913, 'message': 'Dec  7 02:20:17 hqnl0246134 sshd[277830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.35.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:20:18,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372418.0209856, 'message': 'Dec  7 02:20:17 hqnl0246134 sshd[277830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.35.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:20:18,218] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:20:18,219] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:20:18,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:20:18,237] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 02:20:20,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.35.194', 'timestamp': 1670372420.0219269, 'message': 'Dec  7 02:20:19 hqnl0246134 sshd[277830]: Failed password for root from 43.131.35.194 port 39514 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 02:20:20,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:20:20,818] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:20:20,826] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:20:20,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 02:20:34,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372434.0451798, 'message': 'Dec  7 02:20:33 hqnl0246134 sshd[277852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.106.169.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 02:20:34,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372434.0456975, 'message': 'Dec  7 02:20:33 hqnl0246134 sshd[277852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.106.169.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:20:36,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '92.106.169.34', 'timestamp': 1670372436.0480452, 'message': 'Dec  7 02:20:35 hqnl0246134 sshd[277852]: Failed password for root from 92.106.169.34 port 35802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-07 02:20:50,537] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:20:50,538] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:20:52,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372452.0934358, 'message': 'Dec  7 02:20:50 hqnl0246134 sshd[277857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 02:20:52,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372452.0937636, 'message': 'Dec  7 02:20:51 hqnl0246134 sshd[277860]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.17.229.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 02:20:52,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372452.0939622, 'message': 'Dec  7 02:20:51 hqnl0246134 sshd[277860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.17.229.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:20:54,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372454.1062067, 'message': 'Dec  7 02:20:52 hqnl0246134 sshd[277857]: Failed password for root from 61.177.173.18 port 11379 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:20:54,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.17.229.65', 'timestamp': 1670372454.10655, 'message': 'Dec  7 02:20:53 hqnl0246134 sshd[277860]: Failed password for root from 185.17.229.65 port 59871 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:20:58,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372458.122723, 'message': 'Dec  7 02:20:56 hqnl0246134 sshd[277857]: Failed password for root from 61.177.173.18 port 11379 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:21:02,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372462.1390545, 'message': 'Dec  7 02:21:01 hqnl0246134 sshd[277857]: Failed password for root from 61.177.173.18 port 11379 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
WARNING [2022-12-07 02:21:11,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:21:11,891] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-07 02:21:17,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:21:17,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:21:17,798] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:21:17,810] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:21:20,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:21:20,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:21:20,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:21:20,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 02:21:38,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372498.2027593, 'message': 'Dec  7 02:21:37 hqnl0246134 sshd[277905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 02:21:40,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372500.2040782, 'message': 'Dec  7 02:21:39 hqnl0246134 sshd[277905]: Failed password for root from 61.177.173.18 port 24462 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
WARNING [2022-12-07 02:21:50,541] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:21:50,543] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:21:50,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:21:50,674] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:21:50,682] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:21:50,693] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 02:21:54,136] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 02:21:54,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372514.2228138, 'message': 'Dec  7 02:21:53 hqnl0246134 sshd[277913]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.233.36.187 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:21:54,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372514.2245488, 'message': 'Dec  7 02:21:53 hqnl0246134 sshd[277913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.233.36.187  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:21:56,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.233.36.187', 'timestamp': 1670372516.2431667, 'message': 'Dec  7 02:21:55 hqnl0246134 sshd[277913]: Failed password for root from 185.233.36.187 port 48240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 02:22:00,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372520.233825, 'message': 'Dec  7 02:21:59 hqnl0246134 sshd[277915]: Invalid user sampserver from 159.89.8.45 port 57176', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:22:00,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372520.2340584, 'message': 'Dec  7 02:21:59 hqnl0246134 sshd[277915]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.8.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:22:00,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372520.2342176, 'message': 'Dec  7 02:21:59 hqnl0246134 sshd[277915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.8.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:22:02,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372522.2339106, 'message': 'Dec  7 02:22:01 hqnl0246134 sshd[277915]: Failed password for invalid user sampserver from 159.89.8.45 port 57176 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:22:04,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.8.45', 'timestamp': 1670372524.2369404, 'message': 'Dec  7 02:22:02 hqnl0246134 sshd[277915]: Disconnected from invalid user sampserver 159.89.8.45 port 57176 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-07 02:22:11,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:22:11,889] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0283 seconds
INFO    [2022-12-07 02:22:17,694] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:22:17,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:22:17,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:22:17,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:22:20,272] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:22:20,273] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:22:20,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:22:20,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-07 02:22:20,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372540.2749808, 'message': 'Dec  7 02:22:19 hqnl0246134 sshd[277952]: Invalid user huawei from 165.227.166.207 port 44586', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 02:22:20,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372540.2751393, 'message': 'Dec  7 02:22:19 hqnl0246134 sshd[277952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:22:22,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372542.2758255, 'message': 'Dec  7 02:22:21 hqnl0246134 sshd[277952]: Failed password for invalid user huawei from 165.227.166.207 port 44586 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:22:22,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372542.2760487, 'message': 'Dec  7 02:22:21 hqnl0246134 sshd[277952]: Disconnected from invalid user huawei 165.227.166.207 port 44586 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:22:26,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372546.3047187, 'message': 'Dec  7 02:22:24 hqnl0246134 sshd[277960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0778 seconds
INFO    [2022-12-07 02:22:28,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372548.284814, 'message': 'Dec  7 02:22:26 hqnl0246134 sshd[277960]: Failed password for root from 61.177.173.18 port 38589 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:22:28,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372548.2852159, 'message': 'Dec  7 02:22:26 hqnl0246134 sshd[277962]: Invalid user openhab from 128.199.16.6 port 50608', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 02:22:28,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372548.285372, 'message': 'Dec  7 02:22:27 hqnl0246134 sshd[277962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.16.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:22:28,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372548.2854996, 'message': 'Dec  7 02:22:27 hqnl0246134 sshd[277962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.16.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:22:30,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372550.286695, 'message': 'Dec  7 02:22:28 hqnl0246134 sshd[277962]: Failed password for invalid user openhab from 128.199.16.6 port 50608 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:22:32,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.16.6', 'timestamp': 1670372552.2897468, 'message': 'Dec  7 02:22:30 hqnl0246134 sshd[277962]: Disconnected from invalid user openhab 128.199.16.6 port 50608 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 02:22:32,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372552.2900994, 'message': 'Dec  7 02:22:30 hqnl0246134 sshd[277960]: Failed password for root from 61.177.173.18 port 38589 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 02:22:36,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372556.293166, 'message': 'Dec  7 02:22:34 hqnl0246134 sshd[277960]: Failed password for root from 61.177.173.18 port 38589 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-07 02:22:50,548] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:22:50,551] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:23:05,325] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:23:05,397] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:23:05,398] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:23:05,398] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:23:05,398] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:23:05,399] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:23:05,410] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:23:05,428] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0288 seconds
WARNING [2022-12-07 02:23:05,435] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:23:05,438] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:23:05,455] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0329 seconds
INFO    [2022-12-07 02:23:05,456] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0307 seconds
WARNING [2022-12-07 02:23:11,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:23:11,895] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0273 seconds
INFO    [2022-12-07 02:23:12,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372592.358071, 'message': 'Dec  7 02:23:10 hqnl0246134 sshd[278018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:23:12,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372592.3583353, 'message': 'Dec  7 02:23:12 hqnl0246134 sshd[278018]: Failed password for root from 61.177.173.18 port 58414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 02:23:18,694] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:23:18,695] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:23:18,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:23:18,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 02:23:20,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372600.3665867, 'message': 'Dec  7 02:23:15 hqnl0246134 sshd[278018]: Failed password for root from 61.177.173.18 port 58414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 02:23:20,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372600.3730373, 'message': 'Dec  7 02:23:19 hqnl0246134 sshd[278023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 02:23:20,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372600.3669567, 'message': 'Dec  7 02:23:19 hqnl0246134 sshd[278018]: Failed password for root from 61.177.173.18 port 58414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 02:23:20,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372600.3731933, 'message': 'Dec  7 02:23:19 hqnl0246134 sshd[278023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 02:23:21,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:23:21,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:23:21,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:23:21,763] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 02:23:22,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372602.368449, 'message': 'Dec  7 02:23:20 hqnl0246134 sshd[278023]: Failed password for root from 61.177.172.104 port 28720 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:23:22,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372602.3686655, 'message': 'Dec  7 02:23:21 hqnl0246134 sshd[278023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:23:23,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:23:23,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:23:23,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:23:23,941] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:23:24,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372604.3697922, 'message': 'Dec  7 02:23:23 hqnl0246134 sshd[278023]: Failed password for root from 61.177.172.104 port 28720 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:23:24,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372604.3699932, 'message': 'Dec  7 02:23:23 hqnl0246134 sshd[278023]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:23:26,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372606.3711157, 'message': 'Dec  7 02:23:25 hqnl0246134 sshd[278023]: Failed password for root from 61.177.172.104 port 28720 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:23:28,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372608.374905, 'message': 'Dec  7 02:23:27 hqnl0246134 sshd[278039]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 02:23:28,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372608.3758953, 'message': 'Dec  7 02:23:27 hqnl0246134 sshd[278039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:23:30,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372610.376389, 'message': 'Dec  7 02:23:29 hqnl0246134 sshd[278039]: Failed password for root from 61.177.172.104 port 41841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 02:23:30,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372610.3766546, 'message': 'Dec  7 02:23:30 hqnl0246134 sshd[278039]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:23:32,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372612.3784986, 'message': 'Dec  7 02:23:32 hqnl0246134 sshd[278039]: Failed password for root from 61.177.172.104 port 41841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:23:34,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372614.3813484, 'message': 'Dec  7 02:23:32 hqnl0246134 sshd[278039]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 02:23:34,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372614.3817575, 'message': 'Dec  7 02:23:34 hqnl0246134 sshd[278039]: Failed password for root from 61.177.172.104 port 41841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:23:36,122] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:23:36,123] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:23:36,124] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 02:23:42,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372622.3938935, 'message': 'Dec  7 02:23:41 hqnl0246134 sshd[278050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 02:23:42,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372622.394355, 'message': 'Dec  7 02:23:41 hqnl0246134 sshd[278050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:23:44,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372624.3937802, 'message': 'Dec  7 02:23:43 hqnl0246134 sshd[278050]: Failed password for root from 61.177.172.104 port 30425 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:23:44,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372624.3940053, 'message': 'Dec  7 02:23:43 hqnl0246134 sshd[278050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:23:46,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372626.3937688, 'message': 'Dec  7 02:23:45 hqnl0246134 sshd[278050]: Failed password for root from 61.177.172.104 port 30425 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 02:23:46,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372626.3939693, 'message': 'Dec  7 02:23:46 hqnl0246134 sshd[278050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 02:23:48,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372628.3973258, 'message': 'Dec  7 02:23:47 hqnl0246134 sshd[278050]: Failed password for root from 61.177.172.104 port 30425 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:23:50,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372630.3982348, 'message': 'Dec  7 02:23:49 hqnl0246134 sshd[278054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:23:50,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372630.3984773, 'message': 'Dec  7 02:23:49 hqnl0246134 sshd[278054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 02:23:50,554] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:23:50,554] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:23:52,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372632.4027896, 'message': 'Dec  7 02:23:51 hqnl0246134 sshd[278054]: Failed password for root from 61.177.172.104 port 44712 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 02:23:52,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372632.4032128, 'message': 'Dec  7 02:23:52 hqnl0246134 sshd[278054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:23:54,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372634.4059885, 'message': 'Dec  7 02:23:54 hqnl0246134 sshd[278054]: Failed password for root from 61.177.172.104 port 44712 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:23:54,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372634.4062436, 'message': 'Dec  7 02:23:54 hqnl0246134 sshd[278054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:23:56,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372636.408431, 'message': 'Dec  7 02:23:54 hqnl0246134 sshd[278056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:23:58,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372638.4116578, 'message': 'Dec  7 02:23:56 hqnl0246134 sshd[278054]: Failed password for root from 61.177.172.104 port 44712 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-07 02:23:58,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372638.412051, 'message': 'Dec  7 02:23:57 hqnl0246134 sshd[278056]: Failed password for root from 61.177.173.18 port 14942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 02:24:00,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372640.412337, 'message': 'Dec  7 02:24:00 hqnl0246134 sshd[278067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 02:24:00,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372640.4126105, 'message': 'Dec  7 02:24:00 hqnl0246134 sshd[278067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:24:02,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372642.4142947, 'message': 'Dec  7 02:24:01 hqnl0246134 sshd[278056]: Failed password for root from 61.177.173.18 port 14942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 02:24:04,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372644.4172227, 'message': 'Dec  7 02:24:02 hqnl0246134 sshd[278067]: Failed password for root from 61.177.172.104 port 20750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:24:06,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372646.4183424, 'message': 'Dec  7 02:24:04 hqnl0246134 sshd[278067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:24:06,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372646.418564, 'message': 'Dec  7 02:24:05 hqnl0246134 sshd[278056]: Failed password for root from 61.177.173.18 port 14942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:24:06,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372646.4186764, 'message': 'Dec  7 02:24:06 hqnl0246134 sshd[278067]: Failed password for root from 61.177.172.104 port 20750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:24:08,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372648.4215684, 'message': 'Dec  7 02:24:06 hqnl0246134 sshd[278067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:24:10,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670372650.4243784, 'message': 'Dec  7 02:24:09 hqnl0246134 sshd[278067]: Failed password for root from 61.177.172.104 port 20750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-07 02:24:11,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:24:11,902] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0302 seconds
INFO    [2022-12-07 02:24:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:24:17,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:24:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:24:17,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 02:24:21,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:24:21,635] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:24:21,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:24:21,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 02:24:26,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372666.4433599, 'message': 'Dec  7 02:24:25 hqnl0246134 sshd[278097]: Invalid user huawei from 165.227.166.207 port 54864', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:24:26,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372666.4435916, 'message': 'Dec  7 02:24:25 hqnl0246134 sshd[278097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 02:24:28,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372668.4466846, 'message': 'Dec  7 02:24:27 hqnl0246134 sshd[278097]: Failed password for invalid user huawei from 165.227.166.207 port 54864 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 02:24:28,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372668.44733, 'message': 'Dec  7 02:24:27 hqnl0246134 sshd[278097]: Disconnected from invalid user huawei 165.227.166.207 port 54864 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:24:30,103] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:24:30,104] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:24:30,111] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:24:30,122] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 02:24:40,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372680.4604893, 'message': 'Dec  7 02:24:39 hqnl0246134 sshd[278116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 02:24:42,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372682.4618447, 'message': 'Dec  7 02:24:41 hqnl0246134 sshd[278116]: Failed password for root from 61.177.173.18 port 36807 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 02:24:50,558] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:24:50,560] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:25:11,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:25:11,921] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-07 02:25:17,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:25:17,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:25:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:25:17,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 02:25:20,577] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:25:20,578] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:25:20,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:25:20,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372720.5012186, 'message': 'Dec  7 02:25:20 hqnl0246134 sshd[278169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0917 seconds
INFO    [2022-12-07 02:25:20,610] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0313 seconds
INFO    [2022-12-07 02:25:20,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372720.5014758, 'message': 'Dec  7 02:25:20 hqnl0246134 sshd[278169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 02:25:22,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372722.5022326, 'message': 'Dec  7 02:25:22 hqnl0246134 sshd[278169]: Failed password for root from 61.177.173.49 port 18817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:25:24,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372724.504018, 'message': 'Dec  7 02:25:22 hqnl0246134 sshd[278169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:25:26,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372726.5059204, 'message': 'Dec  7 02:25:24 hqnl0246134 sshd[278169]: Failed password for root from 61.177.173.49 port 18817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 02:25:26,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372726.5061066, 'message': 'Dec  7 02:25:24 hqnl0246134 sshd[278175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 02:25:26,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372726.506219, 'message': 'Dec  7 02:25:25 hqnl0246134 sshd[278169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:25:28,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372728.5088205, 'message': 'Dec  7 02:25:26 hqnl0246134 sshd[278169]: Failed password for root from 61.177.173.49 port 18817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 02:25:28,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372728.5091584, 'message': 'Dec  7 02:25:27 hqnl0246134 sshd[278175]: Failed password for root from 61.177.173.18 port 51322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 02:25:30,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372730.5103703, 'message': 'Dec  7 02:25:29 hqnl0246134 sshd[278186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:25:30,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372730.5105867, 'message': 'Dec  7 02:25:29 hqnl0246134 sshd[278186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:25:32,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372732.5122874, 'message': 'Dec  7 02:25:30 hqnl0246134 sshd[278175]: Failed password for root from 61.177.173.18 port 51322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:25:32,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372732.5124674, 'message': 'Dec  7 02:25:31 hqnl0246134 sshd[278186]: Failed password for root from 61.177.173.49 port 40372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 02:25:32,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372732.5126019, 'message': 'Dec  7 02:25:31 hqnl0246134 sshd[278186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:25:34,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372734.5153592, 'message': 'Dec  7 02:25:33 hqnl0246134 sshd[278175]: Failed password for root from 61.177.173.18 port 51322 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:25:34,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372734.5155625, 'message': 'Dec  7 02:25:33 hqnl0246134 sshd[278186]: Failed password for root from 61.177.173.49 port 40372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 02:25:34,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372734.5156884, 'message': 'Dec  7 02:25:33 hqnl0246134 sshd[278186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.49 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:25:36,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.49', 'timestamp': 1670372736.5179906, 'message': 'Dec  7 02:25:35 hqnl0246134 sshd[278186]: Failed password for root from 61.177.173.49 port 40372 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 02:25:50,565] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:25:50,567] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:26:11,895] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:26:11,922] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-07 02:26:12,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372772.558045, 'message': 'Dec  7 02:26:10 hqnl0246134 sshd[278214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:26:12,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372772.5583398, 'message': 'Dec  7 02:26:12 hqnl0246134 sshd[278214]: Failed password for root from 61.177.173.18 port 19778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:26:17,872] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:26:17,873] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:26:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:26:17,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 02:26:20,105] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:26:20,105] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:26:20,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:26:20,123] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 02:26:20,701] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:26:20,702] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:26:20,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:26:20,721] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 02:26:36,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372796.5823529, 'message': 'Dec  7 02:26:34 hqnl0246134 sshd[278245]: Invalid user informix from 165.227.166.207 port 36932', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 02:26:36,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372796.5829034, 'message': 'Dec  7 02:26:34 hqnl0246134 sshd[278245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 02:26:38,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372798.5841007, 'message': 'Dec  7 02:26:36 hqnl0246134 sshd[278245]: Failed password for invalid user informix from 165.227.166.207 port 36932 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:26:38,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372798.5842993, 'message': 'Dec  7 02:26:38 hqnl0246134 sshd[278245]: Disconnected from invalid user informix 165.227.166.207 port 36932 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 02:26:50,575] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:26:50,576] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:26:58,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372818.614438, 'message': 'Dec  7 02:26:56 hqnl0246134 sshd[278252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 02:27:00,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372820.6171799, 'message': 'Dec  7 02:26:58 hqnl0246134 sshd[278252]: Failed password for root from 61.177.173.18 port 33389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:27:04,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372824.6210222, 'message': 'Dec  7 02:27:03 hqnl0246134 sshd[278252]: Failed password for root from 61.177.173.18 port 33389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 02:27:10,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372830.6291473, 'message': 'Dec  7 02:27:07 hqnl0246134 sshd[278252]: Failed password for root from 61.177.173.18 port 33389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-07 02:27:11,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:27:11,938] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0532 seconds
INFO    [2022-12-07 02:27:17,838] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:27:17,839] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:27:17,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:27:17,859] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 02:27:20,340] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:27:20,340] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:27:20,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:27:20,360] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 02:27:38,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372858.6698923, 'message': 'Dec  7 02:27:37 hqnl0246134 sshd[278303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:27:38,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372858.6702633, 'message': 'Dec  7 02:27:37 hqnl0246134 sshd[278303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:27:40,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372860.6727555, 'message': 'Dec  7 02:27:40 hqnl0246134 sshd[278303]: Failed password for root from 61.177.173.36 port 43363 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:27:42,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372862.674751, 'message': 'Dec  7 02:27:41 hqnl0246134 sshd[278303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:27:44,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372864.676948, 'message': 'Dec  7 02:27:43 hqnl0246134 sshd[278303]: Failed password for root from 61.177.173.36 port 43363 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:27:44,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372864.6771798, 'message': 'Dec  7 02:27:43 hqnl0246134 sshd[278306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 02:27:44,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372864.6773038, 'message': 'Dec  7 02:27:44 hqnl0246134 sshd[278303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:27:46,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372866.678933, 'message': 'Dec  7 02:27:46 hqnl0246134 sshd[278303]: Failed password for root from 61.177.173.36 port 43363 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 02:27:46,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372866.679169, 'message': 'Dec  7 02:27:46 hqnl0246134 sshd[278306]: Failed password for root from 61.177.173.18 port 46846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 02:27:48,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372868.6805246, 'message': 'Dec  7 02:27:48 hqnl0246134 sshd[278310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 02:27:48,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372868.6807506, 'message': 'Dec  7 02:27:48 hqnl0246134 sshd[278310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 02:27:48,992] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:27:48,993] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:27:49,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:27:49,014] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-07 02:27:50,578] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:27:50,579] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:27:50,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372870.6822164, 'message': 'Dec  7 02:27:50 hqnl0246134 sshd[278310]: Failed password for root from 61.177.173.36 port 25661 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:27:50,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372870.6825411, 'message': 'Dec  7 02:27:50 hqnl0246134 sshd[278306]: Failed password for root from 61.177.173.18 port 46846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:27:52,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372872.684528, 'message': 'Dec  7 02:27:52 hqnl0246134 sshd[278310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:27:56,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372876.6927285, 'message': 'Dec  7 02:27:54 hqnl0246134 sshd[278310]: Failed password for root from 61.177.173.36 port 25661 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:27:56,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372876.6930337, 'message': 'Dec  7 02:27:54 hqnl0246134 sshd[278306]: Failed password for root from 61.177.173.18 port 46846 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 02:27:58,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372878.6954353, 'message': 'Dec  7 02:27:56 hqnl0246134 sshd[278310]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:28:00,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372880.6985917, 'message': 'Dec  7 02:27:58 hqnl0246134 sshd[278310]: Failed password for root from 61.177.173.36 port 25661 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:28:02,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372882.7020445, 'message': 'Dec  7 02:28:00 hqnl0246134 sshd[278350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 02:28:02,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372882.702466, 'message': 'Dec  7 02:28:00 hqnl0246134 sshd[278350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:28:04,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372884.7020044, 'message': 'Dec  7 02:28:02 hqnl0246134 sshd[278350]: Failed password for root from 61.177.173.36 port 25943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:28:06,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372886.704955, 'message': 'Dec  7 02:28:05 hqnl0246134 sshd[278350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:28:08,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372888.7060316, 'message': 'Dec  7 02:28:07 hqnl0246134 sshd[278350]: Failed password for root from 61.177.173.36 port 25943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 02:28:10,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372890.7082949, 'message': 'Dec  7 02:28:09 hqnl0246134 sshd[278350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 02:28:10,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.38.255.119', 'timestamp': 1670372890.7085536, 'message': 'Dec  7 02:28:09 hqnl0246134 sshd[278359]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.38.255.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 02:28:10,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.38.255.119', 'timestamp': 1670372890.7087052, 'message': 'Dec  7 02:28:09 hqnl0246134 sshd[278359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.38.255.119  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 02:28:11,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:28:11,929] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0386 seconds
INFO    [2022-12-07 02:28:12,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670372892.7111402, 'message': 'Dec  7 02:28:11 hqnl0246134 sshd[278350]: Failed password for root from 61.177.173.36 port 25943 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:28:12,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.38.255.119', 'timestamp': 1670372892.7113748, 'message': 'Dec  7 02:28:12 hqnl0246134 sshd[278359]: Failed password for root from 103.38.255.119 port 42246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 02:28:18,023] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:28:18,023] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:28:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:28:18,055] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
INFO    [2022-12-07 02:28:18,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670372898.720701, 'message': 'Dec  7 02:28:17 hqnl0246134 sshd[278373]: Invalid user ftpuser from 194.169.175.102 port 50350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:28:18,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '194.169.175.102', 'timestamp': 1670372898.7210264, 'message': 'Dec  7 02:28:18 hqnl0246134 sshd[278373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:28:20,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:28:20,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:28:20,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:28:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 02:28:20,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670372900.7217503, 'message': 'Dec  7 02:28:20 hqnl0246134 sshd[278373]: Failed password for invalid user ftpuser from 194.169.175.102 port 50350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 02:28:20,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '194.169.175.102', 'timestamp': 1670372900.721932, 'message': 'Dec  7 02:28:20 hqnl0246134 sshd[278373]: Disconnected from invalid user ftpuser 194.169.175.102 port 50350 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 02:28:30,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11203, 'attackers_ip': '34.76.158.233', 'timestamp': 1670372910.7338288, 'message': '2022-12-07 02:28:29,748 hqnl0246134.online-vm.com proftpd[278393] hqnl0246134.online-vm.com (233.158.76.34.bc.googleusercontent.com[34.76.158.233]): USER anonymous: no such user found from 233.158.76.34.bc.googleusercontent.com [34.76.158.233] to ::ffff:31.131.20.181:21', 'severity': 3, 'name': 'Attempt to login using a non-existent user.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:28:32,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372912.7375, 'message': 'Dec  7 02:28:30 hqnl0246134 sshd[278391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:28:34,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372914.7408268, 'message': 'Dec  7 02:28:33 hqnl0246134 sshd[278391]: Failed password for root from 61.177.173.18 port 13472 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:28:42,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372922.7537954, 'message': 'Dec  7 02:28:42 hqnl0246134 sshd[278397]: Invalid user init from 165.227.166.207 port 47214', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:28:42,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372922.753995, 'message': 'Dec  7 02:28:42 hqnl0246134 sshd[278397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:28:44,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372924.7538865, 'message': 'Dec  7 02:28:44 hqnl0246134 sshd[278397]: Failed password for invalid user init from 165.227.166.207 port 47214 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:28:46,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670372926.757623, 'message': 'Dec  7 02:28:45 hqnl0246134 sshd[278397]: Disconnected from invalid user init 165.227.166.207 port 47214 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-07 02:28:50,581] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:28:50,582] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:29:11,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:29:11,948] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0521 seconds
INFO    [2022-12-07 02:29:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:29:17,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:29:17,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:29:17,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 02:29:18,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372958.800611, 'message': 'Dec  7 02:29:18 hqnl0246134 sshd[278421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:29:20,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372960.8030376, 'message': 'Dec  7 02:29:20 hqnl0246134 sshd[278421]: Failed password for root from 61.177.173.18 port 35801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:29:21,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:29:21,472] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:29:21,481] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:29:21,496] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 02:29:24,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372964.8096673, 'message': 'Dec  7 02:29:24 hqnl0246134 sshd[278421]: Failed password for root from 61.177.173.18 port 35801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:29:28,367] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:29:28,440] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:29:28,440] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:29:28,440] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:29:28,441] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:29:28,441] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:29:28,451] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:29:28,468] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0263 seconds
WARNING [2022-12-07 02:29:28,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:29:28,477] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:29:28,493] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-07 02:29:28,495] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0288 seconds
INFO    [2022-12-07 02:29:28,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670372968.814088, 'message': 'Dec  7 02:29:26 hqnl0246134 sshd[278421]: Failed password for root from 61.177.173.18 port 35801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:29:29,598] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:29:29,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:29:29,612] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:29:29,623] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-07 02:29:40,917] defence360agent.files: Updating all files
INFO    [2022-12-07 02:29:41,196] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:41,196] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 02:29:41,545] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:41,545] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 02:29:41,811] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:41,812] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 02:29:42,147] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:42,147] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 02:29:42,148] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 02:29:42,469] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 00:29:42 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E5B60A49D26CB'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 02:29:42,471] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 02:29:42,472] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 02:29:43,009] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:43,009] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 02:29:43,357] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:43,358] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 02:29:43,614] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:43,615] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 02:29:43,956] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:43,956] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 02:29:44,343] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 02:29:44,344] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-07 02:29:50,587] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:29:50,588] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:29:58,573] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:29:58,574] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:29:58,575] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 02:30:04,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373004.8530736, 'message': 'Dec  7 02:30:03 hqnl0246134 sshd[278473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 02:30:04,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373004.853559, 'message': 'Dec  7 02:30:04 hqnl0246134 sshd[278473]: Failed password for root from 61.177.173.18 port 43276 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 02:30:11,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:30:11,926] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0266 seconds
INFO    [2022-12-07 02:30:18,295] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:30:18,296] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:30:18,304] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:30:18,315] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 02:30:20,940] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:30:20,940] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:30:20,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:30:20,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0275 seconds
INFO    [2022-12-07 02:30:48,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373048.9031458, 'message': 'Dec  7 02:30:48 hqnl0246134 sshd[278517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-07 02:30:50,590] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:30:50,590] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:30:50,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373050.9051049, 'message': 'Dec  7 02:30:50 hqnl0246134 sshd[278517]: Failed password for root from 61.177.173.18 port 61169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 02:30:54,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373054.9103997, 'message': 'Dec  7 02:30:52 hqnl0246134 sshd[278517]: Failed password for root from 61.177.173.18 port 61169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 02:30:54,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373054.9106023, 'message': 'Dec  7 02:30:54 hqnl0246134 sshd[278520]: Invalid user inspur from 165.227.166.207 port 57480', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 02:30:54,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373054.9107969, 'message': 'Dec  7 02:30:54 hqnl0246134 sshd[278520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 02:30:56,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373056.9110594, 'message': 'Dec  7 02:30:55 hqnl0246134 sshd[278517]: Failed password for root from 61.177.173.18 port 61169 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:30:58,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373058.9144292, 'message': 'Dec  7 02:30:57 hqnl0246134 sshd[278520]: Failed password for invalid user inspur from 165.227.166.207 port 57480 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 02:31:00,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373060.9177675, 'message': 'Dec  7 02:30:59 hqnl0246134 sshd[278520]: Disconnected from invalid user inspur 165.227.166.207 port 57480 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:31:02,099] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:31:02,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:31:02,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:31:02,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
WARNING [2022-12-07 02:31:11,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:31:11,936] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0311 seconds
INFO    [2022-12-07 02:31:19,825] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:31:19,826] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:31:19,834] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:31:19,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:31:24,408] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:31:24,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:31:24,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:31:24,429] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 02:31:34,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373094.9573572, 'message': 'Dec  7 02:31:34 hqnl0246134 sshd[278565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 02:31:36,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373096.9581237, 'message': 'Dec  7 02:31:36 hqnl0246134 sshd[278565]: Failed password for root from 61.177.173.18 port 27039 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 02:31:50,593] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:31:50,594] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:31:54,139] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 02:32:11,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:32:11,962] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0513 seconds
INFO    [2022-12-07 02:32:18,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:32:18,063] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:32:18,070] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:32:18,085] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 02:32:20,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:32:20,771] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:32:20,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:32:20,794] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 02:32:21,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373141.009818, 'message': 'Dec  7 02:32:20 hqnl0246134 sshd[278604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 02:32:23,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373143.0160904, 'message': 'Dec  7 02:32:21 hqnl0246134 sshd[278604]: Failed password for root from 61.177.173.18 port 36568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:32:29,475] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:32:29,476] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:32:29,483] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:32:29,496] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-07 02:32:50,597] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:32:50,598] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:32:57,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373177.0609252, 'message': 'Dec  7 02:32:56 hqnl0246134 sshd[278629]: Invalid user inspur from 165.227.166.207 port 39558', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:32:57,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373177.0612793, 'message': 'Dec  7 02:32:57 hqnl0246134 sshd[278629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 02:33:01,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373181.0633466, 'message': 'Dec  7 02:32:59 hqnl0246134 sshd[278629]: Failed password for invalid user inspur from 165.227.166.207 port 39558 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 02:33:01,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373181.0637186, 'message': 'Dec  7 02:32:59 hqnl0246134 sshd[278629]: Disconnected from invalid user inspur 165.227.166.207 port 39558 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:33:09,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373189.07441, 'message': 'Dec  7 02:33:07 hqnl0246134 sshd[278646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:33:11,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373191.0735981, 'message': 'Dec  7 02:33:09 hqnl0246134 sshd[278646]: Failed password for root from 61.177.173.18 port 56389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 02:33:11,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:33:11,945] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-07 02:33:15,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373195.0788822, 'message': 'Dec  7 02:33:13 hqnl0246134 sshd[278646]: Failed password for root from 61.177.173.18 port 56389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 02:33:15,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373195.0791745, 'message': 'Dec  7 02:33:14 hqnl0246134 sshd[278649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 02:33:15,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373195.079291, 'message': 'Dec  7 02:33:14 hqnl0246134 sshd[278649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:33:17,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373197.0806608, 'message': 'Dec  7 02:33:16 hqnl0246134 sshd[278649]: Failed password for root from 61.177.173.53 port 62298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 02:33:17,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373197.0810099, 'message': 'Dec  7 02:33:16 hqnl0246134 sshd[278646]: Failed password for root from 61.177.173.18 port 56389 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 02:33:17,975] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:33:17,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:33:17,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:33:17,994] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 02:33:19,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373199.0826824, 'message': 'Dec  7 02:33:18 hqnl0246134 sshd[278649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 02:33:20,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:33:20,740] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:33:20,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:33:20,762] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 02:33:21,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373201.08507, 'message': 'Dec  7 02:33:20 hqnl0246134 sshd[278649]: Failed password for root from 61.177.173.53 port 62298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:33:23,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373203.0862303, 'message': 'Dec  7 02:33:22 hqnl0246134 sshd[278649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:33:25,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373205.0888526, 'message': 'Dec  7 02:33:24 hqnl0246134 sshd[278649]: Failed password for root from 61.177.173.53 port 62298 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 02:33:27,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373207.091631, 'message': 'Dec  7 02:33:26 hqnl0246134 sshd[278663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 02:33:27,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373207.0918603, 'message': 'Dec  7 02:33:26 hqnl0246134 sshd[278663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:33:29,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373209.0936797, 'message': 'Dec  7 02:33:28 hqnl0246134 sshd[278663]: Failed password for root from 61.177.173.53 port 60262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 02:33:31,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373211.0947492, 'message': 'Dec  7 02:33:29 hqnl0246134 sshd[278663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 02:33:33,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373213.096617, 'message': 'Dec  7 02:33:31 hqnl0246134 sshd[278663]: Failed password for root from 61.177.173.53 port 60262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:33:35,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373215.0980396, 'message': 'Dec  7 02:33:33 hqnl0246134 sshd[278663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:33:37,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670373217.1000724, 'message': 'Dec  7 02:33:35 hqnl0246134 sshd[278663]: Failed password for root from 61.177.173.53 port 60262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 02:33:38,508] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:33:38,508] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:33:38,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:33:38,527] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-07 02:33:50,603] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:33:50,603] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:33:51,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373231.118433, 'message': 'Dec  7 02:33:50 hqnl0246134 sshd[278681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:33:51,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373231.1187975, 'message': 'Dec  7 02:33:50 hqnl0246134 sshd[278681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:33:53,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373233.1204793, 'message': 'Dec  7 02:33:52 hqnl0246134 sshd[278681]: Failed password for root from 61.177.172.108 port 15494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:33:55,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373235.1221368, 'message': 'Dec  7 02:33:54 hqnl0246134 sshd[278683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:33:55,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373235.1223347, 'message': 'Dec  7 02:33:54 hqnl0246134 sshd[278681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 02:33:57,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373237.1223912, 'message': 'Dec  7 02:33:56 hqnl0246134 sshd[278683]: Failed password for root from 61.177.173.18 port 14933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:33:59,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373239.1239355, 'message': 'Dec  7 02:33:57 hqnl0246134 sshd[278681]: Failed password for root from 61.177.172.108 port 15494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:34:01,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373241.1263294, 'message': 'Dec  7 02:33:59 hqnl0246134 sshd[278681]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 02:34:01,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373241.126593, 'message': 'Dec  7 02:34:00 hqnl0246134 sshd[278683]: Failed password for root from 61.177.173.18 port 14933 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 02:34:03,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670373243.128093, 'message': 'Dec  7 02:34:01 hqnl0246134 sshd[278681]: Failed password for root from 61.177.172.108 port 15494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 02:34:03,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373243.1283567, 'message': 'Dec  7 02:34:02 hqnl0246134 sshd[278683]: Failed password for root from 61.177.173.18 port 14933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
WARNING [2022-12-07 02:34:11,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:34:11,947] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-07 02:34:19,036] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:34:19,037] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:34:19,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:34:19,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:34:21,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:34:21,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:34:21,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:34:21,809] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:34:41,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373281.1943502, 'message': 'Dec  7 02:34:40 hqnl0246134 sshd[278752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 02:34:43,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373283.195748, 'message': 'Dec  7 02:34:42 hqnl0246134 sshd[278752]: Failed password for root from 61.177.173.18 port 30144 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 02:34:50,606] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:34:50,607] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:34:52,637] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:34:52,638] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:34:52,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:34:52,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 02:34:57,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373297.2134645, 'message': 'Dec  7 02:34:56 hqnl0246134 sshd[278762]: Invalid user inspur from 165.227.166.207 port 49836', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:34:57,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373297.2137136, 'message': 'Dec  7 02:34:56 hqnl0246134 sshd[278762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:34:59,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373299.2157328, 'message': 'Dec  7 02:34:59 hqnl0246134 sshd[278762]: Failed password for invalid user inspur from 165.227.166.207 port 49836 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 02:35:03,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373303.2210732, 'message': 'Dec  7 02:35:01 hqnl0246134 sshd[278762]: Disconnected from invalid user inspur 165.227.166.207 port 49836 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-07 02:35:11,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:35:11,949] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0269 seconds
INFO    [2022-12-07 02:35:17,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:35:17,912] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:35:17,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:35:17,931] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 02:35:20,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:35:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:35:20,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:35:20,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 02:35:29,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373329.2619648, 'message': 'Dec  7 02:35:27 hqnl0246134 sshd[278817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 02:35:31,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373331.2622836, 'message': 'Dec  7 02:35:29 hqnl0246134 sshd[278817]: Failed password for root from 61.177.173.18 port 52361 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 02:35:50,612] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:35:50,614] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:36:11,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:36:11,957] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0281 seconds
INFO    [2022-12-07 02:36:13,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373373.3262067, 'message': 'Dec  7 02:36:12 hqnl0246134 sshd[278854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 02:36:15,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373375.3306205, 'message': 'Dec  7 02:36:14 hqnl0246134 sshd[278854]: Failed password for root from 61.177.173.18 port 59170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:36:17,908] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:36:17,909] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:36:17,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:36:17,928] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:36:19,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373379.3347733, 'message': 'Dec  7 02:36:16 hqnl0246134 sshd[278854]: Failed password for root from 61.177.173.18 port 59170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 02:36:20,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:36:20,731] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:36:20,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:36:20,752] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 02:36:21,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373381.3412244, 'message': 'Dec  7 02:36:19 hqnl0246134 sshd[278854]: Failed password for root from 61.177.173.18 port 59170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:36:22,279] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:36:22,349] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:36:22,350] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:36:22,350] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:36:22,350] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:36:22,351] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:36:22,360] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:36:22,375] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0238 seconds
WARNING [2022-12-07 02:36:22,381] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:36:22,383] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:36:22,401] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-07 02:36:22,403] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0299 seconds
INFO    [2022-12-07 02:36:23,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:36:23,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:36:23,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:36:23,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-07 02:36:50,621] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:36:50,623] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:36:52,479] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:36:52,480] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:36:52,482] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 02:36:59,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373419.4035432, 'message': 'Dec  7 02:36:58 hqnl0246134 sshd[278889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 02:37:01,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373421.404896, 'message': 'Dec  7 02:37:00 hqnl0246134 sshd[278889]: Failed password for root from 61.177.173.18 port 19358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 02:37:03,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373423.408424, 'message': 'Dec  7 02:37:02 hqnl0246134 sshd[278900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1250 seconds
INFO    [2022-12-07 02:37:03,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373423.409453, 'message': 'Dec  7 02:37:02 hqnl0246134 sshd[278889]: Failed password for root from 61.177.173.18 port 19358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1254 seconds
INFO    [2022-12-07 02:37:03,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373423.409599, 'message': 'Dec  7 02:37:03 hqnl0246134 sshd[278909]: Invalid user inst01 from 165.227.166.207 port 60168', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1254 seconds
INFO    [2022-12-07 02:37:03,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373423.4092863, 'message': 'Dec  7 02:37:02 hqnl0246134 sshd[278900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 02:37:03,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373423.4097245, 'message': 'Dec  7 02:37:03 hqnl0246134 sshd[278909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 02:37:05,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373425.411646, 'message': 'Dec  7 02:37:03 hqnl0246134 sshd[278900]: Failed password for root from 61.177.173.48 port 33667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:37:05,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373425.4119053, 'message': 'Dec  7 02:37:04 hqnl0246134 sshd[278900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:37:07,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373427.4153974, 'message': 'Dec  7 02:37:05 hqnl0246134 sshd[278889]: Failed password for root from 61.177.173.18 port 19358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0806 seconds
INFO    [2022-12-07 02:37:07,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373427.4156852, 'message': 'Dec  7 02:37:05 hqnl0246134 sshd[278909]: Failed password for invalid user inst01 from 165.227.166.207 port 60168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0814 seconds
INFO    [2022-12-07 02:37:07,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373427.4160562, 'message': 'Dec  7 02:37:06 hqnl0246134 sshd[278900]: Failed password for root from 61.177.173.48 port 33667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0817 seconds
INFO    [2022-12-07 02:37:07,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373427.4158633, 'message': 'Dec  7 02:37:06 hqnl0246134 sshd[278909]: Disconnected from invalid user inst01 165.227.166.207 port 60168 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 02:37:07,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373427.416265, 'message': 'Dec  7 02:37:06 hqnl0246134 sshd[278900]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 02:37:09,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373429.4174857, 'message': 'Dec  7 02:37:08 hqnl0246134 sshd[278900]: Failed password for root from 61.177.173.48 port 33667 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:37:11,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373431.4210672, 'message': 'Dec  7 02:37:10 hqnl0246134 sshd[278920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:37:11,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373431.4212692, 'message': 'Dec  7 02:37:10 hqnl0246134 sshd[278920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 02:37:11,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:37:11,964] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-07 02:37:13,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373433.4242387, 'message': 'Dec  7 02:37:12 hqnl0246134 sshd[278920]: Failed password for root from 61.177.173.48 port 45732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:37:13,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373433.424442, 'message': 'Dec  7 02:37:12 hqnl0246134 sshd[278920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:37:15,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373435.428141, 'message': 'Dec  7 02:37:14 hqnl0246134 sshd[278920]: Failed password for root from 61.177.173.48 port 45732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:37:15,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373435.4284296, 'message': 'Dec  7 02:37:14 hqnl0246134 sshd[278920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:37:17,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373437.4324343, 'message': 'Dec  7 02:37:15 hqnl0246134 sshd[278920]: Failed password for root from 61.177.173.48 port 45732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 02:37:17,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:37:18,000] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:37:18,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:37:18,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:37:19,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373439.434657, 'message': 'Dec  7 02:37:18 hqnl0246134 sshd[278928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 02:37:19,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373439.4350562, 'message': 'Dec  7 02:37:18 hqnl0246134 sshd[278928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 02:37:20,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:37:20,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:37:20,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:37:20,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 02:37:21,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373441.4377177, 'message': 'Dec  7 02:37:20 hqnl0246134 sshd[278928]: Failed password for root from 61.177.173.48 port 60727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:37:23,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373443.440848, 'message': 'Dec  7 02:37:22 hqnl0246134 sshd[278928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:37:25,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373445.4440975, 'message': 'Dec  7 02:37:24 hqnl0246134 sshd[278928]: Failed password for root from 61.177.173.48 port 60727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:37:25,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373445.4443338, 'message': 'Dec  7 02:37:25 hqnl0246134 sshd[278928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:37:27,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670373447.446593, 'message': 'Dec  7 02:37:26 hqnl0246134 sshd[278928]: Failed password for root from 61.177.173.48 port 60727 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 02:37:30,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:37:30,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:37:30,086] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:37:30,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 02:37:45,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373465.474436, 'message': 'Dec  7 02:37:44 hqnl0246134 sshd[278955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:37:47,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373467.475968, 'message': 'Dec  7 02:37:45 hqnl0246134 sshd[278955]: Failed password for root from 61.177.173.18 port 35295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 02:37:50,630] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:37:50,631] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:38:11,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:38:11,973] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-07 02:38:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:38:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:38:17,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:38:18,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 02:38:20,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:38:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:38:20,642] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:38:20,656] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 02:38:31,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373511.5341868, 'message': 'Dec  7 02:38:30 hqnl0246134 sshd[278989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:38:33,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373513.5372164, 'message': 'Dec  7 02:38:32 hqnl0246134 sshd[278989]: Failed password for root from 61.177.173.18 port 60720 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:38:44,130] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:38:44,131] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:38:44,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:38:44,149] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 02:38:50,635] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:38:50,636] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:39:11,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373551.5928261, 'message': 'Dec  7 02:39:09 hqnl0246134 sshd[279152]: Invalid user jenkins from 165.227.166.207 port 42172', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 02:39:11,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373551.5943332, 'message': 'Dec  7 02:39:10 hqnl0246134 sshd[279152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 02:39:11,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:39:11,979] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-07 02:39:13,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373553.5930703, 'message': 'Dec  7 02:39:11 hqnl0246134 sshd[279152]: Failed password for invalid user jenkins from 165.227.166.207 port 42172 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:39:13,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373553.593247, 'message': 'Dec  7 02:39:11 hqnl0246134 sshd[279152]: Disconnected from invalid user jenkins 165.227.166.207 port 42172 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:39:17,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373557.59737, 'message': 'Dec  7 02:39:16 hqnl0246134 sshd[279155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:39:18,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:39:18,068] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:39:18,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:39:18,087] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 02:39:19,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373559.5982149, 'message': 'Dec  7 02:39:17 hqnl0246134 sshd[279155]: Failed password for root from 61.177.173.18 port 17164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 02:39:20,934] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:39:20,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:39:20,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:39:20,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 02:39:21,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373561.6003978, 'message': 'Dec  7 02:39:20 hqnl0246134 sshd[279155]: Failed password for root from 61.177.173.18 port 17164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:39:25,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373565.6054218, 'message': 'Dec  7 02:39:24 hqnl0246134 sshd[279155]: Failed password for root from 61.177.173.18 port 17164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-07 02:39:50,640] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:39:50,641] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:40:03,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373603.6789546, 'message': 'Dec  7 02:40:02 hqnl0246134 sshd[279196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 02:40:05,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373605.6817508, 'message': 'Dec  7 02:40:04 hqnl0246134 sshd[279196]: Failed password for root from 61.177.173.18 port 33295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 02:40:11,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:40:11,981] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 02:40:15,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:40:15,463] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:40:15,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:40:15,491] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0276 seconds
INFO    [2022-12-07 02:40:17,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:40:17,997] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:40:18,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:40:18,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 02:40:20,621] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:40:20,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:40:20,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:40:20,641] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 02:40:49,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373649.7487679, 'message': 'Dec  7 02:40:48 hqnl0246134 sshd[279256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-07 02:40:50,652] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:40:50,653] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:40:51,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373651.7505257, 'message': 'Dec  7 02:40:50 hqnl0246134 sshd[279256]: Failed password for root from 61.177.173.18 port 47510 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 02:41:00,177] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:41:00,245] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:41:00,245] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:41:00,245] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:41:00,246] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:41:00,246] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:41:00,259] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:41:00,276] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0297 seconds
WARNING [2022-12-07 02:41:00,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:41:00,285] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:41:00,303] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0324 seconds
INFO    [2022-12-07 02:41:00,304] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-07 02:41:11,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373671.7872558, 'message': 'Dec  7 02:41:11 hqnl0246134 sshd[279279]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 02:41:11,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373671.7878172, 'message': 'Dec  7 02:41:11 hqnl0246134 sshd[279279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 02:41:11,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:41:11,975] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0246 seconds
INFO    [2022-12-07 02:41:13,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373673.7906616, 'message': 'Dec  7 02:41:13 hqnl0246134 sshd[279279]: Failed password for root from 61.177.173.46 port 56766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 02:41:15,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373675.793296, 'message': 'Dec  7 02:41:15 hqnl0246134 sshd[279279]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 02:41:15,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373675.7935884, 'message': 'Dec  7 02:41:15 hqnl0246134 sshd[279281]: Invalid user kk from 165.227.166.207 port 52462', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 02:41:15,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373675.793727, 'message': 'Dec  7 02:41:15 hqnl0246134 sshd[279281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 02:41:17,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373677.797692, 'message': 'Dec  7 02:41:17 hqnl0246134 sshd[279279]: Failed password for root from 61.177.173.46 port 56766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 02:41:17,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373677.7979412, 'message': 'Dec  7 02:41:17 hqnl0246134 sshd[279281]: Failed password for invalid user kk from 165.227.166.207 port 52462 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 02:41:17,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373677.798066, 'message': 'Dec  7 02:41:17 hqnl0246134 sshd[279279]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:41:17,947] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:41:17,948] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:41:17,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:41:17,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 02:41:19,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373679.8002632, 'message': 'Dec  7 02:41:17 hqnl0246134 sshd[279281]: Disconnected from invalid user kk 165.227.166.207 port 52462 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 02:41:19,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373679.800544, 'message': 'Dec  7 02:41:19 hqnl0246134 sshd[279279]: Failed password for root from 61.177.173.46 port 56766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 02:41:20,352] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:41:20,353] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:41:20,367] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:41:20,395] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-07 02:41:20,949] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:41:20,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:41:20,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:41:20,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0322 seconds
INFO    [2022-12-07 02:41:21,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373681.8021955, 'message': 'Dec  7 02:41:21 hqnl0246134 sshd[279298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 02:41:21,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373681.8024108, 'message': 'Dec  7 02:41:21 hqnl0246134 sshd[279298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 02:41:23,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373683.8048115, 'message': 'Dec  7 02:41:23 hqnl0246134 sshd[279298]: Failed password for root from 61.177.173.46 port 30676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:41:25,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373685.8062005, 'message': 'Dec  7 02:41:24 hqnl0246134 sshd[279298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 02:41:27,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373687.8086975, 'message': 'Dec  7 02:41:26 hqnl0246134 sshd[279298]: Failed password for root from 61.177.173.46 port 30676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:41:29,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373689.8124075, 'message': 'Dec  7 02:41:28 hqnl0246134 sshd[279298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:41:29,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670373689.8125923, 'message': 'Dec  7 02:41:29 hqnl0246134 sshd[279298]: Failed password for root from 61.177.173.46 port 30676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:41:30,450] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:41:30,451] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:41:30,452] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 02:41:35,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373695.8220274, 'message': 'Dec  7 02:41:35 hqnl0246134 sshd[279313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:41:37,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373697.8242984, 'message': 'Dec  7 02:41:37 hqnl0246134 sshd[279313]: Failed password for root from 61.177.173.18 port 13046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
WARNING [2022-12-07 02:41:50,656] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:41:50,657] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:41:54,144] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 02:42:11,963] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:42:11,987] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 02:42:17,678] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:42:17,679] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:42:17,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:42:17,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 02:42:20,205] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:42:20,205] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:42:20,212] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:42:20,225] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 02:42:21,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373741.893312, 'message': 'Dec  7 02:42:21 hqnl0246134 sshd[279352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:42:23,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373743.8963687, 'message': 'Dec  7 02:42:23 hqnl0246134 sshd[279352]: Failed password for root from 61.177.173.18 port 28007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:42:29,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373749.9054122, 'message': 'Dec  7 02:42:27 hqnl0246134 sshd[279352]: Failed password for root from 61.177.173.18 port 28007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:42:29,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373749.9057672, 'message': 'Dec  7 02:42:29 hqnl0246134 sshd[279352]: Failed password for root from 61.177.173.18 port 28007 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:42:32,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:42:32,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:42:32,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:42:32,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
WARNING [2022-12-07 02:42:50,659] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:42:50,661] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:43:07,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373787.9478028, 'message': 'Dec  7 02:43:06 hqnl0246134 sshd[279392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 02:43:09,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373789.9477942, 'message': 'Dec  7 02:43:09 hqnl0246134 sshd[279392]: Failed password for root from 61.177.173.18 port 37494 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 02:43:11,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:43:11,984] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0265 seconds
INFO    [2022-12-07 02:43:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:43:17,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:43:17,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:43:17,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 02:43:20,384] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:43:20,385] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:43:20,392] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:43:20,403] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 02:43:23,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373803.964585, 'message': 'Dec  7 02:43:22 hqnl0246134 sshd[279407]: Invalid user lenovo from 165.227.166.207 port 34528', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 02:43:24,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373803.9649742, 'message': 'Dec  7 02:43:22 hqnl0246134 sshd[279407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:43:26,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373805.9675887, 'message': 'Dec  7 02:43:24 hqnl0246134 sshd[279407]: Failed password for invalid user lenovo from 165.227.166.207 port 34528 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 02:43:26,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373805.96793, 'message': 'Dec  7 02:43:24 hqnl0246134 sshd[279407]: Disconnected from invalid user lenovo 165.227.166.207 port 34528 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 02:43:50,666] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:43:50,667] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:43:54,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373834.0490284, 'message': 'Dec  7 02:43:52 hqnl0246134 sshd[279420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 02:43:54,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373834.049571, 'message': 'Dec  7 02:43:53 hqnl0246134 sshd[279420]: Failed password for root from 61.177.173.18 port 49957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:44:01,483] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:44:01,483] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:44:01,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:44:01,516] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
WARNING [2022-12-07 02:44:11,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:44:11,986] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0257 seconds
INFO    [2022-12-07 02:44:17,688] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:44:17,689] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:44:17,697] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:44:17,709] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 02:44:20,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373860.113814, 'message': 'Dec  7 02:44:18 hqnl0246134 sshd[279450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 02:44:20,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373860.1140425, 'message': 'Dec  7 02:44:18 hqnl0246134 sshd[279450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 02:44:20,454] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:44:20,454] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:44:20,462] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:44:20,474] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 02:44:22,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373862.1167119, 'message': 'Dec  7 02:44:20 hqnl0246134 sshd[279450]: Failed password for root from 61.177.172.114 port 50130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 02:44:24,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373864.1189709, 'message': 'Dec  7 02:44:22 hqnl0246134 sshd[279450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 02:44:24,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373864.1192198, 'message': 'Dec  7 02:44:23 hqnl0246134 sshd[279450]: Failed password for root from 61.177.172.114 port 50130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:44:26,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373866.1221104, 'message': 'Dec  7 02:44:24 hqnl0246134 sshd[279450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:44:26,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373866.1223333, 'message': 'Dec  7 02:44:26 hqnl0246134 sshd[279450]: Failed password for root from 61.177.172.114 port 50130 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:44:28,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373868.1252925, 'message': 'Dec  7 02:44:28 hqnl0246134 sshd[279462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:44:28,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373868.1256306, 'message': 'Dec  7 02:44:28 hqnl0246134 sshd[279462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:44:32,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373872.1337473, 'message': 'Dec  7 02:44:30 hqnl0246134 sshd[279462]: Failed password for root from 61.177.172.114 port 25088 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:44:32,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373872.1341166, 'message': 'Dec  7 02:44:30 hqnl0246134 sshd[279462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:44:34,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373874.1374977, 'message': 'Dec  7 02:44:32 hqnl0246134 sshd[279462]: Failed password for root from 61.177.172.114 port 25088 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:44:34,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373874.137682, 'message': 'Dec  7 02:44:32 hqnl0246134 sshd[279462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 02:44:36,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373876.1410565, 'message': 'Dec  7 02:44:34 hqnl0246134 sshd[279462]: Failed password for root from 61.177.172.114 port 25088 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:44:38,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373878.1446505, 'message': 'Dec  7 02:44:36 hqnl0246134 sshd[279472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:44:38,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373878.1450746, 'message': 'Dec  7 02:44:38 hqnl0246134 sshd[279474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 02:44:38,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373878.144916, 'message': 'Dec  7 02:44:36 hqnl0246134 sshd[279472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:44:40,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373880.1483972, 'message': 'Dec  7 02:44:38 hqnl0246134 sshd[279472]: Failed password for root from 61.177.172.114 port 29805 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:44:42,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373882.1503222, 'message': 'Dec  7 02:44:40 hqnl0246134 sshd[279474]: Failed password for root from 61.177.173.18 port 15209 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-07 02:44:42,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373882.150601, 'message': 'Dec  7 02:44:40 hqnl0246134 sshd[279472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 02:44:44,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373884.154074, 'message': 'Dec  7 02:44:42 hqnl0246134 sshd[279472]: Failed password for root from 61.177.172.114 port 29805 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:44:44,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373884.1543286, 'message': 'Dec  7 02:44:42 hqnl0246134 sshd[279472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:44:46,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373886.1563847, 'message': 'Dec  7 02:44:44 hqnl0246134 sshd[279474]: Failed password for root from 61.177.173.18 port 15209 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 02:44:46,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373886.156627, 'message': 'Dec  7 02:44:44 hqnl0246134 sshd[279472]: Failed password for root from 61.177.172.114 port 29805 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 02:44:48,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373888.1651788, 'message': 'Dec  7 02:44:46 hqnl0246134 sshd[279479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 02:44:48,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373888.1728551, 'message': 'Dec  7 02:44:46 hqnl0246134 sshd[279474]: Failed password for root from 61.177.173.18 port 15209 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 02:44:48,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373888.1654437, 'message': 'Dec  7 02:44:46 hqnl0246134 sshd[279479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 02:44:48,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373888.1729805, 'message': 'Dec  7 02:44:47 hqnl0246134 sshd[279479]: Failed password for root from 61.177.172.114 port 48994 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:44:50,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373890.1655931, 'message': 'Dec  7 02:44:48 hqnl0246134 sshd[279479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
WARNING [2022-12-07 02:44:50,670] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:44:50,671] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:44:52,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373892.16833, 'message': 'Dec  7 02:44:51 hqnl0246134 sshd[279479]: Failed password for root from 61.177.172.114 port 48994 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 02:44:54,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373894.1701806, 'message': 'Dec  7 02:44:52 hqnl0246134 sshd[279479]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 02:44:56,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670373896.1725342, 'message': 'Dec  7 02:44:54 hqnl0246134 sshd[279479]: Failed password for root from 61.177.172.114 port 48994 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
WARNING [2022-12-07 02:45:11,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:45:12,002] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-07 02:45:17,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:45:17,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:45:17,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:45:17,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 02:45:20,320] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:45:20,321] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:45:20,327] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:45:20,339] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 02:45:26,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373926.2181523, 'message': 'Dec  7 02:45:24 hqnl0246134 sshd[279535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:45:28,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373928.2207613, 'message': 'Dec  7 02:45:26 hqnl0246134 sshd[279535]: Failed password for root from 61.177.173.18 port 28468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 02:45:30,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373930.2245975, 'message': 'Dec  7 02:45:28 hqnl0246134 sshd[279538]: Invalid user mm from 165.227.166.207 port 44812', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 02:45:30,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373930.2248592, 'message': 'Dec  7 02:45:28 hqnl0246134 sshd[279538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:45:30,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373930.225075, 'message': 'Dec  7 02:45:29 hqnl0246134 sshd[279538]: Failed password for invalid user mm from 165.227.166.207 port 44812 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:45:32,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670373932.2262514, 'message': 'Dec  7 02:45:30 hqnl0246134 sshd[279538]: Disconnected from invalid user mm 165.227.166.207 port 44812 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 02:45:32,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373932.226577, 'message': 'Dec  7 02:45:30 hqnl0246134 sshd[279535]: Failed password for root from 61.177.173.18 port 28468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 02:45:32,648] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:45:32,649] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:45:32,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:45:32,669] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 02:45:34,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373934.2290616, 'message': 'Dec  7 02:45:33 hqnl0246134 sshd[279535]: Failed password for root from 61.177.173.18 port 28468 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 02:45:50,673] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:45:50,675] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:45:58,282] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:45:58,357] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:45:58,358] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:45:58,358] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:45:58,358] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:45:58,359] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:45:58,371] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:45:58,388] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0283 seconds
WARNING [2022-12-07 02:45:58,394] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:45:58,396] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:45:58,412] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0301 seconds
INFO    [2022-12-07 02:45:58,414] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0281 seconds
INFO    [2022-12-07 02:46:06,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373966.2877078, 'message': 'Dec  7 02:46:05 hqnl0246134 sshd[279576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 02:46:06,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373966.2882433, 'message': 'Dec  7 02:46:05 hqnl0246134 sshd[279576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:46:08,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373968.287547, 'message': 'Dec  7 02:46:07 hqnl0246134 sshd[279576]: Failed password for root from 61.177.173.39 port 53294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:46:10,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373970.290765, 'message': 'Dec  7 02:46:09 hqnl0246134 sshd[279576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 02:46:11,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:46:12,019] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0488 seconds
INFO    [2022-12-07 02:46:12,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373972.2935011, 'message': 'Dec  7 02:46:10 hqnl0246134 sshd[279578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:46:12,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373972.293691, 'message': 'Dec  7 02:46:11 hqnl0246134 sshd[279576]: Failed password for root from 61.177.173.39 port 53294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:46:12,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373972.293855, 'message': 'Dec  7 02:46:11 hqnl0246134 sshd[279576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:46:14,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373974.2978117, 'message': 'Dec  7 02:46:12 hqnl0246134 sshd[279578]: Failed password for root from 61.177.173.18 port 42029 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 02:46:14,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373974.2980294, 'message': 'Dec  7 02:46:13 hqnl0246134 sshd[279576]: Failed password for root from 61.177.173.39 port 53294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 02:46:16,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373976.297635, 'message': 'Dec  7 02:46:15 hqnl0246134 sshd[279581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:46:16,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373976.297826, 'message': 'Dec  7 02:46:15 hqnl0246134 sshd[279581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:46:17,912] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:46:17,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:46:17,920] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:46:17,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 02:46:18,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373978.301282, 'message': 'Dec  7 02:46:16 hqnl0246134 sshd[279578]: Failed password for root from 61.177.173.18 port 42029 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 02:46:18,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373978.301523, 'message': 'Dec  7 02:46:17 hqnl0246134 sshd[279581]: Failed password for root from 61.177.173.39 port 29632 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:46:18,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373978.3016727, 'message': 'Dec  7 02:46:17 hqnl0246134 sshd[279581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 02:46:20,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670373980.3045304, 'message': 'Dec  7 02:46:19 hqnl0246134 sshd[279578]: Failed password for root from 61.177.173.18 port 42029 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:46:20,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373980.304706, 'message': 'Dec  7 02:46:20 hqnl0246134 sshd[279581]: Failed password for root from 61.177.173.39 port 29632 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:46:22,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373982.305969, 'message': 'Dec  7 02:46:22 hqnl0246134 sshd[279581]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 02:46:22,503] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:46:22,504] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:46:22,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:46:22,524] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 02:46:24,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373984.3121235, 'message': 'Dec  7 02:46:23 hqnl0246134 sshd[279581]: Failed password for root from 61.177.173.39 port 29632 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 02:46:26,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373986.309723, 'message': 'Dec  7 02:46:25 hqnl0246134 sshd[279616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:46:26,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373986.3099241, 'message': 'Dec  7 02:46:25 hqnl0246134 sshd[279616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:46:28,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373988.3125331, 'message': 'Dec  7 02:46:28 hqnl0246134 sshd[279616]: Failed password for root from 61.177.173.39 port 52279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 02:46:30,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373990.3156524, 'message': 'Dec  7 02:46:30 hqnl0246134 sshd[279616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 02:46:34,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373994.3207648, 'message': 'Dec  7 02:46:32 hqnl0246134 sshd[279616]: Failed password for root from 61.177.173.39 port 52279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 02:46:36,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373996.3236036, 'message': 'Dec  7 02:46:34 hqnl0246134 sshd[279616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:46:37,271] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:46:37,271] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:46:37,273] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 02:46:38,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670373998.327059, 'message': 'Dec  7 02:46:36 hqnl0246134 sshd[279616]: Failed password for root from 61.177.173.39 port 52279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 02:46:39,319] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:46:39,320] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:46:39,326] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:46:39,337] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-07 02:46:50,678] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:46:50,679] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:47:00,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374020.364138, 'message': 'Dec  7 02:46:58 hqnl0246134 sshd[279638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 02:47:02,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374022.3715117, 'message': 'Dec  7 02:47:00 hqnl0246134 sshd[279638]: Failed password for root from 61.177.173.18 port 64086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 02:47:04,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374024.3787243, 'message': 'Dec  7 02:47:03 hqnl0246134 sshd[279638]: Failed password for root from 61.177.173.18 port 64086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 02:47:08,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374028.3950424, 'message': 'Dec  7 02:47:07 hqnl0246134 sshd[279638]: Failed password for root from 61.177.173.18 port 64086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 02:47:11,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:47:12,005] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0310 seconds
INFO    [2022-12-07 02:47:18,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:47:18,068] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:47:18,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:47:18,087] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:47:20,715] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:47:20,715] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:47:20,722] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:47:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 02:47:38,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374058.4603887, 'message': 'Dec  7 02:47:37 hqnl0246134 sshd[279689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 02:47:40,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374060.4640458, 'message': 'Dec  7 02:47:39 hqnl0246134 sshd[279689]: Failed password for mysql from 165.227.166.207 port 55110 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:47:42,991] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:47:42,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:47:42,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:47:43,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 02:47:46,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374066.4848187, 'message': 'Dec  7 02:47:44 hqnl0246134 sshd[279696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:47:48,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374068.486056, 'message': 'Dec  7 02:47:47 hqnl0246134 sshd[279696]: Failed password for root from 61.177.173.18 port 17124 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
WARNING [2022-12-07 02:47:50,682] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:47:50,682] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:48:11,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:48:12,017] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-07 02:48:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:48:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:48:17,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:48:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 02:48:20,597] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:48:20,598] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:48:20,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:48:20,624] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 02:48:32,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374112.5432515, 'message': 'Dec  7 02:48:31 hqnl0246134 sshd[279734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 02:48:34,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374114.545286, 'message': 'Dec  7 02:48:33 hqnl0246134 sshd[279734]: Failed password for root from 61.177.173.18 port 33383 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 02:48:50,687] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:48:50,688] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:49:10,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374150.5992415, 'message': 'Dec  7 02:49:09 hqnl0246134 sshd[279761]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 02:49:10,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374150.599762, 'message': 'Dec  7 02:49:09 hqnl0246134 sshd[279761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 02:49:11,989] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:49:12,009] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0275 seconds
INFO    [2022-12-07 02:49:12,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374152.599375, 'message': 'Dec  7 02:49:12 hqnl0246134 sshd[279761]: Failed password for root from 61.177.173.50 port 57581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:49:14,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374154.6016462, 'message': 'Dec  7 02:49:13 hqnl0246134 sshd[279761]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:49:16,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374156.6045055, 'message': 'Dec  7 02:49:16 hqnl0246134 sshd[279761]: Failed password for root from 61.177.173.50 port 57581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 02:49:18,104] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:49:18,105] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:49:18,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:49:18,123] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 02:49:18,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374158.6149979, 'message': 'Dec  7 02:49:17 hqnl0246134 sshd[279768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 02:49:18,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374158.6152105, 'message': 'Dec  7 02:49:18 hqnl0246134 sshd[279761]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:49:18,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374158.6153445, 'message': 'Dec  7 02:49:18 hqnl0246134 sshd[279768]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:49:20,685] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:49:20,685] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:49:20,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:49:20,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374160.616175, 'message': 'Dec  7 02:49:20 hqnl0246134 sshd[279761]: Failed password for root from 61.177.173.50 port 57581 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0948 seconds
INFO    [2022-12-07 02:49:20,716] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
INFO    [2022-12-07 02:49:22,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374162.617894, 'message': 'Dec  7 02:49:20 hqnl0246134 sshd[279768]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 02:49:23,008] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:49:23,009] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:49:23,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:49:23,027] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 02:49:24,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374164.6217396, 'message': 'Dec  7 02:49:23 hqnl0246134 sshd[279768]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:49:32,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374172.6385167, 'message': 'Dec  7 02:49:32 hqnl0246134 sshd[279783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 02:49:32,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374172.6388893, 'message': 'Dec  7 02:49:32 hqnl0246134 sshd[279783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 02:49:36,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374176.6423838, 'message': 'Dec  7 02:49:34 hqnl0246134 sshd[279783]: Failed password for root from 61.177.173.50 port 28465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:49:36,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374176.6425815, 'message': 'Dec  7 02:49:36 hqnl0246134 sshd[279783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 02:49:38,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374178.6466568, 'message': 'Dec  7 02:49:38 hqnl0246134 sshd[279783]: Failed password for root from 61.177.173.50 port 28465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 02:49:40,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374180.6478584, 'message': 'Dec  7 02:49:38 hqnl0246134 sshd[279783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:49:40,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374180.6481194, 'message': 'Dec  7 02:49:40 hqnl0246134 sshd[279795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:49:40,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670374180.648415, 'message': 'Dec  7 02:49:40 hqnl0246134 sshd[279783]: Failed password for root from 61.177.173.50 port 28465 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:49:42,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374182.652931, 'message': 'Dec  7 02:49:42 hqnl0246134 sshd[279795]: Failed password for mysql from 165.227.166.207 port 37182 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:49:50,510] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:49:50,581] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:49:50,582] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:49:50,582] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:49:50,582] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:49:50,583] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:49:50,600] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:49:50,619] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0361 seconds
WARNING [2022-12-07 02:49:50,626] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:49:50,629] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:49:50,646] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0319 seconds
INFO    [2022-12-07 02:49:50,647] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0301 seconds
WARNING [2022-12-07 02:49:50,690] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:49:50,691] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:50:02,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374202.751189, 'message': 'Dec  7 02:50:02 hqnl0246134 sshd[279803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 02:50:04,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374204.6938941, 'message': 'Dec  7 02:50:03 hqnl0246134 sshd[279803]: Failed password for root from 61.177.173.18 port 59137 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-07 02:50:11,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:50:12,015] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-07 02:50:17,954] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:50:17,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:50:17,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:50:17,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 02:50:20,617] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:50:20,618] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:50:20,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:50:20,652] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-07 02:50:20,711] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:50:20,712] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:50:20,713] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 02:50:48,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374248.794635, 'message': 'Dec  7 02:50:48 hqnl0246134 sshd[279868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
WARNING [2022-12-07 02:50:50,693] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:50:50,694] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:50:50,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374250.7941315, 'message': 'Dec  7 02:50:49 hqnl0246134 sshd[279868]: Failed password for root from 61.177.173.18 port 29623 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:50:59,793] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:50:59,794] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:50:59,803] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:50:59,815] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-07 02:51:11,995] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:51:12,015] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0269 seconds
INFO    [2022-12-07 02:51:17,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:51:17,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:51:17,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:51:17,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-07 02:51:20,327] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:51:20,327] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:51:20,334] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:51:20,345] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 02:51:35,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374294.854459, 'message': 'Dec  7 02:51:33 hqnl0246134 sshd[279911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.2241 seconds
INFO    [2022-12-07 02:51:35,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374294.8550866, 'message': 'Dec  7 02:51:34 hqnl0246134 sshd[279911]: Failed password for root from 61.177.173.18 port 38578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 02:51:40,141] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 02:51:40,143] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 02:51:41,014] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 02:51:46,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374306.8858945, 'message': 'Dec  7 02:51:45 hqnl0246134 sshd[279934]: Invalid user nagios from 165.227.166.207 port 47454', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-07 02:51:46,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374306.886719, 'message': 'Dec  7 02:51:45 hqnl0246134 sshd[279934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 02:51:48,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374308.8903008, 'message': 'Dec  7 02:51:47 hqnl0246134 sshd[279934]: Failed password for invalid user nagios from 165.227.166.207 port 47454 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 02:51:48,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374308.8905208, 'message': 'Dec  7 02:51:48 hqnl0246134 sshd[279934]: Disconnected from invalid user nagios 165.227.166.207 port 47454 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 02:51:50,697] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:51:50,698] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 02:51:54,148] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 02:52:12,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:52:12,025] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-07 02:52:14,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374334.9702482, 'message': 'Dec  7 02:52:13 hqnl0246134 sshd[279962]: Invalid user admin from 41.129.106.43 port 56076', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:52:15,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374334.9704816, 'message': 'Dec  7 02:52:13 hqnl0246134 sshd[279962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:52:15,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374334.9714365, 'message': 'Dec  7 02:52:13 hqnl0246134 sshd[279962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:52:16,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374336.972412, 'message': 'Dec  7 02:52:15 hqnl0246134 sshd[279962]: Failed password for invalid user admin from 41.129.106.43 port 56076 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:52:17,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374336.9726074, 'message': 'Dec  7 02:52:16 hqnl0246134 sshd[279962]: Disconnected from invalid user admin 41.129.106.43 port 56076 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:52:17,854] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:52:17,855] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:52:17,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:52:17,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-07 02:52:20,685] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:52:20,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:52:20,693] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:52:20,708] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 02:52:20,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374340.977491, 'message': 'Dec  7 02:52:19 hqnl0246134 sshd[279974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:52:21,613] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:52:21,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:52:21,622] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:52:21,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 02:52:23,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374342.9810405, 'message': 'Dec  7 02:52:22 hqnl0246134 sshd[279974]: Failed password for root from 61.177.173.18 port 61329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 02:52:29,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374348.9890661, 'message': 'Dec  7 02:52:26 hqnl0246134 sshd[279974]: Failed password for root from 61.177.173.18 port 61329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 02:52:31,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374350.9903114, 'message': 'Dec  7 02:52:30 hqnl0246134 sshd[279974]: Failed password for root from 61.177.173.18 port 61329 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-07 02:52:50,703] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:52:50,705] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:53:07,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374387.0431015, 'message': 'Dec  7 02:53:06 hqnl0246134 sshd[280015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 02:53:09,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374389.0445616, 'message': 'Dec  7 02:53:08 hqnl0246134 sshd[280015]: Failed password for root from 61.177.173.18 port 15159 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0403 seconds
WARNING [2022-12-07 02:53:12,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:53:12,032] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 02:53:18,026] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:53:18,026] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:53:18,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:53:18,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 02:53:20,731] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:53:20,731] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:53:20,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:53:20,757] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-07 02:53:25,899] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 02:53:25,966] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 02:53:25,967] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 02:53:25,967] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 02:53:25,967] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 02:53:25,967] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 02:53:25,977] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 02:53:25,992] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0245 seconds
WARNING [2022-12-07 02:53:25,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:53:26,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:53:26,017] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0303 seconds
INFO    [2022-12-07 02:53:26,019] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0284 seconds
WARNING [2022-12-07 02:53:50,708] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:53:50,709] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:53:51,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374431.2106307, 'message': 'Dec  7 02:53:50 hqnl0246134 sshd[280042]: Invalid user nagios from 165.227.166.207 port 57742', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 02:53:51,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374431.2111337, 'message': 'Dec  7 02:53:50 hqnl0246134 sshd[280042]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:53:51,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374431.2119792, 'message': 'Dec  7 02:53:50 hqnl0246134 sshd[280042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 02:53:53,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374433.2131014, 'message': 'Dec  7 02:53:52 hqnl0246134 sshd[280042]: Failed password for invalid user nagios from 165.227.166.207 port 57742 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 02:53:53,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374433.2133493, 'message': 'Dec  7 02:53:52 hqnl0246134 sshd[280042]: Disconnected from invalid user nagios 165.227.166.207 port 57742 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:53:55,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374435.2168024, 'message': 'Dec  7 02:53:55 hqnl0246134 sshd[280046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:53:55,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:53:55,579] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:53:55,586] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:53:55,597] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 02:53:56,099] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 02:53:56,100] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 02:53:56,101] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 02:53:59,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374439.2200973, 'message': 'Dec  7 02:53:57 hqnl0246134 sshd[280046]: Failed password for root from 61.177.173.18 port 35696 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 02:54:03,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374443.226095, 'message': 'Dec  7 02:54:00 hqnl0246134 sshd[280046]: Failed password for root from 61.177.173.18 port 35696 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:54:05,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374445.2301815, 'message': 'Dec  7 02:54:04 hqnl0246134 sshd[280046]: Failed password for root from 61.177.173.18 port 35696 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 02:54:07,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.253.244.167', 'timestamp': 1670374447.2344317, 'message': 'Dec  7 02:54:06 hqnl0246134 sshd[280073]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.253.244.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:54:07,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.253.244.167', 'timestamp': 1670374447.234658, 'message': 'Dec  7 02:54:06 hqnl0246134 sshd[280073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.253.244.167  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:54:09,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.253.244.167', 'timestamp': 1670374449.2379014, 'message': 'Dec  7 02:54:09 hqnl0246134 sshd[280073]: Failed password for root from 5.253.244.167 port 58534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 02:54:12,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:54:12,033] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-07 02:54:17,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:54:17,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:54:17,842] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:54:17,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 02:54:20,478] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:54:20,478] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:54:20,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:54:20,497] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 02:54:43,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374483.2913492, 'message': 'Dec  7 02:54:41 hqnl0246134 sshd[280100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 02:54:45,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374485.295472, 'message': 'Dec  7 02:54:43 hqnl0246134 sshd[280100]: Failed password for root from 61.177.173.18 port 48703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 02:54:50,713] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:54:50,713] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:54:59,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374499.3256729, 'message': 'Dec  7 02:54:58 hqnl0246134 sshd[280105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:54:59,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374499.325995, 'message': 'Dec  7 02:54:59 hqnl0246134 sshd[280105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:55:01,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374501.330668, 'message': 'Dec  7 02:55:00 hqnl0246134 sshd[280105]: Failed password for root from 61.177.172.19 port 58650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 02:55:01,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374501.3309033, 'message': 'Dec  7 02:55:01 hqnl0246134 sshd[280105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 02:55:05,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374505.3338494, 'message': 'Dec  7 02:55:03 hqnl0246134 sshd[280105]: Failed password for root from 61.177.172.19 port 58650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:55:07,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374507.3366692, 'message': 'Dec  7 02:55:05 hqnl0246134 sshd[280105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 02:55:07,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374507.337033, 'message': 'Dec  7 02:55:07 hqnl0246134 sshd[280136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:55:07,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374507.3368883, 'message': 'Dec  7 02:55:06 hqnl0246134 sshd[280105]: Failed password for root from 61.177.172.19 port 58650 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 02:55:07,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374507.3371632, 'message': 'Dec  7 02:55:07 hqnl0246134 sshd[280136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 02:55:09,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374509.3379416, 'message': 'Dec  7 02:55:09 hqnl0246134 sshd[280145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 02:55:09,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374509.338123, 'message': 'Dec  7 02:55:09 hqnl0246134 sshd[280145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 02:55:11,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374511.3411713, 'message': 'Dec  7 02:55:09 hqnl0246134 sshd[280136]: Failed password for root from 61.177.173.35 port 44817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 02:55:11,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374511.341397, 'message': 'Dec  7 02:55:10 hqnl0246134 sshd[280145]: Failed password for root from 61.177.172.19 port 38770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 02:55:11,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374511.3415773, 'message': 'Dec  7 02:55:11 hqnl0246134 sshd[280145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 02:55:11,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:55:11,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:55:12,013] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 02:55:12,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:55:12,053] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0523 seconds
INFO    [2022-12-07 02:55:12,055] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0519 seconds
INFO    [2022-12-07 02:55:13,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374513.345601, 'message': 'Dec  7 02:55:11 hqnl0246134 sshd[280136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:55:15,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374515.3459852, 'message': 'Dec  7 02:55:13 hqnl0246134 sshd[280145]: Failed password for root from 61.177.172.19 port 38770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 02:55:15,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374515.346183, 'message': 'Dec  7 02:55:13 hqnl0246134 sshd[280136]: Failed password for root from 61.177.173.35 port 44817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:55:17,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374517.3478365, 'message': 'Dec  7 02:55:15 hqnl0246134 sshd[280145]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 02:55:17,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374517.3480194, 'message': 'Dec  7 02:55:15 hqnl0246134 sshd[280136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 02:55:17,807] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:55:17,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:55:17,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:55:17,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 02:55:19,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374519.3497896, 'message': 'Dec  7 02:55:17 hqnl0246134 sshd[280145]: Failed password for root from 61.177.172.19 port 38770 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 02:55:19,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374519.349976, 'message': 'Dec  7 02:55:17 hqnl0246134 sshd[280136]: Failed password for root from 61.177.173.35 port 44817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 02:55:20,481] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:55:20,482] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:55:20,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:55:20,505] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 02:55:21,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374521.353525, 'message': 'Dec  7 02:55:21 hqnl0246134 sshd[280167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 02:55:21,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374521.3539872, 'message': 'Dec  7 02:55:21 hqnl0246134 sshd[280167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:55:23,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374523.3560143, 'message': 'Dec  7 02:55:21 hqnl0246134 sshd[280169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 02:55:23,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374523.358022, 'message': 'Dec  7 02:55:22 hqnl0246134 sshd[280167]: Failed password for root from 61.177.172.19 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 02:55:23,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374523.3564458, 'message': 'Dec  7 02:55:21 hqnl0246134 sshd[280169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:55:23,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374523.3581572, 'message': 'Dec  7 02:55:23 hqnl0246134 sshd[280169]: Failed password for root from 61.177.173.35 port 59181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:55:25,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374525.3596995, 'message': 'Dec  7 02:55:23 hqnl0246134 sshd[280167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 02:55:25,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374525.36, 'message': 'Dec  7 02:55:23 hqnl0246134 sshd[280169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 02:55:27,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374527.3624766, 'message': 'Dec  7 02:55:25 hqnl0246134 sshd[280167]: Failed password for root from 61.177.172.19 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-07 02:55:27,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374527.362744, 'message': 'Dec  7 02:55:26 hqnl0246134 sshd[280169]: Failed password for root from 61.177.173.35 port 59181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0595 seconds
INFO    [2022-12-07 02:55:27,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374527.3629181, 'message': 'Dec  7 02:55:26 hqnl0246134 sshd[280175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0593 seconds
INFO    [2022-12-07 02:55:27,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374527.3630345, 'message': 'Dec  7 02:55:26 hqnl0246134 sshd[280173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-07 02:55:27,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374527.3631582, 'message': 'Dec  7 02:55:26 hqnl0246134 sshd[280173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:55:29,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374529.365185, 'message': 'Dec  7 02:55:27 hqnl0246134 sshd[280167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-07 02:55:29,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374529.3654873, 'message': 'Dec  7 02:55:28 hqnl0246134 sshd[280169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 02:55:29,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374529.3656008, 'message': 'Dec  7 02:55:28 hqnl0246134 sshd[280175]: Failed password for root from 61.177.173.18 port 56350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 02:55:29,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374529.365715, 'message': 'Dec  7 02:55:28 hqnl0246134 sshd[280173]: Failed password for root from 61.177.173.52 port 21564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 02:55:31,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374531.368415, 'message': 'Dec  7 02:55:29 hqnl0246134 sshd[280169]: Failed password for root from 61.177.173.35 port 59181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 02:55:31,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374531.3686817, 'message': 'Dec  7 02:55:30 hqnl0246134 sshd[280167]: Failed password for root from 61.177.172.19 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 02:55:31,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374531.368837, 'message': 'Dec  7 02:55:30 hqnl0246134 sshd[280173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 02:55:33,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374533.3703399, 'message': 'Dec  7 02:55:32 hqnl0246134 sshd[280177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 02:55:33,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374533.3706806, 'message': 'Dec  7 02:55:32 hqnl0246134 sshd[280173]: Failed password for root from 61.177.173.52 port 21564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 02:55:33,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374533.3708436, 'message': 'Dec  7 02:55:32 hqnl0246134 sshd[280175]: Failed password for root from 61.177.173.18 port 56350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 02:55:33,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374533.3705428, 'message': 'Dec  7 02:55:32 hqnl0246134 sshd[280177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 02:55:33,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374533.3709586, 'message': 'Dec  7 02:55:32 hqnl0246134 sshd[280173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 02:55:35,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374535.3730276, 'message': 'Dec  7 02:55:33 hqnl0246134 sshd[280179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-07 02:55:35,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374535.3747218, 'message': 'Dec  7 02:55:34 hqnl0246134 sshd[280177]: Failed password for root from 61.177.173.35 port 32251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-07 02:55:35,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374535.3749597, 'message': 'Dec  7 02:55:34 hqnl0246134 sshd[280173]: Failed password for root from 61.177.173.52 port 21564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-07 02:55:35,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374535.374542, 'message': 'Dec  7 02:55:33 hqnl0246134 sshd[280179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 02:55:35,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374535.375479, 'message': 'Dec  7 02:55:34 hqnl0246134 sshd[280175]: Failed password for root from 61.177.173.18 port 56350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 02:55:35,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374535.3751311, 'message': 'Dec  7 02:55:34 hqnl0246134 sshd[280177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 02:55:37,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374537.375201, 'message': 'Dec  7 02:55:35 hqnl0246134 sshd[280179]: Failed password for root from 61.177.172.19 port 25970 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 02:55:37,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374537.3764815, 'message': 'Dec  7 02:55:36 hqnl0246134 sshd[280177]: Failed password for root from 61.177.173.35 port 32251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-07 02:55:37,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374537.3766057, 'message': 'Dec  7 02:55:36 hqnl0246134 sshd[280189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 02:55:37,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374537.376374, 'message': 'Dec  7 02:55:35 hqnl0246134 sshd[280179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 02:55:37,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374537.3768446, 'message': 'Dec  7 02:55:37 hqnl0246134 sshd[280177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 02:55:37,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374537.3767333, 'message': 'Dec  7 02:55:36 hqnl0246134 sshd[280189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-07 02:55:39,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374539.377942, 'message': 'Dec  7 02:55:38 hqnl0246134 sshd[280179]: Failed password for root from 61.177.172.19 port 25970 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 02:55:39,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374539.3781674, 'message': 'Dec  7 02:55:38 hqnl0246134 sshd[280189]: Failed password for root from 61.177.173.52 port 59825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 02:55:39,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670374539.3782895, 'message': 'Dec  7 02:55:39 hqnl0246134 sshd[280177]: Failed password for root from 61.177.173.35 port 32251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 02:55:41,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374541.380133, 'message': 'Dec  7 02:55:40 hqnl0246134 sshd[280179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 02:55:41,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374541.3803174, 'message': 'Dec  7 02:55:41 hqnl0246134 sshd[280189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 02:55:43,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670374543.3838837, 'message': 'Dec  7 02:55:41 hqnl0246134 sshd[280179]: Failed password for root from 61.177.172.19 port 25970 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 02:55:43,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374543.3841534, 'message': 'Dec  7 02:55:42 hqnl0246134 sshd[280189]: Failed password for root from 61.177.173.52 port 59825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 02:55:43,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374543.3843317, 'message': 'Dec  7 02:55:43 hqnl0246134 sshd[280189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:55:45,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374545.385876, 'message': 'Dec  7 02:55:45 hqnl0246134 sshd[280189]: Failed password for root from 61.177.173.52 port 59825 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:55:47,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374547.388889, 'message': 'Dec  7 02:55:47 hqnl0246134 sshd[280192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 02:55:47,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374547.3890855, 'message': 'Dec  7 02:55:47 hqnl0246134 sshd[280192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:55:49,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374549.3899481, 'message': 'Dec  7 02:55:49 hqnl0246134 sshd[280192]: Failed password for root from 61.177.173.52 port 32475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
WARNING [2022-12-07 02:55:50,716] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:55:50,717] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:55:51,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374551.3901632, 'message': 'Dec  7 02:55:49 hqnl0246134 sshd[280192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 02:55:53,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374553.392579, 'message': 'Dec  7 02:55:51 hqnl0246134 sshd[280192]: Failed password for root from 61.177.173.52 port 32475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 02:55:55,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374555.3951333, 'message': 'Dec  7 02:55:53 hqnl0246134 sshd[280192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:55:57,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374557.3987515, 'message': 'Dec  7 02:55:55 hqnl0246134 sshd[280192]: Failed password for root from 61.177.173.52 port 32475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:55:59,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374559.401749, 'message': 'Dec  7 02:55:57 hqnl0246134 sshd[280195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:55:59,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374559.402085, 'message': 'Dec  7 02:55:57 hqnl0246134 sshd[280195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:56:01,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374561.4029377, 'message': 'Dec  7 02:55:59 hqnl0246134 sshd[280197]: Invalid user nisec from 165.227.166.207 port 39808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 02:56:01,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374561.4034462, 'message': 'Dec  7 02:56:00 hqnl0246134 sshd[280195]: Failed password for root from 61.177.173.52 port 15147 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 02:56:01,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374561.4031506, 'message': 'Dec  7 02:55:59 hqnl0246134 sshd[280197]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 02:56:01,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374561.4033341, 'message': 'Dec  7 02:55:59 hqnl0246134 sshd[280197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 02:56:01,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374561.403604, 'message': 'Dec  7 02:56:00 hqnl0246134 sshd[280197]: Failed password for invalid user nisec from 165.227.166.207 port 39808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 02:56:01,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374561.403706, 'message': 'Dec  7 02:56:01 hqnl0246134 sshd[280197]: Disconnected from invalid user nisec 165.227.166.207 port 39808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 02:56:12,020] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:56:12,109] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.1017 seconds
INFO    [2022-12-07 02:56:13,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374573.4147758, 'message': 'Dec  7 02:56:13 hqnl0246134 sshd[280217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 02:56:15,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374575.4163597, 'message': 'Dec  7 02:56:15 hqnl0246134 sshd[280217]: Failed password for root from 61.177.173.18 port 22560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:56:18,017] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:56:18,018] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:56:18,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:56:18,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 02:56:19,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374579.426768, 'message': 'Dec  7 02:56:18 hqnl0246134 sshd[280217]: Failed password for root from 61.177.173.18 port 22560 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:56:21,705] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:56:21,705] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:56:21,715] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:56:21,728] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 02:56:23,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374583.425564, 'message': 'Dec  7 02:56:21 hqnl0246134 sshd[280217]: Failed password for root from 61.177.173.18 port 22560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-07 02:56:23,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374583.4304945, 'message': 'Dec  7 02:56:22 hqnl0246134 sshd[280253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-07 02:56:23,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374583.4307275, 'message': 'Dec  7 02:56:22 hqnl0246134 sshd[280253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 02:56:24,420] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:56:24,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:56:24,429] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:56:24,443] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 02:56:25,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374585.4262443, 'message': 'Dec  7 02:56:23 hqnl0246134 sshd[280253]: Failed password for root from 61.177.173.52 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 02:56:25,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374585.426525, 'message': 'Dec  7 02:56:24 hqnl0246134 sshd[280253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 02:56:27,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374587.4288695, 'message': 'Dec  7 02:56:26 hqnl0246134 sshd[280253]: Failed password for root from 61.177.173.52 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 02:56:27,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374587.4292073, 'message': 'Dec  7 02:56:27 hqnl0246134 sshd[280253]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 02:56:31,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374591.4356859, 'message': 'Dec  7 02:56:29 hqnl0246134 sshd[280253]: Failed password for root from 61.177.173.52 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 02:56:35,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374595.4414296, 'message': 'Dec  7 02:56:34 hqnl0246134 sshd[280262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 02:56:35,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374595.441799, 'message': 'Dec  7 02:56:34 hqnl0246134 sshd[280262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 02:56:37,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374597.4424663, 'message': 'Dec  7 02:56:35 hqnl0246134 sshd[280262]: Failed password for root from 61.177.173.52 port 35424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 02:56:37,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374597.442776, 'message': 'Dec  7 02:56:36 hqnl0246134 sshd[280262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 02:56:39,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374599.4443727, 'message': 'Dec  7 02:56:38 hqnl0246134 sshd[280262]: Failed password for root from 61.177.173.52 port 35424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 02:56:39,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374599.4445698, 'message': 'Dec  7 02:56:39 hqnl0246134 sshd[280262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 02:56:43,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374603.4516506, 'message': 'Dec  7 02:56:41 hqnl0246134 sshd[280262]: Failed password for root from 61.177.173.52 port 35424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:56:45,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374605.4548545, 'message': 'Dec  7 02:56:44 hqnl0246134 sshd[280274]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:56:45,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374605.4550326, 'message': 'Dec  7 02:56:44 hqnl0246134 sshd[280274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 02:56:47,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670374607.4573557, 'message': 'Dec  7 02:56:47 hqnl0246134 sshd[280274]: Failed password for root from 61.177.173.52 port 16628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 02:56:50,720] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:56:50,721] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:56:59,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374619.4734457, 'message': 'Dec  7 02:56:57 hqnl0246134 sshd[280277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 02:57:01,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374621.4736927, 'message': 'Dec  7 02:57:00 hqnl0246134 sshd[280277]: Failed password for root from 61.177.173.18 port 30475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 02:57:01,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670374621.4739254, 'message': 'Dec  7 02:57:00 hqnl0246134 sshd[280280]: Invalid user yuan from 81.0.221.253 port 41090', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 02:57:01,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.0.221.253', 'timestamp': 1670374621.4743178, 'message': 'Dec  7 02:57:01 hqnl0246134 sshd[280280]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.0.221.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 02:57:01,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.0.221.253', 'timestamp': 1670374621.4744265, 'message': 'Dec  7 02:57:01 hqnl0246134 sshd[280280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.221.253 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 02:57:03,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670374623.4741669, 'message': 'Dec  7 02:57:02 hqnl0246134 sshd[280280]: Failed password for invalid user yuan from 81.0.221.253 port 41090 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 02:57:05,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670374625.4780731, 'message': 'Dec  7 02:57:04 hqnl0246134 sshd[280280]: Disconnected from invalid user yuan 81.0.221.253 port 41090 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:57:05,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374625.4794598, 'message': 'Dec  7 02:57:04 hqnl0246134 sshd[280277]: Failed password for root from 61.177.173.18 port 30475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 02:57:11,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374631.48731, 'message': 'Dec  7 02:57:08 hqnl0246134 sshd[280277]: Failed password for root from 61.177.173.18 port 30475 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 02:57:11,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374631.4875495, 'message': 'Dec  7 02:57:09 hqnl0246134 sshd[280305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 02:57:11,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374631.4883733, 'message': 'Dec  7 02:57:09 hqnl0246134 sshd[280305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-07 02:57:12,022] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:57:12,046] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 02:57:13,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374633.489272, 'message': 'Dec  7 02:57:12 hqnl0246134 sshd[280305]: Failed password for root from 61.177.173.46 port 35810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:57:15,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374635.4920163, 'message': 'Dec  7 02:57:13 hqnl0246134 sshd[280305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 02:57:17,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374637.4951785, 'message': 'Dec  7 02:57:15 hqnl0246134 sshd[280305]: Failed password for root from 61.177.173.46 port 35810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 02:57:17,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374637.4991703, 'message': 'Dec  7 02:57:16 hqnl0246134 sshd[280305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 02:57:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:57:17,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:57:17,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:57:17,872] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 02:57:19,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374639.4960737, 'message': 'Dec  7 02:57:17 hqnl0246134 sshd[280305]: Failed password for root from 61.177.173.46 port 35810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 02:57:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:57:20,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:57:20,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:57:20,639] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 02:57:21,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374641.4978786, 'message': 'Dec  7 02:57:19 hqnl0246134 sshd[280314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 02:57:21,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374641.4981134, 'message': 'Dec  7 02:57:19 hqnl0246134 sshd[280314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 02:57:23,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374643.5006685, 'message': 'Dec  7 02:57:21 hqnl0246134 sshd[280314]: Failed password for root from 61.177.173.46 port 12424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 02:57:23,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374643.500931, 'message': 'Dec  7 02:57:22 hqnl0246134 sshd[280314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 02:57:25,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374645.505041, 'message': 'Dec  7 02:57:23 hqnl0246134 sshd[280314]: Failed password for root from 61.177.173.46 port 12424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 02:57:25,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670374645.513009, 'message': 'Dec  7 02:57:25 hqnl0246134 sshd[280321]: Invalid user db2inst1 from 134.209.179.100 port 60158', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 02:57:25,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374645.5053225, 'message': 'Dec  7 02:57:24 hqnl0246134 sshd[280314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 02:57:25,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.179.100', 'timestamp': 1670374645.5131853, 'message': 'Dec  7 02:57:25 hqnl0246134 sshd[280321]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.179.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 02:57:25,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.179.100', 'timestamp': 1670374645.5132935, 'message': 'Dec  7 02:57:25 hqnl0246134 sshd[280321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.179.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 02:57:27,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670374647.5080664, 'message': 'Dec  7 02:57:26 hqnl0246134 sshd[280314]: Failed password for root from 61.177.173.46 port 12424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 02:57:27,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670374647.5083373, 'message': 'Dec  7 02:57:27 hqnl0246134 sshd[280321]: Failed password for invalid user db2inst1 from 134.209.179.100 port 60158 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 02:57:29,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:57:29,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:57:29,312] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:57:29,324] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 02:57:29,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670374649.5097826, 'message': 'Dec  7 02:57:29 hqnl0246134 sshd[280321]: Disconnected from invalid user db2inst1 134.209.179.100 port 60158 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 02:57:45,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374665.5282145, 'message': 'Dec  7 02:57:44 hqnl0246134 sshd[280338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 02:57:47,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374667.529743, 'message': 'Dec  7 02:57:45 hqnl0246134 sshd[280338]: Failed password for root from 61.177.173.18 port 46456 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 02:57:50,723] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:57:50,724] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:58:07,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374687.552379, 'message': 'Dec  7 02:58:06 hqnl0246134 sshd[280365]: Invalid user nvidia from 165.227.166.207 port 50092', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 02:58:07,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374687.5527222, 'message': 'Dec  7 02:58:06 hqnl0246134 sshd[280365]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 02:58:07,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374687.552908, 'message': 'Dec  7 02:58:06 hqnl0246134 sshd[280365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:58:09,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374689.55406, 'message': 'Dec  7 02:58:08 hqnl0246134 sshd[280365]: Failed password for invalid user nvidia from 165.227.166.207 port 50092 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 02:58:09,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374689.5542338, 'message': 'Dec  7 02:58:09 hqnl0246134 sshd[280365]: Disconnected from invalid user nvidia 165.227.166.207 port 50092 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 02:58:12,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:58:12,055] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-07 02:58:17,859] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:58:17,859] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:58:17,869] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:58:17,883] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 02:58:20,502] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:58:20,502] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:58:20,509] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:58:20,521] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 02:58:31,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374711.5967798, 'message': 'Dec  7 02:58:30 hqnl0246134 sshd[280382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 02:58:33,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374713.6017294, 'message': 'Dec  7 02:58:32 hqnl0246134 sshd[280382]: Failed password for root from 61.177.173.18 port 57717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 02:58:41,439] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:58:41,440] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:58:41,448] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:58:41,460] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-07 02:58:50,728] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:58:50,729] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 02:59:05,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.182.254', 'timestamp': 1670374745.6370118, 'message': 'Dec  7 02:59:04 hqnl0246134 sshd[280412]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.182.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 02:59:05,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.182.254', 'timestamp': 1670374745.6374092, 'message': 'Dec  7 02:59:04 hqnl0246134 sshd[280412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.182.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 02:59:07,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.182.254', 'timestamp': 1670374747.6390238, 'message': 'Dec  7 02:59:06 hqnl0246134 sshd[280412]: Failed password for root from 138.68.182.254 port 52788 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 02:59:12,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:59:12,056] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0262 seconds
INFO    [2022-12-07 02:59:13,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.196.230.126', 'timestamp': 1670374753.6504188, 'message': 'Dec  7 02:59:12 hqnl0246134 sshd[280422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.196.230.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 02:59:13,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.196.230.126', 'timestamp': 1670374753.6506586, 'message': 'Dec  7 02:59:12 hqnl0246134 sshd[280422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.196.230.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 02:59:15,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.196.230.126', 'timestamp': 1670374755.6519172, 'message': 'Dec  7 02:59:14 hqnl0246134 sshd[280422]: Failed password for root from 200.196.230.126 port 40050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 02:59:17,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374757.654585, 'message': 'Dec  7 02:59:17 hqnl0246134 sshd[280426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 02:59:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:59:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:59:17,990] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:59:18,001] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 02:59:20,809] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 02:59:20,810] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 02:59:20,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 02:59:20,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 02:59:21,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374761.6585226, 'message': 'Dec  7 02:59:19 hqnl0246134 sshd[280426]: Failed password for root from 61.177.173.18 port 20275 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 02:59:25,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374765.662352, 'message': 'Dec  7 02:59:24 hqnl0246134 sshd[280426]: Failed password for root from 61.177.173.18 port 20275 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 02:59:29,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374769.666173, 'message': 'Dec  7 02:59:27 hqnl0246134 sshd[280426]: Failed password for root from 61.177.173.18 port 20275 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 02:59:44,351] defence360agent.files: Updating all files
INFO    [2022-12-07 02:59:44,702] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:44,703] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 02:59:44,988] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:44,988] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 02:59:45,302] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:45,302] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 02:59:45,584] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:45,585] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 02:59:45,585] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 02:59:45,904] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 00:59:45 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E5D0489ABFA7C'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 02:59:45,906] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 02:59:45,907] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 02:59:46,499] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:46,499] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 02:59:46,812] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:46,813] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 02:59:47,133] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:47,133] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 02:59:47,532] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:47,533] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 02:59:48,005] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 02:59:48,007] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-07 02:59:50,731] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 02:59:50,732] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:00:07,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374807.694998, 'message': 'Dec  7 03:00:05 hqnl0246134 sshd[280491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 03:00:09,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374809.6983867, 'message': 'Dec  7 03:00:08 hqnl0246134 sshd[280491]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:00:11,702] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:00:11,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374811.7011874, 'message': 'Dec  7 03:00:10 hqnl0246134 sshd[280505]: Invalid user odoo from 165.227.166.207 port 60390', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 03:00:11,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374811.7014787, 'message': 'Dec  7 03:00:10 hqnl0246134 sshd[280505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:00:11,778] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:00:11,778] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:00:11,779] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:00:11,779] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:00:11,779] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:00:11,791] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:00:11,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374811.7016988, 'message': 'Dec  7 03:00:10 hqnl0246134 sshd[280505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 03:00:11,812] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0325 seconds
WARNING [2022-12-07 03:00:11,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:00:11,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:00:11,836] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0293 seconds
INFO    [2022-12-07 03:00:11,838] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0278 seconds
WARNING [2022-12-07 03:00:12,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:00:12,077] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0431 seconds
INFO    [2022-12-07 03:00:13,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374813.707601, 'message': 'Dec  7 03:00:12 hqnl0246134 sshd[280491]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0473 seconds
INFO    [2022-12-07 03:00:13,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374813.707897, 'message': 'Dec  7 03:00:13 hqnl0246134 sshd[280505]: Failed password for invalid user odoo from 165.227.166.207 port 60390 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 03:00:15,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374815.7102268, 'message': 'Dec  7 03:00:14 hqnl0246134 sshd[280505]: Disconnected from invalid user odoo 165.227.166.207 port 60390 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:00:17,457] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:00:17,457] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:00:17,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:00:17,500] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 03:00:17,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374817.7121384, 'message': 'Dec  7 03:00:15 hqnl0246134 sshd[280491]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:00:18,372] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:00:18,372] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:00:18,383] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:00:18,399] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-07 03:00:21,138] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:00:21,138] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:00:21,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:00:21,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 03:00:39,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670374839.7469914, 'message': 'Dec  7 03:00:38 hqnl0246134 sshd[280541]: Invalid user jboss from 90.177.60.46 port 56022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 03:00:39,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '90.177.60.46', 'timestamp': 1670374839.7477524, 'message': 'Dec  7 03:00:38 hqnl0246134 sshd[280541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 90.177.60.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:00:39,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '90.177.60.46', 'timestamp': 1670374839.7479277, 'message': 'Dec  7 03:00:38 hqnl0246134 sshd[280541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.177.60.46 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:00:41,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670374841.7484965, 'message': 'Dec  7 03:00:39 hqnl0246134 sshd[280541]: Failed password for invalid user jboss from 90.177.60.46 port 56022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 03:00:41,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670374841.7488956, 'message': 'Dec  7 03:00:40 hqnl0246134 sshd[280541]: Disconnected from invalid user jboss 90.177.60.46 port 56022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:00:41,907] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:00:41,908] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:00:41,910] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 03:00:43,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.244.158.201', 'timestamp': 1670374843.7499905, 'message': 'Dec  7 03:00:42 hqnl0246134 sshd[280543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.244.158.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:00:43,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.244.158.201', 'timestamp': 1670374843.7502232, 'message': 'Dec  7 03:00:42 hqnl0246134 sshd[280543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.158.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:00:45,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.244.158.201', 'timestamp': 1670374845.7519817, 'message': 'Dec  7 03:00:45 hqnl0246134 sshd[280543]: Failed password for root from 143.244.158.201 port 45486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
WARNING [2022-12-07 03:00:50,736] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:00:50,737] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:00:53,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374853.763102, 'message': 'Dec  7 03:00:52 hqnl0246134 sshd[280548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:00:55,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374855.76584, 'message': 'Dec  7 03:00:54 hqnl0246134 sshd[280548]: Failed password for root from 61.177.173.18 port 53633 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 03:01:12,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:01:12,071] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-07 03:01:18,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:01:18,005] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:01:18,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:01:18,024] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 03:01:19,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670374879.8060188, 'message': 'Dec  7 03:01:19 hqnl0246134 sshd[280580]: Invalid user liu from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:01:19,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670374879.806346, 'message': 'Dec  7 03:01:19 hqnl0246134 sshd[280580]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:01:19,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670374879.8064878, 'message': 'Dec  7 03:01:19 hqnl0246134 sshd[280580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:01:21,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670374881.8070989, 'message': 'Dec  7 03:01:21 hqnl0246134 sshd[280580]: Failed password for invalid user liu from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 03:01:22,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:01:22,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:01:22,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:01:22,801] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 03:01:23,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670374883.810767, 'message': 'Dec  7 03:01:22 hqnl0246134 sshd[280580]: Disconnected from invalid user liu 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:01:26,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:01:26,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:01:26,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:01:26,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 03:01:39,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374899.850608, 'message': 'Dec  7 03:01:38 hqnl0246134 sshd[280602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 03:01:41,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374901.8526464, 'message': 'Dec  7 03:01:39 hqnl0246134 sshd[280602]: Failed password for root from 61.177.173.18 port 12613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 03:01:50,740] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:01:50,741] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:01:54,151] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 03:02:12,049] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:02:12,075] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0337 seconds
INFO    [2022-12-07 03:02:13,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670374933.8996682, 'message': 'Dec  7 03:02:13 hqnl0246134 sshd[280635]: Invalid user 1234 from 179.60.150.118 port 46928', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:02:15,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.60.150.118', 'timestamp': 1670374935.9020367, 'message': 'Dec  7 03:02:14 hqnl0246134 sshd[280635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.60.150.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:02:15,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.60.150.118', 'timestamp': 1670374935.90479, 'message': 'Dec  7 03:02:14 hqnl0246134 sshd[280635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.60.150.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:02:18,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:02:18,042] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:02:18,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:02:18,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0426 seconds
INFO    [2022-12-07 03:02:18,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374938.0439887, 'message': 'Dec  7 03:02:16 hqnl0246134 sshd[280640]: Invalid user oracle from 165.227.166.207 port 42430', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 03:02:18,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670374938.0443687, 'message': 'Dec  7 03:02:16 hqnl0246134 sshd[280635]: Failed password for invalid user 1234 from 179.60.150.118 port 46928 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 03:02:18,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374938.0441191, 'message': 'Dec  7 03:02:16 hqnl0246134 sshd[280640]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 03:02:18,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670374938.0444705, 'message': 'Dec  7 03:02:16 hqnl0246134 sshd[280635]: Disconnected from invalid user 1234 179.60.150.118 port 46928 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:02:18,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374938.0442448, 'message': 'Dec  7 03:02:16 hqnl0246134 sshd[280640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:02:18,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374938.0445666, 'message': 'Dec  7 03:02:17 hqnl0246134 sshd[280640]: Failed password for invalid user oracle from 165.227.166.207 port 42430 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:02:19,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670374939.9089522, 'message': 'Dec  7 03:02:17 hqnl0246134 sshd[280640]: Disconnected from invalid user oracle 165.227.166.207 port 42430 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:02:20,541] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:02:20,542] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:02:20,548] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:02:20,559] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 03:02:23,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374943.9141483, 'message': 'Dec  7 03:02:23 hqnl0246134 sshd[280650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:02:25,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374945.9176567, 'message': 'Dec  7 03:02:25 hqnl0246134 sshd[280650]: Failed password for root from 61.177.173.18 port 25330 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:02:29,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374949.9209235, 'message': 'Dec  7 03:02:27 hqnl0246134 sshd[280650]: Failed password for root from 61.177.173.18 port 25330 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 03:02:29,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374949.9212148, 'message': 'Dec  7 03:02:29 hqnl0246134 sshd[280650]: Failed password for root from 61.177.173.18 port 25330 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 03:02:47,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.193.18', 'timestamp': 1670374967.9425511, 'message': 'Dec  7 03:02:46 hqnl0246134 sshd[280664]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.193.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:02:47,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.193.18', 'timestamp': 1670374967.942998, 'message': 'Dec  7 03:02:46 hqnl0246134 sshd[280664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.193.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:02:49,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.193.18', 'timestamp': 1670374969.9446347, 'message': 'Dec  7 03:02:48 hqnl0246134 sshd[280664]: Failed password for root from 161.35.193.18 port 37956 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:02:50,674] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:02:50,674] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:02:50,682] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:02:50,693] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 03:02:50,744] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:02:50,744] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:03:10,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374989.9862118, 'message': 'Dec  7 03:03:08 hqnl0246134 sshd[280689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:03:10,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670374989.9865637, 'message': 'Dec  7 03:03:09 hqnl0246134 sshd[280689]: Failed password for root from 61.177.173.18 port 37761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 03:03:12,061] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:03:12,101] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0562 seconds
INFO    [2022-12-07 03:03:17,759] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:03:17,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:03:17,766] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:03:17,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:03:19,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374999.9802506, 'message': 'Dec  7 03:03:19 hqnl0246134 sshd[280701]: Invalid user anjana from 41.129.106.43 port 58266', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:03:20,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374999.9804697, 'message': 'Dec  7 03:03:19 hqnl0246134 sshd[280701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:03:20,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670374999.980636, 'message': 'Dec  7 03:03:19 hqnl0246134 sshd[280701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:03:20,435] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:03:20,435] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:03:20,442] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:03:20,453] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 03:03:22,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375001.9879, 'message': 'Dec  7 03:03:21 hqnl0246134 sshd[280701]: Failed password for invalid user anjana from 41.129.106.43 port 58266 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:03:24,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375003.9901874, 'message': 'Dec  7 03:03:22 hqnl0246134 sshd[280701]: Disconnected from invalid user anjana 41.129.106.43 port 58266 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 03:03:50,748] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:03:50,751] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:03:54,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375034.0342188, 'message': 'Dec  7 03:03:53 hqnl0246134 sshd[280718]: Invalid user ppp from 134.209.179.100 port 33000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:03:54,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375034.03504, 'message': 'Dec  7 03:03:53 hqnl0246134 sshd[280718]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.179.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:03:54,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375034.0352623, 'message': 'Dec  7 03:03:53 hqnl0246134 sshd[280718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.179.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:03:56,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375036.0354722, 'message': 'Dec  7 03:03:55 hqnl0246134 sshd[280718]: Failed password for invalid user ppp from 134.209.179.100 port 33000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:03:56,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375036.0357203, 'message': 'Dec  7 03:03:55 hqnl0246134 sshd[280720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 03:03:58,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375038.0384498, 'message': 'Dec  7 03:03:57 hqnl0246134 sshd[280720]: Failed password for root from 61.177.173.18 port 58304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:03:58,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375038.038633, 'message': 'Dec  7 03:03:57 hqnl0246134 sshd[280718]: Disconnected from invalid user ppp 134.209.179.100 port 33000 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 03:04:00,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375040.0445397, 'message': 'Dec  7 03:03:59 hqnl0246134 sshd[280720]: Failed password for root from 61.177.173.18 port 58304 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:04:04,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375044.0441356, 'message': 'Dec  7 03:04:03 hqnl0246134 sshd[280720]: Failed password for root from 61.177.173.18 port 58304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-07 03:04:12,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:04:12,085] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0349 seconds
INFO    [2022-12-07 03:04:17,727] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:04:17,727] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:04:17,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:04:17,749] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 03:04:20,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375060.0653095, 'message': 'Dec  7 03:04:19 hqnl0246134 sshd[280774]: Invalid user manager from 81.0.221.253 port 46646', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 03:04:20,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375060.069592, 'message': 'Dec  7 03:04:19 hqnl0246134 sshd[280771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 03:04:20,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375060.0656426, 'message': 'Dec  7 03:04:19 hqnl0246134 sshd[280774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.0.221.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:04:20,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375060.069774, 'message': 'Dec  7 03:04:19 hqnl0246134 sshd[280771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 03:04:20,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375060.0694127, 'message': 'Dec  7 03:04:19 hqnl0246134 sshd[280774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.221.253 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 03:04:20,568] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:04:20,569] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:04:20,578] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:04:20,592] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 03:04:22,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375062.0661142, 'message': 'Dec  7 03:04:20 hqnl0246134 sshd[280774]: Failed password for invalid user manager from 81.0.221.253 port 46646 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 03:04:22,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375062.0664623, 'message': 'Dec  7 03:04:21 hqnl0246134 sshd[280771]: Failed password for root from 61.177.173.47 port 64753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 03:04:22,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375062.0663376, 'message': 'Dec  7 03:04:21 hqnl0246134 sshd[280774]: Disconnected from invalid user manager 81.0.221.253 port 46646 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 03:04:22,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375062.0665758, 'message': 'Dec  7 03:04:21 hqnl0246134 sshd[280771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 03:04:23,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:04:23,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:04:23,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:04:23,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 03:04:24,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375064.069228, 'message': 'Dec  7 03:04:22 hqnl0246134 sshd[280783]: Invalid user yuan from 5.253.244.167 port 48680', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 03:04:24,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375064.0698516, 'message': 'Dec  7 03:04:23 hqnl0246134 sshd[280786]: Invalid user oracle from 165.227.166.207 port 52732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 03:04:24,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375064.0694692, 'message': 'Dec  7 03:04:22 hqnl0246134 sshd[280783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.253.244.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 03:04:24,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375064.0699918, 'message': 'Dec  7 03:04:23 hqnl0246134 sshd[280786]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 03:04:24,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375064.0703347, 'message': 'Dec  7 03:04:24 hqnl0246134 sshd[280771]: Failed password for root from 61.177.173.47 port 64753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 03:04:24,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375064.0696256, 'message': 'Dec  7 03:04:22 hqnl0246134 sshd[280783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.253.244.167 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0491 seconds
INFO    [2022-12-07 03:04:24,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375064.070178, 'message': 'Dec  7 03:04:23 hqnl0246134 sshd[280786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-07 03:04:26,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375066.0698018, 'message': 'Dec  7 03:04:24 hqnl0246134 sshd[280783]: Failed password for invalid user yuan from 5.253.244.167 port 48680 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:04:26,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375066.0700076, 'message': 'Dec  7 03:04:25 hqnl0246134 sshd[280786]: Failed password for invalid user oracle from 165.227.166.207 port 52732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:04:28,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375068.0729358, 'message': 'Dec  7 03:04:26 hqnl0246134 sshd[280771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 03:04:28,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375068.0731678, 'message': 'Dec  7 03:04:26 hqnl0246134 sshd[280783]: Disconnected from invalid user yuan 5.253.244.167 port 48680 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 03:04:28,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375068.0733302, 'message': 'Dec  7 03:04:26 hqnl0246134 sshd[280786]: Disconnected from invalid user oracle 165.227.166.207 port 52732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-07 03:04:28,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375068.0734866, 'message': 'Dec  7 03:04:27 hqnl0246134 sshd[280771]: Failed password for root from 61.177.173.47 port 64753 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:04:32,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375072.076679, 'message': 'Dec  7 03:04:30 hqnl0246134 sshd[280790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:04:32,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375072.0769126, 'message': 'Dec  7 03:04:30 hqnl0246134 sshd[280790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:04:34,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375074.0815854, 'message': 'Dec  7 03:04:32 hqnl0246134 sshd[280790]: Failed password for root from 61.177.173.47 port 44367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:04:36,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375076.0822022, 'message': 'Dec  7 03:04:34 hqnl0246134 sshd[280790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0686 seconds
INFO    [2022-12-07 03:04:38,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375078.0876007, 'message': 'Dec  7 03:04:36 hqnl0246134 sshd[280790]: Failed password for root from 61.177.173.47 port 44367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-07 03:04:38,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375078.0883582, 'message': 'Dec  7 03:04:37 hqnl0246134 sshd[280792]: Invalid user cat from 123.30.157.54 port 47420', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-07 03:04:38,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375078.0881233, 'message': 'Dec  7 03:04:36 hqnl0246134 sshd[280790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 03:04:38,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375078.0885897, 'message': 'Dec  7 03:04:37 hqnl0246134 sshd[280792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.157.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-07 03:04:38,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375078.0887775, 'message': 'Dec  7 03:04:37 hqnl0246134 sshd[280792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.157.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:04:40,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375080.0886104, 'message': 'Dec  7 03:04:39 hqnl0246134 sshd[280792]: Failed password for invalid user cat from 123.30.157.54 port 47420 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 03:04:40,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375080.0888102, 'message': 'Dec  7 03:04:39 hqnl0246134 sshd[280790]: Failed password for root from 61.177.173.47 port 44367 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 03:04:40,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375080.0889466, 'message': 'Dec  7 03:04:40 hqnl0246134 sshd[280792]: Disconnected from invalid user cat 123.30.157.54 port 47420 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:04:42,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375082.0917504, 'message': 'Dec  7 03:04:41 hqnl0246134 sshd[280803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 03:04:44,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375084.0936432, 'message': 'Dec  7 03:04:42 hqnl0246134 sshd[280806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 03:04:44,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375084.0940046, 'message': 'Dec  7 03:04:44 hqnl0246134 sshd[280803]: Failed password for root from 61.177.173.18 port 19930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 03:04:44,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375084.0938916, 'message': 'Dec  7 03:04:42 hqnl0246134 sshd[280806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:04:46,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375086.0964522, 'message': 'Dec  7 03:04:44 hqnl0246134 sshd[280806]: Failed password for root from 61.177.173.47 port 39561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 03:04:46,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375086.096701, 'message': 'Dec  7 03:04:44 hqnl0246134 sshd[280806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:04:48,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375088.101845, 'message': 'Dec  7 03:04:46 hqnl0246134 sshd[280806]: Failed password for root from 61.177.173.47 port 39561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:04:48,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375088.1020632, 'message': 'Dec  7 03:04:47 hqnl0246134 sshd[280806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 03:04:50,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375090.105567, 'message': 'Dec  7 03:04:48 hqnl0246134 sshd[280803]: Failed password for root from 61.177.173.18 port 19930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:04:50,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670375090.1059449, 'message': 'Dec  7 03:04:48 hqnl0246134 sshd[280806]: Failed password for root from 61.177.173.47 port 39561 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
WARNING [2022-12-07 03:04:50,753] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:04:50,754] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:04:54,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375094.123776, 'message': 'Dec  7 03:04:52 hqnl0246134 sshd[280803]: Failed password for root from 61.177.173.18 port 19930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 03:04:54,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375094.1240785, 'message': 'Dec  7 03:04:52 hqnl0246134 sshd[280812]: Invalid user db2inst1 from 179.60.150.118 port 43014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 03:04:54,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375094.1242576, 'message': 'Dec  7 03:04:52 hqnl0246134 sshd[280812]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.60.150.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:04:54,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375094.124417, 'message': 'Dec  7 03:04:52 hqnl0246134 sshd[280812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.60.150.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:04:56,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375096.1277506, 'message': 'Dec  7 03:04:54 hqnl0246134 sshd[280812]: Failed password for invalid user db2inst1 from 179.60.150.118 port 43014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 03:04:58,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375098.1309187, 'message': 'Dec  7 03:04:56 hqnl0246134 sshd[280812]: Disconnected from invalid user db2inst1 179.60.150.118 port 43014 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 03:04:58,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375098.1318061, 'message': 'Dec  7 03:04:57 hqnl0246134 sshd[280815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 03:04:58,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375098.1319282, 'message': 'Dec  7 03:04:57 hqnl0246134 sshd[280815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 03:05:00,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375100.1354892, 'message': 'Dec  7 03:04:59 hqnl0246134 sshd[280815]: Failed password for root from 61.177.173.53 port 11489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:05:00,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375100.1356835, 'message': 'Dec  7 03:05:00 hqnl0246134 sshd[280815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:05:04,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375104.1391718, 'message': 'Dec  7 03:05:02 hqnl0246134 sshd[280815]: Failed password for root from 61.177.173.53 port 11489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 03:05:06,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375106.1413863, 'message': 'Dec  7 03:05:04 hqnl0246134 sshd[280815]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 03:05:08,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375108.1434705, 'message': 'Dec  7 03:05:06 hqnl0246134 sshd[280815]: Failed password for root from 61.177.173.53 port 11489 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 03:05:08,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375108.1439228, 'message': 'Dec  7 03:05:07 hqnl0246134 sshd[280846]: Invalid user hadoop from 90.177.60.46 port 35566', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 03:05:08,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375108.1441004, 'message': 'Dec  7 03:05:07 hqnl0246134 sshd[280846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 90.177.60.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:05:08,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375108.1442816, 'message': 'Dec  7 03:05:07 hqnl0246134 sshd[280846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.177.60.46 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:05:10,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375110.1466193, 'message': 'Dec  7 03:05:08 hqnl0246134 sshd[280846]: Failed password for invalid user hadoop from 90.177.60.46 port 35566 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-07 03:05:12,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:05:12,130] defence360agent.internals.the_sink: SensorIncidentList(<26 item(s)>) processed in 0.0701 seconds
INFO    [2022-12-07 03:05:12,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375112.149179, 'message': 'Dec  7 03:05:10 hqnl0246134 sshd[280852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 03:05:12,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375112.1496062, 'message': 'Dec  7 03:05:10 hqnl0246134 sshd[280846]: Disconnected from invalid user hadoop 90.177.60.46 port 35566 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 03:05:12,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375112.1494482, 'message': 'Dec  7 03:05:10 hqnl0246134 sshd[280852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:05:14,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375114.1497755, 'message': 'Dec  7 03:05:12 hqnl0246134 sshd[280852]: Failed password for root from 61.177.173.53 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:05:16,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375116.1520905, 'message': 'Dec  7 03:05:14 hqnl0246134 sshd[280852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:05:17,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:05:17,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:05:17,970] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:05:17,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 03:05:18,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375118.1543262, 'message': 'Dec  7 03:05:16 hqnl0246134 sshd[280864]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.119.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:05:18,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375118.154615, 'message': 'Dec  7 03:05:16 hqnl0246134 sshd[280852]: Failed password for root from 61.177.173.53 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 03:05:18,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375118.1545029, 'message': 'Dec  7 03:05:16 hqnl0246134 sshd[280864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:05:20,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375120.1566305, 'message': 'Dec  7 03:05:18 hqnl0246134 sshd[280864]: Failed password for root from 206.189.119.230 port 51510 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-07 03:05:20,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375120.1569047, 'message': 'Dec  7 03:05:19 hqnl0246134 sshd[280852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 03:05:20,716] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:05:20,717] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:05:20,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:05:20,736] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:05:22,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375122.1604805, 'message': 'Dec  7 03:05:20 hqnl0246134 sshd[280876]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.182.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:05:22,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670375122.160836, 'message': 'Dec  7 03:05:20 hqnl0246134 sshd[280852]: Failed password for root from 61.177.173.53 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 03:05:22,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375122.160657, 'message': 'Dec  7 03:05:20 hqnl0246134 sshd[280876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.182.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:05:24,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375124.1621041, 'message': 'Dec  7 03:05:22 hqnl0246134 sshd[280876]: Failed password for root from 138.68.182.254 port 39580 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:05:30,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375130.1693442, 'message': 'Dec  7 03:05:28 hqnl0246134 sshd[280878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:05:32,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375132.171464, 'message': 'Dec  7 03:05:30 hqnl0246134 sshd[280878]: Failed password for root from 61.177.173.18 port 36145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:05:38,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375138.1788163, 'message': 'Dec  7 03:05:34 hqnl0246134 sshd[280878]: Failed password for root from 61.177.173.18 port 36145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 03:05:38,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375138.179191, 'message': 'Dec  7 03:05:36 hqnl0246134 sshd[280887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 03:05:38,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375138.1794653, 'message': 'Dec  7 03:05:37 hqnl0246134 sshd[280878]: Failed password for root from 61.177.173.18 port 36145 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:05:38,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375138.1793475, 'message': 'Dec  7 03:05:36 hqnl0246134 sshd[280887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:05:40,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375140.1813521, 'message': 'Dec  7 03:05:38 hqnl0246134 sshd[280887]: Failed password for root from 61.177.172.108 port 24941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 03:05:42,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375142.183394, 'message': 'Dec  7 03:05:40 hqnl0246134 sshd[280887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:05:43,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:05:43,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:05:43,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:05:43,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 03:05:44,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375144.18432, 'message': 'Dec  7 03:05:42 hqnl0246134 sshd[280887]: Failed password for root from 61.177.172.108 port 24941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 03:05:46,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375146.1871305, 'message': 'Dec  7 03:05:44 hqnl0246134 sshd[280887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:05:48,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375148.190079, 'message': 'Dec  7 03:05:46 hqnl0246134 sshd[280887]: Failed password for root from 61.177.172.108 port 24941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:05:50,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375150.1956208, 'message': 'Dec  7 03:05:48 hqnl0246134 sshd[280903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:05:50,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375150.1960733, 'message': 'Dec  7 03:05:48 hqnl0246134 sshd[280903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 03:05:50,760] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:05:50,761] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:05:52,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375152.198545, 'message': 'Dec  7 03:05:50 hqnl0246134 sshd[280903]: Failed password for root from 61.177.172.108 port 18939 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:05:52,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375152.1989102, 'message': 'Dec  7 03:05:51 hqnl0246134 sshd[280905]: Invalid user b from 159.223.88.78 port 53770', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 03:05:52,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375152.1990588, 'message': 'Dec  7 03:05:51 hqnl0246134 sshd[280905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.88.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:05:52,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375152.1992233, 'message': 'Dec  7 03:05:51 hqnl0246134 sshd[280905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.88.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:05:54,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375154.2029176, 'message': 'Dec  7 03:05:53 hqnl0246134 sshd[280903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 03:05:54,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375154.2031872, 'message': 'Dec  7 03:05:53 hqnl0246134 sshd[280905]: Failed password for invalid user b from 159.223.88.78 port 53770 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 03:05:56,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375156.2051518, 'message': 'Dec  7 03:05:54 hqnl0246134 sshd[280905]: Disconnected from invalid user b 159.223.88.78 port 53770 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 03:05:56,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375156.2053905, 'message': 'Dec  7 03:05:55 hqnl0246134 sshd[280903]: Failed password for root from 61.177.172.108 port 18939 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 03:05:58,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375158.2095232, 'message': 'Dec  7 03:05:57 hqnl0246134 sshd[280903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:06:00,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375160.212674, 'message': 'Dec  7 03:05:59 hqnl0246134 sshd[280903]: Failed password for root from 61.177.172.108 port 18939 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:06:04,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375164.2166536, 'message': 'Dec  7 03:06:03 hqnl0246134 sshd[280918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 03:06:04,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375164.2169418, 'message': 'Dec  7 03:06:03 hqnl0246134 sshd[280918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-07 03:06:06,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375166.219528, 'message': 'Dec  7 03:06:05 hqnl0246134 sshd[280918]: Failed password for root from 61.177.172.108 port 11729 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:06:06,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375166.2197356, 'message': 'Dec  7 03:06:05 hqnl0246134 sshd[280918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:06:08,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375168.2216125, 'message': 'Dec  7 03:06:07 hqnl0246134 sshd[280918]: Failed password for root from 61.177.172.108 port 11729 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 03:06:10,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375170.2244449, 'message': 'Dec  7 03:06:09 hqnl0246134 sshd[280918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 03:06:12,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:06:12,105] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0412 seconds
INFO    [2022-12-07 03:06:12,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375172.22567, 'message': 'Dec  7 03:06:12 hqnl0246134 sshd[280928]: Invalid user cat from 123.30.249.87 port 36492', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:06:14,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375174.2284389, 'message': 'Dec  7 03:06:12 hqnl0246134 sshd[280918]: Failed password for root from 61.177.172.108 port 11729 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:06:14,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375174.2287676, 'message': 'Dec  7 03:06:12 hqnl0246134 sshd[280928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 03:06:14,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375174.2289898, 'message': 'Dec  7 03:06:12 hqnl0246134 sshd[280928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 03:06:16,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375176.2320528, 'message': 'Dec  7 03:06:14 hqnl0246134 sshd[280928]: Failed password for invalid user cat from 123.30.249.87 port 36492 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 03:06:16,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375176.232305, 'message': 'Dec  7 03:06:14 hqnl0246134 sshd[280930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 03:06:16,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375176.2326016, 'message': 'Dec  7 03:06:15 hqnl0246134 sshd[280932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 03:06:16,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375176.232476, 'message': 'Dec  7 03:06:15 hqnl0246134 sshd[280928]: Disconnected from invalid user cat 123.30.249.87 port 36492 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 03:06:16,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375176.232747, 'message': 'Dec  7 03:06:15 hqnl0246134 sshd[280932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:06:17,917] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:06:17,918] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:06:17,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:06:17,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 03:06:18,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375178.2335885, 'message': 'Dec  7 03:06:16 hqnl0246134 sshd[280930]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 03:06:18,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375178.2338278, 'message': 'Dec  7 03:06:17 hqnl0246134 sshd[280932]: Failed password for root from 61.177.172.108 port 41664 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 03:06:20,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375180.2384722, 'message': 'Dec  7 03:06:18 hqnl0246134 sshd[280941]: Invalid user user2 from 41.129.106.43 port 40126', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 03:06:20,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375180.2389047, 'message': 'Dec  7 03:06:18 hqnl0246134 sshd[280930]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 03:06:20,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375180.2390103, 'message': 'Dec  7 03:06:20 hqnl0246134 sshd[280932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 03:06:20,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375180.238649, 'message': 'Dec  7 03:06:18 hqnl0246134 sshd[280941]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:06:20,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375180.238794, 'message': 'Dec  7 03:06:18 hqnl0246134 sshd[280941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:06:22,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375182.2385406, 'message': 'Dec  7 03:06:20 hqnl0246134 sshd[280941]: Failed password for invalid user user2 from 41.129.106.43 port 40126 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 03:06:22,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375182.2388854, 'message': 'Dec  7 03:06:21 hqnl0246134 sshd[280930]: Failed password for root from 61.177.173.18 port 41370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 03:06:22,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375182.238765, 'message': 'Dec  7 03:06:21 hqnl0246134 sshd[280941]: Disconnected from invalid user user2 41.129.106.43 port 40126 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:06:22,521] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:06:22,522] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:06:22,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:06:22,558] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-07 03:06:24,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375184.2407174, 'message': 'Dec  7 03:06:22 hqnl0246134 sshd[280932]: Failed password for root from 61.177.172.108 port 41664 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:06:25,527] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:06:25,595] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:06:25,596] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:06:25,596] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:06:25,596] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:06:25,596] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:06:25,607] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:06:25,624] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0276 seconds
WARNING [2022-12-07 03:06:25,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:06:25,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:06:25,658] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0396 seconds
INFO    [2022-12-07 03:06:25,660] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0380 seconds
INFO    [2022-12-07 03:06:26,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375186.2432666, 'message': 'Dec  7 03:06:24 hqnl0246134 sshd[280932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:06:28,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670375188.246273, 'message': 'Dec  7 03:06:26 hqnl0246134 sshd[280932]: Failed password for root from 61.177.172.108 port 41664 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:06:32,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375192.252404, 'message': 'Dec  7 03:06:30 hqnl0246134 sshd[280948]: Invalid user oracle from 165.227.166.207 port 34772', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:06:32,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375192.2527518, 'message': 'Dec  7 03:06:30 hqnl0246134 sshd[280948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 03:06:32,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375192.252874, 'message': 'Dec  7 03:06:30 hqnl0246134 sshd[280948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:06:34,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375194.25144, 'message': 'Dec  7 03:06:33 hqnl0246134 sshd[280948]: Failed password for invalid user oracle from 165.227.166.207 port 34772 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 03:06:36,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375196.2541194, 'message': 'Dec  7 03:06:34 hqnl0246134 sshd[280948]: Disconnected from invalid user oracle 165.227.166.207 port 34772 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:06:44,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375204.2653503, 'message': 'Dec  7 03:06:43 hqnl0246134 sshd[280962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.179.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 03:06:44,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375204.265877, 'message': 'Dec  7 03:06:43 hqnl0246134 sshd[280962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.179.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:06:46,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375206.2726707, 'message': 'Dec  7 03:06:45 hqnl0246134 sshd[280962]: Failed password for root from 134.209.179.100 port 50530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:06:49,941] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:06:49,941] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:06:49,949] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:06:49,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 03:06:50,765] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:06:50,766] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:06:52,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375212.2818203, 'message': 'Dec  7 03:06:50 hqnl0246134 sshd[280970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.253.244.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:06:52,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375212.2820551, 'message': 'Dec  7 03:06:50 hqnl0246134 sshd[280970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.253.244.167  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:06:54,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375214.2854698, 'message': 'Dec  7 03:06:52 hqnl0246134 sshd[280970]: Failed password for root from 5.253.244.167 port 48772 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 03:06:55,724] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:06:55,725] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:06:55,726] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 03:06:58,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375218.29038, 'message': 'Dec  7 03:06:57 hqnl0246134 sshd[280973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.244.158.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:06:58,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375218.2905571, 'message': 'Dec  7 03:06:57 hqnl0246134 sshd[280973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.158.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 03:07:00,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375220.2929296, 'message': 'Dec  7 03:06:59 hqnl0246134 sshd[280973]: Failed password for root from 143.244.158.201 port 47616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:07:04,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375224.2982957, 'message': 'Dec  7 03:07:03 hqnl0246134 sshd[280985]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.0.221.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 03:07:04,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375224.298837, 'message': 'Dec  7 03:07:03 hqnl0246134 sshd[280983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 03:07:04,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375224.2986422, 'message': 'Dec  7 03:07:03 hqnl0246134 sshd[280985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.221.253  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:07:06,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375226.3002102, 'message': 'Dec  7 03:07:04 hqnl0246134 sshd[280985]: Failed password for root from 81.0.221.253 port 36646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 03:07:06,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375226.3010361, 'message': 'Dec  7 03:07:05 hqnl0246134 sshd[280983]: Failed password for root from 61.177.173.18 port 63671 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
WARNING [2022-12-07 03:07:12,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:07:12,453] defence360agent.internals.the_sink: SensorIncidentList(<26 item(s)>) processed in 0.3834 seconds
INFO    [2022-12-07 03:07:12,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375232.4162593, 'message': 'Dec  7 03:07:08 hqnl0246134 sshd[280983]: Failed password for root from 61.177.173.18 port 63671 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 03:07:12,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375232.416562, 'message': 'Dec  7 03:07:10 hqnl0246134 sshd[281003]: Invalid user harish from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 03:07:12,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375232.4167714, 'message': 'Dec  7 03:07:10 hqnl0246134 sshd[281003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:07:12,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375232.4169598, 'message': 'Dec  7 03:07:10 hqnl0246134 sshd[281003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:07:14,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375234.3119922, 'message': 'Dec  7 03:07:12 hqnl0246134 sshd[281003]: Failed password for invalid user harish from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 03:07:14,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375234.3122084, 'message': 'Dec  7 03:07:12 hqnl0246134 sshd[280983]: Failed password for root from 61.177.173.18 port 63671 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 03:07:16,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375236.3137805, 'message': 'Dec  7 03:07:15 hqnl0246134 sshd[281003]: Disconnected from invalid user harish 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:07:17,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:07:17,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:07:17,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:07:17,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-07 03:07:21,129] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:07:21,129] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:07:21,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:07:21,148] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 03:07:34,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375254.3563786, 'message': 'Dec  7 03:07:32 hqnl0246134 sshd[281019]: Invalid user ppp from 179.60.150.118 port 48186', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 03:07:34,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375254.3566, 'message': 'Dec  7 03:07:32 hqnl0246134 sshd[281019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.60.150.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:07:34,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375254.3567464, 'message': 'Dec  7 03:07:32 hqnl0246134 sshd[281019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.60.150.118 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:07:36,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375256.359008, 'message': 'Dec  7 03:07:34 hqnl0246134 sshd[281019]: Failed password for invalid user ppp from 179.60.150.118 port 48186 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:07:36,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375256.3592765, 'message': 'Dec  7 03:07:34 hqnl0246134 sshd[281019]: Disconnected from invalid user ppp 179.60.150.118 port 48186 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
WARNING [2022-12-07 03:07:50,770] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:07:50,773] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:07:52,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375272.391844, 'message': 'Dec  7 03:07:51 hqnl0246134 sshd[281033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 03:07:54,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375274.3896747, 'message': 'Dec  7 03:07:52 hqnl0246134 sshd[281033]: Failed password for root from 61.177.173.18 port 23749 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:08:04,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:08:04,481] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:08:04,488] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:08:04,501] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 03:08:06,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375286.4164553, 'message': 'Dec  7 03:08:05 hqnl0246134 sshd[281071]: Invalid user manager from 138.68.182.254 port 56664', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:08:06,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375286.4166892, 'message': 'Dec  7 03:08:05 hqnl0246134 sshd[281071]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.182.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:08:06,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375286.4178786, 'message': 'Dec  7 03:08:05 hqnl0246134 sshd[281071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.182.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:08:08,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375288.4194658, 'message': 'Dec  7 03:08:07 hqnl0246134 sshd[281071]: Failed password for invalid user manager from 138.68.182.254 port 56664 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 03:08:10,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375290.4231222, 'message': 'Dec  7 03:08:09 hqnl0246134 sshd[281071]: Disconnected from invalid user manager 138.68.182.254 port 56664 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
WARNING [2022-12-07 03:08:12,079] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:08:12,102] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-07 03:08:16,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375296.442483, 'message': 'Dec  7 03:08:15 hqnl0246134 sshd[281081]: Invalid user ninja from 90.177.60.46 port 53892', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 03:08:16,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375296.4428005, 'message': 'Dec  7 03:08:15 hqnl0246134 sshd[281081]: pam_imunify(sshd:auth): [IM360_RBL] The IP 90.177.60.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:08:16,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375296.443033, 'message': 'Dec  7 03:08:15 hqnl0246134 sshd[281081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.177.60.46 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:08:17,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:08:17,772] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:08:17,778] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:08:17,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 03:08:18,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375298.445322, 'message': 'Dec  7 03:08:17 hqnl0246134 sshd[281081]: Failed password for invalid user ninja from 90.177.60.46 port 53892 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 03:08:20,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:08:20,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 03:08:20,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375300.445583, 'message': 'Dec  7 03:08:19 hqnl0246134 sshd[281081]: Disconnected from invalid user ninja 90.177.60.46 port 53892 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1010 seconds
WARNING [2022-12-07 03:08:20,554] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:08:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-07 03:08:24,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375304.453449, 'message': 'Dec  7 03:08:23 hqnl0246134 sshd[281093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:08:24,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375304.4536679, 'message': 'Dec  7 03:08:23 hqnl0246134 sshd[281093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:08:26,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375306.45781, 'message': 'Dec  7 03:08:25 hqnl0246134 sshd[281093]: Failed password for root from 123.30.249.87 port 32974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:08:38,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375318.4741714, 'message': 'Dec  7 03:08:37 hqnl0246134 sshd[281099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:08:40,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375320.4765484, 'message': 'Dec  7 03:08:40 hqnl0246134 sshd[281099]: Failed password for root from 61.177.173.18 port 35626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 03:08:42,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375322.481204, 'message': 'Dec  7 03:08:41 hqnl0246134 sshd[281109]: Invalid user oracle from 165.227.166.207 port 45072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:08:42,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375322.4814148, 'message': 'Dec  7 03:08:41 hqnl0246134 sshd[281109]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0159 seconds
INFO    [2022-12-07 03:08:42,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375322.4888167, 'message': 'Dec  7 03:08:41 hqnl0246134 sshd[281109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 03:08:44,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375324.4845152, 'message': 'Dec  7 03:08:43 hqnl0246134 sshd[281109]: Failed password for invalid user oracle from 165.227.166.207 port 45072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 03:08:44,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375324.484916, 'message': 'Dec  7 03:08:44 hqnl0246134 sshd[281099]: Failed password for root from 61.177.173.18 port 35626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 03:08:46,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375326.4858992, 'message': 'Dec  7 03:08:44 hqnl0246134 sshd[281109]: Disconnected from invalid user oracle 165.227.166.207 port 45072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 03:08:46,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375326.4860837, 'message': 'Dec  7 03:08:45 hqnl0246134 sshd[281111]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.119.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 03:08:46,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375326.4862685, 'message': 'Dec  7 03:08:45 hqnl0246134 sshd[281111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 03:08:48,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375328.4890063, 'message': 'Dec  7 03:08:47 hqnl0246134 sshd[281111]: Failed password for root from 206.189.119.230 port 36104 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 03:08:48,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375328.489274, 'message': 'Dec  7 03:08:48 hqnl0246134 sshd[281099]: Failed password for root from 61.177.173.18 port 35626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-07 03:08:50,776] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:08:50,777] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:09:12,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:09:12,146] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0657 seconds
INFO    [2022-12-07 03:09:12,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375352.5210726, 'message': 'Dec  7 03:09:12 hqnl0246134 sshd[281259]: Invalid user manager from 5.253.244.167 port 57304', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:09:12,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375352.5213494, 'message': 'Dec  7 03:09:12 hqnl0246134 sshd[281259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.253.244.167 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:09:12,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375352.5214963, 'message': 'Dec  7 03:09:12 hqnl0246134 sshd[281259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.253.244.167 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:09:14,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375354.5217516, 'message': 'Dec  7 03:09:14 hqnl0246134 sshd[281259]: Failed password for invalid user manager from 5.253.244.167 port 57304 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:09:16,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.253.244.167', 'timestamp': 1670375356.5243196, 'message': 'Dec  7 03:09:15 hqnl0246134 sshd[281259]: Disconnected from invalid user manager 5.253.244.167 port 57304 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:09:18,291] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:09:18,292] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:09:18,300] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:09:18,311] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 03:09:18,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:09:18,573] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:09:18,580] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:09:18,594] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 03:09:21,218] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:09:21,219] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:09:21,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:09:21,252] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0308 seconds
INFO    [2022-12-07 03:09:22,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375362.5379734, 'message': 'Dec  7 03:09:21 hqnl0246134 sshd[281273]: Invalid user user from 159.223.88.78 port 58334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:09:22,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375362.5381708, 'message': 'Dec  7 03:09:21 hqnl0246134 sshd[281273]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.88.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:09:22,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375362.5382977, 'message': 'Dec  7 03:09:21 hqnl0246134 sshd[281273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.88.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:09:24,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375364.5407808, 'message': 'Dec  7 03:09:22 hqnl0246134 sshd[281273]: Failed password for invalid user user from 159.223.88.78 port 58334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0640 seconds
INFO    [2022-12-07 03:09:24,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375364.5410824, 'message': 'Dec  7 03:09:23 hqnl0246134 sshd[281278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-07 03:09:24,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375364.540972, 'message': 'Dec  7 03:09:23 hqnl0246134 sshd[281273]: Disconnected from invalid user user 159.223.88.78 port 58334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:09:26,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375366.5414672, 'message': 'Dec  7 03:09:25 hqnl0246134 sshd[281278]: Failed password for root from 61.177.173.18 port 49843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:09:28,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375368.5431314, 'message': 'Dec  7 03:09:27 hqnl0246134 sshd[281281]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 03:09:28,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375368.5434844, 'message': 'Dec  7 03:09:28 hqnl0246134 sshd[281278]: Failed password for root from 61.177.173.18 port 49843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 03:09:28,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375368.5433574, 'message': 'Dec  7 03:09:27 hqnl0246134 sshd[281281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:09:30,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.129.106.43', 'timestamp': 1670375370.5467463, 'message': 'Dec  7 03:09:29 hqnl0246134 sshd[281281]: Failed password for root from 41.129.106.43 port 37290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:09:32,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375372.5490675, 'message': 'Dec  7 03:09:32 hqnl0246134 sshd[281278]: Failed password for root from 61.177.173.18 port 49843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 03:09:50,780] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:09:50,781] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:09:54,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375394.578786, 'message': 'Dec  7 03:09:54 hqnl0246134 sshd[281295]: Invalid user 1234 from 134.209.179.100 port 39834', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 03:09:56,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375396.5805137, 'message': 'Dec  7 03:09:54 hqnl0246134 sshd[281295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.179.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:09:56,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375396.5808568, 'message': 'Dec  7 03:09:54 hqnl0246134 sshd[281295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.179.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:09:58,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375398.5834696, 'message': 'Dec  7 03:09:56 hqnl0246134 sshd[281295]: Failed password for invalid user 1234 from 134.209.179.100 port 39834 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:09:58,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375398.5837476, 'message': 'Dec  7 03:09:57 hqnl0246134 sshd[281300]: Invalid user jiaxing from 123.30.249.87 port 51648', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:09:58,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.179.100', 'timestamp': 1670375398.5841181, 'message': 'Dec  7 03:09:57 hqnl0246134 sshd[281295]: Disconnected from invalid user 1234 134.209.179.100 port 39834 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 03:09:58,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375398.5839138, 'message': 'Dec  7 03:09:57 hqnl0246134 sshd[281300]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 03:09:58,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375398.5840175, 'message': 'Dec  7 03:09:57 hqnl0246134 sshd[281300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:10:00,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375400.5856853, 'message': 'Dec  7 03:09:58 hqnl0246134 sshd[281300]: Failed password for invalid user jiaxing from 123.30.249.87 port 51648 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:10:00,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375400.5859978, 'message': 'Dec  7 03:10:00 hqnl0246134 sshd[281300]: Disconnected from invalid user jiaxing 123.30.249.87 port 51648 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:10:02,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375402.5863388, 'message': 'Dec  7 03:10:00 hqnl0246134 sshd[281303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.60.150.118 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 03:10:02,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375402.5889056, 'message': 'Dec  7 03:10:00 hqnl0246134 sshd[281303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.60.150.118  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:10:04,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '179.60.150.118', 'timestamp': 1670375404.5891883, 'message': 'Dec  7 03:10:03 hqnl0246134 sshd[281303]: Failed password for root from 179.60.150.118 port 38290 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 03:10:10,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375410.5940566, 'message': 'Dec  7 03:10:10 hqnl0246134 sshd[281339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
WARNING [2022-12-07 03:10:12,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:10:12,127] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-07 03:10:12,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375412.5971162, 'message': 'Dec  7 03:10:10 hqnl0246134 sshd[281341]: Invalid user dylan from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-07 03:10:12,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375412.597905, 'message': 'Dec  7 03:10:10 hqnl0246134 sshd[281342]: Invalid user lia from 200.196.230.126 port 49392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-07 03:10:12,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375412.5974429, 'message': 'Dec  7 03:10:10 hqnl0246134 sshd[281341]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0738 seconds
INFO    [2022-12-07 03:10:12,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375412.5981057, 'message': 'Dec  7 03:10:11 hqnl0246134 sshd[281342]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.196.230.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0778 seconds
INFO    [2022-12-07 03:10:12,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375412.598472, 'message': 'Dec  7 03:10:12 hqnl0246134 sshd[281339]: Failed password for root from 61.177.173.18 port 10569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0786 seconds
INFO    [2022-12-07 03:10:12,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375412.5976856, 'message': 'Dec  7 03:10:10 hqnl0246134 sshd[281341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 03:10:12,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375412.598273, 'message': 'Dec  7 03:10:11 hqnl0246134 sshd[281342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.196.230.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 03:10:12,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375412.5986516, 'message': 'Dec  7 03:10:12 hqnl0246134 sshd[281341]: Failed password for invalid user dylan from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:10:14,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375414.5990708, 'message': 'Dec  7 03:10:12 hqnl0246134 sshd[281342]: Failed password for invalid user lia from 200.196.230.126 port 49392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 03:10:14,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375414.599322, 'message': 'Dec  7 03:10:14 hqnl0246134 sshd[281341]: Disconnected from invalid user dylan 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 03:10:14,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375414.5995085, 'message': 'Dec  7 03:10:14 hqnl0246134 sshd[281342]: Disconnected from invalid user lia 200.196.230.126 port 49392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:10:16,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375416.6010962, 'message': 'Dec  7 03:10:14 hqnl0246134 sshd[281339]: Failed password for root from 61.177.173.18 port 10569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:10:17,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:10:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:10:17,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:10:17,907] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:10:18,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375418.6021125, 'message': 'Dec  7 03:10:16 hqnl0246134 sshd[281351]: Invalid user dev from 206.189.119.230 port 60334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 03:10:18,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375418.602574, 'message': 'Dec  7 03:10:16 hqnl0246134 sshd[281339]: Failed password for root from 61.177.173.18 port 10569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 03:10:18,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375418.6023107, 'message': 'Dec  7 03:10:16 hqnl0246134 sshd[281351]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.119.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:10:18,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375418.602462, 'message': 'Dec  7 03:10:16 hqnl0246134 sshd[281351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:10:18,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375418.602695, 'message': 'Dec  7 03:10:18 hqnl0246134 sshd[281351]: Failed password for invalid user dev from 206.189.119.230 port 60334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:10:20,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:10:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:10:20,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:10:20,641] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0288 seconds
INFO    [2022-12-07 03:10:20,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375420.61321, 'message': 'Dec  7 03:10:19 hqnl0246134 sshd[281351]: Disconnected from invalid user dev 206.189.119.230 port 60334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:10:26,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375426.6132636, 'message': 'Dec  7 03:10:24 hqnl0246134 sshd[281364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.0.221.253 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:10:26,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375426.6135442, 'message': 'Dec  7 03:10:24 hqnl0246134 sshd[281364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.221.253  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:10:28,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '81.0.221.253', 'timestamp': 1670375428.6151652, 'message': 'Dec  7 03:10:26 hqnl0246134 sshd[281364]: Failed password for root from 81.0.221.253 port 54882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:10:29,152] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:10:29,152] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:10:29,159] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:10:29,170] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 03:10:46,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375446.6347866, 'message': 'Dec  7 03:10:45 hqnl0246134 sshd[281383]: Invalid user yuan from 138.68.182.254 port 45522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 03:10:46,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375446.635412, 'message': 'Dec  7 03:10:46 hqnl0246134 sshd[281383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 138.68.182.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:10:46,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375446.6355739, 'message': 'Dec  7 03:10:46 hqnl0246134 sshd[281383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.182.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 03:10:48,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375448.6351173, 'message': 'Dec  7 03:10:48 hqnl0246134 sshd[281383]: Failed password for invalid user yuan from 138.68.182.254 port 45522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:10:50,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '138.68.182.254', 'timestamp': 1670375450.637676, 'message': 'Dec  7 03:10:49 hqnl0246134 sshd[281383]: Disconnected from invalid user yuan 138.68.182.254 port 45522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 03:10:50,784] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:10:50,785] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:10:54,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375454.6433978, 'message': 'Dec  7 03:10:54 hqnl0246134 sshd[281387]: Invalid user oracle from 165.227.166.207 port 55364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 03:10:54,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375454.6437447, 'message': 'Dec  7 03:10:54 hqnl0246134 sshd[281387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:10:54,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375454.6438575, 'message': 'Dec  7 03:10:54 hqnl0246134 sshd[281387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:10:58,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375458.6487226, 'message': 'Dec  7 03:10:56 hqnl0246134 sshd[281387]: Failed password for invalid user oracle from 165.227.166.207 port 55364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 03:10:58,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375458.649186, 'message': 'Dec  7 03:10:56 hqnl0246134 sshd[281389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 03:10:58,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375458.649391, 'message': 'Dec  7 03:10:58 hqnl0246134 sshd[281387]: Disconnected from invalid user oracle 165.227.166.207 port 55364 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:11:00,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375460.650603, 'message': 'Dec  7 03:10:58 hqnl0246134 sshd[281389]: Failed password for root from 61.177.173.18 port 25634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 03:11:00,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375460.6509242, 'message': 'Dec  7 03:10:59 hqnl0246134 sshd[281391]: Invalid user scan from 90.177.60.46 port 43940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:11:00,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375460.6510494, 'message': 'Dec  7 03:11:00 hqnl0246134 sshd[281391]: pam_imunify(sshd:auth): [IM360_RBL] The IP 90.177.60.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:11:00,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375460.651238, 'message': 'Dec  7 03:11:00 hqnl0246134 sshd[281391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.177.60.46 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:11:02,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375462.6531787, 'message': 'Dec  7 03:11:01 hqnl0246134 sshd[281391]: Failed password for invalid user scan from 90.177.60.46 port 43940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:11:04,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '90.177.60.46', 'timestamp': 1670375464.6565635, 'message': 'Dec  7 03:11:03 hqnl0246134 sshd[281391]: Disconnected from invalid user scan 90.177.60.46 port 43940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-07 03:11:04,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375464.6569386, 'message': 'Dec  7 03:11:03 hqnl0246134 sshd[281389]: Failed password for root from 61.177.173.18 port 25634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-07 03:11:10,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375470.66365, 'message': 'Dec  7 03:11:07 hqnl0246134 sshd[281389]: Failed password for root from 61.177.173.18 port 25634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 03:11:12,097] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:11:12,141] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0527 seconds
INFO    [2022-12-07 03:11:12,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375472.6659493, 'message': 'Dec  7 03:11:11 hqnl0246134 sshd[281411]: Invalid user max from 159.223.88.78 port 38184', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:11:12,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375472.666133, 'message': 'Dec  7 03:11:11 hqnl0246134 sshd[281411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.88.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:11:12,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375472.6666317, 'message': 'Dec  7 03:11:11 hqnl0246134 sshd[281411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.88.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:11:14,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375474.6743796, 'message': 'Dec  7 03:11:13 hqnl0246134 sshd[281411]: Failed password for invalid user max from 159.223.88.78 port 38184 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:11:14,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375474.6745872, 'message': 'Dec  7 03:11:13 hqnl0246134 sshd[281411]: Disconnected from invalid user max 159.223.88.78 port 38184 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:11:18,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:11:18,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:11:18,915] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:11:18,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 03:11:21,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:11:21,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:11:21,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:11:21,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 03:11:28,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375488.6864002, 'message': 'Dec  7 03:11:28 hqnl0246134 sshd[281427]: Invalid user firewall from 123.30.249.87 port 42086', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 03:11:28,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375488.6870413, 'message': 'Dec  7 03:11:28 hqnl0246134 sshd[281427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.249.87 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 03:11:28,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375488.6872046, 'message': 'Dec  7 03:11:28 hqnl0246134 sshd[281427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:11:30,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375490.688938, 'message': 'Dec  7 03:11:30 hqnl0246134 sshd[281427]: Failed password for invalid user firewall from 123.30.249.87 port 42086 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:11:32,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.249.87', 'timestamp': 1670375492.6899164, 'message': 'Dec  7 03:11:30 hqnl0246134 sshd[281427]: Disconnected from invalid user firewall 123.30.249.87 port 42086 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:11:44,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375504.7023885, 'message': 'Dec  7 03:11:44 hqnl0246134 sshd[281438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:11:46,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375506.7032528, 'message': 'Dec  7 03:11:45 hqnl0246134 sshd[281438]: Failed password for root from 61.177.173.18 port 42271 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:11:46,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375506.7034292, 'message': 'Dec  7 03:11:45 hqnl0246134 sshd[281440]: Invalid user ash from 206.189.119.230 port 56332', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 03:11:46,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375506.7049263, 'message': 'Dec  7 03:11:45 hqnl0246134 sshd[281440]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.119.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:11:46,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375506.7050602, 'message': 'Dec  7 03:11:45 hqnl0246134 sshd[281440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:11:48,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375508.70825, 'message': 'Dec  7 03:11:48 hqnl0246134 sshd[281440]: Failed password for invalid user ash from 206.189.119.230 port 56332 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-07 03:11:48,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375508.7086701, 'message': 'Dec  7 03:11:48 hqnl0246134 sshd[281438]: Failed password for root from 61.177.173.18 port 42271 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-07 03:11:50,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.119.230', 'timestamp': 1670375510.710785, 'message': 'Dec  7 03:11:48 hqnl0246134 sshd[281440]: Disconnected from invalid user ash 206.189.119.230 port 56332 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-07 03:11:50,789] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:11:50,790] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:11:54,153] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 03:11:54,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375514.7169666, 'message': 'Dec  7 03:11:52 hqnl0246134 sshd[281438]: Failed password for root from 61.177.173.18 port 42271 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:11:57,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:11:57,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:11:57,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:11:57,607] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 03:12:07,834] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:12:07,913] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:12:07,914] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:12:07,914] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:12:07,914] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:12:07,915] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:12:07,961] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:12:08,130] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.2142 seconds
WARNING [2022-12-07 03:12:08,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:12:08,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:12:08,162] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0409 seconds
INFO    [2022-12-07 03:12:08,163] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0365 seconds
WARNING [2022-12-07 03:12:12,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:12:12,717] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.6226 seconds
INFO    [2022-12-07 03:12:17,842] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:12:17,842] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:12:17,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:12:17,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 03:12:20,531] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:12:20,531] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:12:20,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:12:20,551] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:12:32,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375552.7504792, 'message': 'Dec  7 03:12:30 hqnl0246134 sshd[281513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 03:12:34,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375554.7509186, 'message': 'Dec  7 03:12:33 hqnl0246134 sshd[281513]: Failed password for root from 61.177.173.18 port 48476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:12:38,040] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:12:38,041] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:12:38,041] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 03:12:44,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670375564.7624295, 'message': 'Dec  7 03:12:44 hqnl0246134 sshd[281529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 03:12:44,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670375564.7630873, 'message': 'Dec  7 03:12:44 hqnl0246134 sshd[281529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:12:46,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.236.228.138', 'timestamp': 1670375566.7640672, 'message': 'Dec  7 03:12:45 hqnl0246134 sshd[281529]: Failed password for root from 185.236.228.138 port 56378 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 03:12:50,795] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:12:50,796] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:13:02,151] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 03:13:02,166] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:13:02,182] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0288 seconds
INFO    [2022-12-07 03:13:02,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375582.7815943, 'message': 'Dec  7 03:13:00 hqnl0246134 sshd[281533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 97.74.95.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:13:02,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375582.7818882, 'message': 'Dec  7 03:13:00 hqnl0246134 sshd[281533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.95.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:13:04,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375584.783867, 'message': 'Dec  7 03:13:03 hqnl0246134 sshd[281533]: Failed password for root from 97.74.95.243 port 59538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 03:13:04,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375584.7841854, 'message': 'Dec  7 03:13:03 hqnl0246134 sshd[281553]: Invalid user postgres from 165.227.166.207 port 37404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 03:13:04,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375584.784439, 'message': 'Dec  7 03:13:03 hqnl0246134 sshd[281553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:13:04,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375584.7846494, 'message': 'Dec  7 03:13:03 hqnl0246134 sshd[281553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:13:06,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375586.786109, 'message': 'Dec  7 03:13:05 hqnl0246134 sshd[281553]: Failed password for invalid user postgres from 165.227.166.207 port 37404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:13:07,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:13:07,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:13:07,693] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:13:07,704] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 03:13:08,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375588.810113, 'message': 'Dec  7 03:13:07 hqnl0246134 sshd[281553]: Disconnected from invalid user postgres 165.227.166.207 port 37404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 03:13:10,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375590.790993, 'message': 'Dec  7 03:13:09 hqnl0246134 sshd[281560]: Invalid user billing from 159.223.88.78 port 48870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1384 seconds
INFO    [2022-12-07 03:13:10,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375590.7913163, 'message': 'Dec  7 03:13:09 hqnl0246134 sshd[281560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.88.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:13:10,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375590.7915533, 'message': 'Dec  7 03:13:09 hqnl0246134 sshd[281560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.88.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 03:13:12,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:13:12,130] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0317 seconds
INFO    [2022-12-07 03:13:12,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375592.793181, 'message': 'Dec  7 03:13:11 hqnl0246134 sshd[281560]: Failed password for invalid user billing from 159.223.88.78 port 48870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:13:12,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375592.7933667, 'message': 'Dec  7 03:13:11 hqnl0246134 sshd[281570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 03:13:12,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375592.7934992, 'message': 'Dec  7 03:13:11 hqnl0246134 sshd[281570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:13:14,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.88.78', 'timestamp': 1670375594.7984464, 'message': 'Dec  7 03:13:12 hqnl0246134 sshd[281560]: Disconnected from invalid user billing 159.223.88.78 port 48870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 03:13:14,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375594.798804, 'message': 'Dec  7 03:13:14 hqnl0246134 sshd[281570]: Failed password for root from 61.177.173.50 port 30918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 03:13:16,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375596.7997718, 'message': 'Dec  7 03:13:16 hqnl0246134 sshd[281570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:13:17,792] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:13:17,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:13:17,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:13:17,811] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 03:13:18,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375598.802196, 'message': 'Dec  7 03:13:17 hqnl0246134 sshd[281570]: Failed password for root from 61.177.173.50 port 30918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 03:13:18,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375598.8024917, 'message': 'Dec  7 03:13:18 hqnl0246134 sshd[281577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:13:18,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375598.8023782, 'message': 'Dec  7 03:13:18 hqnl0246134 sshd[281570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:13:20,657] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:13:20,657] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:13:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:13:20,680] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 03:13:20,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375600.804669, 'message': 'Dec  7 03:13:19 hqnl0246134 sshd[281570]: Failed password for root from 61.177.173.50 port 30918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:13:20,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375600.8048658, 'message': 'Dec  7 03:13:19 hqnl0246134 sshd[281577]: Failed password for root from 61.177.173.18 port 12502 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 03:13:22,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375602.8062139, 'message': 'Dec  7 03:13:22 hqnl0246134 sshd[281587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:13:22,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375602.806518, 'message': 'Dec  7 03:13:22 hqnl0246134 sshd[281577]: Failed password for root from 61.177.173.18 port 12502 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 03:13:22,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375602.806408, 'message': 'Dec  7 03:13:22 hqnl0246134 sshd[281587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:13:24,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375604.8081214, 'message': 'Dec  7 03:13:24 hqnl0246134 sshd[281587]: Failed password for root from 61.177.173.50 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:13:26,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375606.8095691, 'message': 'Dec  7 03:13:25 hqnl0246134 sshd[281577]: Failed password for root from 61.177.173.18 port 12502 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 03:13:26,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375606.8097785, 'message': 'Dec  7 03:13:26 hqnl0246134 sshd[281587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 03:13:28,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375608.8129473, 'message': 'Dec  7 03:13:28 hqnl0246134 sshd[281587]: Failed password for root from 61.177.173.50 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:13:28,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375608.813174, 'message': 'Dec  7 03:13:28 hqnl0246134 sshd[281587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 03:13:30,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670375610.8138263, 'message': 'Dec  7 03:13:30 hqnl0246134 sshd[281587]: Failed password for root from 61.177.173.50 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:13:32,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375612.8177476, 'message': 'Dec  7 03:13:31 hqnl0246134 sshd[281592]: Invalid user ark from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:13:32,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375612.8179264, 'message': 'Dec  7 03:13:31 hqnl0246134 sshd[281592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:13:32,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375612.8180518, 'message': 'Dec  7 03:13:31 hqnl0246134 sshd[281592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:13:34,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375614.818435, 'message': 'Dec  7 03:13:33 hqnl0246134 sshd[281594]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 03:13:34,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375614.8187451, 'message': 'Dec  7 03:13:34 hqnl0246134 sshd[281592]: Failed password for invalid user ark from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 03:13:34,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375614.818621, 'message': 'Dec  7 03:13:33 hqnl0246134 sshd[281594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:13:36,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670375616.821973, 'message': 'Dec  7 03:13:35 hqnl0246134 sshd[281592]: Disconnected from invalid user ark 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 03:13:36,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375616.8222835, 'message': 'Dec  7 03:13:35 hqnl0246134 sshd[281594]: Failed password for root from 61.177.173.36 port 17838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-07 03:13:38,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375618.901973, 'message': 'Dec  7 03:13:37 hqnl0246134 sshd[281594]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:13:40,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375620.8248413, 'message': 'Dec  7 03:13:39 hqnl0246134 sshd[281594]: Failed password for root from 61.177.173.36 port 17838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 03:13:42,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375622.8257654, 'message': 'Dec  7 03:13:41 hqnl0246134 sshd[281594]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:13:44,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375624.828837, 'message': 'Dec  7 03:13:44 hqnl0246134 sshd[281594]: Failed password for root from 61.177.173.36 port 17838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:13:46,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375626.82987, 'message': 'Dec  7 03:13:45 hqnl0246134 sshd[281605]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:13:46,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375626.830055, 'message': 'Dec  7 03:13:45 hqnl0246134 sshd[281605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:13:48,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375628.832554, 'message': 'Dec  7 03:13:48 hqnl0246134 sshd[281605]: Failed password for root from 61.177.173.36 port 11240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 03:13:50,799] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:13:50,800] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:13:50,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375630.8348927, 'message': 'Dec  7 03:13:49 hqnl0246134 sshd[281607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:13:50,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375630.835195, 'message': 'Dec  7 03:13:50 hqnl0246134 sshd[281605]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:13:50,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375630.8350856, 'message': 'Dec  7 03:13:49 hqnl0246134 sshd[281607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:13:52,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375632.837617, 'message': 'Dec  7 03:13:51 hqnl0246134 sshd[281607]: Failed password for root from 61.177.173.37 port 49493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 03:13:52,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375632.8379483, 'message': 'Dec  7 03:13:51 hqnl0246134 sshd[281605]: Failed password for root from 61.177.173.36 port 11240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:13:52,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375632.8378263, 'message': 'Dec  7 03:13:51 hqnl0246134 sshd[281607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 03:13:52,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375632.838066, 'message': 'Dec  7 03:13:52 hqnl0246134 sshd[281605]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 03:13:54,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375634.840913, 'message': 'Dec  7 03:13:53 hqnl0246134 sshd[281607]: Failed password for root from 61.177.173.37 port 49493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 03:13:54,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375634.84137, 'message': 'Dec  7 03:13:53 hqnl0246134 sshd[281605]: Failed password for root from 61.177.173.36 port 11240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 03:13:54,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375634.841183, 'message': 'Dec  7 03:13:53 hqnl0246134 sshd[281607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:13:56,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375636.8435552, 'message': 'Dec  7 03:13:55 hqnl0246134 sshd[281607]: Failed password for root from 61.177.173.37 port 49493 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:13:56,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375636.8438044, 'message': 'Dec  7 03:13:56 hqnl0246134 sshd[281609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:13:56,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375636.8439388, 'message': 'Dec  7 03:13:56 hqnl0246134 sshd[281609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:13:58,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375638.8450716, 'message': 'Dec  7 03:13:57 hqnl0246134 sshd[281611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:13:58,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375638.8455088, 'message': 'Dec  7 03:13:58 hqnl0246134 sshd[281609]: Failed password for root from 61.177.173.36 port 39229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 03:13:58,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375638.845356, 'message': 'Dec  7 03:13:57 hqnl0246134 sshd[281611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:13:58,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375638.8456433, 'message': 'Dec  7 03:13:58 hqnl0246134 sshd[281609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:14:00,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375640.8465118, 'message': 'Dec  7 03:13:59 hqnl0246134 sshd[281611]: Failed password for root from 61.177.173.37 port 58830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 03:14:00,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375640.8469326, 'message': 'Dec  7 03:14:00 hqnl0246134 sshd[281609]: Failed password for root from 61.177.173.36 port 39229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 03:14:02,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375642.8540132, 'message': 'Dec  7 03:14:00 hqnl0246134 sshd[281609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 03:14:02,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375642.8543146, 'message': 'Dec  7 03:14:01 hqnl0246134 sshd[281611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 03:14:02,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670375642.8544674, 'message': 'Dec  7 03:14:02 hqnl0246134 sshd[281609]: Failed password for root from 61.177.173.36 port 39229 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:14:04,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375644.8555644, 'message': 'Dec  7 03:14:04 hqnl0246134 sshd[281620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-07 03:14:04,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375644.8557591, 'message': 'Dec  7 03:14:04 hqnl0246134 sshd[281611]: Failed password for root from 61.177.173.37 port 58830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 03:14:06,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375646.8574557, 'message': 'Dec  7 03:14:05 hqnl0246134 sshd[281620]: Failed password for root from 61.177.173.18 port 25499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 03:14:06,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375646.8576941, 'message': 'Dec  7 03:14:06 hqnl0246134 sshd[281611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 03:14:09,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375648.859149, 'message': 'Dec  7 03:14:08 hqnl0246134 sshd[281611]: Failed password for root from 61.177.173.37 port 58830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1436 seconds
INFO    [2022-12-07 03:14:09,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375648.8594964, 'message': 'Dec  7 03:14:08 hqnl0246134 sshd[281620]: Failed password for root from 61.177.173.18 port 25499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1439 seconds
WARNING [2022-12-07 03:14:12,109] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:14:12,134] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-07 03:14:12,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375652.8645823, 'message': 'Dec  7 03:14:12 hqnl0246134 sshd[281633]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-07 03:14:12,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375652.8651283, 'message': 'Dec  7 03:14:12 hqnl0246134 sshd[281620]: Failed password for root from 61.177.173.18 port 25499 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0497 seconds
INFO    [2022-12-07 03:14:12,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375652.8649025, 'message': 'Dec  7 03:14:12 hqnl0246134 sshd[281633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 03:14:13,242] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:14:13,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:14:13,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:14:13,269] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-07 03:14:14,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375654.867463, 'message': 'Dec  7 03:14:14 hqnl0246134 sshd[281633]: Failed password for root from 61.177.173.37 port 59600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:14:16,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375656.87184, 'message': 'Dec  7 03:14:16 hqnl0246134 sshd[281633]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:14:18,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375658.8736453, 'message': 'Dec  7 03:14:18 hqnl0246134 sshd[281633]: Failed password for root from 61.177.173.37 port 59600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:14:18,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375658.87387, 'message': 'Dec  7 03:14:18 hqnl0246134 sshd[281633]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:14:19,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:14:19,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:14:19,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:14:19,811] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 03:14:22,589] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:14:22,589] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:14:22,596] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:14:22,607] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:14:22,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375662.8754067, 'message': 'Dec  7 03:14:21 hqnl0246134 sshd[281633]: Failed password for root from 61.177.173.37 port 59600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:14:24,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375664.876748, 'message': 'Dec  7 03:14:24 hqnl0246134 sshd[281651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:14:24,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375664.8769681, 'message': 'Dec  7 03:14:24 hqnl0246134 sshd[281651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 03:14:26,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375666.8771944, 'message': 'Dec  7 03:14:26 hqnl0246134 sshd[281651]: Failed password for root from 61.177.173.37 port 47258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:14:28,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375668.8790128, 'message': 'Dec  7 03:14:28 hqnl0246134 sshd[281651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:14:30,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375670.8785439, 'message': 'Dec  7 03:14:30 hqnl0246134 sshd[281651]: Failed password for root from 61.177.173.37 port 47258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:14:32,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375672.881478, 'message': 'Dec  7 03:14:31 hqnl0246134 sshd[281651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:14:34,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375674.8827684, 'message': 'Dec  7 03:14:33 hqnl0246134 sshd[281651]: Failed password for root from 61.177.173.37 port 47258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 03:14:36,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375676.8870077, 'message': 'Dec  7 03:14:35 hqnl0246134 sshd[281655]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.244.158.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:14:36,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375676.8872426, 'message': 'Dec  7 03:14:35 hqnl0246134 sshd[281655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.158.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:14:38,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375678.8901234, 'message': 'Dec  7 03:14:36 hqnl0246134 sshd[281658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 03:14:38,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.244.158.201', 'timestamp': 1670375678.890622, 'message': 'Dec  7 03:14:37 hqnl0246134 sshd[281655]: Failed password for root from 143.244.158.201 port 48274 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 03:14:39,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375678.8904479, 'message': 'Dec  7 03:14:36 hqnl0246134 sshd[281658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1292 seconds
INFO    [2022-12-07 03:14:39,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375678.89076, 'message': 'Dec  7 03:14:38 hqnl0246134 sshd[281658]: Failed password for root from 61.177.173.37 port 27934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:14:40,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375680.893483, 'message': 'Dec  7 03:14:39 hqnl0246134 sshd[281658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:14:42,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375682.8965707, 'message': 'Dec  7 03:14:40 hqnl0246134 sshd[281658]: Failed password for root from 61.177.173.37 port 27934 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:14:42,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375682.8968177, 'message': 'Dec  7 03:14:41 hqnl0246134 sshd[281658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:14:44,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670375684.89922, 'message': 'Dec  7 03:14:43 hqnl0246134 sshd[281658]: Failed password for root from 61.177.173.37 port 27934 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:14:48,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375688.9060524, 'message': 'Dec  7 03:14:46 hqnl0246134 sshd[281692]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.196.230.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:14:48,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375688.9063709, 'message': 'Dec  7 03:14:46 hqnl0246134 sshd[281692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.196.230.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:14:48,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375688.90649, 'message': 'Dec  7 03:14:48 hqnl0246134 sshd[281692]: Failed password for root from 200.196.230.126 port 39375 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 03:14:50,806] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:14:50,806] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:14:50,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375690.9082196, 'message': 'Dec  7 03:14:50 hqnl0246134 sshd[281696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:14:52,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375692.909805, 'message': 'Dec  7 03:14:51 hqnl0246134 sshd[281696]: Failed password for root from 61.177.173.18 port 37902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:15:10,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375710.9416676, 'message': 'Dec  7 03:15:09 hqnl0246134 sshd[281735]: Invalid user ash from 161.35.193.18 port 34456', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 03:15:10,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375710.9423451, 'message': 'Dec  7 03:15:09 hqnl0246134 sshd[281733]: Invalid user postgres from 165.227.166.207 port 47702', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 03:15:11,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375710.9426088, 'message': 'Dec  7 03:15:10 hqnl0246134 sshd[281735]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.193.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 03:15:11,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375710.9460642, 'message': 'Dec  7 03:15:10 hqnl0246134 sshd[281733]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 03:15:11,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375710.945803, 'message': 'Dec  7 03:15:10 hqnl0246134 sshd[281735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.193.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:15:11,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375710.9462752, 'message': 'Dec  7 03:15:10 hqnl0246134 sshd[281733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
WARNING [2022-12-07 03:15:12,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:15:12,144] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-07 03:15:12,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375712.9461534, 'message': 'Dec  7 03:15:11 hqnl0246134 sshd[281735]: Failed password for invalid user ash from 161.35.193.18 port 34456 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:15:12,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375712.9463289, 'message': 'Dec  7 03:15:11 hqnl0246134 sshd[281733]: Failed password for invalid user postgres from 165.227.166.207 port 47702 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:15:13,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375712.9465513, 'message': 'Dec  7 03:15:12 hqnl0246134 sshd[281735]: Disconnected from invalid user ash 161.35.193.18 port 34456 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:15:13,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375712.946443, 'message': 'Dec  7 03:15:12 hqnl0246134 sshd[281733]: Disconnected from invalid user postgres 165.227.166.207 port 47702 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:15:14,725] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:15:14,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:15:14,734] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:15:14,747] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 03:15:17,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:15:17,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:15:17,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:15:17,810] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 03:15:18,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375718.9508364, 'message': 'Dec  7 03:15:17 hqnl0246134 sshd[281749]: Invalid user firewall from 123.30.157.54 port 53010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 03:15:19,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375718.951163, 'message': 'Dec  7 03:15:17 hqnl0246134 sshd[281749]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.157.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:15:19,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375718.9513776, 'message': 'Dec  7 03:15:17 hqnl0246134 sshd[281749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.157.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 03:15:20,570] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:15:20,571] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:15:20,579] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:15:20,590] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 03:15:20,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375720.9551604, 'message': 'Dec  7 03:15:20 hqnl0246134 sshd[281749]: Failed password for invalid user firewall from 123.30.157.54 port 53010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:15:22,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375722.9604325, 'message': 'Dec  7 03:15:22 hqnl0246134 sshd[281749]: Disconnected from invalid user firewall 123.30.157.54 port 53010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:15:36,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375736.9782321, 'message': 'Dec  7 03:15:35 hqnl0246134 sshd[281762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:15:37,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375736.978472, 'message': 'Dec  7 03:15:36 hqnl0246134 sshd[281762]: Failed password for root from 61.177.173.18 port 48603 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 03:15:50,809] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:15:50,810] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:16:12,122] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:16:12,147] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0345 seconds
INFO    [2022-12-07 03:16:17,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375777.051436, 'message': 'Dec  7 03:16:16 hqnl0246134 sshd[281792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:16:17,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375777.051904, 'message': 'Dec  7 03:16:16 hqnl0246134 sshd[281792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:16:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:16:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:16:17,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:16:17,941] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:16:19,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375779.0520942, 'message': 'Dec  7 03:16:17 hqnl0246134 sshd[281792]: Failed password for root from 61.177.172.124 port 21534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 03:16:19,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375779.0523162, 'message': 'Dec  7 03:16:18 hqnl0246134 sshd[281792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:16:19,287] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:16:19,351] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:16:19,352] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:16:19,352] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:16:19,352] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:16:19,353] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:16:19,361] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:16:19,384] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0305 seconds
WARNING [2022-12-07 03:16:19,394] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:16:19,397] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:16:19,423] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0471 seconds
INFO    [2022-12-07 03:16:19,425] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0444 seconds
INFO    [2022-12-07 03:16:20,677] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:16:20,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:16:20,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:16:20,696] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 03:16:21,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375781.05517, 'message': 'Dec  7 03:16:20 hqnl0246134 sshd[281792]: Failed password for root from 61.177.172.124 port 21534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 03:16:21,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375781.0553434, 'message': 'Dec  7 03:16:20 hqnl0246134 sshd[281792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 03:16:23,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375783.0582132, 'message': 'Dec  7 03:16:21 hqnl0246134 sshd[281792]: Failed password for root from 61.177.172.124 port 21534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:16:23,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375783.058497, 'message': 'Dec  7 03:16:22 hqnl0246134 sshd[281805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:16:25,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375785.060648, 'message': 'Dec  7 03:16:23 hqnl0246134 sshd[281805]: Failed password for root from 61.177.173.18 port 19181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 03:16:25,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375785.0608425, 'message': 'Dec  7 03:16:24 hqnl0246134 sshd[281810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 03:16:25,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375785.060953, 'message': 'Dec  7 03:16:24 hqnl0246134 sshd[281810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:16:25,288] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:16:25,288] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:16:25,295] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:16:25,308] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:16:27,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375787.0635397, 'message': 'Dec  7 03:16:26 hqnl0246134 sshd[281805]: Failed password for root from 61.177.173.18 port 19181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0561 seconds
INFO    [2022-12-07 03:16:27,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375787.0638337, 'message': 'Dec  7 03:16:26 hqnl0246134 sshd[281810]: Failed password for root from 61.177.172.124 port 34893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 03:16:27,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375787.0640678, 'message': 'Dec  7 03:16:27 hqnl0246134 sshd[281816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 97.74.95.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 03:16:27,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375787.0642867, 'message': 'Dec  7 03:16:27 hqnl0246134 sshd[281816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.95.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:16:29,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375789.0662007, 'message': 'Dec  7 03:16:28 hqnl0246134 sshd[281810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:16:29,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375789.0664446, 'message': 'Dec  7 03:16:28 hqnl0246134 sshd[281816]: Failed password for root from 97.74.95.243 port 51270 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:16:31,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375791.069441, 'message': 'Dec  7 03:16:30 hqnl0246134 sshd[281805]: Failed password for root from 61.177.173.18 port 19181 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:16:31,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375791.0696526, 'message': 'Dec  7 03:16:30 hqnl0246134 sshd[281810]: Failed password for root from 61.177.172.124 port 34893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:16:31,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375791.0697794, 'message': 'Dec  7 03:16:31 hqnl0246134 sshd[281810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:16:35,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375795.0745478, 'message': 'Dec  7 03:16:33 hqnl0246134 sshd[281810]: Failed password for root from 61.177.172.124 port 34893 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:16:37,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375797.0775833, 'message': 'Dec  7 03:16:37 hqnl0246134 sshd[281818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:16:37,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375797.0777876, 'message': 'Dec  7 03:16:37 hqnl0246134 sshd[281818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:16:41,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375801.0804162, 'message': 'Dec  7 03:16:39 hqnl0246134 sshd[281818]: Failed password for root from 61.177.172.124 port 30573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:16:43,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375803.0828462, 'message': 'Dec  7 03:16:41 hqnl0246134 sshd[281818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:16:45,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375805.085431, 'message': 'Dec  7 03:16:43 hqnl0246134 sshd[281818]: Failed password for root from 61.177.172.124 port 30573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:16:45,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375805.0856338, 'message': 'Dec  7 03:16:43 hqnl0246134 sshd[281818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:16:47,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375807.088848, 'message': 'Dec  7 03:16:45 hqnl0246134 sshd[281818]: Failed password for root from 61.177.172.124 port 30573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:16:49,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375809.0984476, 'message': 'Dec  7 03:16:47 hqnl0246134 sshd[281830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:16:49,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375809.098654, 'message': 'Dec  7 03:16:47 hqnl0246134 sshd[281830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:16:49,520] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:16:49,521] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:16:49,521] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 03:16:50,812] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:16:50,813] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:16:51,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375811.1085978, 'message': 'Dec  7 03:16:49 hqnl0246134 sshd[281830]: Failed password for root from 61.177.172.124 port 57526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:16:53,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375813.1173174, 'message': 'Dec  7 03:16:51 hqnl0246134 sshd[281830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:16:55,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375815.1223202, 'message': 'Dec  7 03:16:53 hqnl0246134 sshd[281830]: Failed password for root from 61.177.172.124 port 57526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:16:55,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375815.1225722, 'message': 'Dec  7 03:16:54 hqnl0246134 sshd[281830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:16:57,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670375817.1311233, 'message': 'Dec  7 03:16:56 hqnl0246134 sshd[281830]: Failed password for root from 61.177.172.124 port 57526 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:17:09,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375829.1582327, 'message': 'Dec  7 03:17:08 hqnl0246134 sshd[281855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 03:17:11,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375831.1644578, 'message': 'Dec  7 03:17:10 hqnl0246134 sshd[281855]: Failed password for root from 61.177.173.18 port 32942 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 03:17:12,123] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:17:12,143] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0268 seconds
INFO    [2022-12-07 03:17:17,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:17:17,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:17:17,778] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:17:17,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 03:17:20,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:17:20,368] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:17:20,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:17:20,386] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:17:21,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375841.1813176, 'message': 'Dec  7 03:17:20 hqnl0246134 sshd[281873]: Invalid user postgres from 165.227.166.207 port 57986', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:17:21,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375841.1816149, 'message': 'Dec  7 03:17:20 hqnl0246134 sshd[281873]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:17:21,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375841.181775, 'message': 'Dec  7 03:17:20 hqnl0246134 sshd[281873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:17:23,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375843.1854732, 'message': 'Dec  7 03:17:22 hqnl0246134 sshd[281873]: Failed password for invalid user postgres from 165.227.166.207 port 57986 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:17:23,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375843.1857312, 'message': 'Dec  7 03:17:22 hqnl0246134 sshd[281873]: Disconnected from invalid user postgres 165.227.166.207 port 57986 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:17:47,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375867.2265396, 'message': 'Dec  7 03:17:47 hqnl0246134 sshd[281888]: Invalid user dev from 161.35.193.18 port 41092', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 03:17:47,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375867.2269566, 'message': 'Dec  7 03:17:47 hqnl0246134 sshd[281888]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.193.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:17:47,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375867.2271073, 'message': 'Dec  7 03:17:47 hqnl0246134 sshd[281888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.193.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:17:49,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375869.229092, 'message': 'Dec  7 03:17:48 hqnl0246134 sshd[281888]: Failed password for invalid user dev from 161.35.193.18 port 41092 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 03:17:50,815] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:17:50,815] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:17:51,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.193.18', 'timestamp': 1670375871.2333894, 'message': 'Dec  7 03:17:49 hqnl0246134 sshd[281888]: Disconnected from invalid user dev 161.35.193.18 port 41092 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:17:52,364] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:17:52,365] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:17:52,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:17:52,382] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 03:17:55,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375875.2368004, 'message': 'Dec  7 03:17:55 hqnl0246134 sshd[281896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:17:59,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375879.2416291, 'message': 'Dec  7 03:17:57 hqnl0246134 sshd[281896]: Failed password for root from 61.177.173.18 port 43815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:18:03,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375883.2493966, 'message': 'Dec  7 03:18:01 hqnl0246134 sshd[281896]: Failed password for root from 61.177.173.18 port 43815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:18:09,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375889.2570243, 'message': 'Dec  7 03:18:06 hqnl0246134 sshd[281896]: Failed password for root from 61.177.173.18 port 43815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 03:18:12,132] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:18:12,153] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-07 03:18:17,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:18:17,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:18:17,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:18:17,707] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 03:18:20,473] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:18:20,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:18:20,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:18:20,512] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-07 03:18:43,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375923.3070602, 'message': 'Dec  7 03:18:42 hqnl0246134 sshd[281941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 03:18:45,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375925.3114498, 'message': 'Dec  7 03:18:44 hqnl0246134 sshd[281941]: Failed password for root from 61.177.173.18 port 54370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:18:49,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375929.322707, 'message': 'Dec  7 03:18:48 hqnl0246134 sshd[281945]: Invalid user jiaxing from 123.30.157.54 port 41854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 03:18:49,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375929.3234475, 'message': 'Dec  7 03:18:48 hqnl0246134 sshd[281941]: Failed password for root from 61.177.173.18 port 54370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 03:18:49,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375929.3231328, 'message': 'Dec  7 03:18:48 hqnl0246134 sshd[281945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.157.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:18:49,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375929.323309, 'message': 'Dec  7 03:18:48 hqnl0246134 sshd[281945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.157.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 03:18:50,817] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:18:50,818] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:18:51,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375931.324075, 'message': 'Dec  7 03:18:50 hqnl0246134 sshd[281945]: Failed password for invalid user jiaxing from 123.30.157.54 port 41854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:18:53,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.30.157.54', 'timestamp': 1670375933.3276346, 'message': 'Dec  7 03:18:51 hqnl0246134 sshd[281945]: Disconnected from invalid user jiaxing 123.30.157.54 port 41854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 03:18:53,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375933.3278935, 'message': 'Dec  7 03:18:51 hqnl0246134 sshd[281941]: Failed password for root from 61.177.173.18 port 54370 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0404 seconds
WARNING [2022-12-07 03:19:12,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:19:12,165] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0371 seconds
INFO    [2022-12-07 03:19:13,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375953.35521, 'message': 'Dec  7 03:19:12 hqnl0246134 sshd[281965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.196.230.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 03:19:13,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375953.3554978, 'message': 'Dec  7 03:19:12 hqnl0246134 sshd[281965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.196.230.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:19:15,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.196.230.126', 'timestamp': 1670375955.3557463, 'message': 'Dec  7 03:19:15 hqnl0246134 sshd[281965]: Failed password for root from 200.196.230.126 port 57594 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 03:19:17,997] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:19:17,998] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:19:18,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:19:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 03:19:19,504] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:19:19,505] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:19:19,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:19:19,535] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-07 03:19:21,208] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:19:21,209] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:19:21,218] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:19:21,229] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 03:19:27,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375967.3783407, 'message': 'Dec  7 03:19:27 hqnl0246134 sshd[281984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:19:27,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375967.378613, 'message': 'Dec  7 03:19:27 hqnl0246134 sshd[281984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:19:29,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.227.166.207', 'timestamp': 1670375969.3803535, 'message': 'Dec  7 03:19:29 hqnl0246134 sshd[281984]: Failed password for root from 165.227.166.207 port 40042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:19:33,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375973.3860009, 'message': 'Dec  7 03:19:31 hqnl0246134 sshd[281987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:19:35,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670375975.3874114, 'message': 'Dec  7 03:19:33 hqnl0246134 sshd[281987]: Failed password for root from 61.177.173.18 port 19866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:19:43,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375983.405955, 'message': 'Dec  7 03:19:41 hqnl0246134 sshd[281997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 97.74.95.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 03:19:43,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375983.4065368, 'message': 'Dec  7 03:19:41 hqnl0246134 sshd[281997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.95.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 03:19:45,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '97.74.95.243', 'timestamp': 1670375985.4095936, 'message': 'Dec  7 03:19:43 hqnl0246134 sshd[281997]: Failed password for root from 97.74.95.243 port 40828 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 03:19:50,822] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:19:50,823] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:20:12,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:20:12,186] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0546 seconds
INFO    [2022-12-07 03:20:17,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376017.4570277, 'message': 'Dec  7 03:20:16 hqnl0246134 sshd[282041]: Invalid user dev from 185.236.228.138 port 41510', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:20:17,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376017.457332, 'message': 'Dec  7 03:20:16 hqnl0246134 sshd[282041]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:20:17,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376017.4622045, 'message': 'Dec  7 03:20:16 hqnl0246134 sshd[282041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 03:20:17,929] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:20:17,930] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:20:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:20:17,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 03:20:19,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376019.4580762, 'message': 'Dec  7 03:20:18 hqnl0246134 sshd[282043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:20:19,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376019.4582849, 'message': 'Dec  7 03:20:18 hqnl0246134 sshd[282041]: Failed password for invalid user dev from 185.236.228.138 port 41510 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:20:19,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376019.4583945, 'message': 'Dec  7 03:20:19 hqnl0246134 sshd[282041]: Disconnected from invalid user dev 185.236.228.138 port 41510 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:20:20,640] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:20:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:20:20,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:20:20,661] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 03:20:21,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376021.4612494, 'message': 'Dec  7 03:20:20 hqnl0246134 sshd[282043]: Failed password for root from 61.177.173.18 port 25041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:20:23,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376023.465351, 'message': 'Dec  7 03:20:22 hqnl0246134 sshd[282043]: Failed password for root from 61.177.173.18 port 25041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:20:27,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376027.473499, 'message': 'Dec  7 03:20:24 hqnl0246134 sshd[282043]: Failed password for root from 61.177.173.18 port 25041 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:20:31,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.193.18', 'timestamp': 1670376031.4760633, 'message': 'Dec  7 03:20:31 hqnl0246134 sshd[282057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.193.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:20:31,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.193.18', 'timestamp': 1670376031.476415, 'message': 'Dec  7 03:20:31 hqnl0246134 sshd[282057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.193.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:20:33,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.193.18', 'timestamp': 1670376033.477622, 'message': 'Dec  7 03:20:32 hqnl0246134 sshd[282057]: Failed password for root from 161.35.193.18 port 44560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:20:35,503] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:20:35,503] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:20:35,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:20:35,524] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
WARNING [2022-12-07 03:20:50,828] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:20:50,829] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:21:07,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376067.5203283, 'message': 'Dec  7 03:21:06 hqnl0246134 sshd[282089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 03:21:07,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376067.5212035, 'message': 'Dec  7 03:21:06 hqnl0246134 sshd[282091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 03:21:07,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376067.5214753, 'message': 'Dec  7 03:21:06 hqnl0246134 sshd[282091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:21:09,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376069.5205321, 'message': 'Dec  7 03:21:07 hqnl0246134 sshd[282089]: Failed password for root from 61.177.173.18 port 47352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 03:21:09,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376069.5208058, 'message': 'Dec  7 03:21:08 hqnl0246134 sshd[282091]: Failed password for root from 61.177.173.46 port 64579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 03:21:09,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376069.5209672, 'message': 'Dec  7 03:21:08 hqnl0246134 sshd[282091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:21:11,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376071.522938, 'message': 'Dec  7 03:21:11 hqnl0246134 sshd[282089]: Failed password for root from 61.177.173.18 port 47352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0367 seconds
WARNING [2022-12-07 03:21:12,146] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:21:12,181] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0462 seconds
INFO    [2022-12-07 03:21:13,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376073.5245557, 'message': 'Dec  7 03:21:11 hqnl0246134 sshd[282091]: Failed password for root from 61.177.173.46 port 64579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:21:13,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376073.524884, 'message': 'Dec  7 03:21:13 hqnl0246134 sshd[282091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:21:15,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376075.526261, 'message': 'Dec  7 03:21:14 hqnl0246134 sshd[282089]: Failed password for root from 61.177.173.18 port 47352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 03:21:15,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376075.526646, 'message': 'Dec  7 03:21:15 hqnl0246134 sshd[282091]: Failed password for root from 61.177.173.46 port 64579 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:21:17,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:21:17,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:21:17,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:21:17,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 03:21:19,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376079.5315523, 'message': 'Dec  7 03:21:18 hqnl0246134 sshd[282109]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:21:19,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376079.5317643, 'message': 'Dec  7 03:21:19 hqnl0246134 sshd[282109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:21:21,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376081.5356114, 'message': 'Dec  7 03:21:20 hqnl0246134 sshd[282109]: Failed password for root from 61.177.173.46 port 11866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:21:21,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376081.5359006, 'message': 'Dec  7 03:21:21 hqnl0246134 sshd[282109]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:21:22,342] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:21:22,343] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:21:22,351] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:21:22,363] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 03:21:23,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376083.539346, 'message': 'Dec  7 03:21:22 hqnl0246134 sshd[282109]: Failed password for root from 61.177.173.46 port 11866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:21:25,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376085.5420995, 'message': 'Dec  7 03:21:23 hqnl0246134 sshd[282109]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:21:27,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670376087.544442, 'message': 'Dec  7 03:21:25 hqnl0246134 sshd[282109]: Failed password for root from 61.177.173.46 port 11866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:21:33,944] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:21:34,009] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:21:34,010] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:21:34,010] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:21:34,010] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:21:34,010] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:21:34,019] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:21:34,034] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0231 seconds
WARNING [2022-12-07 03:21:34,040] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:21:34,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:21:34,060] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0311 seconds
INFO    [2022-12-07 03:21:34,062] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0300 seconds
INFO    [2022-12-07 03:21:37,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376097.5538902, 'message': 'Dec  7 03:21:35 hqnl0246134 sshd[282128]: Invalid user sa from 165.227.166.207 port 50326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:21:37,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376097.554076, 'message': 'Dec  7 03:21:35 hqnl0246134 sshd[282128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:21:37,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376097.5542266, 'message': 'Dec  7 03:21:35 hqnl0246134 sshd[282128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:21:39,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376099.5615523, 'message': 'Dec  7 03:21:37 hqnl0246134 sshd[282128]: Failed password for invalid user sa from 165.227.166.207 port 50326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:21:39,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376099.5618572, 'message': 'Dec  7 03:21:38 hqnl0246134 sshd[282128]: Disconnected from invalid user sa 165.227.166.207 port 50326 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 03:21:50,833] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:21:50,835] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:21:53,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376113.5794923, 'message': 'Dec  7 03:21:51 hqnl0246134 sshd[282141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
WARNING [2022-12-07 03:21:54,156] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 03:21:55,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376115.5818331, 'message': 'Dec  7 03:21:53 hqnl0246134 sshd[282141]: Failed password for root from 61.177.173.18 port 59777 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:22:08,782] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:22:08,783] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:22:08,784] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 03:22:12,152] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:22:12,179] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0362 seconds
INFO    [2022-12-07 03:22:13,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.30.157.54', 'timestamp': 1670376133.6047015, 'message': 'Dec  7 03:22:13 hqnl0246134 sshd[282191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.30.157.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 03:22:13,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.30.157.54', 'timestamp': 1670376133.605009, 'message': 'Dec  7 03:22:13 hqnl0246134 sshd[282191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.157.54  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 03:22:15,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.30.157.54', 'timestamp': 1670376135.6058857, 'message': 'Dec  7 03:22:15 hqnl0246134 sshd[282191]: Failed password for root from 123.30.157.54 port 58930 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:22:18,059] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:22:18,060] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:22:18,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:22:18,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 03:22:18,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:22:18,286] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:22:18,293] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:22:18,304] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 03:22:22,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:22:22,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:22:22,912] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:22:22,924] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 03:22:39,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376159.6357024, 'message': 'Dec  7 03:22:38 hqnl0246134 sshd[282211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 03:22:41,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376161.6376607, 'message': 'Dec  7 03:22:40 hqnl0246134 sshd[282211]: Failed password for root from 61.177.173.18 port 20979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:22:41,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376161.638108, 'message': 'Dec  7 03:22:41 hqnl0246134 sshd[282214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:22:43,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376163.6402233, 'message': 'Dec  7 03:22:43 hqnl0246134 sshd[282214]: Failed password for root from 61.177.173.48 port 44832 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:22:45,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376165.6442337, 'message': 'Dec  7 03:22:44 hqnl0246134 sshd[282211]: Failed password for root from 61.177.173.18 port 20979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:22:47,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376167.648193, 'message': 'Dec  7 03:22:46 hqnl0246134 sshd[282214]: Failed password for root from 61.177.173.48 port 44832 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:22:47,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376167.6484005, 'message': 'Dec  7 03:22:46 hqnl0246134 sshd[282211]: Failed password for root from 61.177.173.18 port 20979 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
WARNING [2022-12-07 03:22:50,841] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:22:50,841] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:22:51,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376171.6527507, 'message': 'Dec  7 03:22:49 hqnl0246134 sshd[282214]: Failed password for root from 61.177.173.48 port 44832 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:22:51,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '97.74.95.243', 'timestamp': 1670376171.6529548, 'message': 'Dec  7 03:22:50 hqnl0246134 sshd[282224]: Invalid user oracle from 97.74.95.243 port 58622', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:22:51,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '97.74.95.243', 'timestamp': 1670376171.6530664, 'message': 'Dec  7 03:22:50 hqnl0246134 sshd[282224]: pam_imunify(sshd:auth): [IM360_RBL] The IP 97.74.95.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:22:51,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '97.74.95.243', 'timestamp': 1670376171.6531901, 'message': 'Dec  7 03:22:50 hqnl0246134 sshd[282224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.95.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:22:53,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376173.6563478, 'message': 'Dec  7 03:22:51 hqnl0246134 sshd[282226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 03:22:53,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '97.74.95.243', 'timestamp': 1670376173.6565583, 'message': 'Dec  7 03:22:52 hqnl0246134 sshd[282224]: Failed password for invalid user oracle from 97.74.95.243 port 58622 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 03:22:53,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376173.6567156, 'message': 'Dec  7 03:22:53 hqnl0246134 sshd[282226]: Failed password for root from 61.177.173.48 port 15404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:22:55,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '97.74.95.243', 'timestamp': 1670376175.658175, 'message': 'Dec  7 03:22:54 hqnl0246134 sshd[282224]: Disconnected from invalid user oracle 97.74.95.243 port 58622 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:22:57,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376177.6601977, 'message': 'Dec  7 03:22:55 hqnl0246134 sshd[282226]: Failed password for root from 61.177.173.48 port 15404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:23:01,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376181.666772, 'message': 'Dec  7 03:22:58 hqnl0246134 sshd[282226]: Failed password for root from 61.177.173.48 port 15404 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:23:03,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376183.6688547, 'message': 'Dec  7 03:23:02 hqnl0246134 sshd[282230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:23:05,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670376185.6702452, 'message': 'Dec  7 03:23:04 hqnl0246134 sshd[282230]: Failed password for root from 61.177.173.48 port 51377 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
WARNING [2022-12-07 03:23:12,162] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:23:12,203] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0548 seconds
INFO    [2022-12-07 03:23:17,871] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:23:17,872] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:23:17,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:23:17,891] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 03:23:20,521] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:23:20,522] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:23:20,529] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:23:20,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 03:23:27,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376207.696704, 'message': 'Dec  7 03:23:26 hqnl0246134 sshd[282265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 03:23:29,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376209.6978598, 'message': 'Dec  7 03:23:28 hqnl0246134 sshd[282265]: Failed password for root from 61.177.173.18 port 47360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 03:23:31,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376211.6998756, 'message': 'Dec  7 03:23:30 hqnl0246134 sshd[282265]: Failed password for root from 61.177.173.18 port 47360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:23:33,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376213.7016625, 'message': 'Dec  7 03:23:33 hqnl0246134 sshd[282265]: Failed password for root from 61.177.173.18 port 47360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:23:45,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376225.7146194, 'message': 'Dec  7 03:23:44 hqnl0246134 sshd[282276]: Invalid user server from 165.227.166.207 port 60620', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:23:45,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376225.7150874, 'message': 'Dec  7 03:23:44 hqnl0246134 sshd[282276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 03:23:45,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376225.7153218, 'message': 'Dec  7 03:23:44 hqnl0246134 sshd[282276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 03:23:47,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376227.7167943, 'message': 'Dec  7 03:23:46 hqnl0246134 sshd[282276]: Failed password for invalid user server from 165.227.166.207 port 60620 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:23:49,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376229.720944, 'message': 'Dec  7 03:23:47 hqnl0246134 sshd[282276]: Disconnected from invalid user server 165.227.166.207 port 60620 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:23:50,290] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:23:50,290] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:23:50,299] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:23:50,312] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-07 03:23:50,843] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:23:50,844] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:24:12,161] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:24:12,180] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-07 03:24:13,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376253.7483766, 'message': 'Dec  7 03:24:12 hqnl0246134 sshd[282304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:24:15,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376255.7493637, 'message': 'Dec  7 03:24:14 hqnl0246134 sshd[282304]: Failed password for root from 61.177.173.18 port 52135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:24:17,830] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:24:17,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:24:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:24:17,851] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 03:24:19,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376259.7539573, 'message': 'Dec  7 03:24:18 hqnl0246134 sshd[282304]: Failed password for root from 61.177.173.18 port 52135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 03:24:20,803] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:24:20,804] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:24:20,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:24:20,830] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-07 03:24:21,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376261.7539454, 'message': 'Dec  7 03:24:21 hqnl0246134 sshd[282304]: Failed password for root from 61.177.173.18 port 52135 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:24:27,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376267.7661018, 'message': 'Dec  7 03:24:26 hqnl0246134 sshd[282318]: Invalid user ash from 185.236.228.138 port 57362', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:24:27,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376267.766295, 'message': 'Dec  7 03:24:26 hqnl0246134 sshd[282318]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:24:27,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376267.7664351, 'message': 'Dec  7 03:24:26 hqnl0246134 sshd[282318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:24:29,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376269.7688391, 'message': 'Dec  7 03:24:29 hqnl0246134 sshd[282318]: Failed password for invalid user ash from 185.236.228.138 port 57362 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 03:24:29,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376269.7690365, 'message': 'Dec  7 03:24:29 hqnl0246134 sshd[282318]: Disconnected from invalid user ash 185.236.228.138 port 57362 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:24:41,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376281.7811847, 'message': 'Dec  7 03:24:39 hqnl0246134 sshd[282323]: Invalid user ankit from 43.153.35.119 port 58340', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 03:24:41,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376281.7818017, 'message': 'Dec  7 03:24:40 hqnl0246134 sshd[282323]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 03:24:41,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376281.7820556, 'message': 'Dec  7 03:24:40 hqnl0246134 sshd[282323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:24:41,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376281.7822351, 'message': 'Dec  7 03:24:41 hqnl0246134 sshd[282323]: Failed password for invalid user ankit from 43.153.35.119 port 58340 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 03:24:43,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376283.782983, 'message': 'Dec  7 03:24:42 hqnl0246134 sshd[282323]: Disconnected from invalid user ankit 43.153.35.119 port 58340 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 03:24:50,852] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:24:50,853] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:24:51,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376291.7958605, 'message': 'Dec  7 03:24:51 hqnl0246134 sshd[282334]: Invalid user sampserver from 20.163.153.130 port 43874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:24:51,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376291.7961218, 'message': 'Dec  7 03:24:51 hqnl0246134 sshd[282334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.163.153.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 03:24:51,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376291.7962701, 'message': 'Dec  7 03:24:51 hqnl0246134 sshd[282334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.153.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:24:53,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376293.7977893, 'message': 'Dec  7 03:24:53 hqnl0246134 sshd[282334]: Failed password for invalid user sampserver from 20.163.153.130 port 43874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:24:55,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376295.8009913, 'message': 'Dec  7 03:24:55 hqnl0246134 sshd[282334]: Disconnected from invalid user sampserver 20.163.153.130 port 43874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:25:01,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376301.8073604, 'message': 'Dec  7 03:25:00 hqnl0246134 sshd[282338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:25:03,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376303.8090394, 'message': 'Dec  7 03:25:02 hqnl0246134 sshd[282338]: Failed password for root from 61.177.173.18 port 11087 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 03:25:12,173] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:25:12,216] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0598 seconds
INFO    [2022-12-07 03:25:17,910] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:25:17,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:25:17,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:25:17,930] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 03:25:20,692] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:25:20,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:25:20,702] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:25:20,723] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-07 03:25:49,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376349.8605297, 'message': 'Dec  7 03:25:47 hqnl0246134 sshd[282406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0839 seconds
INFO    [2022-12-07 03:25:50,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376349.861261, 'message': 'Dec  7 03:25:49 hqnl0246134 sshd[282406]: Failed password for root from 61.177.173.18 port 21968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0721 seconds
WARNING [2022-12-07 03:25:50,857] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:25:50,858] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:25:51,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376351.861114, 'message': 'Dec  7 03:25:51 hqnl0246134 sshd[282412]: Invalid user server from 165.227.166.207 port 42678', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 03:25:51,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376351.8614924, 'message': 'Dec  7 03:25:51 hqnl0246134 sshd[282412]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:25:51,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376351.861717, 'message': 'Dec  7 03:25:51 hqnl0246134 sshd[282412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:25:53,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376353.8621309, 'message': 'Dec  7 03:25:52 hqnl0246134 sshd[282406]: Failed password for root from 61.177.173.18 port 21968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:25:53,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376353.8623743, 'message': 'Dec  7 03:25:53 hqnl0246134 sshd[282412]: Failed password for invalid user server from 165.227.166.207 port 42678 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:25:55,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376355.864254, 'message': 'Dec  7 03:25:55 hqnl0246134 sshd[282412]: Disconnected from invalid user server 165.227.166.207 port 42678 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:25:57,736] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:25:57,737] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:25:57,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:25:57,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0350 seconds
INFO    [2022-12-07 03:25:57,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376357.8656898, 'message': 'Dec  7 03:25:56 hqnl0246134 sshd[282406]: Failed password for root from 61.177.173.18 port 21968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:26:05,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376365.8907397, 'message': 'Dec  7 03:26:05 hqnl0246134 sshd[282427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 03:26:07,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376367.893467, 'message': 'Dec  7 03:26:07 hqnl0246134 sshd[282427]: Failed password for root from 61.177.173.52 port 48576 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:26:09,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.116.249', 'timestamp': 1670376369.8973758, 'message': 'Dec  7 03:26:09 hqnl0246134 sshd[282429]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.116.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:26:09,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.116.249', 'timestamp': 1670376369.8976154, 'message': 'Dec  7 03:26:09 hqnl0246134 sshd[282429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.116.249  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:26:11,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '142.93.116.249', 'timestamp': 1670376371.8981733, 'message': 'Dec  7 03:26:10 hqnl0246134 sshd[282429]: Failed password for root from 142.93.116.249 port 50368 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 03:26:11,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376371.8985322, 'message': 'Dec  7 03:26:11 hqnl0246134 sshd[282427]: Failed password for root from 61.177.173.52 port 48576 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-07 03:26:12,167] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:26:12,190] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0304 seconds
INFO    [2022-12-07 03:26:15,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376375.9019866, 'message': 'Dec  7 03:26:14 hqnl0246134 sshd[282427]: Failed password for root from 61.177.173.52 port 48576 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:26:18,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:26:18,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:26:18,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:26:18,026] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 03:26:19,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376379.905813, 'message': 'Dec  7 03:26:18 hqnl0246134 sshd[282442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:26:19,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376379.9128642, 'message': 'Dec  7 03:26:19 hqnl0246134 sshd[282442]: Failed password for root from 61.177.173.52 port 58424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 03:26:20,747] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:26:20,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:26:20,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:26:20,764] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 03:26:23,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670376383.9096074, 'message': 'Dec  7 03:26:22 hqnl0246134 sshd[282442]: Failed password for root from 61.177.173.52 port 58424 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 03:26:35,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376395.9305472, 'message': 'Dec  7 03:26:34 hqnl0246134 sshd[282454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:26:37,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376397.9331648, 'message': 'Dec  7 03:26:36 hqnl0246134 sshd[282454]: Failed password for root from 61.177.173.18 port 40767 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 03:26:50,863] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:26:50,864] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:27:02,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376421.97212, 'message': 'Dec  7 03:26:59 hqnl0246134 sshd[282490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 03:27:03,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376423.9730558, 'message': 'Dec  7 03:27:02 hqnl0246134 sshd[282490]: Failed password for root from 61.177.172.114 port 53313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 03:27:06,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.244.158.201', 'timestamp': 1670376425.9741583, 'message': 'Dec  7 03:27:05 hqnl0246134 sshd[282492]: Invalid user user33 from 143.244.158.201 port 46636', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 03:27:06,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.244.158.201', 'timestamp': 1670376425.9746025, 'message': 'Dec  7 03:27:05 hqnl0246134 sshd[282492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.244.158.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:27:06,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.244.158.201', 'timestamp': 1670376425.9748273, 'message': 'Dec  7 03:27:05 hqnl0246134 sshd[282492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.158.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:27:08,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376427.9766483, 'message': 'Dec  7 03:27:06 hqnl0246134 sshd[282490]: Failed password for root from 61.177.172.114 port 53313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 03:27:08,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.244.158.201', 'timestamp': 1670376427.976876, 'message': 'Dec  7 03:27:07 hqnl0246134 sshd[282492]: Failed password for invalid user user33 from 143.244.158.201 port 46636 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 03:27:08,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.244.158.201', 'timestamp': 1670376427.9770014, 'message': 'Dec  7 03:27:07 hqnl0246134 sshd[282492]: Disconnected from invalid user user33 143.244.158.201 port 46636 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:27:09,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376429.9801118, 'message': 'Dec  7 03:27:08 hqnl0246134 sshd[282490]: Failed password for root from 61.177.172.114 port 53313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:27:10,407] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:27:10,407] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:27:10,419] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:27:10,437] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 03:27:12,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376431.9829206, 'message': 'Dec  7 03:27:10 hqnl0246134 sshd[282512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-07 03:27:12,176] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:27:12,199] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0341 seconds
INFO    [2022-12-07 03:27:14,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376433.9858167, 'message': 'Dec  7 03:27:12 hqnl0246134 sshd[282512]: Failed password for root from 61.177.172.114 port 29709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:27:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:27:17,966] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:27:17,973] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:27:17,986] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 03:27:20,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376439.9903207, 'message': 'Dec  7 03:27:16 hqnl0246134 sshd[282512]: Failed password for root from 61.177.172.114 port 29709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 03:27:20,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376439.9907615, 'message': 'Dec  7 03:27:19 hqnl0246134 sshd[282534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 03:27:20,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376439.9905825, 'message': 'Dec  7 03:27:18 hqnl0246134 sshd[282512]: Failed password for root from 61.177.172.114 port 29709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 03:27:21,333] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:27:21,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:27:21,342] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:27:21,359] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-07 03:27:22,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376441.9927008, 'message': 'Dec  7 03:27:20 hqnl0246134 sshd[282536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 03:27:22,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376441.992915, 'message': 'Dec  7 03:27:21 hqnl0246134 sshd[282534]: Failed password for root from 61.177.173.18 port 45778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:27:24,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376443.9941242, 'message': 'Dec  7 03:27:22 hqnl0246134 sshd[282536]: Failed password for root from 61.177.172.114 port 60998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 03:27:24,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376443.9943402, 'message': 'Dec  7 03:27:23 hqnl0246134 sshd[282534]: Failed password for root from 61.177.173.18 port 45778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 03:27:28,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376448.0000834, 'message': 'Dec  7 03:27:26 hqnl0246134 sshd[282534]: Failed password for root from 61.177.173.18 port 45778 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 03:27:28,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376448.00044, 'message': 'Dec  7 03:27:27 hqnl0246134 sshd[282536]: Failed password for root from 61.177.172.114 port 60998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 03:27:30,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376450.0038595, 'message': 'Dec  7 03:27:29 hqnl0246134 sshd[282536]: Failed password for root from 61.177.172.114 port 60998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:27:32,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376452.006871, 'message': 'Dec  7 03:27:30 hqnl0246134 sshd[282542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 03:27:32,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376452.007176, 'message': 'Dec  7 03:27:31 hqnl0246134 sshd[282544]: Invalid user tuxedo from 103.183.74.62 port 44734', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 03:27:32,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376452.0133133, 'message': 'Dec  7 03:27:31 hqnl0246134 sshd[282544]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.183.74.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:27:32,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376452.0134726, 'message': 'Dec  7 03:27:31 hqnl0246134 sshd[282544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.183.74.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 03:27:34,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376454.01037, 'message': 'Dec  7 03:27:32 hqnl0246134 sshd[282542]: Failed password for root from 61.177.172.114 port 26080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 03:27:34,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376454.0105653, 'message': 'Dec  7 03:27:33 hqnl0246134 sshd[282544]: Failed password for invalid user tuxedo from 103.183.74.62 port 44734 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 03:27:36,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376456.0137403, 'message': 'Dec  7 03:27:34 hqnl0246134 sshd[282544]: Disconnected from invalid user tuxedo 103.183.74.62 port 44734 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 03:27:36,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376456.0140834, 'message': 'Dec  7 03:27:34 hqnl0246134 sshd[282542]: Failed password for root from 61.177.172.114 port 26080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 03:27:40,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670376460.0182707, 'message': 'Dec  7 03:27:37 hqnl0246134 sshd[282542]: Failed password for root from 61.177.172.114 port 26080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:27:50,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376470.0296133, 'message': 'Dec  7 03:27:49 hqnl0246134 sshd[282556]: Invalid user nova from 20.163.153.130 port 43026', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 03:27:50,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376470.030034, 'message': 'Dec  7 03:27:49 hqnl0246134 sshd[282556]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.163.153.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:27:50,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376470.0302167, 'message': 'Dec  7 03:27:49 hqnl0246134 sshd[282556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.153.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 03:27:50,866] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:27:50,867] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:27:52,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376472.031683, 'message': 'Dec  7 03:27:51 hqnl0246134 sshd[282556]: Failed password for invalid user nova from 20.163.153.130 port 43026 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 03:27:54,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376474.0346959, 'message': 'Dec  7 03:27:52 hqnl0246134 sshd[282556]: Disconnected from invalid user nova 20.163.153.130 port 43026 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:27:58,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376478.0396135, 'message': 'Dec  7 03:27:56 hqnl0246134 sshd[282560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.81.32.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:27:58,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376478.0400503, 'message': 'Dec  7 03:27:56 hqnl0246134 sshd[282560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.81.32.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:28:00,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376480.0413842, 'message': 'Dec  7 03:27:58 hqnl0246134 sshd[282560]: Failed password for root from 183.81.32.198 port 32926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:28:02,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376482.0445933, 'message': 'Dec  7 03:28:00 hqnl0246134 sshd[282563]: Invalid user serveradmin from 165.227.166.207 port 53000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 03:28:02,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376482.044925, 'message': 'Dec  7 03:28:00 hqnl0246134 sshd[282563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:28:02,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376482.0450597, 'message': 'Dec  7 03:28:00 hqnl0246134 sshd[282563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:28:04,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376484.0465987, 'message': 'Dec  7 03:28:02 hqnl0246134 sshd[282563]: Failed password for invalid user serveradmin from 165.227.166.207 port 53000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:28:04,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376484.0468895, 'message': 'Dec  7 03:28:03 hqnl0246134 sshd[282563]: Disconnected from invalid user serveradmin 165.227.166.207 port 53000 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0159 seconds
INFO    [2022-12-07 03:28:06,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.87.22.100', 'timestamp': 1670376486.0485735, 'message': 'Dec  7 03:28:05 hqnl0246134 sshd[282572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.87.22.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:28:06,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.87.22.100', 'timestamp': 1670376486.0488348, 'message': 'Dec  7 03:28:06 hqnl0246134 sshd[282572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.87.22.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 03:28:08,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376488.0501213, 'message': 'Dec  7 03:28:06 hqnl0246134 sshd[282574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 03:28:08,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.87.22.100', 'timestamp': 1670376488.0505118, 'message': 'Dec  7 03:28:07 hqnl0246134 sshd[282572]: Failed password for root from 172.87.22.100 port 37992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 03:28:08,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376488.0503654, 'message': 'Dec  7 03:28:07 hqnl0246134 sshd[282574]: Failed password for root from 61.177.173.18 port 16530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:28:12,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376492.0563993, 'message': 'Dec  7 03:28:10 hqnl0246134 sshd[282574]: Failed password for root from 61.177.173.18 port 16530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-07 03:28:12,178] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:28:12,205] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-07 03:28:12,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:28:12,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:28:12,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:28:12,617] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:28:14,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376494.059326, 'message': 'Dec  7 03:28:12 hqnl0246134 sshd[282574]: Failed password for root from 61.177.173.18 port 16530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 03:28:17,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:28:17,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:28:17,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:28:17,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 03:28:21,555] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:28:21,555] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:28:21,564] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:28:21,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 03:28:22,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670376502.068565, 'message': 'Dec  7 03:28:20 hqnl0246134 sshd[282599]: Invalid user billy from 128.199.87.28 port 43926', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 03:28:22,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.87.28', 'timestamp': 1670376502.0687933, 'message': 'Dec  7 03:28:20 hqnl0246134 sshd[282599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.87.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 03:28:22,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.87.28', 'timestamp': 1670376502.0689797, 'message': 'Dec  7 03:28:20 hqnl0246134 sshd[282599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.87.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 03:28:24,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670376504.0702026, 'message': 'Dec  7 03:28:22 hqnl0246134 sshd[282599]: Failed password for invalid user billy from 128.199.87.28 port 43926 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 03:28:26,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670376506.0731106, 'message': 'Dec  7 03:28:24 hqnl0246134 sshd[282599]: Disconnected from invalid user billy 128.199.87.28 port 43926 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:28:30,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376510.0780764, 'message': 'Dec  7 03:28:29 hqnl0246134 sshd[282604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.236.228.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:28:30,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376510.0782738, 'message': 'Dec  7 03:28:29 hqnl0246134 sshd[282604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.228.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:28:32,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.236.228.138', 'timestamp': 1670376512.0808687, 'message': 'Dec  7 03:28:31 hqnl0246134 sshd[282604]: Failed password for root from 185.236.228.138 port 44974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 03:28:50,871] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:28:50,872] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:28:52,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376532.1143057, 'message': 'Dec  7 03:28:51 hqnl0246134 sshd[282619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 03:28:54,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376534.1144497, 'message': 'Dec  7 03:28:52 hqnl0246134 sshd[282619]: Failed password for root from 61.177.173.18 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 03:28:56,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670376536.1164784, 'message': 'Dec  7 03:28:54 hqnl0246134 sshd[282622]: Invalid user xmail from 188.134.83.209 port 35684', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 03:28:56,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376536.1168911, 'message': 'Dec  7 03:28:55 hqnl0246134 sshd[282619]: Failed password for root from 61.177.173.18 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 03:28:56,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.134.83.209', 'timestamp': 1670376536.116686, 'message': 'Dec  7 03:28:54 hqnl0246134 sshd[282622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.134.83.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 03:28:58,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670376538.1188452, 'message': 'Dec  7 03:28:56 hqnl0246134 sshd[282622]: Failed password for invalid user xmail from 188.134.83.209 port 35684 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:28:58,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670376538.1190932, 'message': 'Dec  7 03:28:57 hqnl0246134 sshd[282622]: Disconnected from invalid user xmail 188.134.83.209 port 35684 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 03:29:00,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376540.122338, 'message': 'Dec  7 03:28:59 hqnl0246134 sshd[282619]: Failed password for root from 61.177.173.18 port 24195 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:29:04,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376544.126402, 'message': 'Dec  7 03:29:03 hqnl0246134 sshd[282624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:29:04,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376544.1267364, 'message': 'Dec  7 03:29:03 hqnl0246134 sshd[282624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 03:29:06,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376546.1300247, 'message': 'Dec  7 03:29:04 hqnl0246134 sshd[282624]: Failed password for root from 61.177.173.53 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 03:29:06,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376546.1303787, 'message': 'Dec  7 03:29:05 hqnl0246134 sshd[282624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:29:08,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376548.1321094, 'message': 'Dec  7 03:29:07 hqnl0246134 sshd[282624]: Failed password for root from 61.177.173.53 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:29:08,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376548.1324, 'message': 'Dec  7 03:29:07 hqnl0246134 sshd[282624]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:29:10,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376550.1334894, 'message': 'Dec  7 03:29:09 hqnl0246134 sshd[282624]: Failed password for root from 61.177.173.53 port 40654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 03:29:12,208] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:29:12,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376552.139337, 'message': 'Dec  7 03:29:11 hqnl0246134 sshd[282634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0999 seconds
INFO    [2022-12-07 03:29:12,247] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0560 seconds
INFO    [2022-12-07 03:29:12,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376552.1397426, 'message': 'Dec  7 03:29:11 hqnl0246134 sshd[282634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:29:14,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376554.1401412, 'message': 'Dec  7 03:29:14 hqnl0246134 sshd[282634]: Failed password for root from 61.177.173.53 port 47333 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 03:29:16,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376556.141911, 'message': 'Dec  7 03:29:14 hqnl0246134 sshd[282634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 03:29:16,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376556.1420887, 'message': 'Dec  7 03:29:16 hqnl0246134 sshd[282634]: Failed password for root from 61.177.173.53 port 47333 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:29:17,942] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:29:17,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:29:17,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:29:17,962] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 03:29:18,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376558.1445777, 'message': 'Dec  7 03:29:16 hqnl0246134 sshd[282634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:29:20,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670376560.1472917, 'message': 'Dec  7 03:29:18 hqnl0246134 sshd[282634]: Failed password for root from 61.177.173.53 port 47333 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:29:20,829] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:29:20,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:29:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:29:20,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 03:29:23,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:29:23,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:29:23,641] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:29:23,653] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 03:29:30,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376570.1670902, 'message': 'Dec  7 03:29:29 hqnl0246134 sshd[282662]: Invalid user guest1 from 20.163.153.130 port 59716', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:29:30,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376570.1672857, 'message': 'Dec  7 03:29:29 hqnl0246134 sshd[282662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.163.153.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 03:29:30,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376570.1674068, 'message': 'Dec  7 03:29:29 hqnl0246134 sshd[282662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.153.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:29:32,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376572.1749694, 'message': 'Dec  7 03:29:30 hqnl0246134 sshd[282662]: Failed password for invalid user guest1 from 20.163.153.130 port 59716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:29:34,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376574.1773098, 'message': 'Dec  7 03:29:32 hqnl0246134 sshd[282662]: Disconnected from invalid user guest1 20.163.153.130 port 59716 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:29:34,636] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:29:34,705] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:29:34,705] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:29:34,706] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:29:34,706] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:29:34,706] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:29:34,716] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:29:34,737] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0302 seconds
WARNING [2022-12-07 03:29:34,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:29:34,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:29:34,767] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0373 seconds
INFO    [2022-12-07 03:29:34,768] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0350 seconds
INFO    [2022-12-07 03:29:38,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376578.181686, 'message': 'Dec  7 03:29:37 hqnl0246134 sshd[282664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:29:40,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376580.190929, 'message': 'Dec  7 03:29:39 hqnl0246134 sshd[282664]: Failed password for root from 61.177.173.18 port 33856 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 03:29:48,010] defence360agent.files: Updating all files
INFO    [2022-12-07 03:29:48,289] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:48,289] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 03:29:48,581] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:48,581] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 03:29:48,905] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:48,906] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 03:29:49,191] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:49,191] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 03:29:49,191] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 03:29:49,506] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 01:29:49 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E5EA8789FE828'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 03:29:49,508] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 03:29:49,509] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 03:29:50,046] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:50,047] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 03:29:50,308] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:50,308] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 03:29:50,569] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:50,569] defence360agent.files: eula files update finished (not updated)
WARNING [2022-12-07 03:29:50,875] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:29:50,876] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:29:50,921] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:50,922] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 03:29:51,361] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 03:29:51,362] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 03:30:10,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376610.2314227, 'message': 'Dec  7 03:30:08 hqnl0246134 sshd[282702]: Invalid user steam from 165.227.166.207 port 35020', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:30:10,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376610.2321436, 'message': 'Dec  7 03:30:08 hqnl0246134 sshd[282702]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:30:10,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376610.2323065, 'message': 'Dec  7 03:30:08 hqnl0246134 sshd[282702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-07 03:30:12,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:30:12,225] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:30:12,226] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:30:12,227] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 03:30:12,248] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0510 seconds
INFO    [2022-12-07 03:30:12,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376612.2305555, 'message': 'Dec  7 03:30:10 hqnl0246134 sshd[282702]: Failed password for invalid user steam from 165.227.166.207 port 35020 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 03:30:12,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376612.2311616, 'message': 'Dec  7 03:30:10 hqnl0246134 sshd[282702]: Disconnected from invalid user steam 165.227.166.207 port 35020 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:30:17,849] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:30:17,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:30:17,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:30:17,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-07 03:30:20,432] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:30:20,433] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:30:20,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:30:20,451] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 03:30:26,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376626.2532902, 'message': 'Dec  7 03:30:26 hqnl0246134 sshd[282729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 03:30:30,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376630.261365, 'message': 'Dec  7 03:30:28 hqnl0246134 sshd[282729]: Failed password for root from 61.177.173.18 port 61091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:30:32,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376632.266098, 'message': 'Dec  7 03:30:32 hqnl0246134 sshd[282729]: Failed password for root from 61.177.173.18 port 61091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:30:38,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376638.2848043, 'message': 'Dec  7 03:30:34 hqnl0246134 sshd[282729]: Failed password for root from 61.177.173.18 port 61091 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 03:30:39,630] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:30:39,631] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:30:39,637] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:30:39,650] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-07 03:30:50,879] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:30:50,880] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:31:10,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376670.3599837, 'message': 'Dec  7 03:31:08 hqnl0246134 sshd[282759]: Invalid user user2 from 20.163.153.130 port 50098', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 03:31:10,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376670.360686, 'message': 'Dec  7 03:31:08 hqnl0246134 sshd[282759]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.163.153.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:31:10,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376670.3609195, 'message': 'Dec  7 03:31:08 hqnl0246134 sshd[282759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.153.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-07 03:31:12,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:31:12,269] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0678 seconds
INFO    [2022-12-07 03:31:12,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376672.3604157, 'message': 'Dec  7 03:31:11 hqnl0246134 sshd[282759]: Failed password for invalid user user2 from 20.163.153.130 port 50098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:31:12,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376672.3611724, 'message': 'Dec  7 03:31:11 hqnl0246134 sshd[282762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:31:12,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.163.153.130', 'timestamp': 1670376672.361286, 'message': 'Dec  7 03:31:11 hqnl0246134 sshd[282759]: Disconnected from invalid user user2 20.163.153.130 port 50098 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:31:14,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376674.3652236, 'message': 'Dec  7 03:31:13 hqnl0246134 sshd[282762]: Failed password for root from 61.177.173.18 port 60958 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 03:31:18,130] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:31:18,130] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:31:18,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:31:18,149] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 03:31:18,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376678.3680089, 'message': 'Dec  7 03:31:17 hqnl0246134 sshd[282762]: Failed password for root from 61.177.173.18 port 60958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:31:20,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376680.3754025, 'message': 'Dec  7 03:31:19 hqnl0246134 sshd[282762]: Failed password for root from 61.177.173.18 port 60958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:31:23,055] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:31:23,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:31:23,064] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:31:23,076] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 03:31:42,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.162.216.76', 'timestamp': 1670376702.4037132, 'message': 'Dec  7 03:31:40 hqnl0246134 sshd[282807]: Invalid user jose from 45.162.216.76 port 59604', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:31:42,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.162.216.76', 'timestamp': 1670376702.4039202, 'message': 'Dec  7 03:31:41 hqnl0246134 sshd[282807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.162.216.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:31:42,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.162.216.76', 'timestamp': 1670376702.4040983, 'message': 'Dec  7 03:31:41 hqnl0246134 sshd[282807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.162.216.76 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:31:44,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.162.216.76', 'timestamp': 1670376704.4081573, 'message': 'Dec  7 03:31:43 hqnl0246134 sshd[282807]: Failed password for invalid user jose from 45.162.216.76 port 59604 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 03:31:46,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.162.216.76', 'timestamp': 1670376706.4101257, 'message': 'Dec  7 03:31:44 hqnl0246134 sshd[282807]: Disconnected from invalid user jose 45.162.216.76 port 59604 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:31:47,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:31:47,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:31:47,410] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:31:47,422] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
WARNING [2022-12-07 03:31:50,883] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:31:50,884] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:31:54,158] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 03:31:54,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376714.417639, 'message': 'Dec  7 03:31:53 hqnl0246134 sshd[282822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:31:54,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376714.4178798, 'message': 'Dec  7 03:31:53 hqnl0246134 sshd[282822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:31:56,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376716.4178178, 'message': 'Dec  7 03:31:55 hqnl0246134 sshd[282822]: Failed password for root from 61.177.173.47 port 16362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 03:31:56,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376716.4180899, 'message': 'Dec  7 03:31:55 hqnl0246134 sshd[282822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:31:58,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376718.4201434, 'message': 'Dec  7 03:31:57 hqnl0246134 sshd[282822]: Failed password for root from 61.177.173.47 port 16362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 03:32:00,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376720.4230924, 'message': 'Dec  7 03:31:59 hqnl0246134 sshd[282824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-07 03:32:00,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376720.423427, 'message': 'Dec  7 03:31:59 hqnl0246134 sshd[282822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 03:32:02,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376722.42638, 'message': 'Dec  7 03:32:01 hqnl0246134 sshd[282824]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 03:32:02,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376722.426597, 'message': 'Dec  7 03:32:01 hqnl0246134 sshd[282822]: Failed password for root from 61.177.173.47 port 16362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 03:32:04,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376724.429384, 'message': 'Dec  7 03:32:03 hqnl0246134 sshd[282834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-07 03:32:04,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376724.4301634, 'message': 'Dec  7 03:32:03 hqnl0246134 sshd[282824]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 03:32:04,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376724.4299335, 'message': 'Dec  7 03:32:03 hqnl0246134 sshd[282834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 03:32:06,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376726.429865, 'message': 'Dec  7 03:32:06 hqnl0246134 sshd[282834]: Failed password for root from 61.177.173.47 port 48323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 03:32:08,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376728.4342718, 'message': 'Dec  7 03:32:06 hqnl0246134 sshd[282824]: Failed password for root from 61.177.173.18 port 22694 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 03:32:08,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376728.4346833, 'message': 'Dec  7 03:32:07 hqnl0246134 sshd[282834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 03:32:10,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376730.4338298, 'message': 'Dec  7 03:32:10 hqnl0246134 sshd[282834]: Failed password for root from 61.177.173.47 port 48323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 03:32:12,211] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:32:12,239] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-07 03:32:12,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376732.4360638, 'message': 'Dec  7 03:32:12 hqnl0246134 sshd[282834]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:32:14,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376734.4385357, 'message': 'Dec  7 03:32:14 hqnl0246134 sshd[282834]: Failed password for root from 61.177.173.47 port 48323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:32:16,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376736.4405167, 'message': 'Dec  7 03:32:16 hqnl0246134 sshd[282855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1721 seconds
INFO    [2022-12-07 03:32:16,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376736.4408002, 'message': 'Dec  7 03:32:16 hqnl0246134 sshd[282855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.2354 seconds
INFO    [2022-12-07 03:32:18,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376738.441959, 'message': 'Dec  7 03:32:17 hqnl0246134 sshd[282855]: Failed password for root from 61.177.173.47 port 45461 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2620 seconds
INFO    [2022-12-07 03:32:19,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376738.4422033, 'message': 'Dec  7 03:32:18 hqnl0246134 sshd[282855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.3139 seconds
INFO    [2022-12-07 03:32:20,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376740.4451149, 'message': 'Dec  7 03:32:20 hqnl0246134 sshd[282903]: Invalid user sto from 165.227.166.207 port 45314', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.3059 seconds
INFO    [2022-12-07 03:32:21,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376740.4455032, 'message': 'Dec  7 03:32:20 hqnl0246134 sshd[282903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.3882 seconds
INFO    [2022-12-07 03:32:21,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376740.4457273, 'message': 'Dec  7 03:32:20 hqnl0246134 sshd[282903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.2856 seconds
INFO    [2022-12-07 03:32:22,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376742.4458268, 'message': 'Dec  7 03:32:20 hqnl0246134 sshd[282855]: Failed password for root from 61.177.173.47 port 45461 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.2349 seconds
INFO    [2022-12-07 03:32:23,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376742.446063, 'message': 'Dec  7 03:32:20 hqnl0246134 sshd[282855]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.4291 seconds
INFO    [2022-12-07 03:32:25,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376744.4489322, 'message': 'Dec  7 03:32:22 hqnl0246134 sshd[282903]: Failed password for invalid user sto from 165.227.166.207 port 45314 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.7248 seconds
INFO    [2022-12-07 03:32:25,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670376744.4493258, 'message': 'Dec  7 03:32:23 hqnl0246134 sshd[282855]: Failed password for root from 61.177.173.47 port 45461 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.7252 seconds
INFO    [2022-12-07 03:32:25,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376744.4495463, 'message': 'Dec  7 03:32:23 hqnl0246134 sshd[282903]: Disconnected from invalid user sto 165.227.166.207 port 45314 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.7254 seconds
INFO    [2022-12-07 03:32:35,595] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:32:35,596] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:32:35,610] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:32:35,633] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0362 seconds
INFO    [2022-12-07 03:32:38,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:32:38,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:32:38,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:32:38,490] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 03:32:46,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376766.4699645, 'message': 'Dec  7 03:32:45 hqnl0246134 sshd[282958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:32:48,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376768.4719293, 'message': 'Dec  7 03:32:47 hqnl0246134 sshd[282958]: Failed password for root from 61.177.173.18 port 25183 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 03:32:50,887] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:32:50,888] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:33:12,216] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:33:12,247] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0387 seconds
INFO    [2022-12-07 03:33:16,818] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:33:16,887] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:33:16,888] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:33:16,888] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:33:16,889] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:33:16,890] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:33:16,928] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:33:16,959] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0678 seconds
WARNING [2022-12-07 03:33:16,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:33:16,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:33:17,004] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0551 seconds
INFO    [2022-12-07 03:33:17,006] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0514 seconds
INFO    [2022-12-07 03:33:18,091] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:33:18,091] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:33:18,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:33:18,112] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 03:33:20,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:33:20,750] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:33:20,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:33:20,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 03:33:34,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376814.5299866, 'message': 'Dec  7 03:33:32 hqnl0246134 sshd[282993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 03:33:36,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376816.5281768, 'message': 'Dec  7 03:33:34 hqnl0246134 sshd[282993]: Failed password for root from 61.177.173.18 port 45390 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:33:44,139] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:33:44,139] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:33:44,147] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:33:44,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 03:33:46,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.121.218', 'timestamp': 1670376826.543074, 'message': 'Dec  7 03:33:45 hqnl0246134 sshd[283012]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.121.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:33:46,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.121.218', 'timestamp': 1670376826.5433128, 'message': 'Dec  7 03:33:45 hqnl0246134 sshd[283012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.121.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:33:47,077] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:33:47,077] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:33:47,078] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 03:33:48,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.121.218', 'timestamp': 1670376828.5460618, 'message': 'Dec  7 03:33:47 hqnl0246134 sshd[283012]: Failed password for root from 165.22.121.218 port 38704 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 03:33:50,892] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:33:50,892] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:33:56,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.102.140.51', 'timestamp': 1670376836.5553443, 'message': 'Dec  7 03:33:55 hqnl0246134 sshd[283014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.102.140.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:33:56,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.102.140.51', 'timestamp': 1670376836.5555813, 'message': 'Dec  7 03:33:55 hqnl0246134 sshd[283014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.102.140.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:33:58,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.102.140.51', 'timestamp': 1670376838.5584157, 'message': 'Dec  7 03:33:57 hqnl0246134 sshd[283014]: Failed password for root from 177.102.140.51 port 58170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:34:02,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670376842.5638428, 'message': 'Dec  7 03:34:01 hqnl0246134 sshd[283017]: Invalid user arif from 82.196.5.251 port 52319', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 03:34:02,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.196.5.251', 'timestamp': 1670376842.564064, 'message': 'Dec  7 03:34:01 hqnl0246134 sshd[283017]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.196.5.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:34:02,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.196.5.251', 'timestamp': 1670376842.5642831, 'message': 'Dec  7 03:34:01 hqnl0246134 sshd[283017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.5.251 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:34:04,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670376844.5659962, 'message': 'Dec  7 03:34:03 hqnl0246134 sshd[283017]: Failed password for invalid user arif from 82.196.5.251 port 52319 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:34:06,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670376846.5678024, 'message': 'Dec  7 03:34:04 hqnl0246134 sshd[283017]: Disconnected from invalid user arif 82.196.5.251 port 52319 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
WARNING [2022-12-07 03:34:12,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:34:12,387] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.1744 seconds
INFO    [2022-12-07 03:34:17,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:34:17,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:34:17,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:34:17,954] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0411 seconds
INFO    [2022-12-07 03:34:20,550] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:34:20,550] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:34:20,560] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:34:20,572] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 03:34:20,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376860.5777602, 'message': 'Dec  7 03:34:19 hqnl0246134 sshd[283046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:34:22,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376862.5802221, 'message': 'Dec  7 03:34:21 hqnl0246134 sshd[283046]: Failed password for root from 61.177.173.18 port 63779 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 03:34:30,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376870.6009212, 'message': 'Dec  7 03:34:29 hqnl0246134 sshd[283052]: Invalid user support from 165.227.166.207 port 55590', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 03:34:30,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376870.6013963, 'message': 'Dec  7 03:34:29 hqnl0246134 sshd[283052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:34:30,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376870.601721, 'message': 'Dec  7 03:34:29 hqnl0246134 sshd[283052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:34:32,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376872.6023462, 'message': 'Dec  7 03:34:31 hqnl0246134 sshd[283052]: Failed password for invalid user support from 165.227.166.207 port 55590 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 03:34:32,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670376872.6027033, 'message': 'Dec  7 03:34:31 hqnl0246134 sshd[283052]: Disconnected from invalid user support 165.227.166.207 port 55590 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 03:34:38,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670376878.6075666, 'message': 'Dec  7 03:34:36 hqnl0246134 sshd[283056]: Invalid user sinusbot from 176.31.46.230 port 37460', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 03:34:38,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '176.31.46.230', 'timestamp': 1670376878.6078007, 'message': 'Dec  7 03:34:37 hqnl0246134 sshd[283056]: pam_imunify(sshd:auth): [IM360_RBL] The IP 176.31.46.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:34:38,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '176.31.46.230', 'timestamp': 1670376878.6089635, 'message': 'Dec  7 03:34:37 hqnl0246134 sshd[283056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.46.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:34:40,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670376880.6100078, 'message': 'Dec  7 03:34:39 hqnl0246134 sshd[283056]: Failed password for invalid user sinusbot from 176.31.46.230 port 37460 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:34:40,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670376880.6102202, 'message': 'Dec  7 03:34:39 hqnl0246134 sshd[283056]: Disconnected from invalid user sinusbot 176.31.46.230 port 37460 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 03:34:50,895] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:34:50,896] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:35:06,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376906.647991, 'message': 'Dec  7 03:35:05 hqnl0246134 sshd[283096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 03:35:06,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376906.6488159, 'message': 'Dec  7 03:35:06 hqnl0246134 sshd[283096]: Failed password for root from 61.177.173.18 port 15993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:35:08,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376908.6490722, 'message': 'Dec  7 03:35:08 hqnl0246134 sshd[283102]: Invalid user tim from 43.153.35.119 port 54890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:35:10,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376910.6551692, 'message': 'Dec  7 03:35:08 hqnl0246134 sshd[283102]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-07 03:35:10,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376910.655776, 'message': 'Dec  7 03:35:09 hqnl0246134 sshd[283096]: Failed password for root from 61.177.173.18 port 15993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-07 03:35:10,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376910.6555219, 'message': 'Dec  7 03:35:08 hqnl0246134 sshd[283102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
WARNING [2022-12-07 03:35:12,225] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:35:12,250] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 03:35:12,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376912.6571367, 'message': 'Dec  7 03:35:10 hqnl0246134 sshd[283102]: Failed password for invalid user tim from 43.153.35.119 port 54890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 03:35:12,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376912.6574874, 'message': 'Dec  7 03:35:12 hqnl0246134 sshd[283096]: Failed password for root from 61.177.173.18 port 15993 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 03:35:12,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670376912.657338, 'message': 'Dec  7 03:35:12 hqnl0246134 sshd[283102]: Disconnected from invalid user tim 43.153.35.119 port 54890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 03:35:14,651] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:35:14,652] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:35:14,662] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:35:14,677] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-07 03:35:18,003] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:35:18,004] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:35:18,011] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:35:18,027] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 03:35:20,725] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:35:20,725] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:35:20,736] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:35:20,749] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 03:35:32,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670376932.6875145, 'message': 'Dec  7 03:35:31 hqnl0246134 sshd[283136]: Invalid user jose from 201.124.133.194 port 34848', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 03:35:32,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.124.133.194', 'timestamp': 1670376932.6881578, 'message': 'Dec  7 03:35:31 hqnl0246134 sshd[283136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.124.133.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 03:35:32,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.124.133.194', 'timestamp': 1670376932.6885478, 'message': 'Dec  7 03:35:31 hqnl0246134 sshd[283136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.124.133.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:35:34,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670376934.6897857, 'message': 'Dec  7 03:35:33 hqnl0246134 sshd[283136]: Failed password for invalid user jose from 201.124.133.194 port 34848 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:35:36,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670376936.693373, 'message': 'Dec  7 03:35:35 hqnl0246134 sshd[283136]: Disconnected from invalid user jose 201.124.133.194 port 34848 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 03:35:50,900] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:35:50,902] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:35:54,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376954.7358108, 'message': 'Dec  7 03:35:53 hqnl0246134 sshd[283148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:35:56,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670376956.7379563, 'message': 'Dec  7 03:35:55 hqnl0246134 sshd[283148]: Failed password for root from 61.177.173.18 port 39364 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:36:02,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376962.751491, 'message': 'Dec  7 03:36:02 hqnl0246134 sshd[283153]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.81.32.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:36:02,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376962.7517319, 'message': 'Dec  7 03:36:02 hqnl0246134 sshd[283153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.81.32.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:36:04,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '183.81.32.198', 'timestamp': 1670376964.7540677, 'message': 'Dec  7 03:36:04 hqnl0246134 sshd[283153]: Failed password for root from 183.81.32.198 port 48092 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:36:06,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670376966.7599516, 'message': 'Dec  7 03:36:06 hqnl0246134 sshd[283162]: Invalid user arif from 213.27.189.252 port 51400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:36:08,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '213.27.189.252', 'timestamp': 1670376968.7618303, 'message': 'Dec  7 03:36:06 hqnl0246134 sshd[283162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 213.27.189.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 03:36:08,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '213.27.189.252', 'timestamp': 1670376968.7620904, 'message': 'Dec  7 03:36:06 hqnl0246134 sshd[283162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.27.189.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:36:08,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670376968.7622144, 'message': 'Dec  7 03:36:08 hqnl0246134 sshd[283162]: Failed password for invalid user arif from 213.27.189.252 port 51400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:36:10,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670376970.7675312, 'message': 'Dec  7 03:36:10 hqnl0246134 sshd[283162]: Disconnected from invalid user arif 213.27.189.252 port 51400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 03:36:12,232] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:36:12,256] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-07 03:36:14,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376974.7780285, 'message': 'Dec  7 03:36:14 hqnl0246134 sshd[283166]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.183.74.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 03:36:14,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376974.7785072, 'message': 'Dec  7 03:36:14 hqnl0246134 sshd[283166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.183.74.62  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:36:17,917] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:36:17,918] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:36:17,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:36:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 03:36:18,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.183.74.62', 'timestamp': 1670376978.7810986, 'message': 'Dec  7 03:36:16 hqnl0246134 sshd[283166]: Failed password for root from 103.183.74.62 port 40168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 03:36:20,671] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:36:20,672] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:36:20,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:36:20,690] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 03:36:21,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:36:21,481] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:36:21,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:36:21,509] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0276 seconds
INFO    [2022-12-07 03:36:40,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377000.8299587, 'message': 'Dec  7 03:36:39 hqnl0246134 sshd[283199]: Invalid user support from 165.227.166.207 port 37656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:36:40,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377000.8303924, 'message': 'Dec  7 03:36:39 hqnl0246134 sshd[283196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 03:36:40,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377000.8305292, 'message': 'Dec  7 03:36:39 hqnl0246134 sshd[283199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:36:40,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377000.8306766, 'message': 'Dec  7 03:36:39 hqnl0246134 sshd[283199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:36:42,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377002.8320918, 'message': 'Dec  7 03:36:42 hqnl0246134 sshd[283196]: Failed password for root from 61.177.173.18 port 50043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-07 03:36:42,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377002.8324285, 'message': 'Dec  7 03:36:42 hqnl0246134 sshd[283199]: Failed password for invalid user support from 165.227.166.207 port 37656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-07 03:36:44,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377004.8353474, 'message': 'Dec  7 03:36:43 hqnl0246134 sshd[283199]: Disconnected from invalid user support 165.227.166.207 port 37656 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 03:36:46,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377006.8372831, 'message': 'Dec  7 03:36:45 hqnl0246134 sshd[283196]: Failed password for root from 61.177.173.18 port 50043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 03:36:50,904] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:36:50,905] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:36:52,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377012.8468027, 'message': 'Dec  7 03:36:50 hqnl0246134 sshd[283196]: Failed password for root from 61.177.173.18 port 50043 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:36:56,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377016.859491, 'message': 'Dec  7 03:36:56 hqnl0246134 sshd[283211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:36:56,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377016.8596978, 'message': 'Dec  7 03:36:56 hqnl0246134 sshd[283211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 03:36:58,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377018.8601928, 'message': 'Dec  7 03:36:58 hqnl0246134 sshd[283211]: Failed password for root from 61.177.173.46 port 31800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:37:00,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377020.8644881, 'message': 'Dec  7 03:37:00 hqnl0246134 sshd[283211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 03:37:02,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377022.8690283, 'message': 'Dec  7 03:37:02 hqnl0246134 sshd[283211]: Failed password for root from 61.177.173.46 port 31800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 03:37:04,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377024.876923, 'message': 'Dec  7 03:37:03 hqnl0246134 sshd[283223]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.116.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 03:37:04,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377024.8781555, 'message': 'Dec  7 03:37:04 hqnl0246134 sshd[283211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 03:37:04,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377024.8779225, 'message': 'Dec  7 03:37:03 hqnl0246134 sshd[283223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.116.249  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 03:37:06,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377026.8798428, 'message': 'Dec  7 03:37:06 hqnl0246134 sshd[283223]: Failed password for root from 142.93.116.249 port 36444 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 03:37:06,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377026.8801131, 'message': 'Dec  7 03:37:06 hqnl0246134 sshd[283211]: Failed password for root from 61.177.173.46 port 31800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 03:37:08,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377028.8827484, 'message': 'Dec  7 03:37:07 hqnl0246134 sshd[283235]: Invalid user hl from 37.187.180.160 port 36288', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 03:37:08,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377028.8832848, 'message': 'Dec  7 03:37:08 hqnl0246134 sshd[283233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 03:37:08,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377028.8830378, 'message': 'Dec  7 03:37:07 hqnl0246134 sshd[283235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.187.180.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 03:37:08,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377028.8834217, 'message': 'Dec  7 03:37:08 hqnl0246134 sshd[283233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 03:37:08,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377028.8831787, 'message': 'Dec  7 03:37:07 hqnl0246134 sshd[283235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.180.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:37:10,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377030.8828528, 'message': 'Dec  7 03:37:09 hqnl0246134 sshd[283235]: Failed password for invalid user hl from 37.187.180.160 port 36288 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:37:10,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377030.8832397, 'message': 'Dec  7 03:37:10 hqnl0246134 sshd[283233]: Failed password for root from 61.177.173.46 port 23350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 03:37:10,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377030.8830798, 'message': 'Dec  7 03:37:09 hqnl0246134 sshd[283235]: Disconnected from invalid user hl 37.187.180.160 port 36288 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:37:10,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377030.8834083, 'message': 'Dec  7 03:37:10 hqnl0246134 sshd[283233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
WARNING [2022-12-07 03:37:12,237] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:37:12,285] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0601 seconds
INFO    [2022-12-07 03:37:12,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377032.8832233, 'message': 'Dec  7 03:37:12 hqnl0246134 sshd[283233]: Failed password for root from 61.177.173.46 port 23350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:37:14,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377034.8856566, 'message': 'Dec  7 03:37:12 hqnl0246134 sshd[283233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 03:37:16,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670377036.8859634, 'message': 'Dec  7 03:37:15 hqnl0246134 sshd[283233]: Failed password for root from 61.177.173.46 port 23350 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:37:17,971] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:37:17,972] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:37:17,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:37:17,990] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 03:37:20,466] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:37:20,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:37:20,475] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:37:20,488] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 03:37:24,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377044.8981037, 'message': 'Dec  7 03:37:24 hqnl0246134 sshd[283258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.54.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:37:24,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377044.8984668, 'message': 'Dec  7 03:37:24 hqnl0246134 sshd[283258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.54.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:37:26,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377046.8993802, 'message': 'Dec  7 03:37:25 hqnl0246134 sshd[283261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0579 seconds
INFO    [2022-12-07 03:37:26,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377046.8996778, 'message': 'Dec  7 03:37:26 hqnl0246134 sshd[283258]: Failed password for root from 167.71.54.30 port 50816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-07 03:37:28,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377048.903276, 'message': 'Dec  7 03:37:27 hqnl0246134 sshd[283261]: Failed password for root from 61.177.173.18 port 55558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:37:32,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377052.9107232, 'message': 'Dec  7 03:37:31 hqnl0246134 sshd[283261]: Failed password for root from 61.177.173.18 port 55558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:37:36,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377056.9163833, 'message': 'Dec  7 03:37:34 hqnl0246134 sshd[283261]: Failed password for root from 61.177.173.18 port 55558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 03:37:50,907] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:37:50,908] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:37:54,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377074.9385061, 'message': 'Dec  7 03:37:53 hqnl0246134 sshd[283276]: Invalid user polaris from 43.153.35.119 port 40468', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 03:37:54,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377074.939306, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283280]: Invalid user sir from 172.87.22.100 port 49682', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 03:37:55,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377074.939021, 'message': 'Dec  7 03:37:53 hqnl0246134 sshd[283276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 03:37:55,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377074.939456, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283280]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.87.22.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 03:37:55,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377074.9396966, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 174.138.29.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 03:37:55,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377074.9391692, 'message': 'Dec  7 03:37:53 hqnl0246134 sshd[283276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 03:37:55,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377074.9395792, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.87.22.100 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 03:37:55,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377074.9398665, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.2  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 03:37:55,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377074.9399693, 'message': 'Dec  7 03:37:54 hqnl0246134 sshd[283276]: Failed password for invalid user polaris from 43.153.35.119 port 40468 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:37:56,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377076.9395504, 'message': 'Dec  7 03:37:56 hqnl0246134 sshd[283276]: Disconnected from invalid user polaris 43.153.35.119 port 40468 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:37:58,972] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:37:58,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:37:58,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:37:59,025] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0519 seconds
INFO    [2022-12-07 03:37:59,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377078.974634, 'message': 'Dec  7 03:37:56 hqnl0246134 sshd[283280]: Failed password for invalid user sir from 172.87.22.100 port 49682 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-07 03:37:59,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377078.974789, 'message': 'Dec  7 03:37:57 hqnl0246134 sshd[283278]: Failed password for root from 174.138.29.2 port 56722 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-07 03:38:00,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377080.9460588, 'message': 'Dec  7 03:37:59 hqnl0246134 sshd[283280]: Disconnected from invalid user sir 172.87.22.100 port 49682 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-07 03:38:12,242] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:38:12,282] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0527 seconds
INFO    [2022-12-07 03:38:17,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377096.9705086, 'message': 'Dec  7 03:38:15 hqnl0246134 sshd[283308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 03:38:17,853] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:38:17,853] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:38:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:38:17,874] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 03:38:18,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377098.9703028, 'message': 'Dec  7 03:38:17 hqnl0246134 sshd[283308]: Failed password for root from 61.177.173.18 port 34870 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:38:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:38:20,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:38:20,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:38:20,643] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
INFO    [2022-12-07 03:38:23,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377102.9789522, 'message': 'Dec  7 03:38:22 hqnl0246134 sshd[283308]: Failed password for root from 61.177.173.18 port 34870 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:38:27,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377106.9840283, 'message': 'Dec  7 03:38:26 hqnl0246134 sshd[283308]: Failed password for root from 61.177.173.18 port 34870 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:38:35,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377115.0010107, 'message': 'Dec  7 03:38:33 hqnl0246134 sshd[283345]: Invalid user user from 183.81.32.198 port 51654', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:38:35,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377115.0012822, 'message': 'Dec  7 03:38:33 hqnl0246134 sshd[283345]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.81.32.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:38:35,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377115.0014777, 'message': 'Dec  7 03:38:33 hqnl0246134 sshd[283345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.81.32.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:38:37,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377117.005465, 'message': 'Dec  7 03:38:35 hqnl0246134 sshd[283345]: Failed password for invalid user user from 183.81.32.198 port 51654 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:38:39,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377119.0129454, 'message': 'Dec  7 03:38:37 hqnl0246134 sshd[283345]: Disconnected from invalid user user 183.81.32.198 port 51654 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 03:38:41,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.162.216.76', 'timestamp': 1670377121.0138607, 'message': 'Dec  7 03:38:39 hqnl0246134 sshd[283348]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.162.216.76 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:38:41,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.162.216.76', 'timestamp': 1670377121.0141075, 'message': 'Dec  7 03:38:39 hqnl0246134 sshd[283348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.162.216.76  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 03:38:41,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.162.216.76', 'timestamp': 1670377121.0142605, 'message': 'Dec  7 03:38:41 hqnl0246134 sshd[283348]: Failed password for root from 45.162.216.76 port 57606 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 03:38:43,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377123.0716543, 'message': 'Dec  7 03:38:42 hqnl0246134 sshd[283350]: Invalid user sysadmin from 165.227.166.207 port 47932', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:38:43,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377123.0718422, 'message': 'Dec  7 03:38:42 hqnl0246134 sshd[283350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 03:38:43,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377123.0719857, 'message': 'Dec  7 03:38:42 hqnl0246134 sshd[283350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:38:45,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377125.0183532, 'message': 'Dec  7 03:38:44 hqnl0246134 sshd[283350]: Failed password for invalid user sysadmin from 165.227.166.207 port 47932 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 03:38:47,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377127.0214515, 'message': 'Dec  7 03:38:46 hqnl0246134 sshd[283350]: Disconnected from invalid user sysadmin 165.227.166.207 port 47932 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
WARNING [2022-12-07 03:38:50,912] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:38:50,912] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:39:03,080] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377143.048894, 'message': 'Dec  7 03:39:01 hqnl0246134 sshd[283365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:39:03,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377143.0491822, 'message': 'Dec  7 03:39:02 hqnl0246134 sshd[283365]: Failed password for root from 61.177.173.18 port 27659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:39:05,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377145.0509353, 'message': 'Dec  7 03:39:05 hqnl0246134 sshd[283365]: Failed password for root from 61.177.173.18 port 27659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:39:11,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377151.062007, 'message': 'Dec  7 03:39:07 hqnl0246134 sshd[283365]: Failed password for root from 61.177.173.18 port 27659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 03:39:12,243] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:39:12,266] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 03:39:12,510] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:39:12,511] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:39:12,519] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:39:12,530] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 03:39:18,068] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:39:18,069] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:39:18,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:39:18,091] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 03:39:19,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377159.0682223, 'message': 'Dec  7 03:39:17 hqnl0246134 sshd[283519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.87.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 03:39:19,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377159.0684536, 'message': 'Dec  7 03:39:17 hqnl0246134 sshd[283519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.87.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:39:20,717] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:39:20,718] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:39:20,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:39:20,735] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 03:39:21,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377161.0699646, 'message': 'Dec  7 03:39:19 hqnl0246134 sshd[283519]: Failed password for root from 128.199.87.28 port 56848 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:39:29,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377169.0875938, 'message': 'Dec  7 03:39:29 hqnl0246134 sshd[283529]: Invalid user alex from 103.183.74.62 port 37504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:39:31,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377171.0908132, 'message': 'Dec  7 03:39:29 hqnl0246134 sshd[283529]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.183.74.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:39:31,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377171.091154, 'message': 'Dec  7 03:39:29 hqnl0246134 sshd[283529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.183.74.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:39:33,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377173.0954099, 'message': 'Dec  7 03:39:31 hqnl0246134 sshd[283529]: Failed password for invalid user alex from 103.183.74.62 port 37504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 03:39:33,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377173.0958297, 'message': 'Dec  7 03:39:31 hqnl0246134 sshd[283531]: Invalid user snow from 142.93.116.249 port 49398', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:39:33,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377173.095965, 'message': 'Dec  7 03:39:31 hqnl0246134 sshd[283531]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.116.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:39:33,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377173.0960803, 'message': 'Dec  7 03:39:31 hqnl0246134 sshd[283531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.116.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 03:39:35,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377175.0998275, 'message': 'Dec  7 03:39:33 hqnl0246134 sshd[283529]: Disconnected from invalid user alex 103.183.74.62 port 37504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:39:35,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377175.100014, 'message': 'Dec  7 03:39:34 hqnl0246134 sshd[283531]: Failed password for invalid user snow from 142.93.116.249 port 49398 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 03:39:37,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377177.1054702, 'message': 'Dec  7 03:39:36 hqnl0246134 sshd[283531]: Disconnected from invalid user snow 142.93.116.249 port 49398 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:39:49,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377189.1325083, 'message': 'Dec  7 03:39:48 hqnl0246134 sshd[283543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
WARNING [2022-12-07 03:39:50,915] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:39:50,916] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:39:51,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377191.1346128, 'message': 'Dec  7 03:39:49 hqnl0246134 sshd[283543]: Failed password for root from 61.177.173.18 port 43672 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 03:39:51,265] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:39:51,332] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:39:51,333] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:39:51,333] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:39:51,333] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:39:51,333] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:39:51,345] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:39:51,366] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0323 seconds
WARNING [2022-12-07 03:39:51,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:39:51,379] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:39:51,399] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0392 seconds
INFO    [2022-12-07 03:39:51,401] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0374 seconds
WARNING [2022-12-07 03:40:12,245] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:40:12,275] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0377 seconds
INFO    [2022-12-07 03:40:18,222] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:40:18,223] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:40:18,231] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:40:18,248] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0240 seconds
INFO    [2022-12-07 03:40:20,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:40:20,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:40:20,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:40:20,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 03:40:21,460] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:40:21,461] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:40:21,462] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 03:40:31,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377231.1940277, 'message': 'Dec  7 03:40:30 hqnl0246134 sshd[283604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.35.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 03:40:31,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377231.1944292, 'message': 'Dec  7 03:40:30 hqnl0246134 sshd[283604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.35.119  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 03:40:33,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.35.119', 'timestamp': 1670377233.1940482, 'message': 'Dec  7 03:40:32 hqnl0246134 sshd[283604]: Failed password for root from 43.153.35.119 port 51438 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 03:40:35,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377235.1969485, 'message': 'Dec  7 03:40:33 hqnl0246134 sshd[283606]: Invalid user bdc from 82.196.5.251 port 60512', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 03:40:35,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377235.197693, 'message': 'Dec  7 03:40:34 hqnl0246134 sshd[283609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-07 03:40:35,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377235.1973126, 'message': 'Dec  7 03:40:33 hqnl0246134 sshd[283606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.196.5.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:40:35,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377235.1974943, 'message': 'Dec  7 03:40:33 hqnl0246134 sshd[283606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.5.251 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 03:40:35,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:40:35,461] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:40:35,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:40:35,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 03:40:37,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377237.1980677, 'message': 'Dec  7 03:40:35 hqnl0246134 sshd[283606]: Failed password for invalid user bdc from 82.196.5.251 port 60512 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 03:40:37,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377237.2031174, 'message': 'Dec  7 03:40:35 hqnl0246134 sshd[283609]: Failed password for root from 61.177.173.18 port 55079 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 03:40:37,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377237.1983404, 'message': 'Dec  7 03:40:35 hqnl0246134 sshd[283606]: Disconnected from invalid user bdc 82.196.5.251 port 60512 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:40:39,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377239.1980457, 'message': 'Dec  7 03:40:38 hqnl0246134 sshd[283609]: Failed password for root from 61.177.173.18 port 55079 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:40:41,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377241.1989195, 'message': 'Dec  7 03:40:40 hqnl0246134 sshd[283616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.87.22.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0616 seconds
INFO    [2022-12-07 03:40:41,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377241.1995168, 'message': 'Dec  7 03:40:40 hqnl0246134 sshd[283609]: Failed password for root from 61.177.173.18 port 55079 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0626 seconds
INFO    [2022-12-07 03:40:41,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377241.2008526, 'message': 'Dec  7 03:40:41 hqnl0246134 sshd[283618]: Invalid user sai from 213.27.189.252 port 60296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0625 seconds
INFO    [2022-12-07 03:40:41,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377241.199319, 'message': 'Dec  7 03:40:40 hqnl0246134 sshd[283616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.87.22.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 03:40:41,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377241.2010257, 'message': 'Dec  7 03:40:41 hqnl0246134 sshd[283618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 213.27.189.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 03:40:41,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377241.2011588, 'message': 'Dec  7 03:40:41 hqnl0246134 sshd[283618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.27.189.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:40:43,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377243.201133, 'message': 'Dec  7 03:40:42 hqnl0246134 sshd[283616]: Failed password for root from 172.87.22.100 port 38868 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:40:43,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377243.2013783, 'message': 'Dec  7 03:40:42 hqnl0246134 sshd[283618]: Failed password for invalid user sai from 213.27.189.252 port 60296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 03:40:45,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377245.2022212, 'message': 'Dec  7 03:40:44 hqnl0246134 sshd[283618]: Disconnected from invalid user sai 213.27.189.252 port 60296 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 03:40:47,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377247.2058144, 'message': 'Dec  7 03:40:46 hqnl0246134 sshd[283631]: Invalid user test from 165.227.166.207 port 58220', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:40:47,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377247.2060814, 'message': 'Dec  7 03:40:46 hqnl0246134 sshd[283631]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 03:40:47,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377247.2062228, 'message': 'Dec  7 03:40:46 hqnl0246134 sshd[283631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 03:40:49,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377249.2067153, 'message': 'Dec  7 03:40:47 hqnl0246134 sshd[283631]: Failed password for invalid user test from 165.227.166.207 port 58220 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 03:40:49,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377249.207787, 'message': 'Dec  7 03:40:49 hqnl0246134 sshd[283631]: Disconnected from invalid user test 165.227.166.207 port 58220 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 03:40:50,919] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:40:50,919] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:40:51,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377251.208611, 'message': 'Dec  7 03:40:51 hqnl0246134 sshd[283634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.134.83.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 03:40:51,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377251.2088552, 'message': 'Dec  7 03:40:51 hqnl0246134 sshd[283634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.134.83.209  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:40:53,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377253.2122865, 'message': 'Dec  7 03:40:51 hqnl0246134 sshd[283636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.54.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 03:40:53,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377253.2127926, 'message': 'Dec  7 03:40:53 hqnl0246134 sshd[283634]: Failed password for root from 188.134.83.209 port 57626 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 03:40:53,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377253.2125692, 'message': 'Dec  7 03:40:51 hqnl0246134 sshd[283636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.54.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:40:55,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377255.2148905, 'message': 'Dec  7 03:40:54 hqnl0246134 sshd[283636]: Failed password for root from 167.71.54.30 port 42260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:40:59,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377259.2211473, 'message': 'Dec  7 03:40:58 hqnl0246134 sshd[283639]: pam_imunify(sshd:auth): [IM360_RBL] The IP 183.81.32.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:40:59,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377259.221352, 'message': 'Dec  7 03:40:58 hqnl0246134 sshd[283639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.81.32.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:41:01,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '183.81.32.198', 'timestamp': 1670377261.222306, 'message': 'Dec  7 03:40:59 hqnl0246134 sshd[283639]: Failed password for root from 183.81.32.198 port 55208 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:41:09,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377269.2341237, 'message': 'Dec  7 03:41:08 hqnl0246134 sshd[283649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:41:09,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377269.2368903, 'message': 'Dec  7 03:41:08 hqnl0246134 sshd[283651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.124.133.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 03:41:09,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377269.2343462, 'message': 'Dec  7 03:41:08 hqnl0246134 sshd[283649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:41:09,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377269.237089, 'message': 'Dec  7 03:41:08 hqnl0246134 sshd[283651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.124.133.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:41:11,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377271.236075, 'message': 'Dec  7 03:41:09 hqnl0246134 sshd[283649]: Failed password for root from 61.177.173.47 port 11203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 03:41:11,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377271.2362828, 'message': 'Dec  7 03:41:09 hqnl0246134 sshd[283651]: Failed password for root from 201.124.133.194 port 48390 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 03:41:11,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377271.237309, 'message': 'Dec  7 03:41:10 hqnl0246134 sshd[283649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 03:41:12,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:41:12,309] defence360agent.internals.the_sink: SensorIncidentList(<32 item(s)>) processed in 0.0656 seconds
INFO    [2022-12-07 03:41:13,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377273.2396855, 'message': 'Dec  7 03:41:12 hqnl0246134 sshd[283649]: Failed password for root from 61.177.173.47 port 11203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:41:15,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377275.2420557, 'message': 'Dec  7 03:41:14 hqnl0246134 sshd[283649]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 03:41:17,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377277.244655, 'message': 'Dec  7 03:41:16 hqnl0246134 sshd[283649]: Failed password for root from 61.177.173.47 port 11203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:41:17,954] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:41:17,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:41:17,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:41:17,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 03:41:19,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377279.2458348, 'message': 'Dec  7 03:41:18 hqnl0246134 sshd[283668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 03:41:19,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377279.2460432, 'message': 'Dec  7 03:41:18 hqnl0246134 sshd[283668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:41:20,743] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:41:20,744] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:41:20,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:41:20,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 03:41:21,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377281.248819, 'message': 'Dec  7 03:41:20 hqnl0246134 sshd[283668]: Failed password for root from 61.177.173.47 port 50524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 03:41:21,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377281.249037, 'message': 'Dec  7 03:41:20 hqnl0246134 sshd[283673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:41:21,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377281.249167, 'message': 'Dec  7 03:41:21 hqnl0246134 sshd[283668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:41:23,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377283.2503536, 'message': 'Dec  7 03:41:22 hqnl0246134 sshd[283673]: Failed password for root from 61.177.173.18 port 17427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:41:23,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377283.2507555, 'message': 'Dec  7 03:41:23 hqnl0246134 sshd[283668]: Failed password for root from 61.177.173.47 port 50524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 03:41:25,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377285.252309, 'message': 'Dec  7 03:41:23 hqnl0246134 sshd[283668]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 03:41:25,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377285.2525496, 'message': 'Dec  7 03:41:25 hqnl0246134 sshd[283673]: Failed password for root from 61.177.173.18 port 17427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 03:41:27,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377287.2562447, 'message': 'Dec  7 03:41:25 hqnl0246134 sshd[283668]: Failed password for root from 61.177.173.47 port 50524 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:41:29,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377289.26198, 'message': 'Dec  7 03:41:29 hqnl0246134 sshd[283673]: Failed password for root from 61.177.173.18 port 17427 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:41:31,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377291.2653975, 'message': 'Dec  7 03:41:29 hqnl0246134 sshd[283679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 03:41:31,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377291.2657495, 'message': 'Dec  7 03:41:29 hqnl0246134 sshd[283679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:41:31,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377291.268968, 'message': 'Dec  7 03:41:31 hqnl0246134 sshd[283679]: Failed password for root from 61.177.173.47 port 36782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:41:33,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377293.2712457, 'message': 'Dec  7 03:41:31 hqnl0246134 sshd[283679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 03:41:35,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377295.2774415, 'message': 'Dec  7 03:41:33 hqnl0246134 sshd[283679]: Failed password for root from 61.177.173.47 port 36782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 03:41:35,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377295.2777593, 'message': 'Dec  7 03:41:34 hqnl0246134 sshd[283679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 03:41:37,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.161.112', 'timestamp': 1670377297.2782815, 'message': 'Dec  7 03:41:35 hqnl0246134 sshd[283678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.161.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 03:41:37,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670377297.2790844, 'message': 'Dec  7 03:41:36 hqnl0246134 sshd[283679]: Failed password for root from 61.177.173.47 port 36782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 03:41:37,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.161.112', 'timestamp': 1670377297.2787287, 'message': 'Dec  7 03:41:35 hqnl0246134 sshd[283678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.161.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:41:39,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.34.161.112', 'timestamp': 1670377299.279355, 'message': 'Dec  7 03:41:37 hqnl0246134 sshd[283678]: Failed password for root from 144.34.161.112 port 52688 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 03:41:41,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:41:41,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:41:41,013] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:41:41,025] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 03:41:50,923] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:41:50,924] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:41:53,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377313.3063314, 'message': 'Dec  7 03:41:51 hqnl0246134 sshd[283698]: Invalid user base from 142.93.116.249 port 33698', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:41:53,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377313.3068614, 'message': 'Dec  7 03:41:51 hqnl0246134 sshd[283698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.116.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:41:53,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377313.307036, 'message': 'Dec  7 03:41:51 hqnl0246134 sshd[283698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.116.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:41:53,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377313.3071759, 'message': 'Dec  7 03:41:53 hqnl0246134 sshd[283698]: Failed password for invalid user base from 142.93.116.249 port 33698 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:41:53,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.116.249', 'timestamp': 1670377313.3073096, 'message': 'Dec  7 03:41:53 hqnl0246134 sshd[283698]: Disconnected from invalid user base 142.93.116.249 port 33698 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 03:41:54,165] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 03:41:55,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377315.3065016, 'message': 'Dec  7 03:41:53 hqnl0246134 sshd[283700]: Invalid user desarrollo from 165.22.121.218 port 60430', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:41:55,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377315.3067899, 'message': 'Dec  7 03:41:53 hqnl0246134 sshd[283700]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.121.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:41:55,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377315.306947, 'message': 'Dec  7 03:41:53 hqnl0246134 sshd[283700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.121.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:41:57,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377317.308149, 'message': 'Dec  7 03:41:55 hqnl0246134 sshd[283700]: Failed password for invalid user desarrollo from 165.22.121.218 port 60430 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:41:57,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377317.3083656, 'message': 'Dec  7 03:41:55 hqnl0246134 sshd[283700]: Disconnected from invalid user desarrollo 165.22.121.218 port 60430 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:42:07,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377327.3196142, 'message': 'Dec  7 03:42:05 hqnl0246134 sshd[283709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 03:42:07,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377327.3199925, 'message': 'Dec  7 03:42:06 hqnl0246134 sshd[283721]: Invalid user admin from 37.187.180.160 port 59018', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 03:42:07,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377327.320147, 'message': 'Dec  7 03:42:06 hqnl0246134 sshd[283721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.187.180.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:42:07,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377327.320298, 'message': 'Dec  7 03:42:06 hqnl0246134 sshd[283721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.180.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 03:42:09,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377329.3225098, 'message': 'Dec  7 03:42:07 hqnl0246134 sshd[283709]: Failed password for root from 61.177.173.18 port 20090 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:42:09,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377329.32275, 'message': 'Dec  7 03:42:08 hqnl0246134 sshd[283721]: Failed password for invalid user admin from 37.187.180.160 port 59018 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 03:42:09,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377329.32287, 'message': 'Dec  7 03:42:09 hqnl0246134 sshd[283709]: Failed password for root from 61.177.173.18 port 20090 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:42:11,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377331.3246942, 'message': 'Dec  7 03:42:10 hqnl0246134 sshd[283721]: Disconnected from invalid user admin 37.187.180.160 port 59018 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 03:42:12,256] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:42:12,281] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 03:42:13,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377333.330265, 'message': 'Dec  7 03:42:12 hqnl0246134 sshd[283709]: Failed password for root from 61.177.173.18 port 20090 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:42:17,782] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:42:17,783] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:42:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:42:17,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 03:42:20,408] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:42:20,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:42:20,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:42:20,426] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 03:42:35,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377355.3678095, 'message': 'Dec  7 03:42:33 hqnl0246134 sshd[283769]: Invalid user xia from 103.183.74.62 port 48620', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 03:42:35,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377355.3687236, 'message': 'Dec  7 03:42:33 hqnl0246134 sshd[283769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.183.74.62 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 03:42:35,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377355.368969, 'message': 'Dec  7 03:42:33 hqnl0246134 sshd[283769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.183.74.62 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 03:42:35,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377355.3691955, 'message': 'Dec  7 03:42:35 hqnl0246134 sshd[283769]: Failed password for invalid user xia from 103.183.74.62 port 48620 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:42:37,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.183.74.62', 'timestamp': 1670377357.3656592, 'message': 'Dec  7 03:42:37 hqnl0246134 sshd[283769]: Disconnected from invalid user xia 103.183.74.62 port 48620 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 03:42:50,932] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:42:50,933] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:42:55,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377375.395038, 'message': 'Dec  7 03:42:53 hqnl0246134 sshd[283781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 03:42:57,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377377.3978412, 'message': 'Dec  7 03:42:55 hqnl0246134 sshd[283784]: Invalid user test from 165.227.166.207 port 40276', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 03:42:57,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377377.398384, 'message': 'Dec  7 03:42:56 hqnl0246134 sshd[283781]: Failed password for root from 61.177.173.18 port 43969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 03:42:57,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377377.3980622, 'message': 'Dec  7 03:42:55 hqnl0246134 sshd[283784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:42:57,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377377.398221, 'message': 'Dec  7 03:42:55 hqnl0246134 sshd[283784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:42:59,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377379.39932, 'message': 'Dec  7 03:42:57 hqnl0246134 sshd[283784]: Failed password for invalid user test from 165.227.166.207 port 40276 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 03:42:59,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377379.3996422, 'message': 'Dec  7 03:42:58 hqnl0246134 sshd[283784]: Disconnected from invalid user test 165.227.166.207 port 40276 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 03:43:00,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:43:00,688] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:43:00,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:43:00,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 03:43:01,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377381.4014108, 'message': 'Dec  7 03:43:00 hqnl0246134 sshd[283781]: Failed password for root from 61.177.173.18 port 43969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:43:03,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377383.404447, 'message': 'Dec  7 03:43:01 hqnl0246134 sshd[283790]: Invalid user ethan from 128.199.87.28 port 45638', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 03:43:03,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377383.4049978, 'message': 'Dec  7 03:43:02 hqnl0246134 sshd[283802]: Invalid user sammy from 176.31.46.230 port 35820', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:43:03,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377383.4047186, 'message': 'Dec  7 03:43:01 hqnl0246134 sshd[283790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.87.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:43:03,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377383.4051552, 'message': 'Dec  7 03:43:02 hqnl0246134 sshd[283802]: pam_imunify(sshd:auth): [IM360_RBL] The IP 176.31.46.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 03:43:03,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377383.4048574, 'message': 'Dec  7 03:43:01 hqnl0246134 sshd[283790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.87.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 03:43:03,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377383.4054265, 'message': 'Dec  7 03:43:02 hqnl0246134 sshd[283802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.46.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:43:03,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377383.405568, 'message': 'Dec  7 03:43:02 hqnl0246134 sshd[283790]: Failed password for invalid user ethan from 128.199.87.28 port 45638 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:43:05,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377385.406498, 'message': 'Dec  7 03:43:04 hqnl0246134 sshd[283790]: Disconnected from invalid user ethan 128.199.87.28 port 45638 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 03:43:05,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377385.4067538, 'message': 'Dec  7 03:43:04 hqnl0246134 sshd[283781]: Failed password for root from 61.177.173.18 port 43969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-07 03:43:05,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377385.406907, 'message': 'Dec  7 03:43:04 hqnl0246134 sshd[283802]: Failed password for invalid user sammy from 176.31.46.230 port 35820 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 03:43:07,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377387.4089582, 'message': 'Dec  7 03:43:06 hqnl0246134 sshd[283802]: Disconnected from invalid user sammy 176.31.46.230 port 35820 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 03:43:12,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:43:12,283] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-07 03:43:17,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377397.4252954, 'message': 'Dec  7 03:43:16 hqnl0246134 sshd[283817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.87.22.100 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 03:43:17,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377397.4256773, 'message': 'Dec  7 03:43:16 hqnl0246134 sshd[283817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.87.22.100  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:43:17,737] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:43:17,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:43:17,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:43:17,757] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 03:43:19,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.87.22.100', 'timestamp': 1670377399.4262948, 'message': 'Dec  7 03:43:18 hqnl0246134 sshd[283817]: Failed password for root from 172.87.22.100 port 56288 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 03:43:19,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377399.4264777, 'message': 'Dec  7 03:43:19 hqnl0246134 sshd[283825]: Invalid user bdc from 213.27.189.252 port 48816', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 03:43:19,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377399.4265945, 'message': 'Dec  7 03:43:19 hqnl0246134 sshd[283825]: pam_imunify(sshd:auth): [IM360_RBL] The IP 213.27.189.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:43:19,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377399.426745, 'message': 'Dec  7 03:43:19 hqnl0246134 sshd[283825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.27.189.252 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 03:43:20,254] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:43:20,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:43:20,263] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:43:20,275] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 03:43:21,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377401.4297507, 'message': 'Dec  7 03:43:21 hqnl0246134 sshd[283825]: Failed password for invalid user bdc from 213.27.189.252 port 48816 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:43:23,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377403.4330513, 'message': 'Dec  7 03:43:21 hqnl0246134 sshd[283825]: Disconnected from invalid user bdc 213.27.189.252 port 48816 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 03:43:23,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377403.433322, 'message': 'Dec  7 03:43:23 hqnl0246134 sshd[283830]: Invalid user deploy from 174.138.29.2 port 58094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 03:43:23,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377403.4334462, 'message': 'Dec  7 03:43:23 hqnl0246134 sshd[283830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 174.138.29.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:43:23,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377403.4371846, 'message': 'Dec  7 03:43:23 hqnl0246134 sshd[283830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.2 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:43:25,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377405.4336865, 'message': 'Dec  7 03:43:25 hqnl0246134 sshd[283830]: Failed password for invalid user deploy from 174.138.29.2 port 58094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:43:27,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377407.4366663, 'message': 'Dec  7 03:43:25 hqnl0246134 sshd[283830]: Disconnected from invalid user deploy 174.138.29.2 port 58094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 03:43:27,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377407.4369102, 'message': 'Dec  7 03:43:25 hqnl0246134 sshd[283832]: Invalid user vision from 167.71.54.30 port 50974', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 03:43:27,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377407.4370599, 'message': 'Dec  7 03:43:25 hqnl0246134 sshd[283832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.54.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:43:27,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377407.4374874, 'message': 'Dec  7 03:43:25 hqnl0246134 sshd[283832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.54.30 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:43:29,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377409.4391944, 'message': 'Dec  7 03:43:27 hqnl0246134 sshd[283832]: Failed password for invalid user vision from 167.71.54.30 port 50974 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:43:29,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377409.4394326, 'message': 'Dec  7 03:43:28 hqnl0246134 sshd[283832]: Disconnected from invalid user vision 167.71.54.30 port 50974 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:43:31,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377411.441739, 'message': 'Dec  7 03:43:30 hqnl0246134 sshd[283835]: Invalid user ops from 201.124.133.194 port 57918', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:43:31,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377411.4420393, 'message': 'Dec  7 03:43:30 hqnl0246134 sshd[283835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.124.133.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 03:43:31,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377411.442238, 'message': 'Dec  7 03:43:30 hqnl0246134 sshd[283835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.124.133.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 03:43:33,343] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:43:33,409] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:43:33,410] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:43:33,410] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:43:33,410] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:43:33,410] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:43:33,419] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:43:33,434] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0236 seconds
WARNING [2022-12-07 03:43:33,442] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:43:33,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:43:33,474] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0446 seconds
INFO    [2022-12-07 03:43:33,476] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0441 seconds
INFO    [2022-12-07 03:43:33,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377413.4440334, 'message': 'Dec  7 03:43:32 hqnl0246134 sshd[283835]: Failed password for invalid user ops from 201.124.133.194 port 57918 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 03:43:35,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377415.4461436, 'message': 'Dec  7 03:43:33 hqnl0246134 sshd[283835]: Disconnected from invalid user ops 201.124.133.194 port 57918 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 03:43:35,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377415.446334, 'message': 'Dec  7 03:43:34 hqnl0246134 sshd[283838]: Invalid user testuser2 from 188.134.83.209 port 58854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 03:43:35,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377415.4464438, 'message': 'Dec  7 03:43:34 hqnl0246134 sshd[283838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.134.83.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:43:35,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377415.4465435, 'message': 'Dec  7 03:43:34 hqnl0246134 sshd[283838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.134.83.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 03:43:37,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377417.4501278, 'message': 'Dec  7 03:43:36 hqnl0246134 sshd[283838]: Failed password for invalid user testuser2 from 188.134.83.209 port 58854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:43:37,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377417.4504275, 'message': 'Dec  7 03:43:36 hqnl0246134 sshd[283838]: Disconnected from invalid user testuser2 188.134.83.209 port 58854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 03:43:41,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377421.4540927, 'message': 'Dec  7 03:43:40 hqnl0246134 sshd[283841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:43:43,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377423.45837, 'message': 'Dec  7 03:43:42 hqnl0246134 sshd[283841]: Failed password for root from 61.177.173.18 port 51662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 03:43:50,937] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:43:50,938] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:44:03,541] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:44:03,542] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:44:03,543] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 03:44:07,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377447.4990094, 'message': 'Dec  7 03:44:06 hqnl0246134 sshd[283863]: Invalid user sai from 82.196.5.251 port 55581', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 03:44:07,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377447.4998283, 'message': 'Dec  7 03:44:07 hqnl0246134 sshd[283863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.196.5.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 03:44:07,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377447.5009005, 'message': 'Dec  7 03:44:07 hqnl0246134 sshd[283863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.5.251 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:44:11,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377451.5061164, 'message': 'Dec  7 03:44:09 hqnl0246134 sshd[283863]: Failed password for invalid user sai from 82.196.5.251 port 55581 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:44:11,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377451.5063398, 'message': 'Dec  7 03:44:10 hqnl0246134 sshd[283863]: Disconnected from invalid user sai 82.196.5.251 port 55581 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
WARNING [2022-12-07 03:44:12,270] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:44:12,320] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0632 seconds
INFO    [2022-12-07 03:44:12,655] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:44:12,655] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:44:12,662] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:44:12,673] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 03:44:18,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:44:18,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:44:18,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:44:18,370] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-07 03:44:20,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:44:20,874] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:44:20,887] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:44:20,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 03:44:31,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670377471.5334842, 'message': 'Dec  7 03:44:29 hqnl0246134 sshd[283895]: Invalid user ubuntu from 163.172.220.154 port 48054', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-07 03:44:31,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377471.5344677, 'message': 'Dec  7 03:44:30 hqnl0246134 sshd[283893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 03:44:31,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377471.5346603, 'message': 'Dec  7 03:44:31 hqnl0246134 sshd[283897]: Invalid user redis2 from 165.22.121.218 port 49738', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 03:44:31,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.220.154', 'timestamp': 1670377471.5340374, 'message': 'Dec  7 03:44:30 hqnl0246134 sshd[283895]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.220.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 03:44:31,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.220.154', 'timestamp': 1670377471.5342824, 'message': 'Dec  7 03:44:30 hqnl0246134 sshd[283895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.220.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:44:33,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377473.5352228, 'message': 'Dec  7 03:44:31 hqnl0246134 sshd[283897]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.121.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 03:44:33,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670377473.5356195, 'message': 'Dec  7 03:44:32 hqnl0246134 sshd[283895]: Failed password for invalid user ubuntu from 163.172.220.154 port 48054 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 03:44:33,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377473.535793, 'message': 'Dec  7 03:44:32 hqnl0246134 sshd[283893]: Failed password for root from 61.177.173.18 port 21690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 03:44:33,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377473.535466, 'message': 'Dec  7 03:44:31 hqnl0246134 sshd[283897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.121.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:44:33,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377473.5359087, 'message': 'Dec  7 03:44:32 hqnl0246134 sshd[283897]: Failed password for invalid user redis2 from 165.22.121.218 port 49738 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0158 seconds
INFO    [2022-12-07 03:44:35,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670377475.5408072, 'message': 'Dec  7 03:44:34 hqnl0246134 sshd[283895]: Disconnected from invalid user ubuntu 163.172.220.154 port 48054 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:44:35,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377475.5412166, 'message': 'Dec  7 03:44:34 hqnl0246134 sshd[283897]: Disconnected from invalid user redis2 165.22.121.218 port 49738 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 03:44:37,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377477.54486, 'message': 'Dec  7 03:44:36 hqnl0246134 sshd[283893]: Failed password for root from 61.177.173.18 port 21690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:44:41,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377481.5550666, 'message': 'Dec  7 03:44:40 hqnl0246134 sshd[283893]: Failed password for root from 61.177.173.18 port 21690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:44:49,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377489.568974, 'message': 'Dec  7 03:44:47 hqnl0246134 sshd[283910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 03:44:49,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377489.5694482, 'message': 'Dec  7 03:44:47 hqnl0246134 sshd[283910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 03:44:50,948] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:44:50,949] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:44:51,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377491.570059, 'message': 'Dec  7 03:44:50 hqnl0246134 sshd[283910]: Failed password for root from 61.177.173.51 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:44:53,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377493.5724382, 'message': 'Dec  7 03:44:52 hqnl0246134 sshd[283910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 03:44:55,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377495.5773196, 'message': 'Dec  7 03:44:53 hqnl0246134 sshd[283910]: Failed password for root from 61.177.173.51 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:44:55,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377495.577505, 'message': 'Dec  7 03:44:54 hqnl0246134 sshd[283910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:44:57,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377497.5843565, 'message': 'Dec  7 03:44:56 hqnl0246134 sshd[283910]: Failed password for root from 61.177.173.51 port 37495 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:45:01,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377501.5879066, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283914]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0817 seconds
INFO    [2022-12-07 03:45:01,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377501.5884404, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283916]: Invalid user teste from 165.227.166.207 port 50560', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0831 seconds
INFO    [2022-12-07 03:45:01,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377501.5885925, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283918]: Invalid user angelica from 37.187.180.160 port 34280', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0835 seconds
INFO    [2022-12-07 03:45:01,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377501.5882359, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0757 seconds
INFO    [2022-12-07 03:45:01,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377501.5888538, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283916]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0746 seconds
INFO    [2022-12-07 03:45:01,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377501.5893242, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.187.180.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0736 seconds
INFO    [2022-12-07 03:45:01,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377501.589099, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 03:45:01,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377501.5895886, 'message': 'Dec  7 03:45:00 hqnl0246134 sshd[283918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.180.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 03:45:03,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377503.5889897, 'message': 'Dec  7 03:45:02 hqnl0246134 sshd[283914]: Failed password for root from 61.177.173.51 port 36067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0614 seconds
INFO    [2022-12-07 03:45:03,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377503.5891843, 'message': 'Dec  7 03:45:03 hqnl0246134 sshd[283916]: Failed password for invalid user teste from 165.227.166.207 port 50560 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0622 seconds
INFO    [2022-12-07 03:45:03,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377503.5892966, 'message': 'Dec  7 03:45:03 hqnl0246134 sshd[283918]: Failed password for invalid user angelica from 37.187.180.160 port 34280 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0624 seconds
INFO    [2022-12-07 03:45:05,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377505.5926003, 'message': 'Dec  7 03:45:04 hqnl0246134 sshd[283914]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 03:45:05,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377505.592816, 'message': 'Dec  7 03:45:05 hqnl0246134 sshd[283918]: Disconnected from invalid user angelica 37.187.180.160 port 34280 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 03:45:05,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377505.5929298, 'message': 'Dec  7 03:45:05 hqnl0246134 sshd[283916]: Disconnected from invalid user teste 165.227.166.207 port 50560 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 03:45:07,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377507.5958562, 'message': 'Dec  7 03:45:06 hqnl0246134 sshd[283914]: Failed password for root from 61.177.173.51 port 36067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 03:45:07,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377507.5961528, 'message': 'Dec  7 03:45:07 hqnl0246134 sshd[283914]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:45:11,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670377511.6019297, 'message': 'Dec  7 03:45:09 hqnl0246134 sshd[283914]: Failed password for root from 61.177.173.51 port 36067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-07 03:45:12,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:45:12,327] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0677 seconds
INFO    [2022-12-07 03:45:17,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377517.6064029, 'message': 'Dec  7 03:45:17 hqnl0246134 sshd[283963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 03:45:18,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:45:18,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:45:18,049] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:45:18,060] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 03:45:19,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377519.60823, 'message': 'Dec  7 03:45:19 hqnl0246134 sshd[283963]: Failed password for root from 61.177.173.18 port 29307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:45:20,647] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:45:20,648] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:45:20,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:45:20,667] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 03:45:23,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377523.6131968, 'message': 'Dec  7 03:45:22 hqnl0246134 sshd[283963]: Failed password for root from 61.177.173.18 port 29307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 03:45:29,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377529.619746, 'message': 'Dec  7 03:45:26 hqnl0246134 sshd[283963]: Failed password for root from 61.177.173.18 port 29307 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 03:45:50,955] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:45:50,956] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:45:55,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377555.6588554, 'message': 'Dec  7 03:45:54 hqnl0246134 sshd[283987]: pam_imunify(sshd:auth): [IM360_RBL] The IP 213.27.189.252 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 03:45:55,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377555.6595206, 'message': 'Dec  7 03:45:54 hqnl0246134 sshd[283987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.27.189.252  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 03:45:57,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '213.27.189.252', 'timestamp': 1670377557.6648893, 'message': 'Dec  7 03:45:56 hqnl0246134 sshd[283987]: Failed password for root from 213.27.189.252 port 37342 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:46:00,594] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:46:00,595] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:46:00,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:46:00,614] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 03:46:03,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377563.670226, 'message': 'Dec  7 03:46:03 hqnl0246134 sshd[284006]: Invalid user deploy from 167.71.54.30 port 55648', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:46:03,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377563.6704226, 'message': 'Dec  7 03:46:03 hqnl0246134 sshd[284006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.54.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 03:46:03,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377563.6705334, 'message': 'Dec  7 03:46:03 hqnl0246134 sshd[284006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.54.30 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 03:46:05,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377565.6719506, 'message': 'Dec  7 03:46:04 hqnl0246134 sshd[284003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 03:46:05,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377565.672305, 'message': 'Dec  7 03:46:05 hqnl0246134 sshd[284006]: Failed password for invalid user deploy from 167.71.54.30 port 55648 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 03:46:07,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377567.6743205, 'message': 'Dec  7 03:46:05 hqnl0246134 sshd[284003]: Failed password for root from 61.177.173.18 port 42734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 03:46:07,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.54.30', 'timestamp': 1670377567.674547, 'message': 'Dec  7 03:46:05 hqnl0246134 sshd[284006]: Disconnected from invalid user deploy 167.71.54.30 port 55648 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:46:09,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377569.676319, 'message': 'Dec  7 03:46:08 hqnl0246134 sshd[284003]: Failed password for root from 61.177.173.18 port 42734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:46:11,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377571.6773632, 'message': 'Dec  7 03:46:11 hqnl0246134 sshd[284010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.87.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:46:11,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377571.677545, 'message': 'Dec  7 03:46:11 hqnl0246134 sshd[284010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.87.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
WARNING [2022-12-07 03:46:12,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:46:12,304] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-07 03:46:13,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377573.6852293, 'message': 'Dec  7 03:46:12 hqnl0246134 sshd[284003]: Failed password for root from 61.177.173.18 port 42734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 03:46:13,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.87.28', 'timestamp': 1670377573.6854146, 'message': 'Dec  7 03:46:13 hqnl0246134 sshd[284010]: Failed password for root from 128.199.87.28 port 34422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:46:17,713] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:46:17,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:46:17,722] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:46:17,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 03:46:19,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377579.6908333, 'message': 'Dec  7 03:46:19 hqnl0246134 sshd[284027]: Invalid user alejandro from 188.134.83.209 port 60432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:46:19,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377579.6910484, 'message': 'Dec  7 03:46:19 hqnl0246134 sshd[284027]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.134.83.209 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:46:19,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377579.6911733, 'message': 'Dec  7 03:46:19 hqnl0246134 sshd[284027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.134.83.209 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:46:20,254] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:46:20,254] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:46:20,261] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:46:20,272] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 03:46:21,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377581.6942928, 'message': 'Dec  7 03:46:21 hqnl0246134 sshd[284027]: Failed password for invalid user alejandro from 188.134.83.209 port 60432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:46:23,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377583.697094, 'message': 'Dec  7 03:46:22 hqnl0246134 sshd[284032]: Invalid user carlos from 174.138.29.2 port 43402', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:46:23,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.134.83.209', 'timestamp': 1670377583.6975114, 'message': 'Dec  7 03:46:22 hqnl0246134 sshd[284027]: Disconnected from invalid user alejandro 188.134.83.209 port 60432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 03:46:23,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377583.6972756, 'message': 'Dec  7 03:46:22 hqnl0246134 sshd[284032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 174.138.29.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:46:23,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377583.6973839, 'message': 'Dec  7 03:46:22 hqnl0246134 sshd[284032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.2 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 03:46:25,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377585.6986003, 'message': 'Dec  7 03:46:24 hqnl0246134 sshd[284032]: Failed password for invalid user carlos from 174.138.29.2 port 43402 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:46:25,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377585.698853, 'message': 'Dec  7 03:46:25 hqnl0246134 sshd[284032]: Disconnected from invalid user carlos 174.138.29.2 port 43402 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 03:46:50,960] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:46:50,962] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:46:51,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377611.7623367, 'message': 'Dec  7 03:46:50 hqnl0246134 sshd[284044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 03:46:53,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377613.7650468, 'message': 'Dec  7 03:46:52 hqnl0246134 sshd[284044]: Failed password for root from 61.177.173.18 port 58187 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 03:46:59,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377619.7728817, 'message': 'Dec  7 03:46:59 hqnl0246134 sshd[284069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.124.133.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:46:59,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377619.7730966, 'message': 'Dec  7 03:46:59 hqnl0246134 sshd[284069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.124.133.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:47:01,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.124.133.194', 'timestamp': 1670377621.772602, 'message': 'Dec  7 03:47:01 hqnl0246134 sshd[284069]: Failed password for root from 201.124.133.194 port 39204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:47:05,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377625.776303, 'message': 'Dec  7 03:47:04 hqnl0246134 sshd[284082]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.121.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 03:47:05,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377625.776694, 'message': 'Dec  7 03:47:04 hqnl0246134 sshd[284082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.121.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:47:07,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.121.218', 'timestamp': 1670377627.7786171, 'message': 'Dec  7 03:47:06 hqnl0246134 sshd[284082]: Failed password for root from 165.22.121.218 port 56696 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0555 seconds
INFO    [2022-12-07 03:47:07,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377627.7788873, 'message': 'Dec  7 03:47:06 hqnl0246134 sshd[284094]: Invalid user test from 165.227.166.207 port 60860', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0561 seconds
INFO    [2022-12-07 03:47:07,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377627.77906, 'message': 'Dec  7 03:47:07 hqnl0246134 sshd[284094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 03:47:07,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377627.7792234, 'message': 'Dec  7 03:47:07 hqnl0246134 sshd[284094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 03:47:09,391] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:47:09,391] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:47:09,402] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:47:09,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 03:47:09,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377629.7807763, 'message': 'Dec  7 03:47:09 hqnl0246134 sshd[284094]: Failed password for invalid user test from 165.227.166.207 port 60860 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:47:09,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377629.7809885, 'message': 'Dec  7 03:47:09 hqnl0246134 sshd[284094]: Disconnected from invalid user test 165.227.166.207 port 60860 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 03:47:12,276] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:47:12,310] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0413 seconds
INFO    [2022-12-07 03:47:18,016] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:47:18,017] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:47:18,028] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:47:18,040] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-07 03:47:20,759] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:47:20,760] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:47:20,769] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:47:20,780] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 03:47:23,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377643.7981377, 'message': 'Dec  7 03:47:23 hqnl0246134 sshd[284119]: Invalid user app from 176.31.46.230 port 44778', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 03:47:25,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377645.8003526, 'message': 'Dec  7 03:47:23 hqnl0246134 sshd[284119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 176.31.46.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:47:25,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377645.80061, 'message': 'Dec  7 03:47:23 hqnl0246134 sshd[284119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.46.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:47:25,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377645.8008142, 'message': 'Dec  7 03:47:25 hqnl0246134 sshd[284119]: Failed password for invalid user app from 176.31.46.230 port 44778 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:47:27,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377647.8037014, 'message': 'Dec  7 03:47:27 hqnl0246134 sshd[284119]: Disconnected from invalid user app 176.31.46.230 port 44778 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 03:47:27,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377647.804014, 'message': 'Dec  7 03:47:27 hqnl0246134 sshd[284121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.196.5.251 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 03:47:27,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377647.8041306, 'message': 'Dec  7 03:47:27 hqnl0246134 sshd[284121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.5.251  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:47:31,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '82.196.5.251', 'timestamp': 1670377651.8113952, 'message': 'Dec  7 03:47:29 hqnl0246134 sshd[284121]: Failed password for root from 82.196.5.251 port 50435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:47:37,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377657.8273485, 'message': 'Dec  7 03:47:36 hqnl0246134 sshd[284124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:47:39,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377659.8324354, 'message': 'Dec  7 03:47:38 hqnl0246134 sshd[284124]: Failed password for root from 61.177.173.18 port 11795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 03:47:49,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377669.8474774, 'message': 'Dec  7 03:47:48 hqnl0246134 sshd[284136]: pam_imunify(sshd:auth): [IM360_RBL] The IP 37.187.180.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 03:47:49,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377669.84787, 'message': 'Dec  7 03:47:48 hqnl0246134 sshd[284136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.180.160  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
WARNING [2022-12-07 03:47:50,968] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:47:50,969] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:47:51,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '37.187.180.160', 'timestamp': 1670377671.850445, 'message': 'Dec  7 03:47:50 hqnl0246134 sshd[284136]: Failed password for root from 37.187.180.160 port 43060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 03:48:12,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:48:12,308] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 03:48:13,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377693.8883452, 'message': 'Dec  7 03:48:12 hqnl0246134 sshd[284148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 03:48:13,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377693.888541, 'message': 'Dec  7 03:48:12 hqnl0246134 sshd[284148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:48:15,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377695.8897176, 'message': 'Dec  7 03:48:14 hqnl0246134 sshd[284148]: Failed password for root from 61.177.172.19 port 43068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:48:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:48:17,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:48:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:48:17,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-07 03:48:17,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377697.9266734, 'message': 'Dec  7 03:48:16 hqnl0246134 sshd[284148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 03:48:17,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377697.9268618, 'message': 'Dec  7 03:48:17 hqnl0246134 sshd[284148]: Failed password for root from 61.177.172.19 port 43068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 03:48:19,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377699.8941617, 'message': 'Dec  7 03:48:18 hqnl0246134 sshd[284148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:48:20,578] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:48:20,579] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:48:20,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:48:20,608] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0285 seconds
INFO    [2022-12-07 03:48:21,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377701.8993635, 'message': 'Dec  7 03:48:20 hqnl0246134 sshd[284148]: Failed password for root from 61.177.172.19 port 43068 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:48:25,414] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:48:25,415] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:48:25,430] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:48:25,443] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-07 03:48:25,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377705.9067366, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-07 03:48:25,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377705.9070203, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-07 03:48:25,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670377705.9074342, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284175]: Invalid user test from 179.108.181.161 port 41302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 03:48:25,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377705.907225, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 03:48:25,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.108.181.161', 'timestamp': 1670377705.9076364, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284175]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.108.181.161 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:48:26,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.108.181.161', 'timestamp': 1670377705.9078348, 'message': 'Dec  7 03:48:24 hqnl0246134 sshd[284175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.108.181.161 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 03:48:27,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377707.9109035, 'message': 'Dec  7 03:48:26 hqnl0246134 sshd[284170]: Failed password for root from 61.177.173.18 port 35390 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0719 seconds
INFO    [2022-12-07 03:48:27,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377707.9111602, 'message': 'Dec  7 03:48:26 hqnl0246134 sshd[284173]: Failed password for root from 61.177.172.19 port 40874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0723 seconds
INFO    [2022-12-07 03:48:27,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670377707.9115777, 'message': 'Dec  7 03:48:26 hqnl0246134 sshd[284175]: Failed password for invalid user test from 179.108.181.161 port 41302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0711 seconds
INFO    [2022-12-07 03:48:28,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377707.9113495, 'message': 'Dec  7 03:48:26 hqnl0246134 sshd[284173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 03:48:28,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670377707.9124687, 'message': 'Dec  7 03:48:27 hqnl0246134 sshd[284175]: Disconnected from invalid user test 179.108.181.161 port 41302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 03:48:29,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377709.9141958, 'message': 'Dec  7 03:48:28 hqnl0246134 sshd[284170]: Failed password for root from 61.177.173.18 port 35390 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 03:48:29,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377709.914399, 'message': 'Dec  7 03:48:28 hqnl0246134 sshd[284173]: Failed password for root from 61.177.172.19 port 40874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 03:48:29,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377709.9145103, 'message': 'Dec  7 03:48:28 hqnl0246134 sshd[284173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 03:48:31,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377711.9181514, 'message': 'Dec  7 03:48:31 hqnl0246134 sshd[284170]: Failed password for root from 61.177.173.18 port 35390 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:48:31,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377711.9183803, 'message': 'Dec  7 03:48:31 hqnl0246134 sshd[284173]: Failed password for root from 61.177.172.19 port 40874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 03:48:35,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377715.9272316, 'message': 'Dec  7 03:48:34 hqnl0246134 sshd[284181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:48:35,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377715.9275692, 'message': 'Dec  7 03:48:34 hqnl0246134 sshd[284181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:48:37,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377717.9302151, 'message': 'Dec  7 03:48:36 hqnl0246134 sshd[284181]: Failed password for root from 61.177.172.19 port 16962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:48:37,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377717.930464, 'message': 'Dec  7 03:48:36 hqnl0246134 sshd[284181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:48:39,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377719.932723, 'message': 'Dec  7 03:48:38 hqnl0246134 sshd[284181]: Failed password for root from 61.177.172.19 port 16962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:48:39,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377719.9329545, 'message': 'Dec  7 03:48:39 hqnl0246134 sshd[284181]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 03:48:41,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377721.9355502, 'message': 'Dec  7 03:48:40 hqnl0246134 sshd[284181]: Failed password for root from 61.177.172.19 port 16962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 03:48:43,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377723.9377494, 'message': 'Dec  7 03:48:42 hqnl0246134 sshd[284183]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 03:48:44,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377723.9379551, 'message': 'Dec  7 03:48:42 hqnl0246134 sshd[284183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 03:48:45,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377725.9403882, 'message': 'Dec  7 03:48:44 hqnl0246134 sshd[284183]: Failed password for root from 61.177.172.19 port 24989 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 03:48:45,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377725.940662, 'message': 'Dec  7 03:48:44 hqnl0246134 sshd[284183]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:48:47,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377727.9428377, 'message': 'Dec  7 03:48:46 hqnl0246134 sshd[284183]: Failed password for root from 61.177.172.19 port 24989 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:48:49,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377729.9482472, 'message': 'Dec  7 03:48:49 hqnl0246134 sshd[284183]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 03:48:50,972] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:48:50,973] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:48:51,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670377731.951199, 'message': 'Dec  7 03:48:51 hqnl0246134 sshd[284183]: Failed password for root from 61.177.172.19 port 24989 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 03:49:12,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:49:12,378] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0988 seconds
INFO    [2022-12-07 03:49:14,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377754.0305355, 'message': 'Dec  7 03:49:12 hqnl0246134 sshd[284211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 174.138.29.2 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 03:49:14,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377754.0310328, 'message': 'Dec  7 03:49:12 hqnl0246134 sshd[284213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 03:49:14,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377754.0308478, 'message': 'Dec  7 03:49:12 hqnl0246134 sshd[284211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.2  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:49:16,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '174.138.29.2', 'timestamp': 1670377756.0320575, 'message': 'Dec  7 03:49:14 hqnl0246134 sshd[284211]: Failed password for root from 174.138.29.2 port 56938 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-07 03:49:16,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377756.0323105, 'message': 'Dec  7 03:49:14 hqnl0246134 sshd[284213]: Failed password for root from 61.177.173.18 port 58203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 03:49:16,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377756.0324473, 'message': 'Dec  7 03:49:15 hqnl0246134 sshd[284216]: Invalid user test from 165.227.166.207 port 42912', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 03:49:16,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377756.0325747, 'message': 'Dec  7 03:49:15 hqnl0246134 sshd[284216]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 03:49:16,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377756.0327353, 'message': 'Dec  7 03:49:15 hqnl0246134 sshd[284216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:49:17,936] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:49:17,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:49:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:49:17,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 03:49:18,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.89.163.71', 'timestamp': 1670377758.0360937, 'message': 'Dec  7 03:49:16 hqnl0246134 sshd[284209]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.89.163.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 03:49:18,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377758.036514, 'message': 'Dec  7 03:49:17 hqnl0246134 sshd[284216]: Failed password for invalid user test from 165.227.166.207 port 42912 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 03:49:18,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.89.163.71', 'timestamp': 1670377758.0363836, 'message': 'Dec  7 03:49:16 hqnl0246134 sshd[284209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.89.163.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:49:18,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377758.0366354, 'message': 'Dec  7 03:49:17 hqnl0246134 sshd[284216]: Disconnected from invalid user test 165.227.166.207 port 42912 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 03:49:20,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.89.163.71', 'timestamp': 1670377760.040871, 'message': 'Dec  7 03:49:18 hqnl0246134 sshd[284209]: Failed password for root from 85.89.163.71 port 37294 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 03:49:20,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377760.041236, 'message': 'Dec  7 03:49:18 hqnl0246134 sshd[284213]: Failed password for root from 61.177.173.18 port 58203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 03:49:20,564] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:49:20,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:49:20,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:49:20,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 03:49:22,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377762.0432808, 'message': 'Dec  7 03:49:21 hqnl0246134 sshd[284213]: Failed password for root from 61.177.173.18 port 58203 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:49:26,067] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:49:26,067] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:49:26,076] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:49:26,088] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-07 03:49:50,975] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:49:50,977] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:50:00,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377800.1297944, 'message': 'Dec  7 03:49:59 hqnl0246134 sshd[284257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 03:50:02,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377802.1313226, 'message': 'Dec  7 03:50:01 hqnl0246134 sshd[284257]: Failed password for root from 61.177.173.18 port 60382 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0522 seconds
WARNING [2022-12-07 03:50:12,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:50:12,336] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0527 seconds
INFO    [2022-12-07 03:50:18,001] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:50:18,001] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:50:18,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:50:18,025] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 03:50:20,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377820.1613562, 'message': 'Dec  7 03:50:19 hqnl0246134 sshd[284307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:50:20,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377820.1616457, 'message': 'Dec  7 03:50:19 hqnl0246134 sshd[284307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:50:21,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:50:21,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:50:21,020] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:50:21,042] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-07 03:50:22,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377822.1637464, 'message': 'Dec  7 03:50:21 hqnl0246134 sshd[284307]: Failed password for root from 61.177.173.36 port 40795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:50:23,575] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:50:23,641] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:50:23,642] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:50:23,642] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:50:23,642] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:50:23,642] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:50:23,652] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:50:23,668] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0249 seconds
WARNING [2022-12-07 03:50:23,674] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:50:23,677] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:50:23,694] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0320 seconds
INFO    [2022-12-07 03:50:23,695] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0296 seconds
INFO    [2022-12-07 03:50:24,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377824.1651378, 'message': 'Dec  7 03:50:23 hqnl0246134 sshd[284307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 03:50:28,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377828.1776958, 'message': 'Dec  7 03:50:26 hqnl0246134 sshd[284307]: Failed password for root from 61.177.173.36 port 40795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 03:50:30,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377830.1876612, 'message': 'Dec  7 03:50:28 hqnl0246134 sshd[284307]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:50:32,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377832.1977484, 'message': 'Dec  7 03:50:30 hqnl0246134 sshd[284307]: Failed password for root from 61.177.173.36 port 40795 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 03:50:34,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377834.2066247, 'message': 'Dec  7 03:50:34 hqnl0246134 sshd[284320]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:50:34,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377834.2069106, 'message': 'Dec  7 03:50:34 hqnl0246134 sshd[284320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:50:36,969] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:50:36,969] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:50:36,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:50:36,988] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 03:50:38,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377838.222972, 'message': 'Dec  7 03:50:36 hqnl0246134 sshd[284320]: Failed password for root from 61.177.173.36 port 58423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 03:50:38,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670377838.2232752, 'message': 'Dec  7 03:50:37 hqnl0246134 sshd[284324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 03:50:38,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670377838.2234578, 'message': 'Dec  7 03:50:37 hqnl0246134 sshd[284324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:50:40,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377840.2252626, 'message': 'Dec  7 03:50:38 hqnl0246134 sshd[284320]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 03:50:40,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670377840.2257473, 'message': 'Dec  7 03:50:40 hqnl0246134 sshd[284324]: Failed password for root from 61.177.173.52 port 43486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 03:50:40,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377840.2256367, 'message': 'Dec  7 03:50:40 hqnl0246134 sshd[284320]: Failed password for root from 61.177.173.36 port 58423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 03:50:42,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377842.2286835, 'message': 'Dec  7 03:50:40 hqnl0246134 sshd[284320]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 03:50:42,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670377842.228857, 'message': 'Dec  7 03:50:41 hqnl0246134 sshd[284324]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:50:44,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377844.2303398, 'message': 'Dec  7 03:50:42 hqnl0246134 sshd[284320]: Failed password for root from 61.177.173.36 port 58423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 03:50:44,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670377844.23061, 'message': 'Dec  7 03:50:43 hqnl0246134 sshd[284324]: Failed password for root from 61.177.173.52 port 43486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 03:50:48,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377848.2369378, 'message': 'Dec  7 03:50:46 hqnl0246134 sshd[284333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 03:50:48,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377848.237959, 'message': 'Dec  7 03:50:47 hqnl0246134 sshd[284335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 03:50:48,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377848.237479, 'message': 'Dec  7 03:50:46 hqnl0246134 sshd[284333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:50:50,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377850.2379231, 'message': 'Dec  7 03:50:48 hqnl0246134 sshd[284333]: Failed password for root from 61.177.173.36 port 60509 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 03:50:50,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377850.2381175, 'message': 'Dec  7 03:50:49 hqnl0246134 sshd[284335]: Failed password for root from 61.177.173.18 port 17108 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-07 03:50:50,979] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:50:50,980] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:50:52,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377852.24052, 'message': 'Dec  7 03:50:50 hqnl0246134 sshd[284333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 03:50:54,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377854.2431815, 'message': 'Dec  7 03:50:52 hqnl0246134 sshd[284333]: Failed password for root from 61.177.173.36 port 60509 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 03:50:54,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377854.243523, 'message': 'Dec  7 03:50:53 hqnl0246134 sshd[284335]: Failed password for root from 61.177.173.18 port 17108 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 03:50:54,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377854.2434094, 'message': 'Dec  7 03:50:53 hqnl0246134 sshd[284333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:50:55,608] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:50:55,609] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:50:55,610] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 03:50:56,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670377856.2453904, 'message': 'Dec  7 03:50:55 hqnl0246134 sshd[284333]: Failed password for root from 61.177.173.36 port 60509 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:51:00,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377860.2529929, 'message': 'Dec  7 03:50:58 hqnl0246134 sshd[284335]: Failed password for root from 61.177.173.18 port 17108 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:51:06,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670377866.2583823, 'message': 'Dec  7 03:51:05 hqnl0246134 sshd[284364]: Invalid user email from 182.16.245.79 port 45594', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:51:06,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.16.245.79', 'timestamp': 1670377866.2585588, 'message': 'Dec  7 03:51:06 hqnl0246134 sshd[284364]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.16.245.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 03:51:06,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.16.245.79', 'timestamp': 1670377866.2587419, 'message': 'Dec  7 03:51:06 hqnl0246134 sshd[284364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.245.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:51:10,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670377870.2657285, 'message': 'Dec  7 03:51:08 hqnl0246134 sshd[284364]: Failed password for invalid user email from 182.16.245.79 port 45594 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 03:51:10,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670377870.2660208, 'message': 'Dec  7 03:51:08 hqnl0246134 sshd[284364]: Disconnected from invalid user email 182.16.245.79 port 45594 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
WARNING [2022-12-07 03:51:12,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:51:12,323] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0345 seconds
INFO    [2022-12-07 03:51:18,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377878.2797647, 'message': 'Dec  7 03:51:17 hqnl0246134 sshd[284383]: Invalid user test from 165.227.166.207 port 53214', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 03:51:18,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377878.280297, 'message': 'Dec  7 03:51:17 hqnl0246134 sshd[284383]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:51:18,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377878.2804563, 'message': 'Dec  7 03:51:17 hqnl0246134 sshd[284383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:51:19,853] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:51:19,854] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:51:19,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:51:19,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0324 seconds
INFO    [2022-12-07 03:51:20,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377880.2814372, 'message': 'Dec  7 03:51:20 hqnl0246134 sshd[284383]: Failed password for invalid user test from 165.227.166.207 port 53214 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 03:51:22,690] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:51:22,690] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:51:22,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:51:22,710] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:51:24,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377884.2864103, 'message': 'Dec  7 03:51:22 hqnl0246134 sshd[284383]: Disconnected from invalid user test 165.227.166.207 port 53214 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 03:51:36,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377896.3047564, 'message': 'Dec  7 03:51:35 hqnl0246134 sshd[284399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:51:38,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377898.3079484, 'message': 'Dec  7 03:51:37 hqnl0246134 sshd[284399]: Failed password for root from 61.177.173.18 port 34741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 03:51:40,150] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 03:51:40,152] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 03:51:41,031] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 03:51:42,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377902.3118913, 'message': 'Dec  7 03:51:41 hqnl0246134 sshd[284399]: Failed password for root from 61.177.173.18 port 34741 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 03:51:46,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377906.3203127, 'message': 'Dec  7 03:51:43 hqnl0246134 sshd[284399]: Failed password for root from 61.177.173.18 port 34741 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.2390 seconds
INFO    [2022-12-07 03:51:48,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377908.322206, 'message': 'Dec  7 03:51:48 hqnl0246134 sshd[284481]: Invalid user ubuntu from 176.31.46.230 port 52116', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 03:51:48,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377908.322538, 'message': 'Dec  7 03:51:48 hqnl0246134 sshd[284481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 176.31.46.230 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 03:51:48,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377908.3227522, 'message': 'Dec  7 03:51:48 hqnl0246134 sshd[284481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.46.230 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:51:50,446] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:51:50,446] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:51:50,454] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:51:50,465] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-07 03:51:50,982] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:51:50,983] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:51:52,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377912.3313072, 'message': 'Dec  7 03:51:50 hqnl0246134 sshd[284481]: Failed password for invalid user ubuntu from 176.31.46.230 port 52116 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 03:51:54,167] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 03:51:54,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '176.31.46.230', 'timestamp': 1670377914.3365088, 'message': 'Dec  7 03:51:53 hqnl0246134 sshd[284481]: Disconnected from invalid user ubuntu 176.31.46.230 port 52116 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:52:04,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670377924.3542452, 'message': 'Dec  7 03:52:03 hqnl0246134 sshd[284499]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:52:04,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670377924.354539, 'message': 'Dec  7 03:52:03 hqnl0246134 sshd[284499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:52:06,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '217.79.42.236', 'timestamp': 1670377926.3577983, 'message': 'Dec  7 03:52:05 hqnl0246134 sshd[284499]: Failed password for root from 217.79.42.236 port 38734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 03:52:12,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:52:12,329] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-07 03:52:18,113] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:52:18,114] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:52:18,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:52:18,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 03:52:20,826] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:52:20,826] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:52:20,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:52:20,844] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 03:52:22,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377942.3744922, 'message': 'Dec  7 03:52:21 hqnl0246134 sshd[284531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:52:24,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377944.3771126, 'message': 'Dec  7 03:52:23 hqnl0246134 sshd[284531]: Failed password for root from 61.177.173.18 port 37882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 03:52:30,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377950.382362, 'message': 'Dec  7 03:52:27 hqnl0246134 sshd[284531]: Failed password for root from 61.177.173.18 port 37882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 03:52:32,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377952.384432, 'message': 'Dec  7 03:52:32 hqnl0246134 sshd[284531]: Failed password for root from 61.177.173.18 port 37882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 03:52:50,985] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:52:50,986] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:52:52,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377972.4056997, 'message': 'Dec  7 03:52:50 hqnl0246134 sshd[284543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 03:52:52,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377972.4062438, 'message': 'Dec  7 03:52:50 hqnl0246134 sshd[284543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 03:52:52,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377972.4065738, 'message': 'Dec  7 03:52:51 hqnl0246134 sshd[284543]: Failed password for root from 61.177.173.50 port 29771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:52:54,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377974.406312, 'message': 'Dec  7 03:52:52 hqnl0246134 sshd[284543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 03:52:54,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377974.4066367, 'message': 'Dec  7 03:52:53 hqnl0246134 sshd[284543]: Failed password for root from 61.177.173.50 port 29771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:52:56,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377976.4083385, 'message': 'Dec  7 03:52:54 hqnl0246134 sshd[284543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 03:52:58,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377978.4090757, 'message': 'Dec  7 03:52:56 hqnl0246134 sshd[284543]: Failed password for root from 61.177.173.50 port 29771 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 03:53:01,548] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:53:01,549] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:53:01,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:53:01,567] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 03:53:02,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377982.4142418, 'message': 'Dec  7 03:53:00 hqnl0246134 sshd[284549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:53:02,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377982.4144194, 'message': 'Dec  7 03:53:00 hqnl0246134 sshd[284549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:53:04,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377984.4164526, 'message': 'Dec  7 03:53:02 hqnl0246134 sshd[284549]: Failed password for root from 61.177.173.50 port 14491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 03:53:04,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377984.4167469, 'message': 'Dec  7 03:53:03 hqnl0246134 sshd[284549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:53:06,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377986.4199033, 'message': 'Dec  7 03:53:04 hqnl0246134 sshd[284549]: Failed password for root from 61.177.173.50 port 14491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 03:53:06,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377986.4201026, 'message': 'Dec  7 03:53:05 hqnl0246134 sshd[284549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 03:53:08,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670377988.4231195, 'message': 'Dec  7 03:53:07 hqnl0246134 sshd[284549]: Failed password for root from 61.177.173.50 port 14491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 03:53:12,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:53:12,324] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0261 seconds
INFO    [2022-12-07 03:53:12,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377992.4262338, 'message': 'Dec  7 03:53:11 hqnl0246134 sshd[284564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:53:14,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377994.4292114, 'message': 'Dec  7 03:53:12 hqnl0246134 sshd[284564]: Failed password for root from 61.177.173.18 port 62703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 03:53:16,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377996.4300506, 'message': 'Dec  7 03:53:15 hqnl0246134 sshd[284570]: Invalid user test from 165.227.166.207 port 35260', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 03:53:16,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670377996.4305382, 'message': 'Dec  7 03:53:15 hqnl0246134 sshd[284564]: Failed password for root from 61.177.173.18 port 62703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 03:53:16,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377996.4302907, 'message': 'Dec  7 03:53:15 hqnl0246134 sshd[284570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 03:53:16,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377996.4304316, 'message': 'Dec  7 03:53:15 hqnl0246134 sshd[284570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 03:53:17,965] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:53:17,966] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:53:17,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:53:17,986] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 03:53:18,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377998.433567, 'message': 'Dec  7 03:53:17 hqnl0246134 sshd[284570]: Failed password for invalid user test from 165.227.166.207 port 35260 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 03:53:18,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670377998.4339557, 'message': 'Dec  7 03:53:18 hqnl0246134 sshd[284570]: Disconnected from invalid user test 165.227.166.207 port 35260 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:53:20,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378000.435983, 'message': 'Dec  7 03:53:19 hqnl0246134 sshd[284564]: Failed password for root from 61.177.173.18 port 62703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 03:53:20,584] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:53:20,585] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:53:20,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:53:20,604] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-07 03:53:50,989] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:53:50,990] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:53:58,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378038.4895933, 'message': 'Dec  7 03:53:58 hqnl0246134 sshd[284603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 03:54:00,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378040.4942281, 'message': 'Dec  7 03:53:59 hqnl0246134 sshd[284603]: Failed password for root from 61.177.173.18 port 24225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 03:54:04,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378044.5010386, 'message': 'Dec  7 03:54:02 hqnl0246134 sshd[284603]: Failed password for root from 61.177.173.18 port 24225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:54:08,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378048.5135162, 'message': 'Dec  7 03:54:06 hqnl0246134 sshd[284603]: Failed password for root from 61.177.173.18 port 24225 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:54:09,697] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:54:09,698] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:54:09,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:54:09,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
WARNING [2022-12-07 03:54:12,316] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:54:12,350] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-07 03:54:18,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:54:18,043] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:54:18,052] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:54:18,065] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 03:54:20,670] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:54:20,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:54:20,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:54:20,691] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 03:54:46,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378086.5774627, 'message': 'Dec  7 03:54:44 hqnl0246134 sshd[284645]: Invalid user kfk from 163.172.220.154 port 55548', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 03:54:46,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378086.5782106, 'message': 'Dec  7 03:54:45 hqnl0246134 sshd[284647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 03:54:46,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378086.577842, 'message': 'Dec  7 03:54:44 hqnl0246134 sshd[284645]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.220.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:54:46,653] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378086.5780482, 'message': 'Dec  7 03:54:44 hqnl0246134 sshd[284645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.220.154 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:54:46,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378086.578316, 'message': 'Dec  7 03:54:46 hqnl0246134 sshd[284645]: Failed password for invalid user kfk from 163.172.220.154 port 55548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:54:48,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378088.5798786, 'message': 'Dec  7 03:54:46 hqnl0246134 sshd[284645]: Disconnected from invalid user kfk 163.172.220.154 port 55548 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-07 03:54:48,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378088.5807848, 'message': 'Dec  7 03:54:47 hqnl0246134 sshd[284647]: Failed password for root from 61.177.173.18 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
WARNING [2022-12-07 03:54:50,993] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:54:50,994] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:54:52,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378092.5837634, 'message': 'Dec  7 03:54:49 hqnl0246134 sshd[284647]: Failed password for root from 61.177.173.18 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 03:54:52,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670378092.583969, 'message': 'Dec  7 03:54:51 hqnl0246134 sshd[284657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 03:54:52,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670378092.584145, 'message': 'Dec  7 03:54:51 hqnl0246134 sshd[284657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:54:54,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '101.226.253.162', 'timestamp': 1670378094.586243, 'message': 'Dec  7 03:54:53 hqnl0246134 sshd[284657]: Failed password for root from 101.226.253.162 port 26739 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 03:54:54,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378094.5864606, 'message': 'Dec  7 03:54:53 hqnl0246134 sshd[284647]: Failed password for root from 61.177.173.18 port 37058 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
WARNING [2022-12-07 03:55:12,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:55:12,335] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0283 seconds
INFO    [2022-12-07 03:55:17,856] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:55:17,856] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:55:17,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:55:17,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 03:55:18,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378118.6250873, 'message': 'Dec  7 03:55:17 hqnl0246134 sshd[284690]: Invalid user test from 165.227.166.207 port 45544', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:55:18,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378118.6255033, 'message': 'Dec  7 03:55:17 hqnl0246134 sshd[284690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 03:55:18,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378118.6256983, 'message': 'Dec  7 03:55:17 hqnl0246134 sshd[284690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 03:55:20,803] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:55:20,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 03:55:20,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378120.6259174, 'message': 'Dec  7 03:55:19 hqnl0246134 sshd[284690]: Failed password for invalid user test from 165.227.166.207 port 45544 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1796 seconds
WARNING [2022-12-07 03:55:20,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:55:20,837] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0327 seconds
INFO    [2022-12-07 03:55:20,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378120.6261961, 'message': 'Dec  7 03:55:19 hqnl0246134 sshd[284690]: Disconnected from invalid user test 165.227.166.207 port 45544 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 03:55:22,058] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:55:22,058] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:55:22,066] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:55:22,081] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 03:55:34,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378134.6457126, 'message': 'Dec  7 03:55:33 hqnl0246134 sshd[284716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 03:55:36,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378136.6459112, 'message': 'Dec  7 03:55:35 hqnl0246134 sshd[284716]: Failed password for root from 61.177.173.18 port 49433 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 03:55:50,997] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:55:50,998] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:56:10,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378170.6881506, 'message': 'Dec  7 03:56:08 hqnl0246134 sshd[284737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.108.181.161 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 03:56:10,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378170.688591, 'message': 'Dec  7 03:56:08 hqnl0246134 sshd[284737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.108.181.161  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:56:10,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378170.6888018, 'message': 'Dec  7 03:56:10 hqnl0246134 sshd[284737]: Failed password for root from 179.108.181.161 port 46960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 03:56:12,318] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:56:12,343] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 03:56:17,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:56:17,813] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:56:17,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:56:17,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0414 seconds
INFO    [2022-12-07 03:56:18,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378178.6971726, 'message': 'Dec  7 03:56:18 hqnl0246134 sshd[284743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 03:56:20,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:56:20,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:56:20,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:56:20,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 03:56:20,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378180.70022, 'message': 'Dec  7 03:56:20 hqnl0246134 sshd[284743]: Failed password for root from 61.177.173.18 port 44211 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 03:56:26,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378186.7059898, 'message': 'Dec  7 03:56:24 hqnl0246134 sshd[284743]: Failed password for root from 61.177.173.18 port 44211 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:56:30,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378190.7103984, 'message': 'Dec  7 03:56:28 hqnl0246134 sshd[284743]: Failed password for root from 61.177.173.18 port 44211 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 03:56:38,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378198.7186937, 'message': 'Dec  7 03:56:38 hqnl0246134 sshd[284786]: Invalid user postgres from 182.16.245.79 port 32958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 03:56:38,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378198.719032, 'message': 'Dec  7 03:56:38 hqnl0246134 sshd[284786]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.16.245.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 03:56:38,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378198.71923, 'message': 'Dec  7 03:56:38 hqnl0246134 sshd[284786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.245.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 03:56:40,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378200.7209303, 'message': 'Dec  7 03:56:40 hqnl0246134 sshd[284786]: Failed password for invalid user postgres from 182.16.245.79 port 32958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 03:56:42,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378202.7221901, 'message': 'Dec  7 03:56:42 hqnl0246134 sshd[284786]: Disconnected from invalid user postgres 182.16.245.79 port 32958 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 03:56:45,076] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:56:45,077] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:56:45,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:56:45,094] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
WARNING [2022-12-07 03:56:51,001] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:56:51,002] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 03:57:12,325] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:57:12,360] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0456 seconds
INFO    [2022-12-07 03:57:12,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378232.7582483, 'message': 'Dec  7 03:57:11 hqnl0246134 sshd[284821]: Invalid user confluence from 68.183.42.17 port 60708', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:57:12,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378232.7584708, 'message': 'Dec  7 03:57:11 hqnl0246134 sshd[284821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.42.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:57:12,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378232.7586198, 'message': 'Dec  7 03:57:11 hqnl0246134 sshd[284821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.42.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 03:57:14,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378234.75825, 'message': 'Dec  7 03:57:13 hqnl0246134 sshd[284821]: Failed password for invalid user confluence from 68.183.42.17 port 60708 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:57:14,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378234.7584505, 'message': 'Dec  7 03:57:14 hqnl0246134 sshd[284821]: Disconnected from invalid user confluence 68.183.42.17 port 60708 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 03:57:18,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:57:18,084] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:57:18,097] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:57:18,113] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-07 03:57:20,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:57:20,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:57:20,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:57:20,924] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
INFO    [2022-12-07 03:57:26,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378246.7748096, 'message': 'Dec  7 03:57:25 hqnl0246134 sshd[284845]: Invalid user test from 165.227.166.207 port 55842', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 03:57:26,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378246.7751117, 'message': 'Dec  7 03:57:25 hqnl0246134 sshd[284845]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 03:57:26,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378246.775267, 'message': 'Dec  7 03:57:25 hqnl0246134 sshd[284845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 03:57:27,187] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 03:57:27,253] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 03:57:27,254] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 03:57:27,254] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 03:57:27,254] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 03:57:27,254] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 03:57:27,263] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 03:57:27,278] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0234 seconds
WARNING [2022-12-07 03:57:27,287] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 03:57:27,291] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:57:27,323] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0509 seconds
INFO    [2022-12-07 03:57:27,326] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0505 seconds
INFO    [2022-12-07 03:57:28,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378248.7765157, 'message': 'Dec  7 03:57:27 hqnl0246134 sshd[284845]: Failed password for invalid user test from 165.227.166.207 port 55842 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 03:57:30,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378250.783111, 'message': 'Dec  7 03:57:29 hqnl0246134 sshd[284845]: Disconnected from invalid user test 165.227.166.207 port 55842 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 03:57:44,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378264.799825, 'message': 'Dec  7 03:57:43 hqnl0246134 sshd[284852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 03:57:46,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378266.8008955, 'message': 'Dec  7 03:57:45 hqnl0246134 sshd[284852]: Failed password for root from 61.177.173.18 port 55188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 03:57:51,008] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:57:51,009] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:57:57,390] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 03:57:57,391] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 03:57:57,392] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 03:58:10,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378290.839753, 'message': 'Dec  7 03:58:10 hqnl0246134 sshd[284876]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 03:58:10,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378290.8405087, 'message': 'Dec  7 03:58:10 hqnl0246134 sshd[284876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
WARNING [2022-12-07 03:58:12,331] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:58:12,352] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0292 seconds
INFO    [2022-12-07 03:58:12,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378292.8425622, 'message': 'Dec  7 03:58:12 hqnl0246134 sshd[284876]: Failed password for root from 217.79.42.236 port 58648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 03:58:18,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:58:18,754] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:58:18,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:58:18,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1200 seconds
INFO    [2022-12-07 03:58:21,482] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:58:21,482] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:58:21,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:58:21,503] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 03:58:28,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378308.8792417, 'message': 'Dec  7 03:58:28 hqnl0246134 sshd[284904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 03:58:30,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378310.882383, 'message': 'Dec  7 03:58:30 hqnl0246134 sshd[284904]: Failed password for root from 61.177.173.18 port 47356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 03:58:36,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378316.8911488, 'message': 'Dec  7 03:58:35 hqnl0246134 sshd[284906]: Invalid user ubuntu from 144.34.161.112 port 52940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 03:58:36,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378316.8916879, 'message': 'Dec  7 03:58:35 hqnl0246134 sshd[284906]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.161.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 03:58:36,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378316.891966, 'message': 'Dec  7 03:58:35 hqnl0246134 sshd[284906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.161.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 03:58:37,676] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:58:37,677] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:58:37,684] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:58:37,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 03:58:38,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378318.890813, 'message': 'Dec  7 03:58:37 hqnl0246134 sshd[284906]: Failed password for invalid user ubuntu from 144.34.161.112 port 52940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 03:58:40,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378320.8926313, 'message': 'Dec  7 03:58:39 hqnl0246134 sshd[284906]: Disconnected from invalid user ubuntu 144.34.161.112 port 52940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 03:58:51,015] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:58:51,016] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:59:10,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378350.9213052, 'message': 'Dec  7 03:59:09 hqnl0246134 sshd[284938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:59:10,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378350.921833, 'message': 'Dec  7 03:59:09 hqnl0246134 sshd[284938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 03:59:12,334] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:59:12,358] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-07 03:59:12,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378352.9228568, 'message': 'Dec  7 03:59:11 hqnl0246134 sshd[284938]: Failed password for root from 61.177.172.98 port 50759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 03:59:14,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378354.92564, 'message': 'Dec  7 03:59:14 hqnl0246134 sshd[284938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 03:59:16,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378356.928486, 'message': 'Dec  7 03:59:15 hqnl0246134 sshd[284940]: Invalid user test from 179.108.181.161 port 33496', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0632 seconds
INFO    [2022-12-07 03:59:16,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378356.9287965, 'message': 'Dec  7 03:59:15 hqnl0246134 sshd[284938]: Failed password for root from 61.177.172.98 port 50759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0640 seconds
INFO    [2022-12-07 03:59:17,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378356.9289916, 'message': 'Dec  7 03:59:16 hqnl0246134 sshd[284940]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.108.181.161 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 03:59:17,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378356.9293654, 'message': 'Dec  7 03:59:16 hqnl0246134 sshd[284938]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 03:59:17,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378356.9291773, 'message': 'Dec  7 03:59:16 hqnl0246134 sshd[284940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.108.181.161 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:59:18,112] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:59:18,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:59:18,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:59:18,144] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
INFO    [2022-12-07 03:59:18,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378358.930247, 'message': 'Dec  7 03:59:17 hqnl0246134 sshd[284940]: Failed password for invalid user test from 179.108.181.161 port 33496 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 03:59:18,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378358.9304416, 'message': 'Dec  7 03:59:17 hqnl0246134 sshd[284938]: Failed password for root from 61.177.172.98 port 50759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 03:59:19,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378358.930565, 'message': 'Dec  7 03:59:18 hqnl0246134 sshd[284940]: Disconnected from invalid user test 179.108.181.161 port 33496 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1046 seconds
INFO    [2022-12-07 03:59:20,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:59:20,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:59:20,959] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:59:20,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 03:59:22,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378362.934242, 'message': 'Dec  7 03:59:21 hqnl0246134 sshd[284958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 03:59:22,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378362.9344454, 'message': 'Dec  7 03:59:21 hqnl0246134 sshd[284958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 03:59:24,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378364.9363744, 'message': 'Dec  7 03:59:23 hqnl0246134 sshd[284958]: Failed password for root from 61.177.172.98 port 21537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 03:59:24,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378364.936616, 'message': 'Dec  7 03:59:24 hqnl0246134 sshd[284958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:59:26,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378366.93896, 'message': 'Dec  7 03:59:26 hqnl0246134 sshd[284958]: Failed password for root from 61.177.172.98 port 21537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 03:59:27,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378366.939269, 'message': 'Dec  7 03:59:26 hqnl0246134 sshd[284958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 03:59:28,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378368.9431632, 'message': 'Dec  7 03:59:27 hqnl0246134 sshd[284966]: Invalid user testuser from 165.227.166.207 port 37896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-07 03:59:28,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378368.943733, 'message': 'Dec  7 03:59:27 hqnl0246134 sshd[284964]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.220.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-07 03:59:29,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378368.9433868, 'message': 'Dec  7 03:59:27 hqnl0246134 sshd[284966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 03:59:29,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378368.9440162, 'message': 'Dec  7 03:59:28 hqnl0246134 sshd[284958]: Failed password for root from 61.177.172.98 port 21537 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 03:59:29,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378368.9438756, 'message': 'Dec  7 03:59:27 hqnl0246134 sshd[284964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.220.154  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 03:59:29,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378368.9435878, 'message': 'Dec  7 03:59:27 hqnl0246134 sshd[284966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:59:29,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378368.944171, 'message': 'Dec  7 03:59:28 hqnl0246134 sshd[284966]: Failed password for invalid user testuser from 165.227.166.207 port 37896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 03:59:30,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378370.9466038, 'message': 'Dec  7 03:59:29 hqnl0246134 sshd[284964]: Failed password for root from 163.172.220.154 port 40964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 03:59:30,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378370.9469714, 'message': 'Dec  7 03:59:29 hqnl0246134 sshd[284966]: Disconnected from invalid user testuser 165.227.166.207 port 37896 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 03:59:32,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378372.9483423, 'message': 'Dec  7 03:59:31 hqnl0246134 sshd[284968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 03:59:32,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '221.204.171.211', 'timestamp': 1670378372.9487596, 'message': 'Dec  7 03:59:31 hqnl0246134 sshd[284970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 221.204.171.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-07 03:59:33,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378372.9486127, 'message': 'Dec  7 03:59:31 hqnl0246134 sshd[284968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-07 03:59:33,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '221.204.171.211', 'timestamp': 1670378372.9488797, 'message': 'Dec  7 03:59:31 hqnl0246134 sshd[284970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.204.171.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-07 03:59:34,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378374.9510028, 'message': 'Dec  7 03:59:33 hqnl0246134 sshd[284968]: Failed password for root from 61.177.172.98 port 47118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 03:59:34,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '221.204.171.211', 'timestamp': 1670378374.951369, 'message': 'Dec  7 03:59:33 hqnl0246134 sshd[284970]: Failed password for root from 221.204.171.211 port 60204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 03:59:35,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378374.9512234, 'message': 'Dec  7 03:59:33 hqnl0246134 sshd[284968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 03:59:36,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378376.9537144, 'message': 'Dec  7 03:59:35 hqnl0246134 sshd[284968]: Failed password for root from 61.177.172.98 port 47118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 03:59:36,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378376.9540784, 'message': 'Dec  7 03:59:35 hqnl0246134 sshd[284968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 03:59:38,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 03:59:38,734] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 03:59:38,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 03:59:38,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0289 seconds
INFO    [2022-12-07 03:59:38,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378378.9544032, 'message': 'Dec  7 03:59:37 hqnl0246134 sshd[284968]: Failed password for root from 61.177.172.98 port 47118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 03:59:42,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378382.9607828, 'message': 'Dec  7 03:59:42 hqnl0246134 sshd[284980]: Invalid user reception from 182.16.245.79 port 49966', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 03:59:43,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378382.9611106, 'message': 'Dec  7 03:59:42 hqnl0246134 sshd[284980]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.16.245.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:59:43,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378382.96125, 'message': 'Dec  7 03:59:42 hqnl0246134 sshd[284980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.245.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 03:59:44,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378384.9626021, 'message': 'Dec  7 03:59:43 hqnl0246134 sshd[284982]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 03:59:44,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378384.9628944, 'message': 'Dec  7 03:59:44 hqnl0246134 sshd[284980]: Failed password for invalid user reception from 182.16.245.79 port 49966 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 03:59:45,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378384.9627812, 'message': 'Dec  7 03:59:43 hqnl0246134 sshd[284982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 03:59:47,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378386.966161, 'message': 'Dec  7 03:59:44 hqnl0246134 sshd[284980]: Disconnected from invalid user reception 182.16.245.79 port 49966 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-07 03:59:47,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378386.9664855, 'message': 'Dec  7 03:59:45 hqnl0246134 sshd[284984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0710 seconds
INFO    [2022-12-07 03:59:47,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378386.9668977, 'message': 'Dec  7 03:59:45 hqnl0246134 sshd[284982]: Failed password for root from 61.177.173.36 port 32774 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0656 seconds
INFO    [2022-12-07 03:59:47,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378386.966723, 'message': 'Dec  7 03:59:45 hqnl0246134 sshd[284984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 03:59:47,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378386.96708, 'message': 'Dec  7 03:59:45 hqnl0246134 sshd[284982]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 03:59:47,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378386.9672983, 'message': 'Dec  7 03:59:46 hqnl0246134 sshd[284984]: Failed password for root from 61.177.172.98 port 35578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 03:59:49,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378388.969006, 'message': 'Dec  7 03:59:47 hqnl0246134 sshd[284982]: Failed password for root from 61.177.173.36 port 32774 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 03:59:49,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378388.969377, 'message': 'Dec  7 03:59:47 hqnl0246134 sshd[284984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 03:59:49,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378388.969596, 'message': 'Dec  7 03:59:48 hqnl0246134 sshd[284982]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 03:59:51,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378390.9720817, 'message': 'Dec  7 03:59:49 hqnl0246134 sshd[284984]: Failed password for root from 61.177.172.98 port 35578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 03:59:51,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378390.97251, 'message': 'Dec  7 03:59:50 hqnl0246134 sshd[284982]: Failed password for root from 61.177.173.36 port 32774 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
WARNING [2022-12-07 03:59:51,017] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 03:59:51,017] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 03:59:51,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378390.9726799, 'message': 'Dec  7 03:59:50 hqnl0246134 sshd[284984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 03:59:51,365] defence360agent.files: Updating all files
INFO    [2022-12-07 03:59:51,659] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:51,659] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 03:59:51,942] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:51,942] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 03:59:52,207] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:52,208] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 03:59:52,500] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:52,500] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 03:59:52,500] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 03:59:52,776] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 01:59:52 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E604C5405D71F'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 03:59:52,779] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 03:59:52,779] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 03:59:53,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670378393.1266718, 'message': 'Dec  7 03:59:52 hqnl0246134 sshd[284984]: Failed password for root from 61.177.172.98 port 35578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 03:59:53,451] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:53,452] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 03:59:53,710] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:53,711] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 03:59:54,039] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:54,039] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 03:59:54,383] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:54,384] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 03:59:54,817] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 03:59:54,818] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 03:59:54,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378394.9773097, 'message': 'Dec  7 03:59:53 hqnl0246134 sshd[284997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 03:59:55,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378394.9775808, 'message': 'Dec  7 03:59:53 hqnl0246134 sshd[284997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 03:59:56,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378396.9783328, 'message': 'Dec  7 03:59:55 hqnl0246134 sshd[284997]: Failed password for root from 61.177.173.36 port 14884 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 03:59:57,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378396.9785173, 'message': 'Dec  7 03:59:56 hqnl0246134 sshd[284997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 03:59:58,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378398.9808602, 'message': 'Dec  7 03:59:58 hqnl0246134 sshd[284997]: Failed password for root from 61.177.173.36 port 14884 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 03:59:59,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378398.9810884, 'message': 'Dec  7 03:59:58 hqnl0246134 sshd[284997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:00:01,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378400.9827254, 'message': 'Dec  7 04:00:00 hqnl0246134 sshd[284997]: Failed password for root from 61.177.173.36 port 14884 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:00:03,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378402.9874742, 'message': 'Dec  7 04:00:02 hqnl0246134 sshd[285000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-07 04:00:03,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378402.9877636, 'message': 'Dec  7 04:00:02 hqnl0246134 sshd[285000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 04:00:05,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378404.990012, 'message': 'Dec  7 04:00:04 hqnl0246134 sshd[285000]: Failed password for root from 61.177.173.36 port 39067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 04:00:07,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378406.9961722, 'message': 'Dec  7 04:00:06 hqnl0246134 sshd[285000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 04:00:09,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378408.9986956, 'message': 'Dec  7 04:00:08 hqnl0246134 sshd[285000]: Failed password for root from 61.177.173.36 port 39067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:00:11,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378411.0013177, 'message': 'Dec  7 04:00:09 hqnl0246134 sshd[285000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:00:11,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670378411.0015712, 'message': 'Dec  7 04:00:10 hqnl0246134 sshd[285000]: Failed password for root from 61.177.173.36 port 39067 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0163 seconds
WARNING [2022-12-07 04:00:12,348] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:00:12,375] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0415 seconds
INFO    [2022-12-07 04:00:18,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:00:18,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:00:18,785] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:00:18,796] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 04:00:21,546] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:00:21,546] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:00:21,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:00:21,570] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-07 04:00:49,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378449.0876122, 'message': 'Dec  7 04:00:47 hqnl0246134 sshd[285078]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 04:00:49,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378449.0881789, 'message': 'Dec  7 04:00:47 hqnl0246134 sshd[285078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 04:00:51,021] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:00:51,022] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:00:51,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378451.0924234, 'message': 'Dec  7 04:00:49 hqnl0246134 sshd[285078]: Failed password for root from 61.177.173.51 port 29612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 04:00:53,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378453.0941918, 'message': 'Dec  7 04:00:51 hqnl0246134 sshd[285078]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 04:00:55,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378455.0976617, 'message': 'Dec  7 04:00:53 hqnl0246134 sshd[285078]: Failed password for root from 61.177.173.51 port 29612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:00:55,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378455.0978465, 'message': 'Dec  7 04:00:54 hqnl0246134 sshd[285078]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:00:57,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378457.098469, 'message': 'Dec  7 04:00:56 hqnl0246134 sshd[285078]: Failed password for root from 61.177.173.51 port 29612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 04:01:01,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378461.1035416, 'message': 'Dec  7 04:01:00 hqnl0246134 sshd[285091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 04:01:01,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378461.1038597, 'message': 'Dec  7 04:01:00 hqnl0246134 sshd[285091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:01:02,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:01:02,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:01:02,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:01:02,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 04:01:03,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378463.1054144, 'message': 'Dec  7 04:01:01 hqnl0246134 sshd[285091]: Failed password for root from 61.177.173.51 port 30234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 04:01:03,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378463.1057382, 'message': 'Dec  7 04:01:02 hqnl0246134 sshd[285091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 04:01:07,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378467.10986, 'message': 'Dec  7 04:01:05 hqnl0246134 sshd[285091]: Failed password for root from 61.177.173.51 port 30234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 04:01:07,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378467.1100993, 'message': 'Dec  7 04:01:06 hqnl0246134 sshd[285091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 04:01:09,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378469.1116838, 'message': 'Dec  7 04:01:09 hqnl0246134 sshd[285091]: Failed password for root from 61.177.173.51 port 30234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 04:01:12,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:01:12,376] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0376 seconds
INFO    [2022-12-07 04:01:17,770] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:01:17,771] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:01:17,779] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:01:17,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 04:01:20,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:01:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:01:20,488] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:01:20,499] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 04:01:23,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378483.1299875, 'message': 'Dec  7 04:01:22 hqnl0246134 sshd[285125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:01:25,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378485.1325917, 'message': 'Dec  7 04:01:24 hqnl0246134 sshd[285125]: Failed password for root from 61.177.173.18 port 45969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:01:29,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378489.145493, 'message': 'Dec  7 04:01:26 hqnl0246134 sshd[285125]: Failed password for root from 61.177.173.18 port 45969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:01:33,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378493.1513793, 'message': 'Dec  7 04:01:31 hqnl0246134 sshd[285125]: Failed password for root from 61.177.173.18 port 45969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 04:01:33,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378493.152734, 'message': 'Dec  7 04:01:32 hqnl0246134 sshd[285131]: Invalid user testuser from 165.227.166.207 port 48186', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 04:01:33,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378493.1529596, 'message': 'Dec  7 04:01:32 hqnl0246134 sshd[285131]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:01:33,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378493.1531126, 'message': 'Dec  7 04:01:32 hqnl0246134 sshd[285131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:01:35,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378495.154913, 'message': 'Dec  7 04:01:35 hqnl0246134 sshd[285131]: Failed password for invalid user testuser from 165.227.166.207 port 48186 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 04:01:39,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378499.1602547, 'message': 'Dec  7 04:01:37 hqnl0246134 sshd[285131]: Disconnected from invalid user testuser 165.227.166.207 port 48186 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 04:01:51,025] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:01:51,027] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:01:51,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.59.44.72', 'timestamp': 1670378511.1847596, 'message': 'Dec  7 04:01:49 hqnl0246134 sshd[285138]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.59.44.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 04:01:51,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.59.44.72', 'timestamp': 1670378511.1851497, 'message': 'Dec  7 04:01:49 hqnl0246134 sshd[285138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.59.44.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 04:01:53,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.59.44.72', 'timestamp': 1670378513.1865602, 'message': 'Dec  7 04:01:52 hqnl0246134 sshd[285138]: Failed password for root from 137.59.44.72 port 41120 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 04:01:54,173] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:02:07,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378527.2013516, 'message': 'Dec  7 04:02:06 hqnl0246134 sshd[285169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 04:02:09,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378529.2036886, 'message': 'Dec  7 04:02:08 hqnl0246134 sshd[285169]: Failed password for root from 61.177.173.18 port 54004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:02:12,355] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:02:12,377] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-07 04:02:15,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378535.2113497, 'message': 'Dec  7 04:02:14 hqnl0246134 sshd[285173]: Invalid user george from 179.108.181.161 port 48470', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 04:02:15,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378535.2118838, 'message': 'Dec  7 04:02:14 hqnl0246134 sshd[285173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.108.181.161 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 04:02:15,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378535.2120926, 'message': 'Dec  7 04:02:14 hqnl0246134 sshd[285173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.108.181.161 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:02:16,823] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:02:16,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:02:16,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:02:16,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 04:02:17,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378537.3814158, 'message': 'Dec  7 04:02:16 hqnl0246134 sshd[285173]: Failed password for invalid user george from 179.108.181.161 port 48470 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:02:18,086] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:02:18,087] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:02:18,095] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:02:18,106] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 04:02:19,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.108.181.161', 'timestamp': 1670378539.2138014, 'message': 'Dec  7 04:02:18 hqnl0246134 sshd[285173]: Disconnected from invalid user george 179.108.181.161 port 48470 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:02:20,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:02:20,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:02:20,849] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:02:20,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0320 seconds
INFO    [2022-12-07 04:02:39,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378559.2392583, 'message': 'Dec  7 04:02:37 hqnl0246134 sshd[285200]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 04:02:39,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378559.239734, 'message': 'Dec  7 04:02:38 hqnl0246134 sshd[285202]: Invalid user aaa from 182.16.245.79 port 39128', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-07 04:02:39,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378559.2395768, 'message': 'Dec  7 04:02:37 hqnl0246134 sshd[285200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 04:02:39,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378559.2398598, 'message': 'Dec  7 04:02:39 hqnl0246134 sshd[285202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.16.245.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 04:02:39,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378559.239961, 'message': 'Dec  7 04:02:39 hqnl0246134 sshd[285202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.245.79 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:02:41,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378561.2395422, 'message': 'Dec  7 04:02:40 hqnl0246134 sshd[285200]: Failed password for root from 61.177.172.104 port 62457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 04:02:43,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378563.2428863, 'message': 'Dec  7 04:02:41 hqnl0246134 sshd[285202]: Failed password for invalid user aaa from 182.16.245.79 port 39128 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 04:02:43,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378563.2430615, 'message': 'Dec  7 04:02:42 hqnl0246134 sshd[285200]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 04:02:43,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378563.2432556, 'message': 'Dec  7 04:02:42 hqnl0246134 sshd[285202]: Disconnected from invalid user aaa 182.16.245.79 port 39128 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:02:45,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378565.2444715, 'message': 'Dec  7 04:02:44 hqnl0246134 sshd[285200]: Failed password for root from 61.177.172.104 port 62457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:02:47,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378567.246036, 'message': 'Dec  7 04:02:46 hqnl0246134 sshd[285200]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:02:49,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378569.2491736, 'message': 'Dec  7 04:02:48 hqnl0246134 sshd[285200]: Failed password for root from 61.177.172.104 port 62457 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 04:02:51,031] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:02:51,032] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:02:51,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378571.25357, 'message': 'Dec  7 04:02:50 hqnl0246134 sshd[285208]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 04:02:51,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378571.2544096, 'message': 'Dec  7 04:02:50 hqnl0246134 sshd[285208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:02:53,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378573.2543218, 'message': 'Dec  7 04:02:51 hqnl0246134 sshd[285206]: Invalid user vitor from 217.79.42.236 port 47618', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-07 04:02:53,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378573.2548494, 'message': 'Dec  7 04:02:52 hqnl0246134 sshd[285208]: Failed password for root from 61.177.172.104 port 45601 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 04:02:53,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378573.254967, 'message': 'Dec  7 04:02:53 hqnl0246134 sshd[285218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 04:02:53,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378573.2545993, 'message': 'Dec  7 04:02:51 hqnl0246134 sshd[285206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:02:53,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378573.2547104, 'message': 'Dec  7 04:02:51 hqnl0246134 sshd[285206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:02:53,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378573.2550814, 'message': 'Dec  7 04:02:53 hqnl0246134 sshd[285206]: Failed password for invalid user vitor from 217.79.42.236 port 47618 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:02:55,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378575.2569408, 'message': 'Dec  7 04:02:54 hqnl0246134 sshd[285208]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0771 seconds
INFO    [2022-12-07 04:02:55,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378575.2573328, 'message': 'Dec  7 04:02:54 hqnl0246134 sshd[285218]: Failed password for root from 61.177.173.18 port 13936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0762 seconds
INFO    [2022-12-07 04:02:55,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378575.2575421, 'message': 'Dec  7 04:02:55 hqnl0246134 sshd[285206]: Disconnected from invalid user vitor 217.79.42.236 port 47618 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0757 seconds
INFO    [2022-12-07 04:02:57,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378577.258865, 'message': 'Dec  7 04:02:57 hqnl0246134 sshd[285208]: Failed password for root from 61.177.172.104 port 45601 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:02:59,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378579.2614694, 'message': 'Dec  7 04:02:57 hqnl0246134 sshd[285218]: Failed password for root from 61.177.173.18 port 13936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 04:02:59,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378579.2617767, 'message': 'Dec  7 04:02:59 hqnl0246134 sshd[285208]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 04:03:03,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378583.2660198, 'message': 'Dec  7 04:03:01 hqnl0246134 sshd[285208]: Failed password for root from 61.177.172.104 port 45601 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0509 seconds
INFO    [2022-12-07 04:03:03,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378583.2664084, 'message': 'Dec  7 04:03:01 hqnl0246134 sshd[285218]: Failed password for root from 61.177.173.18 port 13936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-07 04:03:05,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378585.268376, 'message': 'Dec  7 04:03:05 hqnl0246134 sshd[285230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 04:03:05,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378585.2687266, 'message': 'Dec  7 04:03:05 hqnl0246134 sshd[285230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 04:03:07,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378587.2701771, 'message': 'Dec  7 04:03:07 hqnl0246134 sshd[285230]: Failed password for root from 61.177.172.104 port 40641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:03:07,923] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:03:07,991] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:03:07,993] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:03:07,993] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:03:07,993] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:03:07,994] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:03:08,005] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:03:08,021] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0260 seconds
WARNING [2022-12-07 04:03:08,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:03:08,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:03:08,047] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0317 seconds
INFO    [2022-12-07 04:03:08,048] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0298 seconds
INFO    [2022-12-07 04:03:09,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378589.2728374, 'message': 'Dec  7 04:03:07 hqnl0246134 sshd[285230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:03:11,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378591.2762845, 'message': 'Dec  7 04:03:09 hqnl0246134 sshd[285230]: Failed password for root from 61.177.172.104 port 40641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 04:03:12,353] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:03:12,381] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0355 seconds
INFO    [2022-12-07 04:03:13,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378593.2791376, 'message': 'Dec  7 04:03:11 hqnl0246134 sshd[285230]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:03:15,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378595.281049, 'message': 'Dec  7 04:03:13 hqnl0246134 sshd[285230]: Failed password for root from 61.177.172.104 port 40641 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:03:16,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:03:16,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:03:16,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:03:16,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0268 seconds
INFO    [2022-12-07 04:03:17,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378597.2836783, 'message': 'Dec  7 04:03:15 hqnl0246134 sshd[285235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:03:17,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378597.2838647, 'message': 'Dec  7 04:03:15 hqnl0246134 sshd[285235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:03:17,909] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:03:17,910] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:03:17,917] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:03:17,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 04:03:19,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378599.2857597, 'message': 'Dec  7 04:03:17 hqnl0246134 sshd[285235]: Failed password for root from 61.177.172.104 port 15843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 04:03:19,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378599.2859437, 'message': 'Dec  7 04:03:17 hqnl0246134 sshd[285235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:03:20,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:03:20,574] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:03:20,582] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:03:20,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 04:03:21,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378601.2876601, 'message': 'Dec  7 04:03:20 hqnl0246134 sshd[285235]: Failed password for root from 61.177.172.104 port 15843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 04:03:23,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378603.2899947, 'message': 'Dec  7 04:03:22 hqnl0246134 sshd[285235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 04:03:25,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378605.2910793, 'message': 'Dec  7 04:03:24 hqnl0246134 sshd[285235]: Failed password for root from 61.177.172.104 port 15843 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:03:27,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378607.2920718, 'message': 'Dec  7 04:03:26 hqnl0246134 sshd[285259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:03:27,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378607.2927067, 'message': 'Dec  7 04:03:26 hqnl0246134 sshd[285259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:03:29,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378609.2936347, 'message': 'Dec  7 04:03:27 hqnl0246134 sshd[285259]: Failed password for root from 61.177.172.104 port 43104 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:03:29,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378609.293816, 'message': 'Dec  7 04:03:28 hqnl0246134 sshd[285259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:03:31,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378611.2951994, 'message': 'Dec  7 04:03:30 hqnl0246134 sshd[285259]: Failed password for root from 61.177.172.104 port 43104 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-07 04:03:33,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378613.2960737, 'message': 'Dec  7 04:03:32 hqnl0246134 sshd[285259]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 04:03:37,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670378617.3028765, 'message': 'Dec  7 04:03:35 hqnl0246134 sshd[285259]: Failed password for root from 61.177.172.104 port 43104 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 04:03:38,119] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:03:38,119] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:03:38,120] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 04:03:39,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378619.3016064, 'message': 'Dec  7 04:03:38 hqnl0246134 sshd[285289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 04:03:41,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378621.3044536, 'message': 'Dec  7 04:03:41 hqnl0246134 sshd[285289]: Failed password for root from 61.177.173.18 port 27447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:03:45,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378625.3092234, 'message': 'Dec  7 04:03:43 hqnl0246134 sshd[285293]: Invalid user tomcat from 165.227.166.207 port 58486', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 04:03:45,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378625.3100746, 'message': 'Dec  7 04:03:45 hqnl0246134 sshd[285289]: Failed password for root from 61.177.173.18 port 27447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-07 04:03:45,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378625.3096454, 'message': 'Dec  7 04:03:43 hqnl0246134 sshd[285293]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:03:45,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378625.309855, 'message': 'Dec  7 04:03:43 hqnl0246134 sshd[285293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:03:47,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378627.3101823, 'message': 'Dec  7 04:03:46 hqnl0246134 sshd[285293]: Failed password for invalid user tomcat from 165.227.166.207 port 58486 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:03:47,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378627.3104353, 'message': 'Dec  7 04:03:47 hqnl0246134 sshd[285293]: Disconnected from invalid user tomcat 165.227.166.207 port 58486 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:03:49,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378629.3122997, 'message': 'Dec  7 04:03:49 hqnl0246134 sshd[285289]: Failed password for root from 61.177.173.18 port 27447 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 04:03:51,035] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:03:51,036] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:03:53,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378633.3169966, 'message': 'Dec  7 04:03:53 hqnl0246134 sshd[285296]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.220.154 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:03:53,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378633.317518, 'message': 'Dec  7 04:03:53 hqnl0246134 sshd[285296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.220.154  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:03:55,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670378635.3194494, 'message': 'Dec  7 04:03:55 hqnl0246134 sshd[285306]: Invalid user api from 134.17.94.181 port 7644', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:03:57,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.172.220.154', 'timestamp': 1670378637.3223116, 'message': 'Dec  7 04:03:55 hqnl0246134 sshd[285296]: Failed password for root from 163.172.220.154 port 36190 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 04:03:57,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.94.181', 'timestamp': 1670378637.32255, 'message': 'Dec  7 04:03:55 hqnl0246134 sshd[285306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.94.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:03:57,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.94.181', 'timestamp': 1670378637.3226857, 'message': 'Dec  7 04:03:55 hqnl0246134 sshd[285306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.94.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:03:59,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670378639.3253636, 'message': 'Dec  7 04:03:57 hqnl0246134 sshd[285306]: Failed password for invalid user api from 134.17.94.181 port 7644 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:03:59,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670378639.3256676, 'message': 'Dec  7 04:03:58 hqnl0246134 sshd[285306]: Disconnected from invalid user api 134.17.94.181 port 7644 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:04:12,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:04:12,395] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0425 seconds
INFO    [2022-12-07 04:04:17,917] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:04:17,917] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:04:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:04:17,935] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:04:20,575] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:04:20,576] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:04:20,584] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:04:20,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 04:04:25,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378665.3489325, 'message': 'Dec  7 04:04:23 hqnl0246134 sshd[285335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:04:27,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378667.3497076, 'message': 'Dec  7 04:04:25 hqnl0246134 sshd[285335]: Failed password for root from 61.177.173.18 port 37240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 04:04:29,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378669.3522294, 'message': 'Dec  7 04:04:28 hqnl0246134 sshd[285335]: Failed password for root from 61.177.173.18 port 37240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:04:33,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378673.3568127, 'message': 'Dec  7 04:04:32 hqnl0246134 sshd[285335]: Failed password for root from 61.177.173.18 port 37240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:04:37,044] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:04:37,044] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:04:37,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:04:37,065] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-07 04:04:51,039] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:04:51,040] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:05:09,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378709.3966472, 'message': 'Dec  7 04:05:08 hqnl0246134 sshd[285380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 04:05:11,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378711.3980842, 'message': 'Dec  7 04:05:10 hqnl0246134 sshd[285380]: Failed password for root from 61.177.173.18 port 54371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:05:12,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:05:12,382] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0254 seconds
INFO    [2022-12-07 04:05:17,966] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:05:17,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:05:17,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:05:18,006] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 04:05:20,761] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:05:20,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:05:20,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:05:20,785] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 04:05:39,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378739.4215136, 'message': 'Dec  7 04:05:37 hqnl0246134 sshd[285416]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.16.245.79 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:05:39,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378739.4217868, 'message': 'Dec  7 04:05:37 hqnl0246134 sshd[285416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.245.79  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:05:41,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.16.245.79', 'timestamp': 1670378741.4219863, 'message': 'Dec  7 04:05:40 hqnl0246134 sshd[285416]: Failed password for root from 182.16.245.79 port 56352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 04:05:44,619] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:05:44,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:05:44,626] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:05:44,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 04:05:45,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378745.4265306, 'message': 'Dec  7 04:05:44 hqnl0246134 sshd[285426]: Invalid user tsbot from 68.183.42.17 port 58108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:05:45,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378745.4267325, 'message': 'Dec  7 04:05:44 hqnl0246134 sshd[285426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.42.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:05:45,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378745.4269142, 'message': 'Dec  7 04:05:44 hqnl0246134 sshd[285426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.42.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:05:47,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378747.4284518, 'message': 'Dec  7 04:05:46 hqnl0246134 sshd[285426]: Failed password for invalid user tsbot from 68.183.42.17 port 58108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:05:49,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378749.433529, 'message': 'Dec  7 04:05:48 hqnl0246134 sshd[285426]: Disconnected from invalid user tsbot 68.183.42.17 port 58108 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 04:05:51,042] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:05:51,043] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:05:53,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378753.4364288, 'message': 'Dec  7 04:05:52 hqnl0246134 sshd[285441]: Invalid user ubuntu from 165.227.166.207 port 40538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0572 seconds
INFO    [2022-12-07 04:05:53,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378753.4369028, 'message': 'Dec  7 04:05:52 hqnl0246134 sshd[285441]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 04:05:53,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378753.437054, 'message': 'Dec  7 04:05:52 hqnl0246134 sshd[285441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 04:05:55,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378755.4403858, 'message': 'Dec  7 04:05:53 hqnl0246134 sshd[285439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:05:55,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378755.44071, 'message': 'Dec  7 04:05:54 hqnl0246134 sshd[285441]: Failed password for invalid user ubuntu from 165.227.166.207 port 40538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 04:05:55,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378755.441, 'message': 'Dec  7 04:05:55 hqnl0246134 sshd[285439]: Failed password for root from 61.177.173.18 port 19211 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 04:05:55,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378755.4408262, 'message': 'Dec  7 04:05:54 hqnl0246134 sshd[285441]: Disconnected from invalid user ubuntu 165.227.166.207 port 40538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-07 04:06:12,373] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:06:12,399] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0364 seconds
INFO    [2022-12-07 04:06:17,932] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:06:17,933] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:06:18,054] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:06:18,066] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1320 seconds
INFO    [2022-12-07 04:06:20,514] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:06:20,515] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:06:20,522] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:06:20,535] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 04:06:25,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670378785.4751375, 'message': 'Dec  7 04:06:24 hqnl0246134 sshd[285476]: Invalid user yolanda from 168.228.168.86 port 55722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 04:06:25,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.228.168.86', 'timestamp': 1670378785.4757466, 'message': 'Dec  7 04:06:25 hqnl0246134 sshd[285476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.228.168.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:06:25,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.228.168.86', 'timestamp': 1670378785.4760187, 'message': 'Dec  7 04:06:25 hqnl0246134 sshd[285476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.168.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:06:27,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670378787.4759972, 'message': 'Dec  7 04:06:27 hqnl0246134 sshd[285476]: Failed password for invalid user yolanda from 168.228.168.86 port 55722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:06:29,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670378789.4787648, 'message': 'Dec  7 04:06:28 hqnl0246134 sshd[285476]: Disconnected from invalid user yolanda 168.228.168.86 port 55722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:06:37,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378797.4859295, 'message': 'Dec  7 04:06:36 hqnl0246134 sshd[285480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:06:39,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378799.4898238, 'message': 'Dec  7 04:06:38 hqnl0246134 sshd[285480]: Failed password for root from 61.177.173.18 port 30304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:06:44,961] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:06:45,032] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:06:45,032] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:06:45,032] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:06:45,033] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:06:45,033] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:06:45,046] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:06:45,063] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0296 seconds
WARNING [2022-12-07 04:06:45,071] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:06:45,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:06:45,092] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0348 seconds
INFO    [2022-12-07 04:06:45,094] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0333 seconds
WARNING [2022-12-07 04:06:51,047] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:06:51,049] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:07:12,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:07:12,429] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0591 seconds
INFO    [2022-12-07 04:07:15,160] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:07:15,161] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:07:15,162] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 04:07:17,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378837.5331392, 'message': 'Dec  7 04:07:16 hqnl0246134 sshd[285519]: Invalid user ly from 217.79.42.236 port 48470', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:07:17,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378837.5334456, 'message': 'Dec  7 04:07:16 hqnl0246134 sshd[285519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 217.79.42.236 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:07:17,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378837.5336015, 'message': 'Dec  7 04:07:16 hqnl0246134 sshd[285519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.79.42.236 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:07:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:07:18,033] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:07:18,043] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:07:18,055] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 04:07:19,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378839.5338676, 'message': 'Dec  7 04:07:18 hqnl0246134 sshd[285519]: Failed password for invalid user ly from 217.79.42.236 port 48470 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:07:20,714] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:07:20,715] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:07:20,722] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:07:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 04:07:21,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '217.79.42.236', 'timestamp': 1670378841.5367153, 'message': 'Dec  7 04:07:19 hqnl0246134 sshd[285519]: Disconnected from invalid user ly 217.79.42.236 port 48470 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 04:07:21,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378841.5370862, 'message': 'Dec  7 04:07:20 hqnl0246134 sshd[285526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 04:07:22,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:07:22,119] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:07:22,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:07:22,138] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 04:07:23,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378843.5376635, 'message': 'Dec  7 04:07:23 hqnl0246134 sshd[285526]: Failed password for root from 61.177.173.18 port 52319 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 04:07:29,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378849.5450342, 'message': 'Dec  7 04:07:27 hqnl0246134 sshd[285526]: Failed password for root from 61.177.173.18 port 52319 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:07:29,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378849.5452778, 'message': 'Dec  7 04:07:28 hqnl0246134 sshd[285526]: Failed password for root from 61.177.173.18 port 52319 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0269 seconds
WARNING [2022-12-07 04:07:51,051] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:07:51,053] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:08:05,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378885.6093364, 'message': 'Dec  7 04:08:04 hqnl0246134 sshd[285568]: Invalid user ubuntu from 165.227.166.207 port 50828', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 04:08:05,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378885.6105804, 'message': 'Dec  7 04:08:04 hqnl0246134 sshd[285568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 04:08:05,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378885.6110013, 'message': 'Dec  7 04:08:04 hqnl0246134 sshd[285568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:08:07,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378887.6081755, 'message': 'Dec  7 04:08:06 hqnl0246134 sshd[285568]: Failed password for invalid user ubuntu from 165.227.166.207 port 50828 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-07 04:08:07,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378887.608401, 'message': 'Dec  7 04:08:06 hqnl0246134 sshd[285570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 04:08:07,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670378887.608524, 'message': 'Dec  7 04:08:06 hqnl0246134 sshd[285568]: Disconnected from invalid user ubuntu 165.227.166.207 port 50828 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:08:09,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378889.6097863, 'message': 'Dec  7 04:08:08 hqnl0246134 sshd[285570]: Failed password for root from 61.177.173.18 port 24011 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 04:08:12,382] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:08:12,404] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0299 seconds
INFO    [2022-12-07 04:08:13,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378893.6166332, 'message': 'Dec  7 04:08:12 hqnl0246134 sshd[285572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.161.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 04:08:13,659] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378893.6168494, 'message': 'Dec  7 04:08:13 hqnl0246134 sshd[285572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.161.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:08:15,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.34.161.112', 'timestamp': 1670378895.6191676, 'message': 'Dec  7 04:08:15 hqnl0246134 sshd[285572]: Failed password for root from 144.34.161.112 port 53110 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:08:17,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:08:17,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:08:17,885] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:08:17,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 04:08:20,468] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:08:20,468] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:08:20,474] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:08:20,486] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:08:31,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378911.6373966, 'message': 'Dec  7 04:08:30 hqnl0246134 sshd[285596]: Invalid user nicole from 68.183.42.17 port 36094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:08:31,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378911.6378107, 'message': 'Dec  7 04:08:30 hqnl0246134 sshd[285596]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.42.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:08:31,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378911.6379497, 'message': 'Dec  7 04:08:30 hqnl0246134 sshd[285596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.42.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:08:33,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378913.639564, 'message': 'Dec  7 04:08:32 hqnl0246134 sshd[285596]: Failed password for invalid user nicole from 68.183.42.17 port 36094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:08:35,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.183.42.17', 'timestamp': 1670378915.6424286, 'message': 'Dec  7 04:08:33 hqnl0246134 sshd[285596]: Disconnected from invalid user nicole 68.183.42.17 port 36094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 04:08:35,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378915.642678, 'message': 'Dec  7 04:08:34 hqnl0246134 sshd[285600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:08:35,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378915.6428196, 'message': 'Dec  7 04:08:34 hqnl0246134 sshd[285600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:08:36,405] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:08:36,405] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:08:36,412] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:08:36,423] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 04:08:37,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378917.6451936, 'message': 'Dec  7 04:08:36 hqnl0246134 sshd[285600]: Failed password for root from 61.177.173.51 port 30824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:08:37,682] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378917.6453674, 'message': 'Dec  7 04:08:37 hqnl0246134 sshd[285600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:08:39,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378919.6458006, 'message': 'Dec  7 04:08:39 hqnl0246134 sshd[285600]: Failed password for root from 61.177.173.51 port 30824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:08:41,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378921.6484435, 'message': 'Dec  7 04:08:41 hqnl0246134 sshd[285600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:08:45,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378925.6521716, 'message': 'Dec  7 04:08:43 hqnl0246134 sshd[285600]: Failed password for root from 61.177.173.51 port 30824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:08:47,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378927.6538851, 'message': 'Dec  7 04:08:47 hqnl0246134 sshd[285608]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:08:47,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378927.6541722, 'message': 'Dec  7 04:08:47 hqnl0246134 sshd[285608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 04:08:51,056] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:08:51,057] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:08:51,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378931.658475, 'message': 'Dec  7 04:08:49 hqnl0246134 sshd[285608]: Failed password for root from 61.177.173.51 port 28992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 04:08:53,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378933.661444, 'message': 'Dec  7 04:08:51 hqnl0246134 sshd[285610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 04:08:53,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378933.661687, 'message': 'Dec  7 04:08:51 hqnl0246134 sshd[285608]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 04:08:53,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378933.6618233, 'message': 'Dec  7 04:08:53 hqnl0246134 sshd[285610]: Failed password for root from 61.177.173.18 port 38698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 04:08:53,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378933.661955, 'message': 'Dec  7 04:08:53 hqnl0246134 sshd[285608]: Failed password for root from 61.177.173.51 port 28992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 04:08:55,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378935.663227, 'message': 'Dec  7 04:08:54 hqnl0246134 sshd[285608]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 04:08:55,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378935.6633985, 'message': 'Dec  7 04:08:55 hqnl0246134 sshd[285610]: Failed password for root from 61.177.173.18 port 38698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 04:08:57,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670378937.6658988, 'message': 'Dec  7 04:08:56 hqnl0246134 sshd[285608]: Failed password for root from 61.177.173.51 port 28992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 04:08:57,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378937.6665633, 'message': 'Dec  7 04:08:56 hqnl0246134 sshd[285620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 04:08:57,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378937.6666882, 'message': 'Dec  7 04:08:56 hqnl0246134 sshd[285620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:08:59,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378939.6687064, 'message': 'Dec  7 04:08:58 hqnl0246134 sshd[285610]: Failed password for root from 61.177.173.18 port 38698 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 04:08:59,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378939.6689658, 'message': 'Dec  7 04:08:59 hqnl0246134 sshd[285620]: Failed password for root from 61.177.173.47 port 31365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 04:09:01,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378941.6703513, 'message': 'Dec  7 04:09:00 hqnl0246134 sshd[285620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 04:09:03,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378943.6729894, 'message': 'Dec  7 04:09:03 hqnl0246134 sshd[285620]: Failed password for root from 61.177.173.47 port 31365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:09:05,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378945.674984, 'message': 'Dec  7 04:09:05 hqnl0246134 sshd[285620]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
WARNING [2022-12-07 04:09:07,043] defence360agent.subsys.panels.generic.panel: domains not found neither in /etc/sysconfig/imunify360/integration.conf nor in /opt/cpvendor/etc/integration.ini.
WARNING [2022-12-07 04:09:07,043] defence360agent.subsys.panels.generic.panel: Could not parse domains lists
INFO    [2022-12-07 04:09:07,044] defence360agent.simple_rpc: Response: method - ['list-docroots'], data - {'result': 'success', 'messages': [], 'data': {'items': {}, 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 04:09:07,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:09:07,066] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['list-docroots'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'list-docroots', '--json']}) processed in 0.0208 seconds
INFO    [2022-12-07 04:09:07,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378947.6773272, 'message': 'Dec  7 04:09:06 hqnl0246134 sshd[285620]: Failed password for root from 61.177.173.47 port 31365 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:09:09,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.220.111.68', 'timestamp': 1670378949.678077, 'message': 'Dec  7 04:09:09 hqnl0246134 sshd[285771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.220.111.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:09:09,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.220.111.68', 'timestamp': 1670378949.6782992, 'message': 'Dec  7 04:09:09 hqnl0246134 sshd[285771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.220.111.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:09:11,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378951.6809819, 'message': 'Dec  7 04:09:10 hqnl0246134 sshd[285772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 04:09:11,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.220.111.68', 'timestamp': 1670378951.6813266, 'message': 'Dec  7 04:09:11 hqnl0246134 sshd[285771]: Failed password for root from 112.220.111.68 port 50452 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 04:09:11,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378951.6811829, 'message': 'Dec  7 04:09:10 hqnl0246134 sshd[285772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 04:09:12,389] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:09:12,416] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0365 seconds
INFO    [2022-12-07 04:09:13,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378953.6822362, 'message': 'Dec  7 04:09:11 hqnl0246134 sshd[285772]: Failed password for root from 61.177.173.47 port 17295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 04:09:13,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378953.6825233, 'message': 'Dec  7 04:09:12 hqnl0246134 sshd[285772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:09:15,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378955.6846416, 'message': 'Dec  7 04:09:14 hqnl0246134 sshd[285772]: Failed password for root from 61.177.173.47 port 17295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 04:09:15,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378955.6848757, 'message': 'Dec  7 04:09:14 hqnl0246134 sshd[285772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:09:17,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378957.6874366, 'message': 'Dec  7 04:09:17 hqnl0246134 sshd[285772]: Failed password for root from 61.177.173.47 port 17295 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:09:17,833] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:09:17,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:09:17,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:09:17,853] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 04:09:20,599] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:09:20,600] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:09:20,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:09:20,619] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 04:09:21,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378961.6947052, 'message': 'Dec  7 04:09:21 hqnl0246134 sshd[285785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 04:09:21,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378961.6952617, 'message': 'Dec  7 04:09:21 hqnl0246134 sshd[285785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:09:25,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378965.6977582, 'message': 'Dec  7 04:09:23 hqnl0246134 sshd[285785]: Failed password for root from 61.177.173.47 port 54558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:09:27,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378967.700527, 'message': 'Dec  7 04:09:26 hqnl0246134 sshd[285785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 04:09:27,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.135.20.36', 'timestamp': 1670378967.7007399, 'message': 'Dec  7 04:09:27 hqnl0246134 sshd[285800]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.135.20.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:09:27,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.135.20.36', 'timestamp': 1670378967.7008567, 'message': 'Dec  7 04:09:27 hqnl0246134 sshd[285800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.135.20.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:09:29,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378969.702222, 'message': 'Dec  7 04:09:28 hqnl0246134 sshd[285785]: Failed password for root from 61.177.173.47 port 54558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:09:29,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '203.135.20.36', 'timestamp': 1670378969.7024207, 'message': 'Dec  7 04:09:29 hqnl0246134 sshd[285800]: Failed password for root from 203.135.20.36 port 49409 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 04:09:31,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378971.7046537, 'message': 'Dec  7 04:09:30 hqnl0246134 sshd[285785]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:09:33,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.47', 'timestamp': 1670378973.7083955, 'message': 'Dec  7 04:09:32 hqnl0246134 sshd[285785]: Failed password for root from 61.177.173.47 port 54558 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:09:37,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378977.7140105, 'message': 'Dec  7 04:09:37 hqnl0246134 sshd[285804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:09:39,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670378979.7165434, 'message': 'Dec  7 04:09:39 hqnl0246134 sshd[285804]: Failed password for root from 61.177.173.18 port 58167 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 04:09:51,059] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:09:51,059] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:09:52,686] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:09:52,686] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:09:52,695] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:09:52,707] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 04:09:59,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670378999.7414033, 'message': 'Dec  7 04:09:58 hqnl0246134 sshd[285821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:09:59,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670378999.741734, 'message': 'Dec  7 04:09:58 hqnl0246134 sshd[285821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 04:10:01,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379001.741935, 'message': 'Dec  7 04:10:00 hqnl0246134 sshd[285821]: Failed password for root from 61.177.172.114 port 34004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0958 seconds
INFO    [2022-12-07 04:10:03,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379003.7463214, 'message': 'Dec  7 04:10:02 hqnl0246134 sshd[285821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 04:10:05,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379005.7488146, 'message': 'Dec  7 04:10:04 hqnl0246134 sshd[285821]: Failed password for root from 61.177.172.114 port 34004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:10:05,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379005.749135, 'message': 'Dec  7 04:10:04 hqnl0246134 sshd[285821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:10:07,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379007.7501202, 'message': 'Dec  7 04:10:06 hqnl0246134 sshd[285821]: Failed password for root from 61.177.172.114 port 34004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:10:09,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379009.7525837, 'message': 'Dec  7 04:10:08 hqnl0246134 sshd[285847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:10:09,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379009.7528274, 'message': 'Dec  7 04:10:08 hqnl0246134 sshd[285847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:10:11,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379011.7545402, 'message': 'Dec  7 04:10:11 hqnl0246134 sshd[285847]: Failed password for root from 61.177.172.114 port 60709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0241 seconds
WARNING [2022-12-07 04:10:12,390] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:10:12,418] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-07 04:10:13,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379013.758203, 'message': 'Dec  7 04:10:12 hqnl0246134 sshd[285847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:10:15,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379015.76117, 'message': 'Dec  7 04:10:14 hqnl0246134 sshd[285853]: Invalid user ubuntu from 165.227.166.207 port 32890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 04:10:15,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379015.7689946, 'message': 'Dec  7 04:10:15 hqnl0246134 sshd[285847]: Failed password for root from 61.177.172.114 port 60709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:10:15,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379015.7613523, 'message': 'Dec  7 04:10:14 hqnl0246134 sshd[285853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:10:15,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379015.768862, 'message': 'Dec  7 04:10:14 hqnl0246134 sshd[285853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:10:17,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:10:17,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:10:17,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:10:17,844] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0469 seconds
INFO    [2022-12-07 04:10:17,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379017.7986057, 'message': 'Dec  7 04:10:15 hqnl0246134 sshd[285853]: Failed password for invalid user ubuntu from 165.227.166.207 port 32890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 04:10:17,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379017.7988849, 'message': 'Dec  7 04:10:17 hqnl0246134 sshd[285847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 04:10:17,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379017.798755, 'message': 'Dec  7 04:10:16 hqnl0246134 sshd[285853]: Disconnected from invalid user ubuntu 165.227.166.207 port 32890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:10:19,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379019.768004, 'message': 'Dec  7 04:10:19 hqnl0246134 sshd[285847]: Failed password for root from 61.177.172.114 port 60709 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:10:21,193] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:10:21,193] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:10:21,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:10:21,213] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 04:10:23,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379023.7742057, 'message': 'Dec  7 04:10:22 hqnl0246134 sshd[285868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 04:10:23,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379023.7746603, 'message': 'Dec  7 04:10:23 hqnl0246134 sshd[285879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 04:10:23,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379023.7748108, 'message': 'Dec  7 04:10:23 hqnl0246134 sshd[285879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:10:25,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379025.7764616, 'message': 'Dec  7 04:10:24 hqnl0246134 sshd[285868]: Failed password for root from 61.177.173.18 port 20435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:10:25,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379025.7767599, 'message': 'Dec  7 04:10:24 hqnl0246134 sshd[285879]: Failed password for root from 61.177.172.114 port 52511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:10:25,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379025.7769716, 'message': 'Dec  7 04:10:25 hqnl0246134 sshd[285879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:10:27,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379027.779524, 'message': 'Dec  7 04:10:26 hqnl0246134 sshd[285868]: Failed password for root from 61.177.173.18 port 20435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 04:10:27,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379027.7797298, 'message': 'Dec  7 04:10:27 hqnl0246134 sshd[285879]: Failed password for root from 61.177.172.114 port 52511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 04:10:27,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379027.7798436, 'message': 'Dec  7 04:10:27 hqnl0246134 sshd[285879]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:10:29,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379029.7839468, 'message': 'Dec  7 04:10:28 hqnl0246134 sshd[285868]: Failed password for root from 61.177.173.18 port 20435 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 04:10:29,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379029.7841275, 'message': 'Dec  7 04:10:29 hqnl0246134 sshd[285879]: Failed password for root from 61.177.172.114 port 52511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 04:10:31,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379031.7856915, 'message': 'Dec  7 04:10:31 hqnl0246134 sshd[285884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:10:31,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379031.7859693, 'message': 'Dec  7 04:10:31 hqnl0246134 sshd[285884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:10:33,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379033.7886605, 'message': 'Dec  7 04:10:33 hqnl0246134 sshd[285884]: Failed password for root from 61.177.172.114 port 60126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:10:35,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379035.794841, 'message': 'Dec  7 04:10:35 hqnl0246134 sshd[285884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:10:37,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379037.7987766, 'message': 'Dec  7 04:10:37 hqnl0246134 sshd[285884]: Failed password for root from 61.177.172.114 port 60126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:10:39,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379039.8018308, 'message': 'Dec  7 04:10:37 hqnl0246134 sshd[285884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 04:10:39,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670379039.8021202, 'message': 'Dec  7 04:10:39 hqnl0246134 sshd[285884]: Failed password for root from 61.177.172.114 port 60126 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:10:51,062] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:10:51,062] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:11:07,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379067.840126, 'message': 'Dec  7 04:11:07 hqnl0246134 sshd[285904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:11:09,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379069.8426092, 'message': 'Dec  7 04:11:09 hqnl0246134 sshd[285904]: Failed password for root from 61.177.173.18 port 35866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 04:11:12,394] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:11:12,414] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0276 seconds
INFO    [2022-12-07 04:11:18,161] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:11:18,161] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:11:18,173] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:11:18,186] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-07 04:11:18,469] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:11:18,470] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:11:18,495] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:11:18,523] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0417 seconds
INFO    [2022-12-07 04:11:19,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.183.42.17', 'timestamp': 1670379079.8506486, 'message': 'Dec  7 04:11:18 hqnl0246134 sshd[285917]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.183.42.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 04:11:19,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.183.42.17', 'timestamp': 1670379079.8509717, 'message': 'Dec  7 04:11:18 hqnl0246134 sshd[285917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.42.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 04:11:20,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:11:20,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:11:20,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:11:20,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0352 seconds
INFO    [2022-12-07 04:11:21,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '68.183.42.17', 'timestamp': 1670379081.8525393, 'message': 'Dec  7 04:11:20 hqnl0246134 sshd[285917]: Failed password for root from 68.183.42.17 port 53652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:11:43,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379103.908825, 'message': 'Dec  7 04:11:42 hqnl0246134 sshd[285932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 221.204.171.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 04:11:43,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379103.9094296, 'message': 'Dec  7 04:11:42 hqnl0246134 sshd[285932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.204.171.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:11:45,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379105.9149945, 'message': 'Dec  7 04:11:44 hqnl0246134 sshd[285932]: Failed password for root from 221.204.171.211 port 55528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
WARNING [2022-12-07 04:11:51,066] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:11:51,068] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:11:51,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379111.9293406, 'message': 'Dec  7 04:11:51 hqnl0246134 sshd[285934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0343 seconds
WARNING [2022-12-07 04:11:54,178] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:11:55,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379115.934427, 'message': 'Dec  7 04:11:54 hqnl0246134 sshd[285934]: Failed password for root from 61.177.173.18 port 45523 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 04:12:01,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379121.9487755, 'message': 'Dec  7 04:11:58 hqnl0246134 sshd[285934]: Failed password for root from 61.177.173.18 port 45523 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 04:12:03,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379123.951407, 'message': 'Dec  7 04:12:02 hqnl0246134 sshd[285934]: Failed password for root from 61.177.173.18 port 45523 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 04:12:12,399] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:12:12,425] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-07 04:12:17,961] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:12:17,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:12:17,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:12:17,979] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 04:12:20,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:12:20,740] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:12:20,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:12:20,759] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 04:12:26,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379145.9948602, 'message': 'Dec  7 04:12:24 hqnl0246134 sshd[286004]: Invalid user minera from 203.135.20.36 port 37181', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:12:26,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379145.9951909, 'message': 'Dec  7 04:12:24 hqnl0246134 sshd[286004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.135.20.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:12:26,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379145.9953802, 'message': 'Dec  7 04:12:24 hqnl0246134 sshd[286004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.135.20.36 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:12:26,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379145.9955022, 'message': 'Dec  7 04:12:25 hqnl0246134 sshd[286004]: Failed password for invalid user minera from 203.135.20.36 port 37181 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 04:12:28,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379147.9976432, 'message': 'Dec  7 04:12:26 hqnl0246134 sshd[286004]: Disconnected from invalid user minera 203.135.20.36 port 37181 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 04:12:28,392] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:12:28,393] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:12:28,402] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:12:28,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 04:12:30,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379150.0032132, 'message': 'Dec  7 04:12:29 hqnl0246134 sshd[286011]: Invalid user ubuntu from 165.227.166.207 port 43198', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 04:12:30,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379150.003544, 'message': 'Dec  7 04:12:29 hqnl0246134 sshd[286011]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:12:30,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379150.0037358, 'message': 'Dec  7 04:12:29 hqnl0246134 sshd[286011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:12:32,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379152.0098073, 'message': 'Dec  7 04:12:31 hqnl0246134 sshd[286011]: Failed password for invalid user ubuntu from 165.227.166.207 port 43198 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:12:32,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379152.010063, 'message': 'Dec  7 04:12:31 hqnl0246134 sshd[286011]: Disconnected from invalid user ubuntu 165.227.166.207 port 43198 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:12:38,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379158.0187757, 'message': 'Dec  7 04:12:36 hqnl0246134 sshd[286014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:12:40,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379160.0231352, 'message': 'Dec  7 04:12:38 hqnl0246134 sshd[286014]: Failed password for root from 61.177.173.18 port 63818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-07 04:12:51,073] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:12:51,074] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:12:51,904] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:12:51,980] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:12:51,982] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:12:51,982] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:12:51,982] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:12:51,982] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:12:52,067] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:12:52,086] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.1018 seconds
WARNING [2022-12-07 04:12:52,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:12:52,095] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:12:52,113] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0326 seconds
INFO    [2022-12-07 04:12:52,114] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-07 04:13:02,287] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 04:13:02,294] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:13:02,307] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0185 seconds
WARNING [2022-12-07 04:13:12,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:13:12,928] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.5350 seconds
INFO    [2022-12-07 04:13:17,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:13:17,999] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:13:18,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:13:18,018] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 04:13:20,556] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:13:20,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:13:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:13:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 04:13:22,126] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:13:22,128] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:13:22,129] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 04:13:22,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379202.1254773, 'message': 'Dec  7 04:13:21 hqnl0246134 sshd[286063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-07 04:13:26,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379206.0959775, 'message': 'Dec  7 04:13:24 hqnl0246134 sshd[286063]: Failed password for root from 61.177.173.18 port 25662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:13:30,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379210.1008873, 'message': 'Dec  7 04:13:28 hqnl0246134 sshd[286063]: Failed password for root from 61.177.173.18 port 25662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 04:13:32,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379212.1033235, 'message': 'Dec  7 04:13:30 hqnl0246134 sshd[286063]: Failed password for root from 61.177.173.18 port 25662 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 04:13:51,077] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:13:51,079] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:14:06,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379246.1573875, 'message': 'Dec  7 04:14:05 hqnl0246134 sshd[286095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 04:14:08,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379248.160756, 'message': 'Dec  7 04:14:07 hqnl0246134 sshd[286095]: Failed password for root from 61.177.173.18 port 27973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 04:14:10,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379250.1622946, 'message': 'Dec  7 04:14:09 hqnl0246134 sshd[286099]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.59.44.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:14:10,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379250.1625068, 'message': 'Dec  7 04:14:09 hqnl0246134 sshd[286099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.59.44.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:14:12,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379252.1657343, 'message': 'Dec  7 04:14:10 hqnl0246134 sshd[286095]: Failed password for root from 61.177.173.18 port 27973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:14:12,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379252.1659296, 'message': 'Dec  7 04:14:11 hqnl0246134 sshd[286099]: Failed password for root from 137.59.44.72 port 38260 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-07 04:14:12,402] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:14:12,421] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0266 seconds
INFO    [2022-12-07 04:14:15,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:14:15,835] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:14:15,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:14:15,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0482 seconds
INFO    [2022-12-07 04:14:16,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379256.1683965, 'message': 'Dec  7 04:14:14 hqnl0246134 sshd[286095]: Failed password for root from 61.177.173.18 port 27973 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-07 04:14:18,016] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:14:18,016] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:14:18,023] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:14:18,034] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:14:20,673] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:14:20,673] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:14:20,680] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:14:20,691] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 04:14:38,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379278.1986232, 'message': 'Dec  7 04:14:36 hqnl0246134 sshd[286130]: Invalid user ubuntu from 165.227.166.207 port 53468', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 04:14:38,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379278.1990972, 'message': 'Dec  7 04:14:36 hqnl0246134 sshd[286130]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:14:38,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379278.1992607, 'message': 'Dec  7 04:14:36 hqnl0246134 sshd[286130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:14:40,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379280.2023177, 'message': 'Dec  7 04:14:39 hqnl0246134 sshd[286130]: Failed password for invalid user ubuntu from 165.227.166.207 port 53468 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:14:40,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379280.2026858, 'message': 'Dec  7 04:14:39 hqnl0246134 sshd[286130]: Disconnected from invalid user ubuntu 165.227.166.207 port 53468 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:14:48,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379288.2134056, 'message': 'Dec  7 04:14:48 hqnl0246134 sshd[286132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 221.204.171.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:14:48,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379288.2138033, 'message': 'Dec  7 04:14:48 hqnl0246134 sshd[286132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.204.171.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 04:14:51,085] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:14:51,086] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:14:52,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '221.204.171.211', 'timestamp': 1670379292.219998, 'message': 'Dec  7 04:14:50 hqnl0246134 sshd[286132]: Failed password for root from 221.204.171.211 port 51596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 04:14:52,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379292.220317, 'message': 'Dec  7 04:14:51 hqnl0246134 sshd[286135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 04:14:54,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379294.2250485, 'message': 'Dec  7 04:14:53 hqnl0246134 sshd[286137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-07 04:14:54,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379294.2260225, 'message': 'Dec  7 04:14:54 hqnl0246134 sshd[286135]: Failed password for root from 61.177.173.18 port 44570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-07 04:14:54,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379294.2257445, 'message': 'Dec  7 04:14:53 hqnl0246134 sshd[286137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:14:56,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379296.2269406, 'message': 'Dec  7 04:14:55 hqnl0246134 sshd[286137]: Failed password for root from 61.177.172.90 port 44005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:14:58,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379298.231062, 'message': 'Dec  7 04:14:57 hqnl0246134 sshd[286137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 04:14:58,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379298.2313461, 'message': 'Dec  7 04:14:58 hqnl0246134 sshd[286135]: Failed password for root from 61.177.173.18 port 44570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 04:15:00,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379300.2339146, 'message': 'Dec  7 04:14:59 hqnl0246134 sshd[286137]: Failed password for root from 61.177.172.90 port 44005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 04:15:00,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379300.2341528, 'message': 'Dec  7 04:14:59 hqnl0246134 sshd[286135]: Failed password for root from 61.177.173.18 port 44570 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 04:15:02,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379302.2416658, 'message': 'Dec  7 04:15:01 hqnl0246134 sshd[286137]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 04:15:04,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379304.2405071, 'message': 'Dec  7 04:15:03 hqnl0246134 sshd[286137]: Failed password for root from 61.177.172.90 port 44005 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:15:08,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379308.2501454, 'message': 'Dec  7 04:15:07 hqnl0246134 sshd[286169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:15:08,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379308.250496, 'message': 'Dec  7 04:15:07 hqnl0246134 sshd[286169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:15:10,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379310.2552218, 'message': 'Dec  7 04:15:09 hqnl0246134 sshd[286169]: Failed password for root from 61.177.172.90 port 44793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:15:12,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379312.257222, 'message': 'Dec  7 04:15:11 hqnl0246134 sshd[286169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:15:12,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:15:12,436] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-07 04:15:14,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379314.2607877, 'message': 'Dec  7 04:15:13 hqnl0246134 sshd[286179]: Invalid user minecraft from 203.135.20.36 port 47291', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:15:14,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379314.2618983, 'message': 'Dec  7 04:15:14 hqnl0246134 sshd[286169]: Failed password for root from 61.177.172.90 port 44793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 04:15:14,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379314.261683, 'message': 'Dec  7 04:15:13 hqnl0246134 sshd[286179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.135.20.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:15:14,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379314.2617908, 'message': 'Dec  7 04:15:13 hqnl0246134 sshd[286179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.135.20.36 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:15:16,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379316.2616258, 'message': 'Dec  7 04:15:15 hqnl0246134 sshd[286179]: Failed password for invalid user minecraft from 203.135.20.36 port 47291 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:15:18,119] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:15:18,120] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:15:18,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:15:18,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0378 seconds
INFO    [2022-12-07 04:15:18,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379318.2652626, 'message': 'Dec  7 04:15:16 hqnl0246134 sshd[286169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:15:18,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379318.2654448, 'message': 'Dec  7 04:15:16 hqnl0246134 sshd[286179]: Disconnected from invalid user minecraft 203.135.20.36 port 47291 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:15:19,595] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:15:19,596] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:15:19,605] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:15:19,618] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 04:15:20,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379320.268088, 'message': 'Dec  7 04:15:18 hqnl0246134 sshd[286169]: Failed password for root from 61.177.172.90 port 44793 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:15:20,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379320.2682915, 'message': 'Dec  7 04:15:20 hqnl0246134 sshd[286193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:15:20,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379320.2684507, 'message': 'Dec  7 04:15:20 hqnl0246134 sshd[286193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:15:20,893] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:15:20,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:15:20,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:15:20,912] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 04:15:24,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379324.2761128, 'message': 'Dec  7 04:15:22 hqnl0246134 sshd[286193]: Failed password for root from 61.177.172.90 port 23961 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:15:26,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379326.2792053, 'message': 'Dec  7 04:15:24 hqnl0246134 sshd[286193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:15:28,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379328.2829509, 'message': 'Dec  7 04:15:27 hqnl0246134 sshd[286193]: Failed password for root from 61.177.172.90 port 23961 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:15:30,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379330.2872238, 'message': 'Dec  7 04:15:28 hqnl0246134 sshd[286193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:15:32,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379332.2908227, 'message': 'Dec  7 04:15:30 hqnl0246134 sshd[286193]: Failed password for root from 61.177.172.90 port 23961 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:15:38,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379338.2982013, 'message': 'Dec  7 04:15:37 hqnl0246134 sshd[286211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 04:15:38,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379338.2986908, 'message': 'Dec  7 04:15:38 hqnl0246134 sshd[286213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 04:15:38,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379338.298504, 'message': 'Dec  7 04:15:37 hqnl0246134 sshd[286211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 04:15:40,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379340.299565, 'message': 'Dec  7 04:15:40 hqnl0246134 sshd[286211]: Failed password for root from 61.177.172.90 port 36683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:15:42,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379342.3028564, 'message': 'Dec  7 04:15:40 hqnl0246134 sshd[286213]: Failed password for root from 61.177.173.18 port 62131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 04:15:42,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379342.3031268, 'message': 'Dec  7 04:15:42 hqnl0246134 sshd[286211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 04:15:46,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379346.3121312, 'message': 'Dec  7 04:15:44 hqnl0246134 sshd[286211]: Failed password for root from 61.177.172.90 port 36683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:15:46,343] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379346.312488, 'message': 'Dec  7 04:15:44 hqnl0246134 sshd[286213]: Failed password for root from 61.177.173.18 port 62131 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 04:15:48,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379348.3155947, 'message': 'Dec  7 04:15:46 hqnl0246134 sshd[286211]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:15:50,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379350.3195932, 'message': 'Dec  7 04:15:48 hqnl0246134 sshd[286211]: Failed password for root from 61.177.172.90 port 36683 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 04:15:50,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379350.3198543, 'message': 'Dec  7 04:15:48 hqnl0246134 sshd[286213]: Failed password for root from 61.177.173.18 port 62131 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 04:15:50,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379350.3208451, 'message': 'Dec  7 04:15:49 hqnl0246134 sshd[286216]: Invalid user ftpuser from 168.228.168.86 port 44692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 04:15:50,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379350.3209612, 'message': 'Dec  7 04:15:49 hqnl0246134 sshd[286216]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.228.168.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:15:50,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379350.321078, 'message': 'Dec  7 04:15:49 hqnl0246134 sshd[286216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.168.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 04:15:51,092] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:15:51,093] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:15:52,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379352.322109, 'message': 'Dec  7 04:15:50 hqnl0246134 sshd[286218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0519 seconds
INFO    [2022-12-07 04:15:52,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379352.3225017, 'message': 'Dec  7 04:15:52 hqnl0246134 sshd[286216]: Failed password for invalid user ftpuser from 168.228.168.86 port 44692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-07 04:15:52,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379352.3223653, 'message': 'Dec  7 04:15:50 hqnl0246134 sshd[286218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 04:15:54,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379354.3297884, 'message': 'Dec  7 04:15:52 hqnl0246134 sshd[286216]: Disconnected from invalid user ftpuser 168.228.168.86 port 44692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 04:15:54,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379354.3304, 'message': 'Dec  7 04:15:53 hqnl0246134 sshd[286218]: Failed password for root from 61.177.172.90 port 10051 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 04:15:56,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379356.3325424, 'message': 'Dec  7 04:15:54 hqnl0246134 sshd[286218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:15:58,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379358.3326647, 'message': 'Dec  7 04:15:57 hqnl0246134 sshd[286218]: Failed password for root from 61.177.172.90 port 10051 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:16:00,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379360.3368325, 'message': 'Dec  7 04:15:59 hqnl0246134 sshd[286218]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 04:16:02,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.90', 'timestamp': 1670379362.341166, 'message': 'Dec  7 04:16:01 hqnl0246134 sshd[286218]: Failed password for root from 61.177.172.90 port 10051 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:16:12,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:16:12,438] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-07 04:16:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:16:17,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:16:17,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:16:17,824] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 04:16:20,419] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:16:20,420] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:16:20,427] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:16:20,440] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 04:16:24,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379384.377643, 'message': 'Dec  7 04:16:24 hqnl0246134 sshd[286281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 04:16:26,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379386.3809915, 'message': 'Dec  7 04:16:26 hqnl0246134 sshd[286281]: Failed password for root from 61.177.173.18 port 19177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 04:16:28,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379388.3835888, 'message': 'Dec  7 04:16:27 hqnl0246134 sshd[286283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 04:16:28,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379388.3837636, 'message': 'Dec  7 04:16:27 hqnl0246134 sshd[286283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:16:30,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379390.3866553, 'message': 'Dec  7 04:16:29 hqnl0246134 sshd[286283]: Failed password for root from 61.177.173.53 port 49705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 04:16:30,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379390.3868415, 'message': 'Dec  7 04:16:29 hqnl0246134 sshd[286281]: Failed password for root from 61.177.173.18 port 19177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 04:16:32,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379392.3894627, 'message': 'Dec  7 04:16:31 hqnl0246134 sshd[286283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 04:16:32,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379392.3897045, 'message': 'Dec  7 04:16:32 hqnl0246134 sshd[286281]: Failed password for root from 61.177.173.18 port 19177 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:16:34,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379394.3921323, 'message': 'Dec  7 04:16:34 hqnl0246134 sshd[286283]: Failed password for root from 61.177.173.53 port 49705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:16:35,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:16:35,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:16:35,552] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:16:35,563] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 04:16:36,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379396.3957572, 'message': 'Dec  7 04:16:36 hqnl0246134 sshd[286283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:16:38,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379398.3974369, 'message': 'Dec  7 04:16:38 hqnl0246134 sshd[286283]: Failed password for root from 61.177.173.53 port 49705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:16:42,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379402.4041505, 'message': 'Dec  7 04:16:41 hqnl0246134 sshd[286295]: Invalid user ubuntu from 165.227.166.207 port 35522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 04:16:42,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379402.4047935, 'message': 'Dec  7 04:16:42 hqnl0246134 sshd[286292]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:16:42,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379402.404499, 'message': 'Dec  7 04:16:41 hqnl0246134 sshd[286295]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 04:16:42,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379402.404951, 'message': 'Dec  7 04:16:42 hqnl0246134 sshd[286292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 04:16:42,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379402.4046648, 'message': 'Dec  7 04:16:41 hqnl0246134 sshd[286295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:16:44,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379404.4066324, 'message': 'Dec  7 04:16:43 hqnl0246134 sshd[286295]: Failed password for invalid user ubuntu from 165.227.166.207 port 35522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 04:16:44,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379404.4088883, 'message': 'Dec  7 04:16:44 hqnl0246134 sshd[286297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 203.135.20.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 04:16:44,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379404.4087663, 'message': 'Dec  7 04:16:43 hqnl0246134 sshd[286295]: Disconnected from invalid user ubuntu 165.227.166.207 port 35522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 04:16:44,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379404.4090424, 'message': 'Dec  7 04:16:44 hqnl0246134 sshd[286297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.135.20.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 04:16:46,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379406.4089878, 'message': 'Dec  7 04:16:44 hqnl0246134 sshd[286292]: Failed password for root from 61.177.173.53 port 56731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:16:48,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379408.4126503, 'message': 'Dec  7 04:16:46 hqnl0246134 sshd[286292]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 04:16:48,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '203.135.20.36', 'timestamp': 1670379408.4131517, 'message': 'Dec  7 04:16:46 hqnl0246134 sshd[286297]: Failed password for root from 203.135.20.36 port 57400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-07 04:16:48,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379408.4133742, 'message': 'Dec  7 04:16:48 hqnl0246134 sshd[286292]: Failed password for root from 61.177.173.53 port 56731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:16:50,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379410.4145558, 'message': 'Dec  7 04:16:48 hqnl0246134 sshd[286292]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 04:16:51,096] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:16:51,096] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:16:52,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670379412.421345, 'message': 'Dec  7 04:16:51 hqnl0246134 sshd[286292]: Failed password for root from 61.177.173.53 port 56731 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 04:17:10,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379430.4550438, 'message': 'Dec  7 04:17:08 hqnl0246134 sshd[286329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-07 04:17:12,418] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:17:12,442] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-07 04:17:12,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379432.4573479, 'message': 'Dec  7 04:17:10 hqnl0246134 sshd[286329]: Failed password for root from 61.177.173.18 port 28864 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:17:18,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:17:18,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:17:18,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:17:18,884] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 04:17:21,835] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:17:21,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:17:21,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:17:21,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 04:17:34,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.235.137.135', 'timestamp': 1670379454.4789665, 'message': 'Dec  7 04:17:34 hqnl0246134 sshd[286333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.235.137.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:17:34,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.235.137.135', 'timestamp': 1670379454.4793472, 'message': 'Dec  7 04:17:34 hqnl0246134 sshd[286333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:17:36,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.235.137.135', 'timestamp': 1670379456.481971, 'message': 'Dec  7 04:17:35 hqnl0246134 sshd[286333]: Failed password for root from 188.235.137.135 port 56532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 04:17:36,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379456.4821978, 'message': 'Dec  7 04:17:36 hqnl0246134 sshd[286356]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.59.44.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:17:36,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379456.482331, 'message': 'Dec  7 04:17:36 hqnl0246134 sshd[286356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.59.44.72  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:17:38,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379458.4821138, 'message': 'Dec  7 04:17:37 hqnl0246134 sshd[286356]: Failed password for root from 137.59.44.72 port 55442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:17:38,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:17:38,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:17:38,809] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:17:38,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-07 04:17:51,101] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:17:51,102] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:17:56,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379476.522055, 'message': 'Dec  7 04:17:54 hqnl0246134 sshd[286373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 04:17:58,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379478.5265298, 'message': 'Dec  7 04:17:56 hqnl0246134 sshd[286373]: Failed password for root from 61.177.173.18 port 51303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 04:18:02,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379482.538715, 'message': 'Dec  7 04:18:00 hqnl0246134 sshd[286373]: Failed password for root from 61.177.173.18 port 51303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:18:03,874] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:18:03,942] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:18:03,943] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:18:03,943] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:18:03,943] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:18:03,944] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:18:03,953] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:18:03,968] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0235 seconds
WARNING [2022-12-07 04:18:03,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:18:03,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:18:03,995] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0326 seconds
INFO    [2022-12-07 04:18:03,997] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0309 seconds
INFO    [2022-12-07 04:18:04,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379484.5416553, 'message': 'Dec  7 04:18:03 hqnl0246134 sshd[286373]: Failed password for root from 61.177.173.18 port 51303 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:18:06,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670379486.5448887, 'message': 'Dec  7 04:18:06 hqnl0246134 sshd[286384]: Invalid user cognos from 191.81.134.68 port 32871', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:18:06,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.81.134.68', 'timestamp': 1670379486.5451524, 'message': 'Dec  7 04:18:06 hqnl0246134 sshd[286384]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.81.134.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:18:06,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.81.134.68', 'timestamp': 1670379486.5453112, 'message': 'Dec  7 04:18:06 hqnl0246134 sshd[286384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.134.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:18:10,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670379490.549129, 'message': 'Dec  7 04:18:08 hqnl0246134 sshd[286384]: Failed password for invalid user cognos from 191.81.134.68 port 32871 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:18:10,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670379490.549333, 'message': 'Dec  7 04:18:10 hqnl0246134 sshd[286384]: Disconnected from invalid user cognos 191.81.134.68 port 32871 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 04:18:12,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:18:12,456] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0436 seconds
INFO    [2022-12-07 04:18:18,044] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:18:18,045] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:18:18,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:18:18,066] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 04:18:20,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:18:20,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:18:20,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:18:20,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 04:18:26,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379506.5705304, 'message': 'Dec  7 04:18:26 hqnl0246134 sshd[286404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 04:18:26,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379506.5715525, 'message': 'Dec  7 04:18:26 hqnl0246134 sshd[286404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 04:18:28,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379508.5698535, 'message': 'Dec  7 04:18:28 hqnl0246134 sshd[286404]: Failed password for root from 61.177.173.39 port 38285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:18:28,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379508.5700676, 'message': 'Dec  7 04:18:28 hqnl0246134 sshd[286404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:18:32,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379512.5881078, 'message': 'Dec  7 04:18:30 hqnl0246134 sshd[286404]: Failed password for root from 61.177.173.39 port 38285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:18:34,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379514.6000507, 'message': 'Dec  7 04:18:32 hqnl0246134 sshd[286404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:18:34,747] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:18:34,747] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:18:34,748] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 04:18:36,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379516.61174, 'message': 'Dec  7 04:18:35 hqnl0246134 sshd[286404]: Failed password for root from 61.177.173.39 port 38285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:18:38,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379518.6185157, 'message': 'Dec  7 04:18:38 hqnl0246134 sshd[286410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 04:18:38,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379518.6187196, 'message': 'Dec  7 04:18:38 hqnl0246134 sshd[286410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:18:40,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379520.6214318, 'message': 'Dec  7 04:18:38 hqnl0246134 sshd[286412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:18:40,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379520.621699, 'message': 'Dec  7 04:18:40 hqnl0246134 sshd[286410]: Failed password for root from 61.177.173.39 port 38371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 04:18:42,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379522.6241295, 'message': 'Dec  7 04:18:40 hqnl0246134 sshd[286412]: Failed password for root from 61.177.173.18 port 13523 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 04:18:42,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379522.6243567, 'message': 'Dec  7 04:18:40 hqnl0246134 sshd[286410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 04:18:44,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379524.626697, 'message': 'Dec  7 04:18:42 hqnl0246134 sshd[286410]: Failed password for root from 61.177.173.39 port 38371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 04:18:44,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379524.6269033, 'message': 'Dec  7 04:18:43 hqnl0246134 sshd[286412]: Failed password for root from 61.177.173.18 port 13523 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 04:18:44,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379524.627017, 'message': 'Dec  7 04:18:43 hqnl0246134 sshd[286410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:18:46,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379526.6302946, 'message': 'Dec  7 04:18:45 hqnl0246134 sshd[286410]: Failed password for root from 61.177.173.39 port 38371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:18:46,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379526.6306062, 'message': 'Dec  7 04:18:45 hqnl0246134 sshd[286412]: Failed password for root from 61.177.173.18 port 13523 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:18:47,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:18:47,710] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:18:47,716] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:18:47,727] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-07 04:18:48,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379528.6300247, 'message': 'Dec  7 04:18:46 hqnl0246134 sshd[286419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:18:48,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379528.6302001, 'message': 'Dec  7 04:18:46 hqnl0246134 sshd[286419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 04:18:48,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379528.6303544, 'message': 'Dec  7 04:18:48 hqnl0246134 sshd[286419]: Failed password for root from 61.177.173.39 port 55060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:18:50,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379530.640939, 'message': 'Dec  7 04:18:49 hqnl0246134 sshd[286419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:18:50,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379530.6411285, 'message': 'Dec  7 04:18:50 hqnl0246134 sshd[286419]: Failed password for root from 61.177.173.39 port 55060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 04:18:51,109] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:18:51,110] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:18:52,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379532.6525998, 'message': 'Dec  7 04:18:51 hqnl0246134 sshd[286419]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 04:18:52,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379532.6528478, 'message': 'Dec  7 04:18:52 hqnl0246134 sshd[286424]: Invalid user ubuntu from 165.227.166.207 port 45812', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 04:18:52,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379532.6530144, 'message': 'Dec  7 04:18:52 hqnl0246134 sshd[286424]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:18:52,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379532.6531315, 'message': 'Dec  7 04:18:52 hqnl0246134 sshd[286424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:18:54,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379534.654294, 'message': 'Dec  7 04:18:53 hqnl0246134 sshd[286424]: Failed password for invalid user ubuntu from 165.227.166.207 port 45812 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 04:18:54,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670379534.6546803, 'message': 'Dec  7 04:18:54 hqnl0246134 sshd[286419]: Failed password for root from 61.177.173.39 port 55060 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 04:18:54,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379534.6548169, 'message': 'Dec  7 04:18:54 hqnl0246134 sshd[286424]: Disconnected from invalid user ubuntu 165.227.166.207 port 45812 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:19:02,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379542.6788273, 'message': 'Dec  7 04:19:00 hqnl0246134 sshd[286440]: Invalid user myftp from 101.226.253.162 port 44804', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:19:02,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379542.67933, 'message': 'Dec  7 04:19:01 hqnl0246134 sshd[286440]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 04:19:02,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379542.6794589, 'message': 'Dec  7 04:19:01 hqnl0246134 sshd[286440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:19:04,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379544.68468, 'message': 'Dec  7 04:19:02 hqnl0246134 sshd[286440]: Failed password for invalid user myftp from 101.226.253.162 port 44804 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:19:04,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379544.684912, 'message': 'Dec  7 04:19:04 hqnl0246134 sshd[286440]: Disconnected from invalid user myftp 101.226.253.162 port 44804 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 04:19:12,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:19:12,479] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0539 seconds
INFO    [2022-12-07 04:19:17,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:19:17,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:19:17,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:19:17,792] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 04:19:20,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:19:20,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:19:20,443] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:19:20,455] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 04:19:22,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379562.7170947, 'message': 'Dec  7 04:19:20 hqnl0246134 sshd[286459]: Invalid user odoo11 from 168.228.168.86 port 41418', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:19:22,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379562.7173505, 'message': 'Dec  7 04:19:21 hqnl0246134 sshd[286459]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.228.168.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:19:22,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379562.7175736, 'message': 'Dec  7 04:19:21 hqnl0246134 sshd[286459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.168.86 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:19:24,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379564.7200143, 'message': 'Dec  7 04:19:22 hqnl0246134 sshd[286459]: Failed password for invalid user odoo11 from 168.228.168.86 port 41418 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 04:19:24,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379564.720418, 'message': 'Dec  7 04:19:22 hqnl0246134 sshd[286464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:19:26,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379566.7228847, 'message': 'Dec  7 04:19:24 hqnl0246134 sshd[286464]: Failed password for root from 61.177.173.18 port 30980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 04:19:26,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379566.7230847, 'message': 'Dec  7 04:19:24 hqnl0246134 sshd[286459]: Disconnected from invalid user odoo11 168.228.168.86 port 41418 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 04:19:28,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379568.72887, 'message': 'Dec  7 04:19:26 hqnl0246134 sshd[286464]: Failed password for root from 61.177.173.18 port 30980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:19:30,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379570.7324877, 'message': 'Dec  7 04:19:29 hqnl0246134 sshd[286464]: Failed password for root from 61.177.173.18 port 30980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 04:19:34,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379574.7378225, 'message': 'Dec  7 04:19:32 hqnl0246134 sshd[286476]: Invalid user iso from 112.220.111.68 port 17420', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:19:34,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379574.7380548, 'message': 'Dec  7 04:19:33 hqnl0246134 sshd[286476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.220.111.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:19:34,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379574.7382102, 'message': 'Dec  7 04:19:33 hqnl0246134 sshd[286476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.220.111.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:19:36,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379576.7402248, 'message': 'Dec  7 04:19:34 hqnl0246134 sshd[286476]: Failed password for invalid user iso from 112.220.111.68 port 17420 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:19:36,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379576.7404153, 'message': 'Dec  7 04:19:36 hqnl0246134 sshd[286476]: Disconnected from invalid user iso 112.220.111.68 port 17420 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:19:51,114] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:19:51,114] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:20:06,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379606.798911, 'message': 'Dec  7 04:20:06 hqnl0246134 sshd[286509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 04:20:08,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379608.8014662, 'message': 'Dec  7 04:20:07 hqnl0246134 sshd[286509]: Failed password for root from 61.177.173.18 port 40955 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-07 04:20:12,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:20:12,462] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0324 seconds
INFO    [2022-12-07 04:20:17,279] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:20:17,280] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:20:17,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:20:17,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 04:20:17,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:20:17,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:20:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:20:17,956] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 04:20:20,546] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:20:20,547] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:20:20,554] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:20:20,566] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 04:20:24,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379624.8208823, 'message': 'Dec  7 04:20:24 hqnl0246134 sshd[286560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 04:20:24,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379624.8212807, 'message': 'Dec  7 04:20:24 hqnl0246134 sshd[286560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:20:26,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379626.8231642, 'message': 'Dec  7 04:20:26 hqnl0246134 sshd[286560]: Failed password for root from 61.177.172.98 port 43567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:20:30,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379630.8285599, 'message': 'Dec  7 04:20:29 hqnl0246134 sshd[286560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:20:32,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379632.8313935, 'message': 'Dec  7 04:20:30 hqnl0246134 sshd[286560]: Failed password for root from 61.177.172.98 port 43567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:20:32,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379632.8316264, 'message': 'Dec  7 04:20:31 hqnl0246134 sshd[286560]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:20:34,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379634.8335266, 'message': 'Dec  7 04:20:33 hqnl0246134 sshd[286560]: Failed password for root from 61.177.172.98 port 43567 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:20:38,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379638.8394194, 'message': 'Dec  7 04:20:37 hqnl0246134 sshd[286571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 04:20:38,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379638.8397665, 'message': 'Dec  7 04:20:37 hqnl0246134 sshd[286571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 04:20:40,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379640.843227, 'message': 'Dec  7 04:20:39 hqnl0246134 sshd[286571]: Failed password for root from 61.177.172.98 port 37313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 04:20:40,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379640.843404, 'message': 'Dec  7 04:20:39 hqnl0246134 sshd[286575]: Invalid user main from 101.226.253.162 port 41782', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 04:20:40,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379640.8437939, 'message': 'Dec  7 04:20:39 hqnl0246134 sshd[286571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 04:20:40,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379640.8435848, 'message': 'Dec  7 04:20:39 hqnl0246134 sshd[286575]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 04:20:40,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379640.843691, 'message': 'Dec  7 04:20:39 hqnl0246134 sshd[286575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:20:42,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379642.8478734, 'message': 'Dec  7 04:20:41 hqnl0246134 sshd[286575]: Failed password for invalid user main from 101.226.253.162 port 41782 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 04:20:42,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379642.848087, 'message': 'Dec  7 04:20:42 hqnl0246134 sshd[286571]: Failed password for root from 61.177.172.98 port 37313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 04:20:42,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379642.8482425, 'message': 'Dec  7 04:20:42 hqnl0246134 sshd[286575]: Disconnected from invalid user main 101.226.253.162 port 41782 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:20:44,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379644.8518658, 'message': 'Dec  7 04:20:44 hqnl0246134 sshd[286571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:20:46,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379646.8540874, 'message': 'Dec  7 04:20:46 hqnl0246134 sshd[286571]: Failed password for root from 61.177.172.98 port 37313 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:20:48,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379648.8588176, 'message': 'Dec  7 04:20:47 hqnl0246134 sshd[286577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:20:48,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379648.8591156, 'message': 'Dec  7 04:20:47 hqnl0246134 sshd[286577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 04:20:50,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379650.8609524, 'message': 'Dec  7 04:20:49 hqnl0246134 sshd[286577]: Failed password for root from 61.177.172.98 port 62950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:20:50,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379650.8611274, 'message': 'Dec  7 04:20:50 hqnl0246134 sshd[286577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 04:20:51,118] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:20:51,118] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:20:52,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379652.8631449, 'message': 'Dec  7 04:20:52 hqnl0246134 sshd[286580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0588 seconds
INFO    [2022-12-07 04:20:52,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379652.8633947, 'message': 'Dec  7 04:20:52 hqnl0246134 sshd[286579]: Invalid user mongod from 137.59.44.72 port 44384', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 04:20:52,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379652.8639665, 'message': 'Dec  7 04:20:52 hqnl0246134 sshd[286577]: Failed password for root from 61.177.172.98 port 62950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-07 04:20:52,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379652.8636146, 'message': 'Dec  7 04:20:52 hqnl0246134 sshd[286579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.59.44.72 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:20:52,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379652.8637943, 'message': 'Dec  7 04:20:52 hqnl0246134 sshd[286579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.59.44.72 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:20:54,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379654.8685808, 'message': 'Dec  7 04:20:53 hqnl0246134 sshd[286580]: Failed password for root from 61.177.173.18 port 14233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0613 seconds
INFO    [2022-12-07 04:20:54,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379654.869121, 'message': 'Dec  7 04:20:53 hqnl0246134 sshd[286579]: Failed password for invalid user mongod from 137.59.44.72 port 44384 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0614 seconds
INFO    [2022-12-07 04:20:54,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379654.8695881, 'message': 'Dec  7 04:20:54 hqnl0246134 sshd[286577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 04:20:54,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.59.44.72', 'timestamp': 1670379654.8693643, 'message': 'Dec  7 04:20:54 hqnl0246134 sshd[286579]: Disconnected from invalid user mongod 137.59.44.72 port 44384 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:20:56,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379656.8708172, 'message': 'Dec  7 04:20:56 hqnl0246134 sshd[286580]: Failed password for root from 61.177.173.18 port 14233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:20:58,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379658.873636, 'message': 'Dec  7 04:20:57 hqnl0246134 sshd[286577]: Failed password for root from 61.177.172.98 port 62950 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 04:20:58,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379658.873914, 'message': 'Dec  7 04:20:57 hqnl0246134 sshd[286593]: Invalid user ubuntu from 165.227.166.207 port 56104', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 04:20:58,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379658.8740954, 'message': 'Dec  7 04:20:57 hqnl0246134 sshd[286593]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:20:58,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379658.8742504, 'message': 'Dec  7 04:20:57 hqnl0246134 sshd[286593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:21:00,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379660.8770745, 'message': 'Dec  7 04:20:59 hqnl0246134 sshd[286593]: Failed password for invalid user ubuntu from 165.227.166.207 port 56104 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 04:21:00,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379660.8774457, 'message': 'Dec  7 04:21:00 hqnl0246134 sshd[286580]: Failed password for root from 61.177.173.18 port 14233 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 04:21:00,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379660.877274, 'message': 'Dec  7 04:20:59 hqnl0246134 sshd[286593]: Disconnected from invalid user ubuntu 165.227.166.207 port 56104 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:21:08,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379668.8863275, 'message': 'Dec  7 04:21:07 hqnl0246134 sshd[286606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:21:08,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379668.886747, 'message': 'Dec  7 04:21:07 hqnl0246134 sshd[286606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 04:21:10,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379670.8858607, 'message': 'Dec  7 04:21:09 hqnl0246134 sshd[286606]: Failed password for root from 61.177.172.98 port 27215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 04:21:12,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:21:12,520] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0864 seconds
INFO    [2022-12-07 04:21:12,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379672.8885498, 'message': 'Dec  7 04:21:11 hqnl0246134 sshd[286606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-07 04:21:14,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379674.8921428, 'message': 'Dec  7 04:21:13 hqnl0246134 sshd[286606]: Failed password for root from 61.177.172.98 port 27215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:21:14,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379674.89238, 'message': 'Dec  7 04:21:13 hqnl0246134 sshd[286606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:21:16,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.98', 'timestamp': 1670379676.8944578, 'message': 'Dec  7 04:21:15 hqnl0246134 sshd[286606]: Failed password for root from 61.177.172.98 port 27215 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:21:19,282] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:21:19,283] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:21:19,291] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:21:19,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 04:21:19,752] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:21:19,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:21:19,759] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:21:19,770] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 04:21:24,364] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:21:24,365] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:21:24,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:21:24,388] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 04:21:38,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379698.9281218, 'message': 'Dec  7 04:21:37 hqnl0246134 sshd[286639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 04:21:40,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379700.929742, 'message': 'Dec  7 04:21:39 hqnl0246134 sshd[286639]: Failed password for root from 61.177.173.18 port 28374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
WARNING [2022-12-07 04:21:51,121] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:21:51,122] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:21:54,181] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:21:58,295] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:21:58,370] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:21:58,371] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:21:58,371] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:21:58,372] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:21:58,372] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:21:58,384] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:21:58,403] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0304 seconds
WARNING [2022-12-07 04:21:58,411] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:21:58,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:21:58,432] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0357 seconds
INFO    [2022-12-07 04:21:58,433] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0328 seconds
WARNING [2022-12-07 04:22:12,449] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:22:12,471] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-07 04:22:18,099] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:22:18,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:22:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:22:18,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 04:22:20,688] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:22:20,689] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:22:20,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:22:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0429 seconds
INFO    [2022-12-07 04:22:23,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379743.0420725, 'message': 'Dec  7 04:22:22 hqnl0246134 sshd[286679]: Invalid user tech from 101.226.253.162 port 38756', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 04:22:23,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379743.0423574, 'message': 'Dec  7 04:22:22 hqnl0246134 sshd[286679]: pam_imunify(sshd:auth): [IM360_RBL] The IP 101.226.253.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:22:23,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379743.0425708, 'message': 'Dec  7 04:22:22 hqnl0246134 sshd[286679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.226.253.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:22:25,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379745.0465982, 'message': 'Dec  7 04:22:23 hqnl0246134 sshd[286682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 04:22:27,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379747.0484917, 'message': 'Dec  7 04:22:25 hqnl0246134 sshd[286679]: Failed password for invalid user tech from 101.226.253.162 port 38756 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0619 seconds
INFO    [2022-12-07 04:22:27,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379747.0528486, 'message': 'Dec  7 04:22:25 hqnl0246134 sshd[286682]: Failed password for root from 61.177.173.18 port 45199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0735 seconds
INFO    [2022-12-07 04:22:27,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '101.226.253.162', 'timestamp': 1670379747.0529764, 'message': 'Dec  7 04:22:26 hqnl0246134 sshd[286679]: Disconnected from invalid user tech 101.226.253.162 port 38756 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 04:22:28,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:22:28,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:22:28,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:22:28,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 04:22:31,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379751.0564938, 'message': 'Dec  7 04:22:29 hqnl0246134 sshd[286682]: Failed password for root from 61.177.173.18 port 45199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:22:35,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379755.061067, 'message': 'Dec  7 04:22:33 hqnl0246134 sshd[286682]: Failed password for root from 61.177.173.18 port 45199 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 04:22:35,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379755.0625634, 'message': 'Dec  7 04:22:34 hqnl0246134 sshd[286701]: Invalid user odoo from 112.220.111.68 port 18349', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:22:35,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379755.0626988, 'message': 'Dec  7 04:22:34 hqnl0246134 sshd[286701]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.220.111.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:22:35,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379755.0628061, 'message': 'Dec  7 04:22:34 hqnl0246134 sshd[286701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.220.111.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:22:37,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379757.0646086, 'message': 'Dec  7 04:22:36 hqnl0246134 sshd[286701]: Failed password for invalid user odoo from 112.220.111.68 port 18349 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 04:22:39,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379759.0677714, 'message': 'Dec  7 04:22:38 hqnl0246134 sshd[286701]: Disconnected from invalid user odoo 112.220.111.68 port 18349 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 04:22:41,741] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:22:41,742] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:22:41,743] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 04:22:47,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379767.1039467, 'message': 'Dec  7 04:22:46 hqnl0246134 sshd[286704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 168.228.168.86 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:22:47,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379767.1043267, 'message': 'Dec  7 04:22:46 hqnl0246134 sshd[286704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.168.86  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:22:49,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '168.228.168.86', 'timestamp': 1670379769.1088164, 'message': 'Dec  7 04:22:48 hqnl0246134 sshd[286704]: Failed password for root from 168.228.168.86 port 53136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 04:22:51,129] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:22:51,130] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:23:05,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379785.169908, 'message': 'Dec  7 04:23:04 hqnl0246134 sshd[286726]: Invalid user user from 165.227.166.207 port 38180', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1914 seconds
INFO    [2022-12-07 04:23:05,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379785.170582, 'message': 'Dec  7 04:23:04 hqnl0246134 sshd[286726]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:23:05,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379785.1708302, 'message': 'Dec  7 04:23:04 hqnl0246134 sshd[286726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:23:07,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379787.1720912, 'message': 'Dec  7 04:23:05 hqnl0246134 sshd[286726]: Failed password for invalid user user from 165.227.166.207 port 38180 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:23:07,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379787.1723366, 'message': 'Dec  7 04:23:06 hqnl0246134 sshd[286726]: Disconnected from invalid user user 165.227.166.207 port 38180 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:23:11,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379791.1764383, 'message': 'Dec  7 04:23:09 hqnl0246134 sshd[286730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 04:23:12,451] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:23:12,474] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0306 seconds
INFO    [2022-12-07 04:23:13,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379793.1796494, 'message': 'Dec  7 04:23:12 hqnl0246134 sshd[286730]: Failed password for root from 61.177.173.18 port 14673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:23:17,856] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:23:17,857] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:23:17,864] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:23:17,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 04:23:19,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379799.1889298, 'message': 'Dec  7 04:23:16 hqnl0246134 sshd[286730]: Failed password for root from 61.177.173.18 port 14673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:23:20,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:23:20,479] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:23:20,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:23:20,515] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0347 seconds
INFO    [2022-12-07 04:23:21,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379801.190778, 'message': 'Dec  7 04:23:19 hqnl0246134 sshd[286730]: Failed password for root from 61.177.173.18 port 14673 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 04:23:39,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.210.60.30', 'timestamp': 1670379819.2108843, 'message': 'Dec  7 04:23:37 hqnl0246134 sshd[286753]: Invalid user ci from 170.210.60.30 port 55571', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 04:23:39,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.210.60.30', 'timestamp': 1670379819.2112334, 'message': 'Dec  7 04:23:37 hqnl0246134 sshd[286753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.210.60.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:23:39,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.210.60.30', 'timestamp': 1670379819.2113893, 'message': 'Dec  7 04:23:37 hqnl0246134 sshd[286753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:23:41,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.210.60.30', 'timestamp': 1670379821.212994, 'message': 'Dec  7 04:23:39 hqnl0246134 sshd[286753]: Failed password for invalid user ci from 170.210.60.30 port 55571 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:23:41,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '170.210.60.30', 'timestamp': 1670379821.2133224, 'message': 'Dec  7 04:23:40 hqnl0246134 sshd[286753]: Disconnected from invalid user ci 170.210.60.30 port 55571 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 04:23:42,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:23:42,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:23:42,887] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:23:42,899] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-07 04:23:51,134] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:23:51,135] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:23:55,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379835.2327964, 'message': 'Dec  7 04:23:54 hqnl0246134 sshd[286762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 04:23:57,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379837.2352293, 'message': 'Dec  7 04:23:56 hqnl0246134 sshd[286762]: Failed password for root from 61.177.173.18 port 27940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 04:24:01,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379841.2417884, 'message': 'Dec  7 04:23:59 hqnl0246134 sshd[286762]: Failed password for root from 61.177.173.18 port 27940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:24:01,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379841.2420518, 'message': 'Dec  7 04:24:00 hqnl0246134 sshd[286772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 04:24:01,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379841.2422667, 'message': 'Dec  7 04:24:00 hqnl0246134 sshd[286772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:24:03,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379843.2443452, 'message': 'Dec  7 04:24:02 hqnl0246134 sshd[286772]: Failed password for root from 61.177.173.51 port 31959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:24:03,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379843.2453618, 'message': 'Dec  7 04:24:03 hqnl0246134 sshd[286762]: Failed password for root from 61.177.173.18 port 27940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 04:24:03,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379843.244621, 'message': 'Dec  7 04:24:02 hqnl0246134 sshd[286772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:24:05,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379845.2469056, 'message': 'Dec  7 04:24:04 hqnl0246134 sshd[286772]: Failed password for root from 61.177.173.51 port 31959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:24:07,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379847.2506773, 'message': 'Dec  7 04:24:07 hqnl0246134 sshd[286772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:24:09,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379849.2529569, 'message': 'Dec  7 04:24:08 hqnl0246134 sshd[286772]: Failed password for root from 61.177.173.51 port 31959 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:24:11,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379851.2569983, 'message': 'Dec  7 04:24:10 hqnl0246134 sshd[286783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:24:11,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379851.257314, 'message': 'Dec  7 04:24:10 hqnl0246134 sshd[286783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 04:24:12,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:24:12,487] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0393 seconds
INFO    [2022-12-07 04:24:13,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379853.2582629, 'message': 'Dec  7 04:24:13 hqnl0246134 sshd[286783]: Failed password for root from 61.177.173.51 port 10491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:24:17,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379857.264831, 'message': 'Dec  7 04:24:15 hqnl0246134 sshd[286783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:24:17,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379857.2650292, 'message': 'Dec  7 04:24:16 hqnl0246134 sshd[286783]: Failed password for root from 61.177.173.51 port 10491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:24:18,250] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:24:18,251] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:24:18,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:24:18,269] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:24:19,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379859.2663755, 'message': 'Dec  7 04:24:17 hqnl0246134 sshd[286783]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 04:24:19,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670379859.2667117, 'message': 'Dec  7 04:24:19 hqnl0246134 sshd[286783]: Failed password for root from 61.177.173.51 port 10491 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 04:24:21,114] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:24:21,115] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:24:21,128] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:24:21,147] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0314 seconds
INFO    [2022-12-07 04:24:41,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379881.3039997, 'message': 'Dec  7 04:24:40 hqnl0246134 sshd[286806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 04:24:43,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379883.3077419, 'message': 'Dec  7 04:24:41 hqnl0246134 sshd[286806]: Failed password for root from 61.177.173.18 port 43015 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0260 seconds
WARNING [2022-12-07 04:24:51,138] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:24:51,139] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:25:12,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:25:12,498] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0448 seconds
INFO    [2022-12-07 04:25:15,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379915.344638, 'message': 'Dec  7 04:25:15 hqnl0246134 sshd[286870]: Invalid user user from 165.227.166.207 port 48466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 04:25:17,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379917.3459232, 'message': 'Dec  7 04:25:15 hqnl0246134 sshd[286870]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 04:25:17,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379917.3461936, 'message': 'Dec  7 04:25:15 hqnl0246134 sshd[286870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 04:25:17,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379917.3468022, 'message': 'Dec  7 04:25:17 hqnl0246134 sshd[286870]: Failed password for invalid user user from 165.227.166.207 port 48466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 04:25:17,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670379917.3469753, 'message': 'Dec  7 04:25:17 hqnl0246134 sshd[286870]: Disconnected from invalid user user 165.227.166.207 port 48466 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 04:25:18,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:25:18,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:25:18,409] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:25:18,420] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 04:25:20,123] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:25:20,123] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:25:20,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:25:20,147] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 04:25:21,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:25:21,043] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:25:21,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:25:21,162] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1185 seconds
INFO    [2022-12-07 04:25:25,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379925.3604276, 'message': 'Dec  7 04:25:25 hqnl0246134 sshd[286891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:25:27,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379927.363242, 'message': 'Dec  7 04:25:27 hqnl0246134 sshd[286891]: Failed password for root from 61.177.173.18 port 53516 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:25:31,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379931.3743522, 'message': 'Dec  7 04:25:31 hqnl0246134 sshd[286891]: Failed password for root from 61.177.173.18 port 53516 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:25:35,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379935.384945, 'message': 'Dec  7 04:25:33 hqnl0246134 sshd[286891]: Failed password for root from 61.177.173.18 port 53516 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 04:25:35,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379935.3933904, 'message': 'Dec  7 04:25:34 hqnl0246134 sshd[286903]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.220.111.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 04:25:35,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379935.3936248, 'message': 'Dec  7 04:25:34 hqnl0246134 sshd[286903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.220.111.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:25:37,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.220.111.68', 'timestamp': 1670379937.3863719, 'message': 'Dec  7 04:25:37 hqnl0246134 sshd[286903]: Failed password for root from 112.220.111.68 port 17136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 04:25:51,214] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:25:51,215] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:26:09,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379969.4367836, 'message': 'Dec  7 04:26:08 hqnl0246134 sshd[286927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 04:26:11,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670379971.4376714, 'message': 'Dec  7 04:26:09 hqnl0246134 sshd[286927]: Failed password for root from 61.177.173.18 port 56881 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-07 04:26:12,464] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:26:12,486] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0295 seconds
INFO    [2022-12-07 04:26:17,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:26:17,829] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:26:17,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:26:17,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 04:26:20,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:26:20,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:26:20,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:26:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 04:26:51,218] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:26:51,219] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:26:55,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380015.514803, 'message': 'Dec  7 04:26:54 hqnl0246134 sshd[287036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:26:57,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380017.5164304, 'message': 'Dec  7 04:26:56 hqnl0246134 sshd[287036]: Failed password for root from 61.177.173.18 port 24575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:27:01,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380021.526171, 'message': 'Dec  7 04:26:58 hqnl0246134 sshd[287036]: Failed password for root from 61.177.173.18 port 24575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:27:03,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380023.5290372, 'message': 'Dec  7 04:27:01 hqnl0246134 sshd[287036]: Failed password for root from 61.177.173.18 port 24575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:27:06,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:27:06,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:27:06,168] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:27:06,180] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 04:27:11,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670380031.5458694, 'message': 'Dec  7 04:27:09 hqnl0246134 sshd[287054]: Invalid user s from 144.34.161.112 port 53446', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 04:27:11,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.161.112', 'timestamp': 1670380031.546323, 'message': 'Dec  7 04:27:10 hqnl0246134 sshd[287054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.161.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:27:11,609] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.161.112', 'timestamp': 1670380031.5488997, 'message': 'Dec  7 04:27:10 hqnl0246134 sshd[287054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.161.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:27:12,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:27:12,488] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0284 seconds
INFO    [2022-12-07 04:27:13,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670380033.5477335, 'message': 'Dec  7 04:27:11 hqnl0246134 sshd[287054]: Failed password for invalid user s from 144.34.161.112 port 53446 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:27:13,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.161.112', 'timestamp': 1670380033.5481122, 'message': 'Dec  7 04:27:12 hqnl0246134 sshd[287054]: Disconnected from invalid user s 144.34.161.112 port 53446 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:27:17,750] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:27:17,750] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:27:17,760] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:27:17,772] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 04:27:20,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:27:20,335] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:27:20,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:27:20,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 04:27:25,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380045.5696983, 'message': 'Dec  7 04:27:24 hqnl0246134 sshd[287080]: Invalid user user1 from 165.227.166.207 port 58766', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:27:25,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380045.5701075, 'message': 'Dec  7 04:27:24 hqnl0246134 sshd[287080]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:27:25,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380045.570307, 'message': 'Dec  7 04:27:24 hqnl0246134 sshd[287080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 04:27:27,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380047.570921, 'message': 'Dec  7 04:27:26 hqnl0246134 sshd[287080]: Failed password for invalid user user1 from 165.227.166.207 port 58766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:27:29,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380049.574468, 'message': 'Dec  7 04:27:28 hqnl0246134 sshd[287080]: Disconnected from invalid user user1 165.227.166.207 port 58766 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:27:36,112] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:27:36,177] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:27:36,177] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:27:36,178] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:27:36,178] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:27:36,178] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:27:36,188] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:27:36,206] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0271 seconds
WARNING [2022-12-07 04:27:36,217] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:27:36,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:27:36,241] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0427 seconds
INFO    [2022-12-07 04:27:36,242] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0405 seconds
INFO    [2022-12-07 04:27:41,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380061.5989544, 'message': 'Dec  7 04:27:40 hqnl0246134 sshd[287092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:27:43,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380063.6009948, 'message': 'Dec  7 04:27:41 hqnl0246134 sshd[287092]: Failed password for root from 61.177.173.18 port 33268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:27:47,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380067.6068468, 'message': 'Dec  7 04:27:44 hqnl0246134 sshd[287092]: Failed password for root from 61.177.173.18 port 33268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 04:27:47,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380067.6089587, 'message': 'Dec  7 04:27:46 hqnl0246134 sshd[287094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 04:27:47,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380067.6090796, 'message': 'Dec  7 04:27:46 hqnl0246134 sshd[287094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:27:49,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380069.6124609, 'message': 'Dec  7 04:27:48 hqnl0246134 sshd[287094]: Failed password for root from 61.177.173.39 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 04:27:49,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380069.6126633, 'message': 'Dec  7 04:27:48 hqnl0246134 sshd[287092]: Failed password for root from 61.177.173.18 port 33268 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
WARNING [2022-12-07 04:27:51,222] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:27:51,223] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:27:51,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380071.6183734, 'message': 'Dec  7 04:27:50 hqnl0246134 sshd[287094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 04:27:53,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380073.621884, 'message': 'Dec  7 04:27:52 hqnl0246134 sshd[287094]: Failed password for root from 61.177.173.39 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:27:53,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380073.6221006, 'message': 'Dec  7 04:27:53 hqnl0246134 sshd[287094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 04:27:55,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380075.6261945, 'message': 'Dec  7 04:27:55 hqnl0246134 sshd[287094]: Failed password for root from 61.177.173.39 port 56899 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:27:59,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380079.6368048, 'message': 'Dec  7 04:27:58 hqnl0246134 sshd[287104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:27:59,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380079.6370173, 'message': 'Dec  7 04:27:58 hqnl0246134 sshd[287104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:28:01,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380081.6397161, 'message': 'Dec  7 04:28:00 hqnl0246134 sshd[287104]: Failed password for root from 61.177.173.39 port 54737 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:28:01,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380081.639903, 'message': 'Dec  7 04:28:00 hqnl0246134 sshd[287104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:28:03,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380083.6419609, 'message': 'Dec  7 04:28:03 hqnl0246134 sshd[287104]: Failed password for root from 61.177.173.39 port 54737 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:28:05,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380085.6451442, 'message': 'Dec  7 04:28:05 hqnl0246134 sshd[287104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:28:06,307] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:28:06,307] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:28:06,308] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 04:28:07,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380087.6471791, 'message': 'Dec  7 04:28:06 hqnl0246134 sshd[287119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 04:28:07,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380087.6476367, 'message': 'Dec  7 04:28:06 hqnl0246134 sshd[287106]: Invalid user alfredo from 191.81.134.68 port 57593', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 04:28:07,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380087.6474175, 'message': 'Dec  7 04:28:06 hqnl0246134 sshd[287119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 04:28:07,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380087.6478205, 'message': 'Dec  7 04:28:07 hqnl0246134 sshd[287106]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.81.134.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 04:28:07,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380087.6479585, 'message': 'Dec  7 04:28:07 hqnl0246134 sshd[287106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.134.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 04:28:09,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380089.6500988, 'message': 'Dec  7 04:28:07 hqnl0246134 sshd[287104]: Failed password for root from 61.177.173.39 port 54737 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 04:28:09,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380089.6503286, 'message': 'Dec  7 04:28:08 hqnl0246134 sshd[287119]: Failed password for root from 61.177.173.52 port 59548 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 04:28:09,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380089.650443, 'message': 'Dec  7 04:28:09 hqnl0246134 sshd[287106]: Failed password for invalid user alfredo from 191.81.134.68 port 57593 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 04:28:11,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380091.6530204, 'message': 'Dec  7 04:28:10 hqnl0246134 sshd[287119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 04:28:11,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380091.6533024, 'message': 'Dec  7 04:28:10 hqnl0246134 sshd[287124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-07 04:28:11,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380091.653544, 'message': 'Dec  7 04:28:11 hqnl0246134 sshd[287106]: Disconnected from invalid user alfredo 191.81.134.68 port 57593 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-07 04:28:11,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380091.6534202, 'message': 'Dec  7 04:28:10 hqnl0246134 sshd[287124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 04:28:12,328] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:28:12,328] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:28:12,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:28:12,354] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
WARNING [2022-12-07 04:28:12,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:28:12,492] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0299 seconds
INFO    [2022-12-07 04:28:13,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380093.6541786, 'message': 'Dec  7 04:28:12 hqnl0246134 sshd[287119]: Failed password for root from 61.177.173.52 port 59548 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 04:28:13,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380093.6544724, 'message': 'Dec  7 04:28:12 hqnl0246134 sshd[287124]: Failed password for root from 61.177.173.39 port 48193 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:28:13,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380093.654623, 'message': 'Dec  7 04:28:12 hqnl0246134 sshd[287119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 04:28:13,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380093.6551988, 'message': 'Dec  7 04:28:13 hqnl0246134 sshd[287124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 04:28:15,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380095.6563408, 'message': 'Dec  7 04:28:15 hqnl0246134 sshd[287124]: Failed password for root from 61.177.173.39 port 48193 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:28:15,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670380095.656574, 'message': 'Dec  7 04:28:15 hqnl0246134 sshd[287119]: Failed password for root from 61.177.173.52 port 59548 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:28:17,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380097.6589885, 'message': 'Dec  7 04:28:17 hqnl0246134 sshd[287124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:28:17,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:28:17,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:28:17,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:28:17,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 04:28:19,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670380099.662163, 'message': 'Dec  7 04:28:19 hqnl0246134 sshd[287124]: Failed password for root from 61.177.173.39 port 48193 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:28:20,449] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:28:20,450] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:28:20,456] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:28:20,467] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 04:28:27,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380107.6718624, 'message': 'Dec  7 04:28:26 hqnl0246134 sshd[287142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 04:28:29,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380109.6745217, 'message': 'Dec  7 04:28:28 hqnl0246134 sshd[287142]: Failed password for root from 61.177.173.18 port 51719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 04:28:31,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380111.6764665, 'message': 'Dec  7 04:28:31 hqnl0246134 sshd[287142]: Failed password for root from 61.177.173.18 port 51719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 04:28:31,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670380111.6767, 'message': 'Dec  7 04:28:31 hqnl0246134 sshd[287154]: Invalid user git from 112.220.111.68 port 15045', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 04:28:31,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.220.111.68', 'timestamp': 1670380111.676881, 'message': 'Dec  7 04:28:31 hqnl0246134 sshd[287154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.220.111.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:28:31,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.220.111.68', 'timestamp': 1670380111.6770334, 'message': 'Dec  7 04:28:31 hqnl0246134 sshd[287154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.220.111.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:28:33,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670380113.6795816, 'message': 'Dec  7 04:28:33 hqnl0246134 sshd[287154]: Failed password for invalid user git from 112.220.111.68 port 15045 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:28:35,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380115.6874924, 'message': 'Dec  7 04:28:34 hqnl0246134 sshd[287142]: Failed password for root from 61.177.173.18 port 51719 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:28:37,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.220.111.68', 'timestamp': 1670380117.6912186, 'message': 'Dec  7 04:28:35 hqnl0246134 sshd[287154]: Disconnected from invalid user git 112.220.111.68 port 15045 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:28:51,226] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:28:51,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:29:12,478] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:29:12,516] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0507 seconds
INFO    [2022-12-07 04:29:15,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380155.7617488, 'message': 'Dec  7 04:29:14 hqnl0246134 sshd[287183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:29:17,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380157.763985, 'message': 'Dec  7 04:29:16 hqnl0246134 sshd[287183]: Failed password for root from 61.177.173.18 port 13419 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:29:18,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:29:18,013] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:29:18,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:29:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-07 04:29:19,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380159.7658207, 'message': 'Dec  7 04:29:18 hqnl0246134 sshd[287183]: Failed password for root from 61.177.173.18 port 13419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 04:29:21,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:29:21,403] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:29:21,414] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:29:21,432] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0278 seconds
INFO    [2022-12-07 04:29:21,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380161.7692597, 'message': 'Dec  7 04:29:21 hqnl0246134 sshd[287183]: Failed password for root from 61.177.173.18 port 13419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:29:25,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:29:25,479] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:29:25,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:29:25,509] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-07 04:29:37,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380177.789588, 'message': 'Dec  7 04:29:35 hqnl0246134 sshd[287234]: Invalid user user2 from 165.227.166.207 port 40806', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 04:29:37,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380177.7901583, 'message': 'Dec  7 04:29:36 hqnl0246134 sshd[287234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:29:37,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380177.7903388, 'message': 'Dec  7 04:29:36 hqnl0246134 sshd[287234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:29:39,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380179.7886374, 'message': 'Dec  7 04:29:38 hqnl0246134 sshd[287234]: Failed password for invalid user user2 from 165.227.166.207 port 40806 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:29:39,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380179.7889404, 'message': 'Dec  7 04:29:38 hqnl0246134 sshd[287234]: Disconnected from invalid user user2 165.227.166.207 port 40806 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-07 04:29:51,232] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:29:51,233] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:29:54,821] defence360agent.files: Updating all files
INFO    [2022-12-07 04:29:55,162] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:55,163] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 04:29:55,449] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:55,449] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 04:29:55,786] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:55,787] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 04:29:56,068] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:56,069] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 04:29:56,070] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 04:29:56,327] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 02:29:56 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E61F04006842D'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 04:29:56,329] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 04:29:56,329] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 04:29:56,889] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:56,890] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 04:29:57,200] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:57,201] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 04:29:57,462] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:57,462] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 04:29:57,854] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:57,854] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 04:29:58,261] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 04:29:58,262] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 04:29:59,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380199.8266869, 'message': 'Dec  7 04:29:59 hqnl0246134 sshd[287247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 04:30:03,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380203.8296916, 'message': 'Dec  7 04:30:01 hqnl0246134 sshd[287247]: Failed password for root from 61.177.173.18 port 26358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0584 seconds
WARNING [2022-12-07 04:30:12,477] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:30:12,501] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0308 seconds
INFO    [2022-12-07 04:30:18,178] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:30:18,178] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:30:18,185] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:30:18,196] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 04:30:20,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:30:20,777] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:30:20,784] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:30:20,796] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 04:30:45,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380245.8819292, 'message': 'Dec  7 04:30:45 hqnl0246134 sshd[287312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 04:30:47,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380247.8822007, 'message': 'Dec  7 04:30:47 hqnl0246134 sshd[287312]: Failed password for root from 61.177.173.18 port 45821 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 04:30:51,235] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:30:51,236] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:30:58,690] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:30:58,691] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:30:58,699] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:30:58,710] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 04:31:05,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380265.9140427, 'message': 'Dec  7 04:31:05 hqnl0246134 sshd[287336]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:31:05,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380265.9142873, 'message': 'Dec  7 04:31:05 hqnl0246134 sshd[287336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 04:31:07,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380267.917218, 'message': 'Dec  7 04:31:07 hqnl0246134 sshd[287336]: Failed password for root from 61.177.172.114 port 25279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:31:09,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380269.9180307, 'message': 'Dec  7 04:31:09 hqnl0246134 sshd[287336]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:31:11,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380271.9225745, 'message': 'Dec  7 04:31:11 hqnl0246134 sshd[287336]: Failed password for root from 61.177.172.114 port 25279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
WARNING [2022-12-07 04:31:12,480] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:31:12,499] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0267 seconds
INFO    [2022-12-07 04:31:13,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380273.9300478, 'message': 'Dec  7 04:31:12 hqnl0246134 sshd[287336]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:31:15,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380275.9337134, 'message': 'Dec  7 04:31:14 hqnl0246134 sshd[287336]: Failed password for root from 61.177.172.114 port 25279 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 04:31:17,989] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:31:17,990] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:31:17,998] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:31:18,009] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 04:31:19,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380279.9386528, 'message': 'Dec  7 04:31:17 hqnl0246134 sshd[287344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 04:31:19,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380279.9390912, 'message': 'Dec  7 04:31:17 hqnl0246134 sshd[287344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:31:20,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380279.9393556, 'message': 'Dec  7 04:31:19 hqnl0246134 sshd[287344]: Failed password for root from 61.177.172.114 port 11953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:31:20,636] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:31:20,636] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:31:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:31:20,657] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 04:31:22,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380282.061345, 'message': 'Dec  7 04:31:20 hqnl0246134 sshd[287344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 04:31:23,966] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380283.9469554, 'message': 'Dec  7 04:31:22 hqnl0246134 sshd[287344]: Failed password for root from 61.177.172.114 port 11953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:31:25,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380285.947805, 'message': 'Dec  7 04:31:24 hqnl0246134 sshd[287344]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:31:27,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380287.950184, 'message': 'Dec  7 04:31:26 hqnl0246134 sshd[287344]: Failed password for root from 61.177.172.114 port 11953 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 04:31:29,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380289.9524994, 'message': 'Dec  7 04:31:28 hqnl0246134 sshd[287364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:31:31,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380291.954783, 'message': 'Dec  7 04:31:30 hqnl0246134 sshd[287364]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 04:31:31,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380291.9550931, 'message': 'Dec  7 04:31:30 hqnl0246134 sshd[287366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 04:31:32,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380291.9552507, 'message': 'Dec  7 04:31:30 hqnl0246134 sshd[287366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:31:32,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380291.955393, 'message': 'Dec  7 04:31:31 hqnl0246134 sshd[287366]: Failed password for root from 61.177.172.114 port 57170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:31:33,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380293.9570882, 'message': 'Dec  7 04:31:32 hqnl0246134 sshd[287366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 04:31:34,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380293.9574127, 'message': 'Dec  7 04:31:32 hqnl0246134 sshd[287364]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 04:31:35,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380295.9583907, 'message': 'Dec  7 04:31:34 hqnl0246134 sshd[287366]: Failed password for root from 61.177.172.114 port 57170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 04:31:35,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380295.9588108, 'message': 'Dec  7 04:31:34 hqnl0246134 sshd[287364]: Failed password for root from 61.177.173.18 port 54440 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 04:31:36,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380295.9586642, 'message': 'Dec  7 04:31:34 hqnl0246134 sshd[287366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:31:37,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380297.9608169, 'message': 'Dec  7 04:31:36 hqnl0246134 sshd[287366]: Failed password for root from 61.177.172.114 port 57170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:31:39,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380299.9636676, 'message': 'Dec  7 04:31:38 hqnl0246134 sshd[287370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 04:31:40,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380299.96407, 'message': 'Dec  7 04:31:38 hqnl0246134 sshd[287370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:31:40,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380299.9643955, 'message': 'Dec  7 04:31:39 hqnl0246134 sshd[287370]: Failed password for root from 61.177.172.114 port 10896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:31:41,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380301.9650726, 'message': 'Dec  7 04:31:40 hqnl0246134 sshd[287373]: Invalid user user from 165.227.166.207 port 51094', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 04:31:41,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380301.965519, 'message': 'Dec  7 04:31:40 hqnl0246134 sshd[287370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 04:31:42,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380301.9652948, 'message': 'Dec  7 04:31:40 hqnl0246134 sshd[287373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:31:42,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380301.9654045, 'message': 'Dec  7 04:31:40 hqnl0246134 sshd[287373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:31:43,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380303.9664693, 'message': 'Dec  7 04:31:42 hqnl0246134 sshd[287373]: Failed password for invalid user user from 165.227.166.207 port 51094 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:31:43,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380303.9666913, 'message': 'Dec  7 04:31:42 hqnl0246134 sshd[287370]: Failed password for root from 61.177.172.114 port 10896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 04:31:44,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380303.9668791, 'message': 'Dec  7 04:31:42 hqnl0246134 sshd[287373]: Disconnected from invalid user user 165.227.166.207 port 51094 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 04:31:44,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380303.966986, 'message': 'Dec  7 04:31:42 hqnl0246134 sshd[287370]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 04:31:45,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670380305.9700086, 'message': 'Dec  7 04:31:44 hqnl0246134 sshd[287370]: Failed password for root from 61.177.172.114 port 10896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:31:49,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380309.9737906, 'message': 'Dec  7 04:31:48 hqnl0246134 sshd[287375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:31:50,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380309.974068, 'message': 'Dec  7 04:31:48 hqnl0246134 sshd[287375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 04:31:51,240] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:31:51,240] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:31:51,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380311.9739804, 'message': 'Dec  7 04:31:50 hqnl0246134 sshd[287375]: Failed password for root from 61.177.173.53 port 44470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:31:53,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380313.9746614, 'message': 'Dec  7 04:31:52 hqnl0246134 sshd[287375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:31:54,184] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:31:56,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380315.975858, 'message': 'Dec  7 04:31:54 hqnl0246134 sshd[287375]: Failed password for root from 61.177.173.53 port 44470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 04:31:56,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380315.9761264, 'message': 'Dec  7 04:31:55 hqnl0246134 sshd[287375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:31:57,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380317.9778922, 'message': 'Dec  7 04:31:57 hqnl0246134 sshd[287375]: Failed password for root from 61.177.173.53 port 44470 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:32:03,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:32:03,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:32:03,476] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:32:03,487] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 04:32:04,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380323.9851005, 'message': 'Dec  7 04:32:02 hqnl0246134 sshd[287389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:32:04,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380323.985421, 'message': 'Dec  7 04:32:02 hqnl0246134 sshd[287398]: Invalid user gpadmin from 134.17.94.181 port 7650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 04:32:04,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380323.9852836, 'message': 'Dec  7 04:32:02 hqnl0246134 sshd[287389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 04:32:04,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380323.9860375, 'message': 'Dec  7 04:32:02 hqnl0246134 sshd[287398]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.94.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 04:32:04,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380323.9861405, 'message': 'Dec  7 04:32:02 hqnl0246134 sshd[287398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.94.181 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:32:06,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380325.9891486, 'message': 'Dec  7 04:32:04 hqnl0246134 sshd[287389]: Failed password for root from 61.177.173.53 port 60264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 04:32:06,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380325.9894915, 'message': 'Dec  7 04:32:04 hqnl0246134 sshd[287398]: Failed password for invalid user gpadmin from 134.17.94.181 port 7650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 04:32:06,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380325.9896915, 'message': 'Dec  7 04:32:04 hqnl0246134 sshd[287389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 04:32:06,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380325.990752, 'message': 'Dec  7 04:32:05 hqnl0246134 sshd[287398]: Disconnected from invalid user gpadmin 134.17.94.181 port 7650 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-07 04:32:08,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380327.9927762, 'message': 'Dec  7 04:32:06 hqnl0246134 sshd[287389]: Failed password for root from 61.177.173.53 port 60264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:32:08,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380327.9929867, 'message': 'Dec  7 04:32:06 hqnl0246134 sshd[287389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:32:10,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670380329.996338, 'message': 'Dec  7 04:32:08 hqnl0246134 sshd[287389]: Failed password for root from 61.177.173.53 port 60264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 04:32:12,483] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:32:12,508] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0320 seconds
INFO    [2022-12-07 04:32:14,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380334.0033324, 'message': 'Dec  7 04:32:12 hqnl0246134 sshd[287413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:32:16,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380336.0072155, 'message': 'Dec  7 04:32:14 hqnl0246134 sshd[287413]: Failed password for root from 61.177.173.18 port 22608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:32:17,777] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:32:17,778] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:32:17,787] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:32:17,798] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 04:32:18,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380338.0106847, 'message': 'Dec  7 04:32:16 hqnl0246134 sshd[287413]: Failed password for root from 61.177.173.18 port 22608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:32:20,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380340.014231, 'message': 'Dec  7 04:32:19 hqnl0246134 sshd[287413]: Failed password for root from 61.177.173.18 port 22608 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:32:20,409] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:32:20,410] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:32:20,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:32:20,428] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-07 04:32:51,244] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:32:51,246] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:33:00,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380380.0814068, 'message': 'Dec  7 04:32:58 hqnl0246134 sshd[287449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:33:02,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380382.0823781, 'message': 'Dec  7 04:33:00 hqnl0246134 sshd[287449]: Failed password for root from 61.177.173.18 port 40851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0673 seconds
INFO    [2022-12-07 04:33:04,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380384.084268, 'message': 'Dec  7 04:33:02 hqnl0246134 sshd[287449]: Failed password for root from 61.177.173.18 port 40851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:33:06,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380386.0870066, 'message': 'Dec  7 04:33:04 hqnl0246134 sshd[287449]: Failed password for root from 61.177.173.18 port 40851 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:33:07,843] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:33:07,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:33:07,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:33:07,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
WARNING [2022-12-07 04:33:12,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:33:12,505] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0262 seconds
INFO    [2022-12-07 04:33:18,048] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:33:18,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:33:18,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:33:18,067] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 04:33:20,586] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:33:20,587] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:33:20,594] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:33:20,607] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 04:33:44,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380424.14676, 'message': 'Dec  7 04:33:42 hqnl0246134 sshd[287494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 04:33:46,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380426.1465054, 'message': 'Dec  7 04:33:44 hqnl0246134 sshd[287494]: Failed password for root from 61.177.173.18 port 54486 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:33:50,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380430.1512954, 'message': 'Dec  7 04:33:47 hqnl0246134 sshd[287494]: Failed password for root from 61.177.173.18 port 54486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 04:33:50,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380430.1515312, 'message': 'Dec  7 04:33:49 hqnl0246134 sshd[287518]: Invalid user user from 165.227.166.207 port 33150', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:33:50,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380430.1519856, 'message': 'Dec  7 04:33:49 hqnl0246134 sshd[287494]: Failed password for root from 61.177.173.18 port 54486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 04:33:50,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380430.1517246, 'message': 'Dec  7 04:33:49 hqnl0246134 sshd[287518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 04:33:50,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380430.1518574, 'message': 'Dec  7 04:33:49 hqnl0246134 sshd[287518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-07 04:33:51,251] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:33:51,251] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:33:52,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380432.1530292, 'message': 'Dec  7 04:33:51 hqnl0246134 sshd[287518]: Failed password for invalid user user from 165.227.166.207 port 33150 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:33:54,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380434.15603, 'message': 'Dec  7 04:33:53 hqnl0246134 sshd[287518]: Disconnected from invalid user user 165.227.166.207 port 33150 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 04:34:12,491] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:34:12,513] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-07 04:34:17,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:34:17,792] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:34:17,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:34:17,811] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 04:34:20,305] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:34:20,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:34:20,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:34:20,324] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 04:34:30,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380470.214815, 'message': 'Dec  7 04:34:28 hqnl0246134 sshd[287561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 04:34:32,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380472.2176065, 'message': 'Dec  7 04:34:30 hqnl0246134 sshd[287561]: Failed password for root from 61.177.173.18 port 19462 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:34:44,294] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:34:44,295] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:34:44,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:34:44,318] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 04:34:50,738] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:34:50,807] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:34:50,807] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:34:50,808] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:34:50,808] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:34:50,808] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:34:50,819] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:34:50,838] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0286 seconds
WARNING [2022-12-07 04:34:50,845] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:34:50,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:34:50,864] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0319 seconds
INFO    [2022-12-07 04:34:50,865] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0299 seconds
WARNING [2022-12-07 04:34:51,254] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:34:51,254] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:35:12,498] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:35:12,517] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-07 04:35:16,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380516.2749534, 'message': 'Dec  7 04:35:15 hqnl0246134 sshd[287610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:35:17,838] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:35:17,839] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:35:17,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:35:17,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 04:35:18,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380518.277083, 'message': 'Dec  7 04:35:17 hqnl0246134 sshd[287614]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.210.60.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 04:35:18,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380518.277649, 'message': 'Dec  7 04:35:18 hqnl0246134 sshd[287610]: Failed password for root from 61.177.173.18 port 41551 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-07 04:35:18,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380518.277397, 'message': 'Dec  7 04:35:17 hqnl0246134 sshd[287614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:35:20,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380520.277461, 'message': 'Dec  7 04:35:19 hqnl0246134 sshd[287614]: Failed password for root from 170.210.60.30 port 48560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:35:20,528] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:35:20,528] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:35:20,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:35:20,561] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0313 seconds
INFO    [2022-12-07 04:35:20,935] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:35:20,936] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:35:20,937] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 04:35:22,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380522.2806902, 'message': 'Dec  7 04:35:22 hqnl0246134 sshd[287610]: Failed password for root from 61.177.173.18 port 41551 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 04:35:28,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380528.29063, 'message': 'Dec  7 04:35:24 hqnl0246134 sshd[287610]: Failed password for root from 61.177.173.18 port 41551 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
WARNING [2022-12-07 04:35:51,261] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:35:51,263] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:35:58,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380558.3294275, 'message': 'Dec  7 04:35:57 hqnl0246134 sshd[287651]: Invalid user user from 165.227.166.207 port 43446', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 04:35:58,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380558.329901, 'message': 'Dec  7 04:35:57 hqnl0246134 sshd[287651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:35:58,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380558.3300798, 'message': 'Dec  7 04:35:57 hqnl0246134 sshd[287651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:36:00,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380560.3297303, 'message': 'Dec  7 04:35:59 hqnl0246134 sshd[287651]: Failed password for invalid user user from 165.227.166.207 port 43446 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:36:00,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380560.3299198, 'message': 'Dec  7 04:35:59 hqnl0246134 sshd[287651]: Disconnected from invalid user user 165.227.166.207 port 43446 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:36:02,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380562.3318903, 'message': 'Dec  7 04:36:00 hqnl0246134 sshd[287653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:36:02,590] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:36:02,591] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:36:02,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:36:02,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 04:36:04,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380564.3359644, 'message': 'Dec  7 04:36:03 hqnl0246134 sshd[287653]: Failed password for root from 61.177.173.18 port 45152 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:36:12,496] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:36:12,521] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0332 seconds
INFO    [2022-12-07 04:36:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:36:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:36:17,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:36:17,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 04:36:20,513] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:36:20,514] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:36:20,521] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:36:20,532] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 04:36:28,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380588.3707922, 'message': 'Dec  7 04:36:26 hqnl0246134 sshd[287686]: Invalid user ma from 191.81.134.68 port 46775', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 04:36:28,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380588.371336, 'message': 'Dec  7 04:36:26 hqnl0246134 sshd[287686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.81.134.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:36:28,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380588.3715825, 'message': 'Dec  7 04:36:26 hqnl0246134 sshd[287686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.134.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:36:28,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380588.371801, 'message': 'Dec  7 04:36:28 hqnl0246134 sshd[287686]: Failed password for invalid user ma from 191.81.134.68 port 46775 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:36:30,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670380590.3729036, 'message': 'Dec  7 04:36:28 hqnl0246134 sshd[287686]: Disconnected from invalid user ma 191.81.134.68 port 46775 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:36:46,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380606.4225092, 'message': 'Dec  7 04:36:45 hqnl0246134 sshd[287703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 04:36:48,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380608.4244857, 'message': 'Dec  7 04:36:47 hqnl0246134 sshd[287703]: Failed password for root from 61.177.173.18 port 56205 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 04:36:51,265] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:36:51,266] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:37:12,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:37:12,535] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0433 seconds
INFO    [2022-12-07 04:37:17,865] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:37:17,865] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:37:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:37:17,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 04:37:20,712] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:37:20,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:37:20,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:37:20,732] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 04:37:32,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380652.508306, 'message': 'Dec  7 04:37:30 hqnl0246134 sshd[287756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 04:37:34,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380654.5111592, 'message': 'Dec  7 04:37:32 hqnl0246134 sshd[287756]: Failed password for root from 61.177.173.18 port 16923 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:37:43,907] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:37:43,908] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:37:43,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:37:43,928] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-07 04:37:51,270] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:37:51,272] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:38:06,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380686.6322744, 'message': 'Dec  7 04:38:04 hqnl0246134 sshd[287784]: Invalid user user from 165.227.166.207 port 53738', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 04:38:06,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380686.6330712, 'message': 'Dec  7 04:38:04 hqnl0246134 sshd[287784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:38:06,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380686.633331, 'message': 'Dec  7 04:38:04 hqnl0246134 sshd[287784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:38:06,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380686.6334636, 'message': 'Dec  7 04:38:06 hqnl0246134 sshd[287784]: Failed password for invalid user user from 165.227.166.207 port 53738 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:38:08,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380688.639115, 'message': 'Dec  7 04:38:06 hqnl0246134 sshd[287784]: Disconnected from invalid user user 165.227.166.207 port 53738 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
WARNING [2022-12-07 04:38:12,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:38:12,539] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0406 seconds
INFO    [2022-12-07 04:38:16,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380696.6722395, 'message': 'Dec  7 04:38:15 hqnl0246134 sshd[287786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:38:16,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380696.6724782, 'message': 'Dec  7 04:38:16 hqnl0246134 sshd[287786]: Failed password for root from 61.177.173.18 port 31354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:38:18,180] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:38:18,181] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:38:18,188] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:38:18,200] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 04:38:20,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380700.6811097, 'message': 'Dec  7 04:38:19 hqnl0246134 sshd[287786]: Failed password for root from 61.177.173.18 port 31354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:38:20,902] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:38:20,903] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:38:20,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:38:20,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 04:38:22,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380702.6886268, 'message': 'Dec  7 04:38:21 hqnl0246134 sshd[287786]: Failed password for root from 61.177.173.18 port 31354 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:38:48,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380728.749914, 'message': 'Dec  7 04:38:48 hqnl0246134 sshd[287814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.210.60.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 04:38:48,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380728.7504594, 'message': 'Dec  7 04:38:48 hqnl0246134 sshd[287814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:38:50,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380730.7509425, 'message': 'Dec  7 04:38:50 hqnl0246134 sshd[287814]: Failed password for root from 170.210.60.30 port 43642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 04:38:51,274] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:38:51,274] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:38:52,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:38:52,996] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:38:53,006] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:38:53,023] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-07 04:39:02,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380742.7675471, 'message': 'Dec  7 04:39:01 hqnl0246134 sshd[287829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 04:39:04,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380744.7670019, 'message': 'Dec  7 04:39:04 hqnl0246134 sshd[287829]: Failed password for root from 61.177.173.18 port 52453 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
WARNING [2022-12-07 04:39:12,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:39:12,532] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0294 seconds
INFO    [2022-12-07 04:39:18,243] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:39:18,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:39:18,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:39:18,262] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 04:39:21,704] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:39:21,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:39:21,743] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:39:21,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0581 seconds
INFO    [2022-12-07 04:39:30,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380770.8038006, 'message': 'Dec  7 04:39:30 hqnl0246134 sshd[287988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 04:39:30,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380770.8042767, 'message': 'Dec  7 04:39:30 hqnl0246134 sshd[287988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:39:34,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380774.8105922, 'message': 'Dec  7 04:39:32 hqnl0246134 sshd[287988]: Failed password for root from 61.177.172.104 port 64946 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:39:34,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380774.810884, 'message': 'Dec  7 04:39:34 hqnl0246134 sshd[287988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:39:36,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380776.8142943, 'message': 'Dec  7 04:39:36 hqnl0246134 sshd[287988]: Failed password for root from 61.177.172.104 port 64946 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:39:38,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380778.8175166, 'message': 'Dec  7 04:39:37 hqnl0246134 sshd[287988]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:39:40,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380780.8209746, 'message': 'Dec  7 04:39:39 hqnl0246134 sshd[287988]: Failed password for root from 61.177.172.104 port 64946 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:39:44,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380784.8265812, 'message': 'Dec  7 04:39:43 hqnl0246134 sshd[287991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 04:39:44,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380784.8269753, 'message': 'Dec  7 04:39:44 hqnl0246134 sshd[287995]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.94.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 04:39:44,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380784.8268533, 'message': 'Dec  7 04:39:43 hqnl0246134 sshd[287991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 04:39:44,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380784.8271294, 'message': 'Dec  7 04:39:44 hqnl0246134 sshd[287995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.94.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 04:39:46,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380786.8311293, 'message': 'Dec  7 04:39:45 hqnl0246134 sshd[287991]: Failed password for root from 61.177.172.104 port 52688 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 04:39:46,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.94.181', 'timestamp': 1670380786.831494, 'message': 'Dec  7 04:39:46 hqnl0246134 sshd[287995]: Failed password for root from 134.17.94.181 port 7651 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 04:39:46,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380786.8313615, 'message': 'Dec  7 04:39:45 hqnl0246134 sshd[287991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:39:48,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380788.8369231, 'message': 'Dec  7 04:39:46 hqnl0246134 sshd[287991]: Failed password for root from 61.177.172.104 port 52688 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 04:39:48,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380788.8371875, 'message': 'Dec  7 04:39:47 hqnl0246134 sshd[287997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 04:39:48,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380788.8373463, 'message': 'Dec  7 04:39:47 hqnl0246134 sshd[287991]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 04:39:48,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380788.8374603, 'message': 'Dec  7 04:39:48 hqnl0246134 sshd[287997]: Failed password for root from 61.177.173.18 port 58660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 04:39:50,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380790.8423781, 'message': 'Dec  7 04:39:49 hqnl0246134 sshd[287991]: Failed password for root from 61.177.172.104 port 52688 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:39:50,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380790.8426085, 'message': 'Dec  7 04:39:50 hqnl0246134 sshd[288000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:39:50,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380790.8427896, 'message': 'Dec  7 04:39:50 hqnl0246134 sshd[288000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 04:39:51,277] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:39:51,277] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:39:52,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380792.848118, 'message': 'Dec  7 04:39:51 hqnl0246134 sshd[287997]: Failed password for root from 61.177.173.18 port 58660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:39:52,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380792.8487337, 'message': 'Dec  7 04:39:51 hqnl0246134 sshd[288002]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 04:39:52,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380792.8489416, 'message': 'Dec  7 04:39:51 hqnl0246134 sshd[288002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:39:54,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380794.854021, 'message': 'Dec  7 04:39:52 hqnl0246134 sshd[288000]: Failed password for root from 61.177.173.51 port 59300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 04:39:54,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380794.8542347, 'message': 'Dec  7 04:39:53 hqnl0246134 sshd[288002]: Failed password for root from 61.177.172.104 port 10628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 04:39:54,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380794.854361, 'message': 'Dec  7 04:39:54 hqnl0246134 sshd[288000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:39:56,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380796.857979, 'message': 'Dec  7 04:39:55 hqnl0246134 sshd[287997]: Failed password for root from 61.177.173.18 port 58660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-07 04:39:56,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380796.8582003, 'message': 'Dec  7 04:39:55 hqnl0246134 sshd[288002]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 04:39:56,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380796.8583105, 'message': 'Dec  7 04:39:56 hqnl0246134 sshd[288000]: Failed password for root from 61.177.173.51 port 59300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 04:39:58,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380798.8606324, 'message': 'Dec  7 04:39:57 hqnl0246134 sshd[288000]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 04:39:58,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380798.8610308, 'message': 'Dec  7 04:39:58 hqnl0246134 sshd[288002]: Failed password for root from 61.177.172.104 port 10628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 04:40:00,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380800.8637173, 'message': 'Dec  7 04:39:59 hqnl0246134 sshd[288000]: Failed password for root from 61.177.173.51 port 59300 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 04:40:00,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380800.8639362, 'message': 'Dec  7 04:40:00 hqnl0246134 sshd[288002]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 04:40:02,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380802.870595, 'message': 'Dec  7 04:40:02 hqnl0246134 sshd[288002]: Failed password for root from 61.177.172.104 port 10628 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 04:40:04,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380804.8719923, 'message': 'Dec  7 04:40:02 hqnl0246134 sshd[288013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 04:40:04,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380804.8723948, 'message': 'Dec  7 04:40:03 hqnl0246134 sshd[288013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 04:40:06,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380806.8751118, 'message': 'Dec  7 04:40:05 hqnl0246134 sshd[288013]: Failed password for root from 61.177.173.51 port 63988 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 04:40:06,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380806.8753722, 'message': 'Dec  7 04:40:06 hqnl0246134 sshd[288034]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 04:40:06,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380806.8754876, 'message': 'Dec  7 04:40:06 hqnl0246134 sshd[288034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 04:40:08,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380808.8793242, 'message': 'Dec  7 04:40:07 hqnl0246134 sshd[288013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 04:40:08,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380808.8795736, 'message': 'Dec  7 04:40:07 hqnl0246134 sshd[288034]: Failed password for root from 61.177.172.104 port 16252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 04:40:08,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380808.8797345, 'message': 'Dec  7 04:40:08 hqnl0246134 sshd[288034]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:40:10,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380810.8837192, 'message': 'Dec  7 04:40:09 hqnl0246134 sshd[288013]: Failed password for root from 61.177.173.51 port 63988 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:40:10,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380810.8839648, 'message': 'Dec  7 04:40:10 hqnl0246134 sshd[288034]: Failed password for root from 61.177.172.104 port 16252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
WARNING [2022-12-07 04:40:12,517] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:40:12,548] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0402 seconds
INFO    [2022-12-07 04:40:12,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380812.8836782, 'message': 'Dec  7 04:40:11 hqnl0246134 sshd[288013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:40:12,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380812.8839862, 'message': 'Dec  7 04:40:12 hqnl0246134 sshd[288034]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 04:40:14,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670380814.8885243, 'message': 'Dec  7 04:40:13 hqnl0246134 sshd[288013]: Failed password for root from 61.177.173.51 port 63988 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 04:40:14,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380814.8887973, 'message': 'Dec  7 04:40:14 hqnl0246134 sshd[288047]: Invalid user user from 165.227.166.207 port 35796', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 04:40:14,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380814.888932, 'message': 'Dec  7 04:40:14 hqnl0246134 sshd[288047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:40:14,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380814.889083, 'message': 'Dec  7 04:40:14 hqnl0246134 sshd[288047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:40:16,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380816.8898644, 'message': 'Dec  7 04:40:15 hqnl0246134 sshd[288034]: Failed password for root from 61.177.172.104 port 16252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:40:17,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:40:17,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:40:17,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:40:17,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 04:40:18,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:40:18,750] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:40:18,757] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:40:18,770] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 04:40:18,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380818.8907173, 'message': 'Dec  7 04:40:17 hqnl0246134 sshd[288047]: Failed password for invalid user user from 165.227.166.207 port 35796 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 04:40:18,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380818.8910055, 'message': 'Dec  7 04:40:18 hqnl0246134 sshd[288054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 04:40:18,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380818.890884, 'message': 'Dec  7 04:40:18 hqnl0246134 sshd[288047]: Disconnected from invalid user user 165.227.166.207 port 35796 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:40:18,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380818.8911126, 'message': 'Dec  7 04:40:18 hqnl0246134 sshd[288054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 04:40:20,700] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:40:20,700] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:40:20,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:40:20,728] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-07 04:40:20,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380820.8915122, 'message': 'Dec  7 04:40:20 hqnl0246134 sshd[288054]: Failed password for root from 61.177.172.104 port 42757 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 04:40:22,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380822.8937767, 'message': 'Dec  7 04:40:21 hqnl0246134 sshd[288054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:40:22,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380822.8940034, 'message': 'Dec  7 04:40:22 hqnl0246134 sshd[288054]: Failed password for root from 61.177.172.104 port 42757 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:40:24,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380824.893886, 'message': 'Dec  7 04:40:23 hqnl0246134 sshd[288054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:40:26,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670380826.896001, 'message': 'Dec  7 04:40:25 hqnl0246134 sshd[288054]: Failed password for root from 61.177.172.104 port 42757 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:40:34,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380834.9074726, 'message': 'Dec  7 04:40:33 hqnl0246134 sshd[288099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 04:40:36,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380836.9087727, 'message': 'Dec  7 04:40:35 hqnl0246134 sshd[288099]: Failed password for root from 61.177.173.18 port 25760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 04:40:51,280] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:40:51,281] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:41:12,524] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:41:12,551] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0381 seconds
INFO    [2022-12-07 04:41:18,157] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:41:18,158] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:41:18,166] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:41:18,179] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 04:41:20,714] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:41:20,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:41:20,725] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:41:20,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 04:41:20,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380880.9668922, 'message': 'Dec  7 04:41:19 hqnl0246134 sshd[288135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:41:22,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380882.9727564, 'message': 'Dec  7 04:41:21 hqnl0246134 sshd[288135]: Failed password for root from 61.177.173.18 port 45263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:41:29,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380888.9872088, 'message': 'Dec  7 04:41:26 hqnl0246134 sshd[288135]: Failed password for root from 61.177.173.18 port 45263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 04:41:31,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380890.98985, 'message': 'Dec  7 04:41:30 hqnl0246134 sshd[288135]: Failed password for root from 61.177.173.18 port 45263 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:41:35,192] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:41:35,193] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:41:35,201] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:41:35,213] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 04:41:36,869] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:41:36,935] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:41:36,935] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:41:36,936] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:41:36,936] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:41:36,936] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:41:36,945] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:41:36,963] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0267 seconds
WARNING [2022-12-07 04:41:36,970] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:41:36,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:41:36,989] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0325 seconds
INFO    [2022-12-07 04:41:36,991] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0295 seconds
WARNING [2022-12-07 04:41:51,286] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:41:51,287] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:41:54,189] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:42:05,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380925.0556202, 'message': 'Dec  7 04:42:04 hqnl0246134 sshd[288175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 04:42:07,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380927.0579758, 'message': 'Dec  7 04:42:06 hqnl0246134 sshd[288175]: Failed password for root from 61.177.173.18 port 52534 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-07 04:42:12,525] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:42:12,543] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0268 seconds
INFO    [2022-12-07 04:42:14,472] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:42:14,473] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:42:14,473] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-07 04:42:17,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:42:17,746] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:42:17,756] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:42:17,776] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0290 seconds
INFO    [2022-12-07 04:42:20,356] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:42:20,357] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:42:20,366] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:42:20,378] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 04:42:23,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380943.0874805, 'message': 'Dec  7 04:42:21 hqnl0246134 sshd[288200]: Invalid user user from 165.227.166.207 port 46086', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 04:42:23,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380943.087806, 'message': 'Dec  7 04:42:21 hqnl0246134 sshd[288200]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:42:23,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380943.088002, 'message': 'Dec  7 04:42:21 hqnl0246134 sshd[288200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 04:42:25,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380945.0900385, 'message': 'Dec  7 04:42:23 hqnl0246134 sshd[288200]: Failed password for invalid user user from 165.227.166.207 port 46086 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:42:27,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670380947.0940053, 'message': 'Dec  7 04:42:25 hqnl0246134 sshd[288200]: Disconnected from invalid user user 165.227.166.207 port 46086 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:42:29,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380949.097437, 'message': 'Dec  7 04:42:27 hqnl0246134 sshd[288203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 170.210.60.30 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 04:42:29,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380949.0978487, 'message': 'Dec  7 04:42:27 hqnl0246134 sshd[288203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 04:42:31,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '170.210.60.30', 'timestamp': 1670380951.1007175, 'message': 'Dec  7 04:42:29 hqnl0246134 sshd[288203]: Failed password for root from 170.210.60.30 port 38729 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:42:51,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380971.1430876, 'message': 'Dec  7 04:42:50 hqnl0246134 sshd[288217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
WARNING [2022-12-07 04:42:51,292] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:42:51,292] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:42:53,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670380973.147372, 'message': 'Dec  7 04:42:53 hqnl0246134 sshd[288217]: Failed password for root from 61.177.173.18 port 14722 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:43:04,110] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:43:04,111] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:43:04,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:43:04,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
WARNING [2022-12-07 04:43:12,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:43:12,548] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0287 seconds
INFO    [2022-12-07 04:43:13,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670380993.1857734, 'message': 'Dec  7 04:43:12 hqnl0246134 sshd[288247]: Invalid user engineer from 45.93.201.82 port 58308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:43:13,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670380993.1863587, 'message': 'Dec  7 04:43:13 hqnl0246134 sshd[288247]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:43:13,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670380993.186463, 'message': 'Dec  7 04:43:13 hqnl0246134 sshd[288247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:43:15,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670380995.1889787, 'message': 'Dec  7 04:43:14 hqnl0246134 sshd[288247]: Failed password for invalid user engineer from 45.93.201.82 port 58308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:43:17,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:43:17,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:43:17,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:43:17,826] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-07 04:43:19,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670380999.1955094, 'message': 'Dec  7 04:43:18 hqnl0246134 sshd[288247]: Disconnecting invalid user engineer 45.93.201.82 port 58308: Change of username or service not allowed: (engineer,ssh-connection) -> (root,ssh-connection) [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 04:43:20,484] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:43:20,485] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:43:20,492] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:43:20,503] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 04:43:23,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381003.2042615, 'message': 'Dec  7 04:43:21 hqnl0246134 sshd[288256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:43:23,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381003.2047122, 'message': 'Dec  7 04:43:21 hqnl0246134 sshd[288256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:43:23,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381003.2048247, 'message': 'Dec  7 04:43:22 hqnl0246134 sshd[288256]: Failed password for root from 45.93.201.82 port 58310 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:43:27,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381007.2094133, 'message': 'Dec  7 04:43:26 hqnl0246134 sshd[288256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:43:29,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381009.2120554, 'message': 'Dec  7 04:43:29 hqnl0246134 sshd[288256]: Failed password for root from 45.93.201.82 port 58310 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 04:43:35,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381015.2185488, 'message': 'Dec  7 04:43:34 hqnl0246134 sshd[288256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 04:43:37,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670381017.2193613, 'message': 'Dec  7 04:43:35 hqnl0246134 sshd[288256]: Failed password for root from 45.93.201.82 port 58310 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 04:43:37,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381017.2196095, 'message': 'Dec  7 04:43:36 hqnl0246134 sshd[288272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 04:43:37,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381017.2198024, 'message': 'Dec  7 04:43:36 hqnl0246134 sshd[288272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:43:39,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381019.2215807, 'message': 'Dec  7 04:43:37 hqnl0246134 sshd[288272]: Failed password for root from 61.177.173.18 port 33617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:43:41,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381021.2220218, 'message': 'Dec  7 04:43:40 hqnl0246134 sshd[288272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:43:43,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381023.224554, 'message': 'Dec  7 04:43:41 hqnl0246134 sshd[288272]: Failed password for root from 61.177.173.18 port 33617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:43:43,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381023.2247698, 'message': 'Dec  7 04:43:42 hqnl0246134 sshd[288272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:43:45,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381025.226149, 'message': 'Dec  7 04:43:44 hqnl0246134 sshd[288272]: Failed password for root from 61.177.173.18 port 33617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 04:43:51,296] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:43:51,299] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 04:44:12,537] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:44:12,565] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-07 04:44:17,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381057.2559056, 'message': 'Dec  7 04:44:16 hqnl0246134 sshd[288294]: Invalid user min.123 from 191.81.134.68 port 35960', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 04:44:17,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381057.2561316, 'message': 'Dec  7 04:44:16 hqnl0246134 sshd[288294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.81.134.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:44:17,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381057.257235, 'message': 'Dec  7 04:44:16 hqnl0246134 sshd[288294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.134.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:44:19,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381059.257268, 'message': 'Dec  7 04:44:18 hqnl0246134 sshd[288294]: Failed password for invalid user min.123 from 191.81.134.68 port 35960 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:44:19,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:44:19,844] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:44:19,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:44:19,863] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 04:44:21,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381061.2578764, 'message': 'Dec  7 04:44:19 hqnl0246134 sshd[288294]: Disconnected from invalid user min.123 191.81.134.68 port 35960 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 04:44:21,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381061.2580528, 'message': 'Dec  7 04:44:20 hqnl0246134 sshd[288301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 04:44:21,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381061.258174, 'message': 'Dec  7 04:44:20 hqnl0246134 sshd[288301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 04:44:22,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:44:22,829] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:44:22,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:44:22,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 04:44:23,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381063.2603104, 'message': 'Dec  7 04:44:22 hqnl0246134 sshd[288301]: Failed password for root from 61.177.173.18 port 45818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:44:23,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381063.2605603, 'message': 'Dec  7 04:44:22 hqnl0246134 sshd[288301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:44:24,035] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:44:24,036] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:44:24,180] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:44:24,198] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1605 seconds
INFO    [2022-12-07 04:44:25,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381065.2625806, 'message': 'Dec  7 04:44:24 hqnl0246134 sshd[288301]: Failed password for root from 61.177.173.18 port 45818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:44:25,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381065.262853, 'message': 'Dec  7 04:44:24 hqnl0246134 sshd[288301]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:44:27,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381067.2653496, 'message': 'Dec  7 04:44:27 hqnl0246134 sshd[288301]: Failed password for root from 61.177.173.18 port 45818 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:44:29,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381069.267453, 'message': 'Dec  7 04:44:28 hqnl0246134 sshd[288318]: Invalid user user from 165.227.166.207 port 56378', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 04:44:29,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381069.2678733, 'message': 'Dec  7 04:44:28 hqnl0246134 sshd[288318]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:44:29,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381069.2680447, 'message': 'Dec  7 04:44:28 hqnl0246134 sshd[288318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:44:31,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381071.2703786, 'message': 'Dec  7 04:44:30 hqnl0246134 sshd[288318]: Failed password for invalid user user from 165.227.166.207 port 56378 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:44:31,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381071.2707126, 'message': 'Dec  7 04:44:30 hqnl0246134 sshd[288318]: Disconnected from invalid user user 165.227.166.207 port 56378 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 04:44:51,303] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:44:51,305] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:45:05,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381105.2989748, 'message': 'Dec  7 04:45:04 hqnl0246134 sshd[288366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 04:45:05,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381105.2997632, 'message': 'Dec  7 04:45:04 hqnl0246134 sshd[288366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:45:07,012] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:45:07,078] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:45:07,079] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:45:07,079] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:45:07,079] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:45:07,080] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:45:07,089] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:45:07,106] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0252 seconds
WARNING [2022-12-07 04:45:07,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:45:07,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:45:07,132] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-07 04:45:07,133] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0299 seconds
INFO    [2022-12-07 04:45:07,318] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381107.3006203, 'message': 'Dec  7 04:45:06 hqnl0246134 sshd[288366]: Failed password for root from 61.177.173.18 port 59239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:45:07,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381107.3008153, 'message': 'Dec  7 04:45:07 hqnl0246134 sshd[288366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:45:09,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381109.3017292, 'message': 'Dec  7 04:45:09 hqnl0246134 sshd[288366]: Failed password for root from 61.177.173.18 port 59239 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 04:45:12,542] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:45:12,574] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0423 seconds
INFO    [2022-12-07 04:45:13,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381113.310582, 'message': 'Dec  7 04:45:11 hqnl0246134 sshd[288366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:45:15,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381115.3141801, 'message': 'Dec  7 04:45:13 hqnl0246134 sshd[288366]: Failed password for root from 61.177.173.18 port 59239 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:45:18,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:45:18,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:45:18,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:45:18,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0510 seconds
INFO    [2022-12-07 04:45:22,682] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:45:22,682] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:45:22,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:45:22,703] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 04:45:48,850] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:45:48,852] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:45:48,854] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 04:45:51,307] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:45:51,308] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:45:51,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381151.354069, 'message': 'Dec  7 04:45:49 hqnl0246134 sshd[288431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 04:45:51,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381151.354757, 'message': 'Dec  7 04:45:49 hqnl0246134 sshd[288431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:45:53,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381153.355157, 'message': 'Dec  7 04:45:51 hqnl0246134 sshd[288431]: Failed password for root from 61.177.173.18 port 17511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:45:55,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381155.3589814, 'message': 'Dec  7 04:45:53 hqnl0246134 sshd[288431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:45:57,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381157.361759, 'message': 'Dec  7 04:45:56 hqnl0246134 sshd[288431]: Failed password for root from 61.177.173.18 port 17511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:45:59,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381159.3645794, 'message': 'Dec  7 04:45:58 hqnl0246134 sshd[288431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 04:46:01,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381161.36746, 'message': 'Dec  7 04:46:00 hqnl0246134 sshd[288431]: Failed password for root from 61.177.173.18 port 17511 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:46:03,318] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:46:03,319] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:46:03,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:46:03,347] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
WARNING [2022-12-07 04:46:12,543] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:46:12,562] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0253 seconds
INFO    [2022-12-07 04:46:17,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:46:17,786] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:46:17,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:46:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 04:46:20,564] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:46:20,565] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:46:20,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:46:20,591] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-07 04:46:23,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.235.137.135', 'timestamp': 1670381183.392735, 'message': 'Dec  7 04:46:21 hqnl0246134 sshd[288455]: Invalid user sean from 188.235.137.135 port 56384', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:46:23,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.235.137.135', 'timestamp': 1670381183.3929272, 'message': 'Dec  7 04:46:22 hqnl0246134 sshd[288455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.235.137.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:46:23,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.235.137.135', 'timestamp': 1670381183.3931198, 'message': 'Dec  7 04:46:22 hqnl0246134 sshd[288455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:46:25,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.235.137.135', 'timestamp': 1670381185.3937113, 'message': 'Dec  7 04:46:23 hqnl0246134 sshd[288455]: Failed password for invalid user sean from 188.235.137.135 port 56384 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:46:25,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.235.137.135', 'timestamp': 1670381185.3938904, 'message': 'Dec  7 04:46:25 hqnl0246134 sshd[288455]: Disconnected from invalid user sean 188.235.137.135 port 56384 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:46:29,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381189.3951128, 'message': 'Dec  7 04:46:29 hqnl0246134 sshd[288477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 04:46:29,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381189.3958576, 'message': 'Dec  7 04:46:29 hqnl0246134 sshd[288477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:46:31,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381191.3969986, 'message': 'Dec  7 04:46:31 hqnl0246134 sshd[288477]: Failed password for root from 61.177.173.35 port 40285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:46:33,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381193.400477, 'message': 'Dec  7 04:46:33 hqnl0246134 sshd[288477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:46:35,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381195.4041018, 'message': 'Dec  7 04:46:34 hqnl0246134 sshd[288488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:46:35,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381195.4044995, 'message': 'Dec  7 04:46:35 hqnl0246134 sshd[288477]: Failed password for root from 61.177.173.35 port 40285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 04:46:35,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381195.4043438, 'message': 'Dec  7 04:46:34 hqnl0246134 sshd[288488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:46:37,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381197.4062107, 'message': 'Dec  7 04:46:35 hqnl0246134 sshd[288477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 04:46:37,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381197.4064553, 'message': 'Dec  7 04:46:36 hqnl0246134 sshd[288488]: Failed password for root from 61.177.173.18 port 37904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:46:37,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381197.4067729, 'message': 'Dec  7 04:46:37 hqnl0246134 sshd[288477]: Failed password for root from 61.177.173.35 port 40285 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 04:46:37,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381197.40661, 'message': 'Dec  7 04:46:37 hqnl0246134 sshd[288488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 04:46:39,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381199.4092712, 'message': 'Dec  7 04:46:37 hqnl0246134 sshd[288490]: Invalid user user from 165.227.166.207 port 38458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 04:46:39,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381199.4109433, 'message': 'Dec  7 04:46:39 hqnl0246134 sshd[288488]: Failed password for root from 61.177.173.18 port 37904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 04:46:39,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381199.409553, 'message': 'Dec  7 04:46:37 hqnl0246134 sshd[288490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:46:39,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381199.4108224, 'message': 'Dec  7 04:46:37 hqnl0246134 sshd[288490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 04:46:41,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381201.410061, 'message': 'Dec  7 04:46:39 hqnl0246134 sshd[288492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-07 04:46:41,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381201.4104927, 'message': 'Dec  7 04:46:39 hqnl0246134 sshd[288490]: Failed password for invalid user user from 165.227.166.207 port 38458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0622 seconds
INFO    [2022-12-07 04:46:41,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381201.4103487, 'message': 'Dec  7 04:46:39 hqnl0246134 sshd[288492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:46:43,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381203.4125257, 'message': 'Dec  7 04:46:41 hqnl0246134 sshd[288488]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 04:46:43,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381203.412814, 'message': 'Dec  7 04:46:41 hqnl0246134 sshd[288490]: Disconnected from invalid user user 165.227.166.207 port 38458 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 04:46:43,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381203.4129944, 'message': 'Dec  7 04:46:41 hqnl0246134 sshd[288492]: Failed password for root from 61.177.173.35 port 21381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 04:46:43,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381203.4131286, 'message': 'Dec  7 04:46:43 hqnl0246134 sshd[288488]: Failed password for root from 61.177.173.18 port 37904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:46:45,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381205.4145126, 'message': 'Dec  7 04:46:43 hqnl0246134 sshd[288492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 04:46:47,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381207.4165425, 'message': 'Dec  7 04:46:46 hqnl0246134 sshd[288492]: Failed password for root from 61.177.173.35 port 21381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:46:49,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381209.418468, 'message': 'Dec  7 04:46:48 hqnl0246134 sshd[288492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
WARNING [2022-12-07 04:46:51,311] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:46:51,312] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:46:51,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381211.4206033, 'message': 'Dec  7 04:46:50 hqnl0246134 sshd[288492]: Failed password for root from 61.177.173.35 port 21381 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:46:55,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381215.4391155, 'message': 'Dec  7 04:46:54 hqnl0246134 sshd[288494]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:46:55,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381215.439357, 'message': 'Dec  7 04:46:54 hqnl0246134 sshd[288494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:46:57,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381217.4416819, 'message': 'Dec  7 04:46:56 hqnl0246134 sshd[288494]: Failed password for root from 61.177.173.35 port 29553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 04:46:59,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381219.4424925, 'message': 'Dec  7 04:46:58 hqnl0246134 sshd[288494]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 04:47:01,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381221.4438467, 'message': 'Dec  7 04:47:00 hqnl0246134 sshd[288494]: Failed password for root from 61.177.173.35 port 29553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 04:47:01,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381221.444124, 'message': 'Dec  7 04:47:00 hqnl0246134 sshd[288494]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 04:47:03,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381223.445894, 'message': 'Dec  7 04:47:02 hqnl0246134 sshd[288494]: Failed password for root from 61.177.173.35 port 29553 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 04:47:06,310] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:47:06,311] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:47:06,319] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:47:06,331] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-07 04:47:12,548] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:47:12,574] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 04:47:18,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:47:18,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:47:18,019] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:47:18,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 04:47:20,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:47:20,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:47:20,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:47:20,627] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 04:47:21,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381241.4666193, 'message': 'Dec  7 04:47:20 hqnl0246134 sshd[288541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 04:47:21,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381241.4668436, 'message': 'Dec  7 04:47:20 hqnl0246134 sshd[288541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:47:23,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381243.4688067, 'message': 'Dec  7 04:47:23 hqnl0246134 sshd[288541]: Failed password for root from 61.177.173.18 port 54629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1250 seconds
INFO    [2022-12-07 04:47:25,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381245.4701364, 'message': 'Dec  7 04:47:25 hqnl0246134 sshd[288541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 04:47:29,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381249.474798, 'message': 'Dec  7 04:47:27 hqnl0246134 sshd[288541]: Failed password for root from 61.177.173.18 port 54629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:47:31,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381251.4779303, 'message': 'Dec  7 04:47:29 hqnl0246134 sshd[288541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:47:31,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381251.4782674, 'message': 'Dec  7 04:47:31 hqnl0246134 sshd[288541]: Failed password for root from 61.177.173.18 port 54629 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:47:41,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381261.4873528, 'message': 'Dec  7 04:47:40 hqnl0246134 sshd[288558]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:47:41,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381261.487818, 'message': 'Dec  7 04:47:40 hqnl0246134 sshd[288558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 04:47:43,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381263.488387, 'message': 'Dec  7 04:47:42 hqnl0246134 sshd[288558]: Failed password for root from 61.177.173.50 port 41035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:47:45,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381265.4894812, 'message': 'Dec  7 04:47:44 hqnl0246134 sshd[288558]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:47:47,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381267.490598, 'message': 'Dec  7 04:47:47 hqnl0246134 sshd[288558]: Failed password for root from 61.177.173.50 port 41035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:47:49,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381269.4950488, 'message': 'Dec  7 04:47:49 hqnl0246134 sshd[288558]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-07 04:47:51,314] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:47:51,315] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:47:51,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381271.4968882, 'message': 'Dec  7 04:47:51 hqnl0246134 sshd[288558]: Failed password for root from 61.177.173.50 port 41035 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 04:47:55,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381275.5071423, 'message': 'Dec  7 04:47:55 hqnl0246134 sshd[288563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:47:55,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381275.507348, 'message': 'Dec  7 04:47:55 hqnl0246134 sshd[288563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:47:57,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381277.5098822, 'message': 'Dec  7 04:47:57 hqnl0246134 sshd[288563]: Failed password for root from 61.177.173.50 port 45639 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:47:59,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381279.5323126, 'message': 'Dec  7 04:47:59 hqnl0246134 sshd[288563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-07 04:48:01,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381281.513105, 'message': 'Dec  7 04:48:01 hqnl0246134 sshd[288563]: Failed password for root from 61.177.173.50 port 45639 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 04:48:03,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381283.5136244, 'message': 'Dec  7 04:48:01 hqnl0246134 sshd[288563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 04:48:05,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670381285.5178154, 'message': 'Dec  7 04:48:04 hqnl0246134 sshd[288563]: Failed password for root from 61.177.173.50 port 45639 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:48:07,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381287.5189097, 'message': 'Dec  7 04:48:06 hqnl0246134 sshd[288582]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 04:48:07,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381287.5192046, 'message': 'Dec  7 04:48:06 hqnl0246134 sshd[288582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 04:48:08,774] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:48:08,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:48:08,784] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:48:08,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 04:48:09,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381289.518947, 'message': 'Dec  7 04:48:08 hqnl0246134 sshd[288582]: Failed password for root from 61.177.173.18 port 62518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:48:11,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381291.5245023, 'message': 'Dec  7 04:48:11 hqnl0246134 sshd[288582]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 04:48:12,556] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:48:12,581] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0379 seconds
INFO    [2022-12-07 04:48:13,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381293.529932, 'message': 'Dec  7 04:48:12 hqnl0246134 sshd[288582]: Failed password for root from 61.177.173.18 port 62518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:48:13,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381293.5301118, 'message': 'Dec  7 04:48:13 hqnl0246134 sshd[288582]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:48:15,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381295.529397, 'message': 'Dec  7 04:48:15 hqnl0246134 sshd[288582]: Failed password for root from 61.177.173.18 port 62518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 04:48:17,698] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:48:17,698] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:48:17,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:48:17,716] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 04:48:20,337] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:48:20,337] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:48:20,344] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:48:20,355] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 04:48:41,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381321.5711753, 'message': 'Dec  7 04:48:39 hqnl0246134 sshd[288613]: Invalid user user from 165.227.166.207 port 48730', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 04:48:41,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381321.5715754, 'message': 'Dec  7 04:48:39 hqnl0246134 sshd[288613]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:48:41,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381321.5717723, 'message': 'Dec  7 04:48:39 hqnl0246134 sshd[288613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:48:41,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381321.5718877, 'message': 'Dec  7 04:48:41 hqnl0246134 sshd[288613]: Failed password for invalid user user from 165.227.166.207 port 48730 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:48:43,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381323.5722227, 'message': 'Dec  7 04:48:41 hqnl0246134 sshd[288613]: Disconnected from invalid user user 165.227.166.207 port 48730 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 04:48:51,318] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:48:51,319] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:48:53,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381333.5907228, 'message': 'Dec  7 04:48:52 hqnl0246134 sshd[288618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 04:48:53,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381333.5911171, 'message': 'Dec  7 04:48:52 hqnl0246134 sshd[288618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 04:48:55,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381335.5961688, 'message': 'Dec  7 04:48:53 hqnl0246134 sshd[288618]: Failed password for root from 61.177.173.18 port 22532 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 04:48:55,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381335.596373, 'message': 'Dec  7 04:48:54 hqnl0246134 sshd[288618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 04:48:57,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381337.598736, 'message': 'Dec  7 04:48:57 hqnl0246134 sshd[288618]: Failed password for root from 61.177.173.18 port 22532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 04:48:57,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.94.181', 'timestamp': 1670381337.598971, 'message': 'Dec  7 04:48:57 hqnl0246134 sshd[288642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.94.181 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 04:48:57,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.94.181', 'timestamp': 1670381337.5990932, 'message': 'Dec  7 04:48:57 hqnl0246134 sshd[288642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.94.181  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:48:59,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381339.6009922, 'message': 'Dec  7 04:48:59 hqnl0246134 sshd[288618]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:48:59,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.94.181', 'timestamp': 1670381339.601208, 'message': 'Dec  7 04:48:59 hqnl0246134 sshd[288642]: Failed password for root from 134.17.94.181 port 7652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 04:49:01,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381341.6038847, 'message': 'Dec  7 04:49:01 hqnl0246134 sshd[288618]: Failed password for root from 61.177.173.18 port 22532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 04:49:12,557] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:49:12,586] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0387 seconds
INFO    [2022-12-07 04:49:17,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:49:17,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:49:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:49:17,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 04:49:20,523] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:49:20,524] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:49:20,533] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:49:20,545] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 04:49:37,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381377.6468656, 'message': 'Dec  7 04:49:36 hqnl0246134 sshd[288688]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:49:37,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381377.6472948, 'message': 'Dec  7 04:49:36 hqnl0246134 sshd[288688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:49:39,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381379.6485856, 'message': 'Dec  7 04:49:38 hqnl0246134 sshd[288688]: Failed password for root from 61.177.173.18 port 29529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:49:39,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381379.6488173, 'message': 'Dec  7 04:49:38 hqnl0246134 sshd[288688]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:49:41,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381381.6495833, 'message': 'Dec  7 04:49:40 hqnl0246134 sshd[288688]: Failed password for root from 61.177.173.18 port 29529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:49:41,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381381.649824, 'message': 'Dec  7 04:49:41 hqnl0246134 sshd[288688]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 04:49:43,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381383.650066, 'message': 'Dec  7 04:49:43 hqnl0246134 sshd[288688]: Failed password for root from 61.177.173.18 port 29529 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 04:49:48,436] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:49:48,436] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:49:48,451] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:49:48,470] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0322 seconds
WARNING [2022-12-07 04:49:51,321] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:49:51,321] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:50:06,962] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:50:07,029] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:50:07,030] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:50:07,030] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:50:07,030] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:50:07,031] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:50:07,044] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:50:07,061] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-07 04:50:07,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:50:07,070] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:50:07,085] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0304 seconds
INFO    [2022-12-07 04:50:07,087] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0284 seconds
WARNING [2022-12-07 04:50:12,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:50:12,597] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0445 seconds
INFO    [2022-12-07 04:50:18,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:50:18,054] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:50:18,062] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:50:18,073] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 04:50:20,665] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:50:20,666] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:50:20,673] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:50:20,686] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 04:50:21,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381421.6933625, 'message': 'Dec  7 04:50:21 hqnl0246134 sshd[288749]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:50:21,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381421.693613, 'message': 'Dec  7 04:50:21 hqnl0246134 sshd[288749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 04:50:23,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381423.6937711, 'message': 'Dec  7 04:50:23 hqnl0246134 sshd[288749]: Failed password for root from 61.177.173.18 port 42232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:50:23,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381423.6939797, 'message': 'Dec  7 04:50:23 hqnl0246134 sshd[288749]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:50:25,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381425.6961029, 'message': 'Dec  7 04:50:25 hqnl0246134 sshd[288749]: Failed password for root from 61.177.173.18 port 42232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:50:27,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381427.6977897, 'message': 'Dec  7 04:50:25 hqnl0246134 sshd[288749]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 04:50:27,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381427.698004, 'message': 'Dec  7 04:50:27 hqnl0246134 sshd[288749]: Failed password for root from 61.177.173.18 port 42232 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:50:39,811] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:50:39,812] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:50:39,813] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 04:50:43,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381443.7204282, 'message': 'Dec  7 04:50:42 hqnl0246134 sshd[288766]: Invalid user user from 165.227.166.207 port 59022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 04:50:43,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381443.720789, 'message': 'Dec  7 04:50:42 hqnl0246134 sshd[288766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:50:43,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381443.7279615, 'message': 'Dec  7 04:50:42 hqnl0246134 sshd[288766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:50:45,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381445.7217839, 'message': 'Dec  7 04:50:44 hqnl0246134 sshd[288766]: Failed password for invalid user user from 165.227.166.207 port 59022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 04:50:47,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381447.7232268, 'message': 'Dec  7 04:50:46 hqnl0246134 sshd[288766]: Disconnected from invalid user user 165.227.166.207 port 59022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:50:50,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:50:50,369] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:50:50,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:50:50,387] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-07 04:50:51,325] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:50:51,326] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:51:07,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381467.7483096, 'message': 'Dec  7 04:51:06 hqnl0246134 sshd[288794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 04:51:07,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381467.749006, 'message': 'Dec  7 04:51:06 hqnl0246134 sshd[288794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:51:09,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381469.7490225, 'message': 'Dec  7 04:51:07 hqnl0246134 sshd[288794]: Failed password for root from 61.177.173.18 port 55345 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:51:09,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381469.7492733, 'message': 'Dec  7 04:51:08 hqnl0246134 sshd[288794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 04:51:11,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381471.749474, 'message': 'Dec  7 04:51:10 hqnl0246134 sshd[288794]: Failed password for root from 61.177.173.18 port 55345 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 04:51:11,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381471.7496462, 'message': 'Dec  7 04:51:10 hqnl0246134 sshd[288794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-07 04:51:12,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:51:12,582] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0256 seconds
INFO    [2022-12-07 04:51:13,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381473.7559953, 'message': 'Dec  7 04:51:12 hqnl0246134 sshd[288794]: Failed password for root from 61.177.173.18 port 55345 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:51:19,671] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:51:19,671] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:51:19,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:51:19,691] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 04:51:22,268] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:51:22,269] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:51:22,281] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:51:22,298] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 04:51:29,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381489.7763946, 'message': 'Dec  7 04:51:28 hqnl0246134 sshd[288808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:51:29,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381489.7767107, 'message': 'Dec  7 04:51:28 hqnl0246134 sshd[288808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:51:31,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381491.7780402, 'message': 'Dec  7 04:51:30 hqnl0246134 sshd[288808]: Failed password for root from 61.177.173.52 port 33966 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:51:31,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381491.7783754, 'message': 'Dec  7 04:51:30 hqnl0246134 sshd[288808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 04:51:33,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381493.783181, 'message': 'Dec  7 04:51:32 hqnl0246134 sshd[288808]: Failed password for root from 61.177.173.52 port 33966 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:51:33,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381493.7833555, 'message': 'Dec  7 04:51:33 hqnl0246134 sshd[288808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:51:35,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381495.7862532, 'message': 'Dec  7 04:51:34 hqnl0246134 sshd[288808]: Failed password for root from 61.177.173.52 port 33966 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:51:37,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381497.7884145, 'message': 'Dec  7 04:51:37 hqnl0246134 sshd[288818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:51:37,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381497.788632, 'message': 'Dec  7 04:51:37 hqnl0246134 sshd[288818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 04:51:39,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381499.78983, 'message': 'Dec  7 04:51:39 hqnl0246134 sshd[288818]: Failed password for root from 61.177.173.52 port 54575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:51:39,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381499.7900302, 'message': 'Dec  7 04:51:39 hqnl0246134 sshd[288818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:51:40,154] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 04:51:40,156] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 04:51:40,998] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 04:51:41,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381501.7931075, 'message': 'Dec  7 04:51:41 hqnl0246134 sshd[288818]: Failed password for root from 61.177.173.52 port 54575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 04:51:43,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381503.7937088, 'message': 'Dec  7 04:51:43 hqnl0246134 sshd[288818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 04:51:47,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381507.7978458, 'message': 'Dec  7 04:51:45 hqnl0246134 sshd[288818]: Failed password for root from 61.177.173.52 port 54575 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:51:49,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381509.8010328, 'message': 'Dec  7 04:51:49 hqnl0246134 sshd[288836]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:51:49,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381509.8012328, 'message': 'Dec  7 04:51:49 hqnl0246134 sshd[288836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 04:51:51,330] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:51:51,330] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:51:51,833] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381511.8017988, 'message': 'Dec  7 04:51:51 hqnl0246134 sshd[288839]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 04:51:51,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670381511.8021076, 'message': 'Dec  7 04:51:51 hqnl0246134 sshd[288836]: Failed password for root from 61.177.173.52 port 41017 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 04:51:51,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381511.8019965, 'message': 'Dec  7 04:51:51 hqnl0246134 sshd[288839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:51:53,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381513.804474, 'message': 'Dec  7 04:51:53 hqnl0246134 sshd[288839]: Failed password for root from 61.177.173.18 port 19407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 04:51:54,192] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 04:51:55,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381515.8115442, 'message': 'Dec  7 04:51:55 hqnl0246134 sshd[288839]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 04:51:57,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381517.8185668, 'message': 'Dec  7 04:51:57 hqnl0246134 sshd[288839]: Failed password for root from 61.177.173.18 port 19407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:51:59,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381519.8211026, 'message': 'Dec  7 04:51:57 hqnl0246134 sshd[288839]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:52:01,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381521.825628, 'message': 'Dec  7 04:51:59 hqnl0246134 sshd[288839]: Failed password for root from 61.177.173.18 port 19407 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 04:52:05,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.89.163.71', 'timestamp': 1670381525.8244514, 'message': 'Dec  7 04:52:04 hqnl0246134 sshd[288828]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.89.163.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 04:52:05,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.89.163.71', 'timestamp': 1670381525.8249397, 'message': 'Dec  7 04:52:04 hqnl0246134 sshd[288828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.89.163.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:52:07,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.89.163.71', 'timestamp': 1670381527.8260705, 'message': 'Dec  7 04:52:06 hqnl0246134 sshd[288828]: Failed password for root from 85.89.163.71 port 42064 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 04:52:12,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:52:12,587] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-07 04:52:15,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381535.8341413, 'message': 'Dec  7 04:52:15 hqnl0246134 sshd[288895]: Invalid user user from 191.81.134.68 port 53374', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 04:52:15,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381535.8343723, 'message': 'Dec  7 04:52:15 hqnl0246134 sshd[288895]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.81.134.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 04:52:15,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381535.8345091, 'message': 'Dec  7 04:52:15 hqnl0246134 sshd[288895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.134.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 04:52:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:52:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:52:17,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:52:17,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381537.836758, 'message': 'Dec  7 04:52:17 hqnl0246134 sshd[288895]: Failed password for invalid user user from 191.81.134.68 port 53374 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1060 seconds
INFO    [2022-12-07 04:52:17,947] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0278 seconds
INFO    [2022-12-07 04:52:19,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.81.134.68', 'timestamp': 1670381539.8380253, 'message': 'Dec  7 04:52:19 hqnl0246134 sshd[288895]: Disconnected from invalid user user 191.81.134.68 port 53374 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 04:52:20,580] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:52:20,580] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:52:20,592] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:52:20,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0276 seconds
INFO    [2022-12-07 04:52:21,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:52:21,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:52:21,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:52:21,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-07 04:52:27,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381547.8463252, 'message': 'Dec  7 04:52:26 hqnl0246134 sshd[288912]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 04:52:27,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381547.8466644, 'message': 'Dec  7 04:52:26 hqnl0246134 sshd[288912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:52:29,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381549.8490396, 'message': 'Dec  7 04:52:28 hqnl0246134 sshd[288912]: Failed password for root from 61.177.172.124 port 48840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:52:31,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381551.8499496, 'message': 'Dec  7 04:52:31 hqnl0246134 sshd[288912]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:52:33,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381553.8524976, 'message': 'Dec  7 04:52:33 hqnl0246134 sshd[288912]: Failed password for root from 61.177.172.124 port 48840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:52:33,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381553.8527117, 'message': 'Dec  7 04:52:33 hqnl0246134 sshd[288912]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 04:52:35,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381555.8546476, 'message': 'Dec  7 04:52:35 hqnl0246134 sshd[288912]: Failed password for root from 61.177.172.124 port 48840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:52:37,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381557.858248, 'message': 'Dec  7 04:52:37 hqnl0246134 sshd[288926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:52:37,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381557.8584888, 'message': 'Dec  7 04:52:37 hqnl0246134 sshd[288926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:52:39,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381559.8610113, 'message': 'Dec  7 04:52:39 hqnl0246134 sshd[288928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 04:52:39,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381559.8613617, 'message': 'Dec  7 04:52:39 hqnl0246134 sshd[288926]: Failed password for root from 61.177.173.18 port 40418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 04:52:39,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381559.861233, 'message': 'Dec  7 04:52:39 hqnl0246134 sshd[288928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:52:41,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381561.8620963, 'message': 'Dec  7 04:52:41 hqnl0246134 sshd[288928]: Failed password for root from 61.177.172.124 port 35926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 04:52:41,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381561.8624623, 'message': 'Dec  7 04:52:41 hqnl0246134 sshd[288926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-07 04:52:41,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381561.8623254, 'message': 'Dec  7 04:52:41 hqnl0246134 sshd[288928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 04:52:43,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381563.8642716, 'message': 'Dec  7 04:52:43 hqnl0246134 sshd[288928]: Failed password for root from 61.177.172.124 port 35926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:52:45,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381565.8673246, 'message': 'Dec  7 04:52:44 hqnl0246134 sshd[288926]: Failed password for root from 61.177.173.18 port 40418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 04:52:47,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381567.8704603, 'message': 'Dec  7 04:52:46 hqnl0246134 sshd[288928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 04:52:47,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381567.8707247, 'message': 'Dec  7 04:52:46 hqnl0246134 sshd[288926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 04:52:47,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381567.8708985, 'message': 'Dec  7 04:52:46 hqnl0246134 sshd[288931]: Invalid user user from 165.227.166.207 port 41078', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 04:52:47,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381567.8714035, 'message': 'Dec  7 04:52:47 hqnl0246134 sshd[288928]: Failed password for root from 61.177.172.124 port 35926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 04:52:47,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381567.8710592, 'message': 'Dec  7 04:52:46 hqnl0246134 sshd[288931]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-07 04:52:47,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381567.8715672, 'message': 'Dec  7 04:52:47 hqnl0246134 sshd[288926]: Failed password for root from 61.177.173.18 port 40418 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 04:52:47,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381567.871228, 'message': 'Dec  7 04:52:46 hqnl0246134 sshd[288931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 04:52:49,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381569.872834, 'message': 'Dec  7 04:52:48 hqnl0246134 sshd[288931]: Failed password for invalid user user from 165.227.166.207 port 41078 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:52:49,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381569.8730137, 'message': 'Dec  7 04:52:48 hqnl0246134 sshd[288931]: Disconnected from invalid user user 165.227.166.207 port 41078 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 04:52:51,334] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:52:51,335] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:52:51,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381571.8775098, 'message': 'Dec  7 04:52:50 hqnl0246134 sshd[288933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:52:51,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381571.8777418, 'message': 'Dec  7 04:52:50 hqnl0246134 sshd[288933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:52:53,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381573.8856356, 'message': 'Dec  7 04:52:52 hqnl0246134 sshd[288933]: Failed password for root from 61.177.172.124 port 57911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 04:52:55,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381575.89418, 'message': 'Dec  7 04:52:55 hqnl0246134 sshd[288933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 04:52:57,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381577.9031575, 'message': 'Dec  7 04:52:57 hqnl0246134 sshd[288933]: Failed password for root from 61.177.172.124 port 57911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:52:59,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381579.9054577, 'message': 'Dec  7 04:52:59 hqnl0246134 sshd[288933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:53:01,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381581.906906, 'message': 'Dec  7 04:53:01 hqnl0246134 sshd[288933]: Failed password for root from 61.177.172.124 port 57911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 04:53:03,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381583.9092643, 'message': 'Dec  7 04:53:03 hqnl0246134 sshd[288952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:53:03,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381583.909506, 'message': 'Dec  7 04:53:03 hqnl0246134 sshd[288952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.124  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:53:05,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381585.9099212, 'message': 'Dec  7 04:53:05 hqnl0246134 sshd[288952]: Failed password for root from 61.177.172.124 port 42697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 04:53:07,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381587.9131718, 'message': 'Dec  7 04:53:07 hqnl0246134 sshd[288952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:53:11,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381591.916958, 'message': 'Dec  7 04:53:10 hqnl0246134 sshd[288952]: Failed password for root from 61.177.172.124 port 42697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
WARNING [2022-12-07 04:53:12,585] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:53:12,623] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0509 seconds
INFO    [2022-12-07 04:53:13,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381593.9180558, 'message': 'Dec  7 04:53:11 hqnl0246134 sshd[288952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.124 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:53:13,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.124', 'timestamp': 1670381593.9183362, 'message': 'Dec  7 04:53:13 hqnl0246134 sshd[288952]: Failed password for root from 61.177.172.124 port 42697 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:53:17,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:53:17,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:53:17,809] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:53:17,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 04:53:20,431] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:53:20,432] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:53:20,439] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:53:20,453] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 04:53:23,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381603.930403, 'message': 'Dec  7 04:53:22 hqnl0246134 sshd[288967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 04:53:23,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381603.9307377, 'message': 'Dec  7 04:53:22 hqnl0246134 sshd[288967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 04:53:25,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381605.9331946, 'message': 'Dec  7 04:53:24 hqnl0246134 sshd[288967]: Failed password for root from 61.177.173.18 port 49513 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 04:53:25,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381605.933571, 'message': 'Dec  7 04:53:24 hqnl0246134 sshd[288967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 04:53:27,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381607.9344425, 'message': 'Dec  7 04:53:26 hqnl0246134 sshd[288967]: Failed password for root from 61.177.173.18 port 49513 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 04:53:29,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381609.936716, 'message': 'Dec  7 04:53:29 hqnl0246134 sshd[288967]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 04:53:31,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381611.9400814, 'message': 'Dec  7 04:53:30 hqnl0246134 sshd[288967]: Failed password for root from 61.177.173.18 port 49513 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
WARNING [2022-12-07 04:53:51,338] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:53:51,339] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:53:57,958] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 04:53:58,028] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 04:53:58,029] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 04:53:58,029] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 04:53:58,030] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 04:53:58,030] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 04:53:58,046] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 04:53:58,064] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0335 seconds
WARNING [2022-12-07 04:53:58,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 04:53:58,075] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:53:58,092] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0338 seconds
INFO    [2022-12-07 04:53:58,094] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0320 seconds
INFO    [2022-12-07 04:54:10,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381649.9955986, 'message': 'Dec  7 04:54:09 hqnl0246134 sshd[289003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 04:54:10,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381649.9961555, 'message': 'Dec  7 04:54:09 hqnl0246134 sshd[289003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 04:54:12,585] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:54:12,605] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0277 seconds
INFO    [2022-12-07 04:54:14,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381654.0045962, 'message': 'Dec  7 04:54:12 hqnl0246134 sshd[289003]: Failed password for root from 61.177.173.18 port 13515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:54:14,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381654.0048583, 'message': 'Dec  7 04:54:13 hqnl0246134 sshd[289003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 04:54:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:54:17,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:54:17,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:54:17,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 04:54:18,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381658.0112963, 'message': 'Dec  7 04:54:16 hqnl0246134 sshd[289003]: Failed password for root from 61.177.173.18 port 13515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 04:54:18,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381658.011585, 'message': 'Dec  7 04:54:17 hqnl0246134 sshd[289003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:54:20,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381660.0136185, 'message': 'Dec  7 04:54:19 hqnl0246134 sshd[289003]: Failed password for root from 61.177.173.18 port 13515 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 04:54:20,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:54:20,467] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:54:20,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:54:20,518] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0416 seconds
INFO    [2022-12-07 04:54:22,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:54:22,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:54:22,821] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:54:22,833] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 04:54:28,196] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 04:54:28,196] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 04:54:28,197] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 04:54:50,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381690.0544167, 'message': 'Dec  7 04:54:49 hqnl0246134 sshd[289043]: Invalid user user from 165.227.166.207 port 51358', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 04:54:50,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381690.0553033, 'message': 'Dec  7 04:54:49 hqnl0246134 sshd[289043]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 04:54:50,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381690.0555024, 'message': 'Dec  7 04:54:49 hqnl0246134 sshd[289043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0269 seconds
WARNING [2022-12-07 04:54:51,341] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:54:51,342] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:54:52,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381692.055302, 'message': 'Dec  7 04:54:51 hqnl0246134 sshd[289043]: Failed password for invalid user user from 165.227.166.207 port 51358 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 04:54:54,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381694.0580704, 'message': 'Dec  7 04:54:53 hqnl0246134 sshd[289043]: Disconnected from invalid user user 165.227.166.207 port 51358 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:54:56,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381696.0583098, 'message': 'Dec  7 04:54:55 hqnl0246134 sshd[289045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 04:54:56,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381696.059196, 'message': 'Dec  7 04:54:55 hqnl0246134 sshd[289045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:54:58,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381698.063361, 'message': 'Dec  7 04:54:57 hqnl0246134 sshd[289045]: Failed password for root from 61.177.173.18 port 29728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:54:58,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381698.0635366, 'message': 'Dec  7 04:54:57 hqnl0246134 sshd[289045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:55:02,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381702.0723135, 'message': 'Dec  7 04:55:00 hqnl0246134 sshd[289045]: Failed password for root from 61.177.173.18 port 29728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 04:55:02,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381702.0730796, 'message': 'Dec  7 04:55:02 hqnl0246134 sshd[289045]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 04:55:04,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381704.0737169, 'message': 'Dec  7 04:55:04 hqnl0246134 sshd[289045]: Failed password for root from 61.177.173.18 port 29728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 04:55:12,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:55:12,609] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-07 04:55:17,813] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:55:17,813] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:55:17,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:55:17,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:55:20,357] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:55:20,358] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:55:20,365] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:55:20,376] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 04:55:38,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381738.1337209, 'message': 'Dec  7 04:55:37 hqnl0246134 sshd[289111]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 04:55:38,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381738.13432, 'message': 'Dec  7 04:55:37 hqnl0246134 sshd[289111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 04:55:40,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381740.1355243, 'message': 'Dec  7 04:55:39 hqnl0246134 sshd[289111]: Failed password for root from 61.177.173.53 port 48665 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:55:42,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381742.1383762, 'message': 'Dec  7 04:55:40 hqnl0246134 sshd[289113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 04:55:42,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381742.1388347, 'message': 'Dec  7 04:55:41 hqnl0246134 sshd[289111]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 04:55:42,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381742.1386383, 'message': 'Dec  7 04:55:40 hqnl0246134 sshd[289113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:55:42,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381742.1389546, 'message': 'Dec  7 04:55:42 hqnl0246134 sshd[289113]: Failed password for root from 61.177.173.18 port 44705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:55:44,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381744.1431181, 'message': 'Dec  7 04:55:42 hqnl0246134 sshd[289113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 04:55:44,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381744.1433227, 'message': 'Dec  7 04:55:43 hqnl0246134 sshd[289111]: Failed password for root from 61.177.173.53 port 48665 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 04:55:46,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381746.147892, 'message': 'Dec  7 04:55:44 hqnl0246134 sshd[289111]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 04:55:46,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381746.148169, 'message': 'Dec  7 04:55:44 hqnl0246134 sshd[289113]: Failed password for root from 61.177.173.18 port 44705 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 04:55:48,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381748.149827, 'message': 'Dec  7 04:55:46 hqnl0246134 sshd[289111]: Failed password for root from 61.177.173.53 port 48665 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-07 04:55:48,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381748.1500063, 'message': 'Dec  7 04:55:46 hqnl0246134 sshd[289113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-07 04:55:50,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381750.1558223, 'message': 'Dec  7 04:55:48 hqnl0246134 sshd[289113]: Failed password for root from 61.177.173.18 port 44705 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:55:51,314] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:55:51,314] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:55:51,323] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:55:51,337] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
WARNING [2022-12-07 04:55:51,345] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:55:51,345] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:55:52,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381752.159973, 'message': 'Dec  7 04:55:50 hqnl0246134 sshd[289143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 04:55:52,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381752.1602108, 'message': 'Dec  7 04:55:50 hqnl0246134 sshd[289143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:55:52,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381752.1604674, 'message': 'Dec  7 04:55:52 hqnl0246134 sshd[289143]: Failed password for root from 61.177.173.53 port 49433 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:55:54,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381754.1635506, 'message': 'Dec  7 04:55:52 hqnl0246134 sshd[289143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 04:55:56,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381756.167271, 'message': 'Dec  7 04:55:54 hqnl0246134 sshd[289143]: Failed password for root from 61.177.173.53 port 49433 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:55:56,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381756.167504, 'message': 'Dec  7 04:55:54 hqnl0246134 sshd[289143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:55:58,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381758.1706626, 'message': 'Dec  7 04:55:56 hqnl0246134 sshd[289149]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 04:55:58,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670381758.1709857, 'message': 'Dec  7 04:55:57 hqnl0246134 sshd[289143]: Failed password for root from 61.177.173.53 port 49433 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:55:58,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381758.1708744, 'message': 'Dec  7 04:55:56 hqnl0246134 sshd[289149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 04:56:00,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381760.173885, 'message': 'Dec  7 04:55:59 hqnl0246134 sshd[289149]: Failed password for root from 61.177.173.35 port 32081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 04:56:02,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381762.1795664, 'message': 'Dec  7 04:56:00 hqnl0246134 sshd[289149]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 04:56:04,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381764.183572, 'message': 'Dec  7 04:56:02 hqnl0246134 sshd[289149]: Failed password for root from 61.177.173.35 port 32081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:56:04,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381764.183791, 'message': 'Dec  7 04:56:03 hqnl0246134 sshd[289149]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 04:56:06,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381766.1870606, 'message': 'Dec  7 04:56:05 hqnl0246134 sshd[289149]: Failed password for root from 61.177.173.35 port 32081 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 04:56:08,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381768.1921544, 'message': 'Dec  7 04:56:06 hqnl0246134 sshd[289167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:56:08,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381768.1924112, 'message': 'Dec  7 04:56:06 hqnl0246134 sshd[289167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 04:56:10,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381770.1969414, 'message': 'Dec  7 04:56:09 hqnl0246134 sshd[289167]: Failed password for root from 61.177.173.35 port 16109 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:56:12,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381772.1979325, 'message': 'Dec  7 04:56:11 hqnl0246134 sshd[289167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 04:56:12,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:56:12,613] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-07 04:56:14,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381774.2025497, 'message': 'Dec  7 04:56:13 hqnl0246134 sshd[289167]: Failed password for root from 61.177.173.35 port 16109 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:56:14,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381774.202824, 'message': 'Dec  7 04:56:13 hqnl0246134 sshd[289167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:56:16,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381776.2062194, 'message': 'Dec  7 04:56:15 hqnl0246134 sshd[289167]: Failed password for root from 61.177.173.35 port 16109 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 04:56:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:56:17,851] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:56:17,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:56:17,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 04:56:18,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381778.2078593, 'message': 'Dec  7 04:56:17 hqnl0246134 sshd[289173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 04:56:18,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381778.2080543, 'message': 'Dec  7 04:56:17 hqnl0246134 sshd[289173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 04:56:20,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381780.2099612, 'message': 'Dec  7 04:56:19 hqnl0246134 sshd[289173]: Failed password for root from 61.177.173.35 port 51198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:56:20,459] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:56:20,459] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:56:20,466] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:56:20,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 04:56:22,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381782.2136912, 'message': 'Dec  7 04:56:21 hqnl0246134 sshd[289173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:56:24,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381784.2164092, 'message': 'Dec  7 04:56:23 hqnl0246134 sshd[289173]: Failed password for root from 61.177.173.35 port 51198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 04:56:24,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381784.2166002, 'message': 'Dec  7 04:56:23 hqnl0246134 sshd[289173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 04:56:26,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381786.233487, 'message': 'Dec  7 04:56:25 hqnl0246134 sshd[289186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 04:56:26,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670381786.2337835, 'message': 'Dec  7 04:56:25 hqnl0246134 sshd[289173]: Failed password for root from 61.177.173.35 port 51198 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 04:56:26,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381786.2336617, 'message': 'Dec  7 04:56:25 hqnl0246134 sshd[289186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:56:28,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381788.2214804, 'message': 'Dec  7 04:56:27 hqnl0246134 sshd[289186]: Failed password for root from 61.177.173.18 port 58056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:56:28,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381788.2218032, 'message': 'Dec  7 04:56:27 hqnl0246134 sshd[289186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:56:30,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381790.2241492, 'message': 'Dec  7 04:56:29 hqnl0246134 sshd[289186]: Failed password for root from 61.177.173.18 port 58056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 04:56:32,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381792.226205, 'message': 'Dec  7 04:56:31 hqnl0246134 sshd[289186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 04:56:34,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381794.2259576, 'message': 'Dec  7 04:56:34 hqnl0246134 sshd[289186]: Failed password for root from 61.177.173.18 port 58056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 04:56:51,349] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:56:51,351] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:56:52,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381812.2486682, 'message': 'Dec  7 04:56:52 hqnl0246134 sshd[289201]: Invalid user user from 165.227.166.207 port 33436', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 04:56:52,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381812.249049, 'message': 'Dec  7 04:56:52 hqnl0246134 sshd[289201]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 04:56:52,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381812.2492073, 'message': 'Dec  7 04:56:52 hqnl0246134 sshd[289201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 04:56:54,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381814.2498133, 'message': 'Dec  7 04:56:53 hqnl0246134 sshd[289201]: Failed password for invalid user user from 165.227.166.207 port 33436 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 04:56:54,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381814.2500272, 'message': 'Dec  7 04:56:54 hqnl0246134 sshd[289201]: Disconnected from invalid user user 165.227.166.207 port 33436 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 04:56:56,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:56:56,644] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:56:56,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:56:56,666] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 04:57:10,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381830.2787914, 'message': 'Dec  7 04:57:09 hqnl0246134 sshd[289233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-07 04:57:10,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381830.2791688, 'message': 'Dec  7 04:57:09 hqnl0246134 sshd[289233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 04:57:12,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381832.280566, 'message': 'Dec  7 04:57:11 hqnl0246134 sshd[289233]: Failed password for root from 61.177.173.18 port 19782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0496 seconds
WARNING [2022-12-07 04:57:12,594] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:57:12,615] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-07 04:57:14,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381834.282956, 'message': 'Dec  7 04:57:13 hqnl0246134 sshd[289233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 04:57:16,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381836.2853262, 'message': 'Dec  7 04:57:15 hqnl0246134 sshd[289233]: Failed password for root from 61.177.173.18 port 19782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 04:57:16,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381836.285518, 'message': 'Dec  7 04:57:15 hqnl0246134 sshd[289233]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 04:57:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:57:18,033] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:57:18,044] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:57:18,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 04:57:18,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381838.2892473, 'message': 'Dec  7 04:57:17 hqnl0246134 sshd[289233]: Failed password for root from 61.177.173.18 port 19782 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 04:57:20,747] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:57:20,747] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:57:20,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:57:20,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 04:57:40,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670381860.3211064, 'message': 'Dec  7 04:57:39 hqnl0246134 sshd[289265]: Invalid user storm from 137.184.130.175 port 42494', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 04:57:40,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.130.175', 'timestamp': 1670381860.321687, 'message': 'Dec  7 04:57:39 hqnl0246134 sshd[289265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.130.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:57:40,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.130.175', 'timestamp': 1670381860.3218625, 'message': 'Dec  7 04:57:39 hqnl0246134 sshd[289265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.130.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 04:57:42,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670381862.3203, 'message': 'Dec  7 04:57:41 hqnl0246134 sshd[289265]: Failed password for invalid user storm from 137.184.130.175 port 42494 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 04:57:44,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670381864.322932, 'message': 'Dec  7 04:57:43 hqnl0246134 sshd[289265]: Disconnected from invalid user storm 137.184.130.175 port 42494 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 04:57:51,356] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:57:51,357] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:57:54,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381874.3500285, 'message': 'Dec  7 04:57:53 hqnl0246134 sshd[289272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 04:57:54,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381874.350473, 'message': 'Dec  7 04:57:53 hqnl0246134 sshd[289272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 04:57:56,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381876.3551373, 'message': 'Dec  7 04:57:54 hqnl0246134 sshd[289272]: Failed password for root from 61.177.173.18 port 24597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1851 seconds
INFO    [2022-12-07 04:57:56,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381876.356748, 'message': 'Dec  7 04:57:55 hqnl0246134 sshd[289272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:57:58,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381878.3574696, 'message': 'Dec  7 04:57:56 hqnl0246134 sshd[289272]: Failed password for root from 61.177.173.18 port 24597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 04:57:58,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381878.357723, 'message': 'Dec  7 04:57:57 hqnl0246134 sshd[289272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 04:58:00,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381880.3607357, 'message': 'Dec  7 04:57:59 hqnl0246134 sshd[289272]: Failed password for root from 61.177.173.18 port 24597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 04:58:02,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670381882.3650146, 'message': 'Dec  7 04:58:01 hqnl0246134 sshd[289278]: Invalid user aaron from 210.14.6.60 port 55744', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 04:58:02,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.14.6.60', 'timestamp': 1670381882.3655007, 'message': 'Dec  7 04:58:01 hqnl0246134 sshd[289278]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.14.6.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 04:58:02,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.14.6.60', 'timestamp': 1670381882.3667438, 'message': 'Dec  7 04:58:01 hqnl0246134 sshd[289278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.14.6.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 04:58:04,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670381884.3661358, 'message': 'Dec  7 04:58:03 hqnl0246134 sshd[289278]: Failed password for invalid user aaron from 210.14.6.60 port 55744 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:58:06,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670381886.3709447, 'message': 'Dec  7 04:58:04 hqnl0246134 sshd[289278]: Disconnected from invalid user aaron 210.14.6.60 port 55744 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 04:58:10,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.17.131', 'timestamp': 1670381890.3809924, 'message': 'Dec  7 04:58:08 hqnl0246134 sshd[289302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.17.131 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 04:58:10,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.17.131', 'timestamp': 1670381890.3812094, 'message': 'Dec  7 04:58:08 hqnl0246134 sshd[289302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.17.131  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:58:12,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.17.131', 'timestamp': 1670381892.388835, 'message': 'Dec  7 04:58:10 hqnl0246134 sshd[289302]: Failed password for root from 134.17.17.131 port 8676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 04:58:12,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:58:12,622] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 04:58:17,799] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:58:17,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:58:17,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:58:17,818] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 04:58:20,285] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:58:20,285] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:58:20,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:58:20,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 04:58:40,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381920.4701164, 'message': 'Dec  7 04:58:39 hqnl0246134 sshd[289327]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 04:58:40,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381920.4707823, 'message': 'Dec  7 04:58:39 hqnl0246134 sshd[289327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 04:58:42,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381922.4812922, 'message': 'Dec  7 04:58:41 hqnl0246134 sshd[289327]: Failed password for root from 61.177.173.18 port 44866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 04:58:44,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381924.4845114, 'message': 'Dec  7 04:58:43 hqnl0246134 sshd[289327]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 04:58:46,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381926.4863386, 'message': 'Dec  7 04:58:45 hqnl0246134 sshd[289327]: Failed password for root from 61.177.173.18 port 44866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:58:46,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381926.486586, 'message': 'Dec  7 04:58:45 hqnl0246134 sshd[289327]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 04:58:48,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381928.4959738, 'message': 'Dec  7 04:58:47 hqnl0246134 sshd[289327]: Failed password for root from 61.177.173.18 port 44866 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 04:58:50,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381930.498752, 'message': 'Dec  7 04:58:49 hqnl0246134 sshd[289332]: Invalid user user from 165.227.166.207 port 43704', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 04:58:50,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381930.4992497, 'message': 'Dec  7 04:58:49 hqnl0246134 sshd[289332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:58:50,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381930.4993696, 'message': 'Dec  7 04:58:49 hqnl0246134 sshd[289332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 04:58:51,363] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:58:51,365] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:58:52,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381932.5006568, 'message': 'Dec  7 04:58:52 hqnl0246134 sshd[289332]: Failed password for invalid user user from 165.227.166.207 port 43704 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 04:58:54,368] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:58:54,369] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:58:54,376] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:58:54,387] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 04:58:54,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670381934.5014849, 'message': 'Dec  7 04:58:53 hqnl0246134 sshd[289332]: Disconnected from invalid user user 165.227.166.207 port 43704 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 04:59:12,606] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:59:12,631] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0362 seconds
INFO    [2022-12-07 04:59:17,893] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:59:17,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:59:17,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:59:17,910] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0165 seconds
INFO    [2022-12-07 04:59:20,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 04:59:20,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 04:59:20,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 04:59:20,619] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0304 seconds
INFO    [2022-12-07 04:59:26,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381966.5504827, 'message': 'Dec  7 04:59:25 hqnl0246134 sshd[289377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 04:59:26,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381966.5507326, 'message': 'Dec  7 04:59:25 hqnl0246134 sshd[289377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 04:59:28,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670381968.5569444, 'message': 'Dec  7 04:59:26 hqnl0246134 sshd[289379]: Invalid user teamspeak3 from 163.172.60.130 port 41986', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 04:59:28,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381968.557365, 'message': 'Dec  7 04:59:27 hqnl0246134 sshd[289377]: Failed password for root from 61.177.173.18 port 58829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 04:59:28,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.60.130', 'timestamp': 1670381968.557149, 'message': 'Dec  7 04:59:27 hqnl0246134 sshd[289379]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.60.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 04:59:28,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381968.5574634, 'message': 'Dec  7 04:59:27 hqnl0246134 sshd[289377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 04:59:28,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.60.130', 'timestamp': 1670381968.5572608, 'message': 'Dec  7 04:59:27 hqnl0246134 sshd[289379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.60.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 04:59:30,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670381970.5615191, 'message': 'Dec  7 04:59:29 hqnl0246134 sshd[289379]: Failed password for invalid user teamspeak3 from 163.172.60.130 port 41986 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 04:59:30,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381970.563358, 'message': 'Dec  7 04:59:29 hqnl0246134 sshd[289377]: Failed password for root from 61.177.173.18 port 58829 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 04:59:30,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670381970.5650811, 'message': 'Dec  7 04:59:30 hqnl0246134 sshd[289379]: Disconnected from invalid user teamspeak3 163.172.60.130 port 41986 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 04:59:30,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381970.5648584, 'message': 'Dec  7 04:59:29 hqnl0246134 sshd[289377]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-07 04:59:32,588] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670381972.5634255, 'message': 'Dec  7 04:59:31 hqnl0246134 sshd[289377]: Failed password for root from 61.177.173.18 port 58829 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 04:59:34,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.23.51', 'timestamp': 1670381974.566786, 'message': 'Dec  7 04:59:32 hqnl0246134 sshd[289411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.23.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 04:59:34,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.23.51', 'timestamp': 1670381974.5670257, 'message': 'Dec  7 04:59:32 hqnl0246134 sshd[289411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.23.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 04:59:36,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.23.51', 'timestamp': 1670381976.569536, 'message': 'Dec  7 04:59:35 hqnl0246134 sshd[289411]: Failed password for root from 46.101.23.51 port 46724 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 04:59:36,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670381976.5697577, 'message': 'Dec  7 04:59:36 hqnl0246134 sshd[289414]: Invalid user celia from 190.25.237.179 port 37116', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 04:59:36,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.25.237.179', 'timestamp': 1670381976.57, 'message': 'Dec  7 04:59:36 hqnl0246134 sshd[289414]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.25.237.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 04:59:36,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.25.237.179', 'timestamp': 1670381976.5701475, 'message': 'Dec  7 04:59:36 hqnl0246134 sshd[289414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.25.237.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 04:59:40,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670381980.5777204, 'message': 'Dec  7 04:59:38 hqnl0246134 sshd[289414]: Failed password for invalid user celia from 190.25.237.179 port 37116 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 04:59:40,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670381980.5780156, 'message': 'Dec  7 04:59:39 hqnl0246134 sshd[289414]: Disconnected from invalid user celia 190.25.237.179 port 37116 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
WARNING [2022-12-07 04:59:51,367] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 04:59:51,368] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 04:59:58,266] defence360agent.files: Updating all files
INFO    [2022-12-07 04:59:58,544] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 04:59:58,545] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 04:59:58,850] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 04:59:58,851] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 04:59:59,116] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 04:59:59,117] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 04:59:59,383] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 04:59:59,383] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 04:59:59,384] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 04:59:59,646] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 02:59:59 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E63941E3795F2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 04:59:59,648] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 04:59:59,648] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 05:00:00,208] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 05:00:00,208] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 05:00:00,465] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 05:00:00,466] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 05:00:00,730] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 05:00:00,730] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 05:00:01,067] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 05:00:01,067] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 05:00:01,533] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 05:00:01,536] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 05:00:04,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382004.6123707, 'message': 'Dec  7 05:00:03 hqnl0246134 sshd[289421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.142.142.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 05:00:04,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382004.6129794, 'message': 'Dec  7 05:00:03 hqnl0246134 sshd[289421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.142.142.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:00:06,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382006.630023, 'message': 'Dec  7 05:00:05 hqnl0246134 sshd[289421]: Failed password for root from 98.142.142.201 port 48150 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:00:08,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382008.6323886, 'message': 'Dec  7 05:00:08 hqnl0246134 sshd[289465]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.78.156 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 05:00:08,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382008.632728, 'message': 'Dec  7 05:00:08 hqnl0246134 sshd[289465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.78.156  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 05:00:09,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:00:09,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:00:09,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:00:09,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-07 05:00:12,608] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:00:12,637] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0393 seconds
INFO    [2022-12-07 05:00:12,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382012.6501527, 'message': 'Dec  7 05:00:10 hqnl0246134 sshd[289465]: Failed password for root from 139.59.78.156 port 35902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:00:12,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382012.650362, 'message': 'Dec  7 05:00:10 hqnl0246134 sshd[289476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:00:12,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382012.6504872, 'message': 'Dec  7 05:00:10 hqnl0246134 sshd[289476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:00:12,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382012.650639, 'message': 'Dec  7 05:00:12 hqnl0246134 sshd[289476]: Failed password for root from 61.177.173.18 port 13095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:00:14,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382014.6556482, 'message': 'Dec  7 05:00:12 hqnl0246134 sshd[289476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 05:00:16,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382016.6576455, 'message': 'Dec  7 05:00:15 hqnl0246134 sshd[289476]: Failed password for root from 61.177.173.18 port 13095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:00:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:00:18,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:00:18,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:00:18,057] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:00:18,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382018.660337, 'message': 'Dec  7 05:00:17 hqnl0246134 sshd[289476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 05:00:20,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382020.6624825, 'message': 'Dec  7 05:00:19 hqnl0246134 sshd[289476]: Failed password for root from 61.177.173.18 port 13095 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 05:00:20,894] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:00:20,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:00:20,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:00:20,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 05:00:22,054] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:00:22,121] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:00:22,122] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:00:22,123] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:00:22,123] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:00:22,124] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:00:22,138] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:00:22,167] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0422 seconds
WARNING [2022-12-07 05:00:22,179] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:00:22,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:00:22,216] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0593 seconds
INFO    [2022-12-07 05:00:22,220] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0572 seconds
INFO    [2022-12-07 05:00:50,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382050.7340727, 'message': 'Dec  7 05:00:50 hqnl0246134 sshd[289514]: Invalid user utente from 165.227.166.207 port 54002', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 05:00:50,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382050.7356718, 'message': 'Dec  7 05:00:50 hqnl0246134 sshd[289514]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:00:50,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382050.7358127, 'message': 'Dec  7 05:00:50 hqnl0246134 sshd[289514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 05:00:51,372] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:00:51,373] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:00:52,262] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:00:52,263] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:00:52,263] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 05:00:52,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382052.7367136, 'message': 'Dec  7 05:00:52 hqnl0246134 sshd[289514]: Failed password for invalid user utente from 165.227.166.207 port 54002 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:00:54,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382054.7405899, 'message': 'Dec  7 05:00:53 hqnl0246134 sshd[289514]: Disconnected from invalid user utente 165.227.166.207 port 54002 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:00:58,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382058.7493238, 'message': 'Dec  7 05:00:58 hqnl0246134 sshd[289520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:00:58,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382058.749752, 'message': 'Dec  7 05:00:58 hqnl0246134 sshd[289520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 05:01:00,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382060.7499359, 'message': 'Dec  7 05:01:00 hqnl0246134 sshd[289520]: Failed password for root from 61.177.173.18 port 38896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 05:01:02,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382062.7541225, 'message': 'Dec  7 05:01:02 hqnl0246134 sshd[289520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:01:04,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382064.7576168, 'message': 'Dec  7 05:01:04 hqnl0246134 sshd[289520]: Failed password for root from 61.177.173.18 port 38896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:01:08,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382068.765614, 'message': 'Dec  7 05:01:06 hqnl0246134 sshd[289520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 05:01:08,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382068.7659166, 'message': 'Dec  7 05:01:08 hqnl0246134 sshd[289520]: Failed password for root from 61.177.173.18 port 38896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 05:01:12,610] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:01:12,668] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0671 seconds
INFO    [2022-12-07 05:01:19,330] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:01:19,330] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:01:19,339] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:01:19,351] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 05:01:20,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382080.7766218, 'message': 'Dec  7 05:01:20 hqnl0246134 sshd[289552]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.92.157 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 05:01:20,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382080.7768486, 'message': 'Dec  7 05:01:20 hqnl0246134 sshd[289552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.92.157  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:01:22,385] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:01:22,386] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:01:22,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:01:22,404] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 05:01:22,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382082.7782397, 'message': 'Dec  7 05:01:22 hqnl0246134 sshd[289552]: Failed password for mysql from 43.153.92.157 port 56482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:01:27,362] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:01:27,363] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:01:27,370] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:01:27,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:01:42,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382102.8058476, 'message': 'Dec  7 05:01:42 hqnl0246134 sshd[289576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0870 seconds
INFO    [2022-12-07 05:01:42,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382102.8092017, 'message': 'Dec  7 05:01:42 hqnl0246134 sshd[289576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0856 seconds
INFO    [2022-12-07 05:01:44,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382104.8036337, 'message': 'Dec  7 05:01:44 hqnl0246134 sshd[289576]: Failed password for root from 61.177.173.18 port 40669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0755 seconds
INFO    [2022-12-07 05:01:44,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382104.8038561, 'message': 'Dec  7 05:01:44 hqnl0246134 sshd[289576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0779 seconds
INFO    [2022-12-07 05:01:46,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382106.804549, 'message': 'Dec  7 05:01:46 hqnl0246134 sshd[289576]: Failed password for root from 61.177.173.18 port 40669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:01:48,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382108.8084767, 'message': 'Dec  7 05:01:47 hqnl0246134 sshd[289576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:01:50,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382110.8128154, 'message': 'Dec  7 05:01:49 hqnl0246134 sshd[289576]: Failed password for root from 61.177.173.18 port 40669 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
WARNING [2022-12-07 05:01:51,376] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:01:51,377] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 05:01:54,197] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:02:00,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382120.826649, 'message': 'Dec  7 05:01:59 hqnl0246134 sshd[289588]: Invalid user master from 159.223.158.198 port 55992', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 05:02:00,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382120.8271406, 'message': 'Dec  7 05:02:00 hqnl0246134 sshd[289588]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.158.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:02:00,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382120.8273613, 'message': 'Dec  7 05:02:00 hqnl0246134 sshd[289588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.158.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 05:02:02,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382122.8469286, 'message': 'Dec  7 05:02:02 hqnl0246134 sshd[289588]: Failed password for invalid user master from 159.223.158.198 port 55992 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0716 seconds
INFO    [2022-12-07 05:02:04,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382124.829772, 'message': 'Dec  7 05:02:03 hqnl0246134 sshd[289588]: Disconnected from invalid user master 159.223.158.198 port 55992 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
WARNING [2022-12-07 05:02:12,619] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:02:12,644] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0353 seconds
INFO    [2022-12-07 05:02:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:02:17,887] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:02:17,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:02:17,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0309 seconds
INFO    [2022-12-07 05:02:20,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:02:20,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:02:20,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:02:20,579] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 05:02:28,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382148.8814983, 'message': 'Dec  7 05:02:27 hqnl0246134 sshd[289627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:02:28,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382148.8817482, 'message': 'Dec  7 05:02:27 hqnl0246134 sshd[289627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:02:30,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382150.8851173, 'message': 'Dec  7 05:02:29 hqnl0246134 sshd[289627]: Failed password for root from 61.177.173.18 port 60376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:02:30,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382150.886736, 'message': 'Dec  7 05:02:30 hqnl0246134 sshd[289627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:02:33,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382152.896786, 'message': 'Dec  7 05:02:31 hqnl0246134 sshd[289627]: Failed password for root from 61.177.173.18 port 60376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1453 seconds
INFO    [2022-12-07 05:02:33,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382152.897406, 'message': 'Dec  7 05:02:32 hqnl0246134 sshd[289627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:02:36,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382156.9157114, 'message': 'Dec  7 05:02:35 hqnl0246134 sshd[289627]: Failed password for root from 61.177.173.18 port 60376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:02:42,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382162.9399211, 'message': 'Dec  7 05:02:41 hqnl0246134 sshd[289638]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.142.142.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 05:02:42,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382162.940453, 'message': 'Dec  7 05:02:41 hqnl0246134 sshd[289638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.142.142.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:02:44,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382164.94208, 'message': 'Dec  7 05:02:43 hqnl0246134 sshd[289638]: Failed password for root from 98.142.142.201 port 37668 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 05:02:51,382] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:02:51,383] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:02:58,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382178.956976, 'message': 'Dec  7 05:02:57 hqnl0246134 sshd[289650]: Invalid user vyos from 165.227.166.207 port 36086', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 05:02:59,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382178.9574745, 'message': 'Dec  7 05:02:57 hqnl0246134 sshd[289650]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:02:59,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382178.9576948, 'message': 'Dec  7 05:02:57 hqnl0246134 sshd[289650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:03:00,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382180.9583614, 'message': 'Dec  7 05:02:59 hqnl0246134 sshd[289650]: Failed password for invalid user vyos from 165.227.166.207 port 36086 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:03:00,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382180.9586313, 'message': 'Dec  7 05:03:00 hqnl0246134 sshd[289650]: Disconnected from invalid user vyos 165.227.166.207 port 36086 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:03:03,279] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:03:03,280] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:03:03,290] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:03:03,302] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 05:03:10,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382190.9692087, 'message': 'Dec  7 05:03:10 hqnl0246134 sshd[289674]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:03:11,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382190.9694188, 'message': 'Dec  7 05:03:10 hqnl0246134 sshd[289674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 05:03:12,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:03:12,651] defence360agent.internals.the_sink: SensorIncidentList(<11 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-07 05:03:13,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382192.9724984, 'message': 'Dec  7 05:03:12 hqnl0246134 sshd[289674]: Failed password for root from 61.177.172.114 port 53136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 05:03:13,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382192.9728038, 'message': 'Dec  7 05:03:12 hqnl0246134 sshd[289676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 05:03:13,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382192.9730265, 'message': 'Dec  7 05:03:12 hqnl0246134 sshd[289676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 05:03:15,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382194.9740982, 'message': 'Dec  7 05:03:14 hqnl0246134 sshd[289674]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-07 05:03:15,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382194.9744148, 'message': 'Dec  7 05:03:14 hqnl0246134 sshd[289676]: Failed password for root from 61.177.173.18 port 16100 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 05:03:15,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382194.9771583, 'message': 'Dec  7 05:03:14 hqnl0246134 sshd[289678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 05:03:15,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382194.9776058, 'message': 'Dec  7 05:03:14 hqnl0246134 sshd[289676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:03:15,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382194.9774, 'message': 'Dec  7 05:03:14 hqnl0246134 sshd[289678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:03:17,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382196.976848, 'message': 'Dec  7 05:03:16 hqnl0246134 sshd[289674]: Failed password for root from 61.177.172.114 port 53136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-07 05:03:17,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382196.977136, 'message': 'Dec  7 05:03:16 hqnl0246134 sshd[289678]: Failed password for root from 61.177.173.51 port 51609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 05:03:17,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382196.981497, 'message': 'Dec  7 05:03:16 hqnl0246134 sshd[289676]: Failed password for root from 61.177.173.18 port 16100 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 05:03:17,928] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:03:17,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:03:17,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:03:17,958] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0285 seconds
INFO    [2022-12-07 05:03:19,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382198.9795806, 'message': 'Dec  7 05:03:18 hqnl0246134 sshd[289674]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:03:19,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382198.979814, 'message': 'Dec  7 05:03:18 hqnl0246134 sshd[289678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:03:20,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:03:20,644] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:03:20,651] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:03:20,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 05:03:21,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382200.981458, 'message': 'Dec  7 05:03:19 hqnl0246134 sshd[289676]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0544 seconds
INFO    [2022-12-07 05:03:21,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382200.9817328, 'message': 'Dec  7 05:03:19 hqnl0246134 sshd[289674]: Failed password for root from 61.177.172.114 port 53136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0542 seconds
INFO    [2022-12-07 05:03:21,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382200.981925, 'message': 'Dec  7 05:03:20 hqnl0246134 sshd[289678]: Failed password for root from 61.177.173.51 port 51609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 05:03:23,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382202.9822338, 'message': 'Dec  7 05:03:21 hqnl0246134 sshd[289678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0875 seconds
INFO    [2022-12-07 05:03:23,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382202.982419, 'message': 'Dec  7 05:03:21 hqnl0246134 sshd[289676]: Failed password for root from 61.177.173.18 port 16100 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0879 seconds
INFO    [2022-12-07 05:03:23,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382202.982528, 'message': 'Dec  7 05:03:22 hqnl0246134 sshd[289714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0881 seconds
INFO    [2022-12-07 05:03:23,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382202.9835348, 'message': 'Dec  7 05:03:22 hqnl0246134 sshd[289716]: Invalid user radius from 178.62.92.240 port 58984', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0869 seconds
INFO    [2022-12-07 05:03:23,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382202.983416, 'message': 'Dec  7 05:03:22 hqnl0246134 sshd[289714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:03:25,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382204.984841, 'message': 'Dec  7 05:03:23 hqnl0246134 sshd[289716]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.92.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 05:03:25,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382204.98518, 'message': 'Dec  7 05:03:23 hqnl0246134 sshd[289678]: Failed password for root from 61.177.173.51 port 51609 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-07 05:03:25,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382204.9859047, 'message': 'Dec  7 05:03:24 hqnl0246134 sshd[289718]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 05:03:25,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382204.985066, 'message': 'Dec  7 05:03:23 hqnl0246134 sshd[289716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.92.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 05:03:25,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382204.986165, 'message': 'Dec  7 05:03:24 hqnl0246134 sshd[289714]: Failed password for root from 61.177.172.114 port 51674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 05:03:25,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382204.9860134, 'message': 'Dec  7 05:03:24 hqnl0246134 sshd[289718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 05:03:27,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382206.986506, 'message': 'Dec  7 05:03:25 hqnl0246134 sshd[289720]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0742 seconds
INFO    [2022-12-07 05:03:27,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382206.9868731, 'message': 'Dec  7 05:03:25 hqnl0246134 sshd[289716]: Failed password for invalid user radius from 178.62.92.240 port 58984 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0707 seconds
INFO    [2022-12-07 05:03:27,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382206.9871607, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.83.45.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0710 seconds
INFO    [2022-12-07 05:03:27,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382206.986734, 'message': 'Dec  7 05:03:25 hqnl0246134 sshd[289720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-07 05:03:27,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382206.9869847, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289716]: Disconnected from invalid user radius 178.62.92.240 port 58984 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0695 seconds
INFO    [2022-12-07 05:03:27,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382206.9873703, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289718]: Failed password for root from 220.80.223.144 port 32974 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0698 seconds
INFO    [2022-12-07 05:03:27,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382206.987266, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.45.110  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0695 seconds
INFO    [2022-12-07 05:03:27,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382206.9874706, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0689 seconds
INFO    [2022-12-07 05:03:27,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382206.987586, 'message': 'Dec  7 05:03:26 hqnl0246134 sshd[289720]: Failed password for root from 61.177.173.51 port 33723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:03:29,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382208.9885437, 'message': 'Dec  7 05:03:27 hqnl0246134 sshd[289720]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1121 seconds
INFO    [2022-12-07 05:03:29,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382208.9887357, 'message': 'Dec  7 05:03:28 hqnl0246134 sshd[289724]: Failed password for root from 51.83.45.110 port 35574 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1125 seconds
INFO    [2022-12-07 05:03:29,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382208.9888482, 'message': 'Dec  7 05:03:28 hqnl0246134 sshd[289714]: Failed password for root from 61.177.172.114 port 51674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1124 seconds
INFO    [2022-12-07 05:03:29,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382208.9889529, 'message': 'Dec  7 05:03:28 hqnl0246134 sshd[289714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:03:31,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382210.9903402, 'message': 'Dec  7 05:03:29 hqnl0246134 sshd[289720]: Failed password for root from 61.177.173.51 port 33723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:03:31,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382210.9905205, 'message': 'Dec  7 05:03:30 hqnl0246134 sshd[289714]: Failed password for root from 61.177.172.114 port 51674 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 05:03:33,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382212.994507, 'message': 'Dec  7 05:03:31 hqnl0246134 sshd[289720]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 05:03:33,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382212.994729, 'message': 'Dec  7 05:03:32 hqnl0246134 sshd[289729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 05:03:33,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382212.9948447, 'message': 'Dec  7 05:03:32 hqnl0246134 sshd[289729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:03:35,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670382214.9972675, 'message': 'Dec  7 05:03:33 hqnl0246134 sshd[289720]: Failed password for root from 61.177.173.51 port 33723 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:03:35,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382214.9976192, 'message': 'Dec  7 05:03:34 hqnl0246134 sshd[289729]: Failed password for root from 61.177.172.114 port 30844 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:03:35,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382214.9977672, 'message': 'Dec  7 05:03:34 hqnl0246134 sshd[289729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:03:37,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670382216.9989495, 'message': 'Dec  7 05:03:36 hqnl0246134 sshd[289739]: Invalid user dal from 45.155.158.143 port 54522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 05:03:39,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.155.158.143', 'timestamp': 1670382219.0006883, 'message': 'Dec  7 05:03:37 hqnl0246134 sshd[289739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.155.158.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:03:39,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382219.0011983, 'message': 'Dec  7 05:03:37 hqnl0246134 sshd[289729]: Failed password for root from 61.177.172.114 port 30844 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 05:03:39,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.155.158.143', 'timestamp': 1670382219.0010405, 'message': 'Dec  7 05:03:37 hqnl0246134 sshd[289739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.155.158.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:03:39,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670382219.0013201, 'message': 'Dec  7 05:03:38 hqnl0246134 sshd[289739]: Failed password for invalid user dal from 45.155.158.143 port 54522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:03:41,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382221.0037434, 'message': 'Dec  7 05:03:39 hqnl0246134 sshd[289729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:03:41,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670382221.003964, 'message': 'Dec  7 05:03:40 hqnl0246134 sshd[289739]: Disconnected from invalid user dal 45.155.158.143 port 54522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:03:43,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382223.0056827, 'message': 'Dec  7 05:03:41 hqnl0246134 sshd[289729]: Failed password for root from 61.177.172.114 port 30844 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:03:43,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382223.0059266, 'message': 'Dec  7 05:03:42 hqnl0246134 sshd[289741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:03:43,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382223.0060682, 'message': 'Dec  7 05:03:42 hqnl0246134 sshd[289741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:03:45,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382225.0071125, 'message': 'Dec  7 05:03:44 hqnl0246134 sshd[289741]: Failed password for root from 61.177.172.114 port 59403 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:03:47,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382227.01118, 'message': 'Dec  7 05:03:45 hqnl0246134 sshd[289741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:03:49,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382229.0124412, 'message': 'Dec  7 05:03:47 hqnl0246134 sshd[289741]: Failed password for root from 61.177.172.114 port 59403 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 05:03:51,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382231.0152798, 'message': 'Dec  7 05:03:49 hqnl0246134 sshd[289741]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 05:03:51,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:03:51,389] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:03:53,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670382233.019024, 'message': 'Dec  7 05:03:51 hqnl0246134 sshd[289741]: Failed password for root from 61.177.172.114 port 59403 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:04:01,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382241.0286798, 'message': 'Dec  7 05:03:59 hqnl0246134 sshd[289746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 05:04:01,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382241.028967, 'message': 'Dec  7 05:03:59 hqnl0246134 sshd[289746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:04:01,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382241.0290961, 'message': 'Dec  7 05:04:00 hqnl0246134 sshd[289746]: Failed password for root from 61.177.173.18 port 49967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:04:03,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382243.0296197, 'message': 'Dec  7 05:04:01 hqnl0246134 sshd[289746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:04:03,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382243.0300221, 'message': 'Dec  7 05:04:01 hqnl0246134 sshd[289748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:04:03,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382243.030162, 'message': 'Dec  7 05:04:01 hqnl0246134 sshd[289748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:04:05,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382245.032614, 'message': 'Dec  7 05:04:03 hqnl0246134 sshd[289746]: Failed password for root from 61.177.173.18 port 49967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 05:04:05,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382245.0330186, 'message': 'Dec  7 05:04:03 hqnl0246134 sshd[289748]: Failed password for root from 61.177.173.37 port 21485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:04:05,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382245.0331788, 'message': 'Dec  7 05:04:03 hqnl0246134 sshd[289746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:04:07,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382247.0353649, 'message': 'Dec  7 05:04:05 hqnl0246134 sshd[289746]: Failed password for root from 61.177.173.18 port 49967 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:04:07,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382247.0356243, 'message': 'Dec  7 05:04:05 hqnl0246134 sshd[289748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:04:09,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382249.0387769, 'message': 'Dec  7 05:04:07 hqnl0246134 sshd[289767]: Invalid user steam from 98.252.188.193 port 27899', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:04:09,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382249.039072, 'message': 'Dec  7 05:04:07 hqnl0246134 sshd[289748]: Failed password for root from 61.177.173.37 port 21485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:04:09,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382249.0392644, 'message': 'Dec  7 05:04:07 hqnl0246134 sshd[289767]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.252.188.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:04:09,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382249.0394523, 'message': 'Dec  7 05:04:07 hqnl0246134 sshd[289767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.252.188.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:04:11,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382251.0412498, 'message': 'Dec  7 05:04:09 hqnl0246134 sshd[289767]: Failed password for invalid user steam from 98.252.188.193 port 27899 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-07 05:04:11,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382251.04152, 'message': 'Dec  7 05:04:10 hqnl0246134 sshd[289748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0506 seconds
WARNING [2022-12-07 05:04:12,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:04:12,692] defence360agent.internals.the_sink: SensorIncidentList(<28 item(s)>) processed in 0.0726 seconds
INFO    [2022-12-07 05:04:13,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382253.045104, 'message': 'Dec  7 05:04:11 hqnl0246134 sshd[289767]: Disconnected from invalid user steam 98.252.188.193 port 27899 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:04:13,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382253.045409, 'message': 'Dec  7 05:04:12 hqnl0246134 sshd[289748]: Failed password for root from 61.177.173.37 port 21485 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 05:04:17,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382257.0502431, 'message': 'Dec  7 05:04:15 hqnl0246134 sshd[289770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:04:17,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382257.0504417, 'message': 'Dec  7 05:04:15 hqnl0246134 sshd[289770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:04:18,117] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:04:18,117] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:04:18,125] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:04:18,135] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 05:04:19,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382259.0525732, 'message': 'Dec  7 05:04:18 hqnl0246134 sshd[289770]: Failed password for root from 61.177.173.37 port 24059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:04:20,823] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:04:20,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:04:20,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:04:20,842] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 05:04:21,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382261.0536485, 'message': 'Dec  7 05:04:20 hqnl0246134 sshd[289770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:04:23,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382263.0569344, 'message': 'Dec  7 05:04:22 hqnl0246134 sshd[289770]: Failed password for root from 61.177.173.37 port 24059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:04:25,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382265.0594914, 'message': 'Dec  7 05:04:24 hqnl0246134 sshd[289770]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:04:27,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382267.062808, 'message': 'Dec  7 05:04:25 hqnl0246134 sshd[289770]: Failed password for root from 61.177.173.37 port 24059 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:04:29,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382269.0649393, 'message': 'Dec  7 05:04:28 hqnl0246134 sshd[289790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:04:29,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382269.0651326, 'message': 'Dec  7 05:04:28 hqnl0246134 sshd[289790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:04:29,260] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:04:29,260] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:04:29,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:04:29,283] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 05:04:31,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.221.173.142', 'timestamp': 1670382271.0665636, 'message': 'Dec  7 05:04:29 hqnl0246134 sshd[289786]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.221.173.142 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:04:31,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382271.0669496, 'message': 'Dec  7 05:04:30 hqnl0246134 sshd[289790]: Failed password for root from 61.177.173.37 port 11237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:04:31,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.221.173.142', 'timestamp': 1670382271.066823, 'message': 'Dec  7 05:04:29 hqnl0246134 sshd[289786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.221.173.142  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:04:31,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.221.173.142', 'timestamp': 1670382271.0670562, 'message': 'Dec  7 05:04:30 hqnl0246134 sshd[289786]: Failed password for root from 50.221.173.142 port 57738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:04:33,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382273.0693836, 'message': 'Dec  7 05:04:32 hqnl0246134 sshd[289790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:04:35,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382275.07043, 'message': 'Dec  7 05:04:34 hqnl0246134 sshd[289790]: Failed password for root from 61.177.173.37 port 11237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 05:04:37,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382277.071336, 'message': 'Dec  7 05:04:37 hqnl0246134 sshd[289790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:04:39,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382279.0799396, 'message': 'Dec  7 05:04:37 hqnl0246134 sshd[289775]: Invalid user market from 98.142.142.201 port 44608', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 05:04:39,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382279.0802486, 'message': 'Dec  7 05:04:37 hqnl0246134 sshd[289775]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.142.142.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:04:39,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382279.0805328, 'message': 'Dec  7 05:04:37 hqnl0246134 sshd[289775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.142.142.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 05:04:41,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382281.083554, 'message': 'Dec  7 05:04:39 hqnl0246134 sshd[289790]: Failed password for root from 61.177.173.37 port 11237 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:04:41,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382281.083842, 'message': 'Dec  7 05:04:39 hqnl0246134 sshd[289775]: Failed password for invalid user market from 98.142.142.201 port 44608 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:04:41,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382281.0839543, 'message': 'Dec  7 05:04:40 hqnl0246134 sshd[289775]: Disconnected from invalid user market 98.142.142.201 port 44608 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:04:43,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382283.087391, 'message': 'Dec  7 05:04:41 hqnl0246134 sshd[289804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:04:43,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382283.0880945, 'message': 'Dec  7 05:04:41 hqnl0246134 sshd[289804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 05:04:45,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382285.09187, 'message': 'Dec  7 05:04:43 hqnl0246134 sshd[289804]: Failed password for root from 61.177.173.18 port 46600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:04:45,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382285.0921497, 'message': 'Dec  7 05:04:43 hqnl0246134 sshd[289804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:04:47,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382287.0998495, 'message': 'Dec  7 05:04:45 hqnl0246134 sshd[289804]: Failed password for root from 61.177.173.18 port 46600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:04:47,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382287.1000426, 'message': 'Dec  7 05:04:46 hqnl0246134 sshd[289804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:04:49,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382289.1083198, 'message': 'Dec  7 05:04:47 hqnl0246134 sshd[289806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:04:49,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382289.1087735, 'message': 'Dec  7 05:04:48 hqnl0246134 sshd[289804]: Failed password for root from 61.177.173.18 port 46600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:04:49,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382289.108572, 'message': 'Dec  7 05:04:47 hqnl0246134 sshd[289806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:04:51,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382291.1100438, 'message': 'Dec  7 05:04:49 hqnl0246134 sshd[289806]: Failed password for root from 61.177.173.37 port 44139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:04:51,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382291.1102564, 'message': 'Dec  7 05:04:49 hqnl0246134 sshd[289806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 05:04:51,391] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:04:51,392] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:04:53,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382293.1149416, 'message': 'Dec  7 05:04:51 hqnl0246134 sshd[289806]: Failed password for root from 61.177.173.37 port 44139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:04:53,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382293.1152182, 'message': 'Dec  7 05:04:52 hqnl0246134 sshd[289806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 05:04:55,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382295.1173425, 'message': 'Dec  7 05:04:54 hqnl0246134 sshd[289806]: Failed password for root from 61.177.173.37 port 44139 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:05:01,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382301.1220345, 'message': 'Dec  7 05:05:00 hqnl0246134 sshd[289810]: Invalid user wangyaowei from 165.227.166.207 port 46356', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 05:05:01,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382301.1223996, 'message': 'Dec  7 05:05:00 hqnl0246134 sshd[289810]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:05:01,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382301.122513, 'message': 'Dec  7 05:05:00 hqnl0246134 sshd[289810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 05:05:03,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382303.124977, 'message': 'Dec  7 05:05:02 hqnl0246134 sshd[289810]: Failed password for invalid user wangyaowei from 165.227.166.207 port 46356 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:05:03,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382303.1253033, 'message': 'Dec  7 05:05:03 hqnl0246134 sshd[289831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 05:05:03,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382303.125475, 'message': 'Dec  7 05:05:03 hqnl0246134 sshd[289831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 05:05:05,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382305.1263163, 'message': 'Dec  7 05:05:04 hqnl0246134 sshd[289810]: Disconnected from invalid user wangyaowei 165.227.166.207 port 46356 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:05:07,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382307.1298602, 'message': 'Dec  7 05:05:05 hqnl0246134 sshd[289831]: Failed password for root from 61.177.173.37 port 33547 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 05:05:07,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382307.1301095, 'message': 'Dec  7 05:05:06 hqnl0246134 sshd[289843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 05:05:07,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382307.1302855, 'message': 'Dec  7 05:05:06 hqnl0246134 sshd[289843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:05:09,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382309.1331658, 'message': 'Dec  7 05:05:07 hqnl0246134 sshd[289831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 05:05:09,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382309.1333942, 'message': 'Dec  7 05:05:09 hqnl0246134 sshd[289843]: Failed password for root from 61.177.173.48 port 46009 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 05:05:11,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382311.140743, 'message': 'Dec  7 05:05:09 hqnl0246134 sshd[289831]: Failed password for root from 61.177.173.37 port 33547 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 05:05:11,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382311.1414208, 'message': 'Dec  7 05:05:11 hqnl0246134 sshd[289843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 05:05:11,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382311.1413014, 'message': 'Dec  7 05:05:09 hqnl0246134 sshd[289831]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 05:05:12,636] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:05:12,666] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0394 seconds
INFO    [2022-12-07 05:05:13,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670382313.142536, 'message': 'Dec  7 05:05:11 hqnl0246134 sshd[289831]: Failed password for root from 61.177.173.37 port 33547 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:05:13,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382313.1427271, 'message': 'Dec  7 05:05:12 hqnl0246134 sshd[289843]: Failed password for root from 61.177.173.48 port 46009 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:05:15,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382315.1473498, 'message': 'Dec  7 05:05:13 hqnl0246134 sshd[289843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:05:15,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382315.147537, 'message': 'Dec  7 05:05:15 hqnl0246134 sshd[289843]: Failed password for root from 61.177.173.48 port 46009 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:05:17,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382317.153945, 'message': 'Dec  7 05:05:17 hqnl0246134 sshd[289878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:05:17,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382317.1541293, 'message': 'Dec  7 05:05:17 hqnl0246134 sshd[289878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:05:18,058] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:05:18,059] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:05:18,069] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:05:18,080] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 05:05:19,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382319.1538963, 'message': 'Dec  7 05:05:19 hqnl0246134 sshd[289878]: Failed password for root from 61.177.173.48 port 23761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:05:20,756] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:05:20,756] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:05:20,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:05:20,775] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 05:05:21,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382321.156427, 'message': 'Dec  7 05:05:19 hqnl0246134 sshd[289878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:05:23,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382323.1582522, 'message': 'Dec  7 05:05:21 hqnl0246134 sshd[289878]: Failed password for root from 61.177.173.48 port 23761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-07 05:05:23,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382323.158726, 'message': 'Dec  7 05:05:22 hqnl0246134 sshd[289891]: Invalid user sysadmin from 190.181.56.107 port 15938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-07 05:05:23,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382323.1585076, 'message': 'Dec  7 05:05:21 hqnl0246134 sshd[289878]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 05:05:23,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382323.1589992, 'message': 'Dec  7 05:05:23 hqnl0246134 sshd[289891]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.56.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 05:05:23,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382323.159237, 'message': 'Dec  7 05:05:23 hqnl0246134 sshd[289891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.56.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:05:25,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382325.1628206, 'message': 'Dec  7 05:05:23 hqnl0246134 sshd[289878]: Failed password for root from 61.177.173.48 port 23761 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:05:27,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382327.1690688, 'message': 'Dec  7 05:05:25 hqnl0246134 sshd[289891]: Failed password for invalid user sysadmin from 190.181.56.107 port 15938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:05:27,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382327.169535, 'message': 'Dec  7 05:05:27 hqnl0246134 sshd[289894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 05:05:27,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382327.1693764, 'message': 'Dec  7 05:05:26 hqnl0246134 sshd[289891]: Disconnected from invalid user sysadmin 190.181.56.107 port 15938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 05:05:27,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382327.1696951, 'message': 'Dec  7 05:05:27 hqnl0246134 sshd[289894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:05:29,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382329.1741586, 'message': 'Dec  7 05:05:27 hqnl0246134 sshd[289896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:05:29,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382329.1744792, 'message': 'Dec  7 05:05:29 hqnl0246134 sshd[289894]: Failed password for root from 61.177.173.18 port 58787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:05:29,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382329.1743605, 'message': 'Dec  7 05:05:27 hqnl0246134 sshd[289896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:05:31,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382331.1770613, 'message': 'Dec  7 05:05:29 hqnl0246134 sshd[289894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:05:31,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382331.177247, 'message': 'Dec  7 05:05:29 hqnl0246134 sshd[289896]: Failed password for root from 61.177.173.48 port 49898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:05:31,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382331.1773973, 'message': 'Dec  7 05:05:29 hqnl0246134 sshd[289896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:05:33,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382333.1803849, 'message': 'Dec  7 05:05:31 hqnl0246134 sshd[289894]: Failed password for root from 61.177.173.18 port 58787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:05:33,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382333.1806874, 'message': 'Dec  7 05:05:31 hqnl0246134 sshd[289896]: Failed password for root from 61.177.173.48 port 49898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:05:33,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382333.1805575, 'message': 'Dec  7 05:05:31 hqnl0246134 sshd[289894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 05:05:33,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382333.1808271, 'message': 'Dec  7 05:05:32 hqnl0246134 sshd[289896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 05:05:35,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382335.1830235, 'message': 'Dec  7 05:05:33 hqnl0246134 sshd[289894]: Failed password for root from 61.177.173.18 port 58787 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:05:35,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670382335.1834185, 'message': 'Dec  7 05:05:34 hqnl0246134 sshd[289896]: Failed password for root from 61.177.173.48 port 49898 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:05:36,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:05:36,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:05:36,354] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:05:36,365] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
WARNING [2022-12-07 05:05:51,396] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:05:51,398] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:06:02,823] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:06:02,895] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:06:02,896] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:06:02,896] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:06:02,896] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:06:02,897] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:06:02,916] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:06:02,940] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0421 seconds
WARNING [2022-12-07 05:06:02,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:06:02,949] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:06:02,966] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0319 seconds
INFO    [2022-12-07 05:06:02,968] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0301 seconds
INFO    [2022-12-07 05:06:07,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382367.2310343, 'message': 'Dec  7 05:06:05 hqnl0246134 sshd[289913]: Invalid user ll from 98.142.142.201 port 51550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 05:06:07,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382367.2319078, 'message': 'Dec  7 05:06:06 hqnl0246134 sshd[289933]: Invalid user kelvin from 79.133.56.220 port 39392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:06:07,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382367.2315748, 'message': 'Dec  7 05:06:05 hqnl0246134 sshd[289913]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.142.142.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 05:06:07,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382367.2320218, 'message': 'Dec  7 05:06:06 hqnl0246134 sshd[289933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.133.56.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:06:07,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382367.2317493, 'message': 'Dec  7 05:06:05 hqnl0246134 sshd[289913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.142.142.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:06:07,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382367.2321324, 'message': 'Dec  7 05:06:06 hqnl0246134 sshd[289933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.133.56.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:06:09,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382369.2327263, 'message': 'Dec  7 05:06:07 hqnl0246134 sshd[289913]: Failed password for invalid user ll from 98.142.142.201 port 51550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 05:06:09,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382369.2329772, 'message': 'Dec  7 05:06:08 hqnl0246134 sshd[289933]: Failed password for invalid user kelvin from 79.133.56.220 port 39392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:06:11,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.142.142.201', 'timestamp': 1670382371.236427, 'message': 'Dec  7 05:06:10 hqnl0246134 sshd[289913]: Disconnected from invalid user ll 98.142.142.201 port 51550 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 05:06:11,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382371.2367513, 'message': 'Dec  7 05:06:10 hqnl0246134 sshd[289933]: Disconnected from invalid user kelvin 79.133.56.220 port 39392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0449 seconds
WARNING [2022-12-07 05:06:12,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:06:12,700] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0616 seconds
INFO    [2022-12-07 05:06:15,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382375.2405934, 'message': 'Dec  7 05:06:14 hqnl0246134 sshd[289936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:06:15,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382375.2408772, 'message': 'Dec  7 05:06:14 hqnl0246134 sshd[289936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:06:17,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382377.2426648, 'message': 'Dec  7 05:06:15 hqnl0246134 sshd[289936]: Failed password for root from 61.177.173.18 port 28323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:06:17,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382377.2429156, 'message': 'Dec  7 05:06:16 hqnl0246134 sshd[289936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:06:17,868] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:06:17,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:06:17,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:06:17,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 05:06:19,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382379.2442973, 'message': 'Dec  7 05:06:19 hqnl0246134 sshd[289936]: Failed password for root from 61.177.173.18 port 28323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:06:21,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382381.2493663, 'message': 'Dec  7 05:06:20 hqnl0246134 sshd[289936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:06:22,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:06:22,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:06:22,368] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:06:22,379] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:06:23,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382383.2516756, 'message': 'Dec  7 05:06:23 hqnl0246134 sshd[289936]: Failed password for root from 61.177.173.18 port 28323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:06:31,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382391.2634664, 'message': 'Dec  7 05:06:31 hqnl0246134 sshd[289952]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.176.145.140 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:06:31,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382391.2637713, 'message': 'Dec  7 05:06:31 hqnl0246134 sshd[289952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.140  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:06:33,567] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:06:33,567] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:06:33,568] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 05:06:35,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382395.2690651, 'message': 'Dec  7 05:06:33 hqnl0246134 sshd[289952]: Failed password for root from 181.176.145.140 port 42018 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 05:06:39,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:06:39,754] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:06:39,761] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:06:39,773] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-07 05:06:51,404] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:06:51,405] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:07:01,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382421.3081613, 'message': 'Dec  7 05:06:59 hqnl0246134 sshd[289977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:07:01,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382421.308808, 'message': 'Dec  7 05:06:59 hqnl0246134 sshd[289977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:07:01,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382421.3090494, 'message': 'Dec  7 05:07:01 hqnl0246134 sshd[289977]: Failed password for root from 61.177.173.18 port 35224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:07:03,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382423.3089962, 'message': 'Dec  7 05:07:01 hqnl0246134 sshd[289977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:07:05,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382425.3112485, 'message': 'Dec  7 05:07:03 hqnl0246134 sshd[289986]: Invalid user wjx from 165.227.166.207 port 56648', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0536 seconds
INFO    [2022-12-07 05:07:05,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382425.3123224, 'message': 'Dec  7 05:07:04 hqnl0246134 sshd[289977]: Failed password for root from 61.177.173.18 port 35224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-07 05:07:05,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382425.3119771, 'message': 'Dec  7 05:07:03 hqnl0246134 sshd[289986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:07:05,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382425.3121936, 'message': 'Dec  7 05:07:03 hqnl0246134 sshd[289986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:07:07,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382427.3126776, 'message': 'Dec  7 05:07:06 hqnl0246134 sshd[289977]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 05:07:07,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382427.3130744, 'message': 'Dec  7 05:07:06 hqnl0246134 sshd[289986]: Failed password for invalid user wjx from 165.227.166.207 port 56648 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 05:07:09,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382429.3154247, 'message': 'Dec  7 05:07:08 hqnl0246134 sshd[289986]: Disconnected from invalid user wjx 165.227.166.207 port 56648 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:07:09,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382429.3156748, 'message': 'Dec  7 05:07:08 hqnl0246134 sshd[289977]: Failed password for root from 61.177.173.18 port 35224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
WARNING [2022-12-07 05:07:12,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:07:12,679] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0363 seconds
INFO    [2022-12-07 05:07:17,930] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:07:17,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:07:17,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:07:17,951] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 05:07:20,542] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:07:20,542] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:07:20,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:07:20,560] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 05:07:25,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382445.3385513, 'message': 'Dec  7 05:07:23 hqnl0246134 sshd[290015]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.23.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:07:25,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382445.3388844, 'message': 'Dec  7 05:07:23 hqnl0246134 sshd[290015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.23.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:07:25,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382445.3390758, 'message': 'Dec  7 05:07:25 hqnl0246134 sshd[290015]: Failed password for root from 46.101.23.51 port 36320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:07:47,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382467.3783877, 'message': 'Dec  7 05:07:46 hqnl0246134 sshd[290028]: Invalid user fred from 35.202.200.207 port 1758', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 05:07:47,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382467.3788352, 'message': 'Dec  7 05:07:46 hqnl0246134 sshd[290026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 05:07:47,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382467.3791654, 'message': 'Dec  7 05:07:46 hqnl0246134 sshd[290028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.202.200.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:07:47,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382467.3790216, 'message': 'Dec  7 05:07:46 hqnl0246134 sshd[290026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 05:07:47,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382467.3793044, 'message': 'Dec  7 05:07:46 hqnl0246134 sshd[290028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.202.200.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:07:49,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382469.3800979, 'message': 'Dec  7 05:07:47 hqnl0246134 sshd[290026]: Failed password for root from 61.177.173.18 port 52411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:07:49,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382469.380356, 'message': 'Dec  7 05:07:47 hqnl0246134 sshd[290028]: Failed password for invalid user fred from 35.202.200.207 port 1758 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:07:49,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382469.3806443, 'message': 'Dec  7 05:07:48 hqnl0246134 sshd[290026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:07:49,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382469.3804834, 'message': 'Dec  7 05:07:48 hqnl0246134 sshd[290028]: Disconnected from invalid user fred 35.202.200.207 port 1758 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
WARNING [2022-12-07 05:07:51,407] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:07:51,407] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:07:51,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670382471.380305, 'message': 'Dec  7 05:07:51 hqnl0246134 sshd[290030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:07:51,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382471.3808064, 'message': 'Dec  7 05:07:51 hqnl0246134 sshd[290026]: Failed password for root from 61.177.173.18 port 52411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 05:07:51,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670382471.3806696, 'message': 'Dec  7 05:07:51 hqnl0246134 sshd[290030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:07:53,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382473.3824494, 'message': 'Dec  7 05:07:52 hqnl0246134 sshd[290026]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:07:53,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '3.0.202.116', 'timestamp': 1670382473.3826678, 'message': 'Dec  7 05:07:53 hqnl0246134 sshd[290030]: Failed password for root from 3.0.202.116 port 60094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:07:55,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382475.3852353, 'message': 'Dec  7 05:07:55 hqnl0246134 sshd[290026]: Failed password for root from 61.177.173.18 port 52411 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:08:09,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.93.7.194', 'timestamp': 1670382489.4032958, 'message': 'Dec  7 05:08:08 hqnl0246134 sshd[290048]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.93.7.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:08:09,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.93.7.194', 'timestamp': 1670382489.403854, 'message': 'Dec  7 05:08:08 hqnl0246134 sshd[290048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.7.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:08:11,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.93.7.194', 'timestamp': 1670382491.4053183, 'message': 'Dec  7 05:08:10 hqnl0246134 sshd[290048]: Failed password for root from 182.93.7.194 port 59710 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-07 05:08:11,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382491.4055505, 'message': 'Dec  7 05:08:10 hqnl0246134 sshd[290050]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.158.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 05:08:11,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382491.405725, 'message': 'Dec  7 05:08:10 hqnl0246134 sshd[290050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.158.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
WARNING [2022-12-07 05:08:12,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:08:12,679] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0322 seconds
INFO    [2022-12-07 05:08:13,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382493.4074264, 'message': 'Dec  7 05:08:12 hqnl0246134 sshd[290050]: Failed password for root from 159.223.158.198 port 41426 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:08:14,785] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:08:14,786] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:08:14,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:08:14,806] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 05:08:17,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:08:17,741] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:08:17,760] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:08:17,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0358 seconds
INFO    [2022-12-07 05:08:20,517] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:08:20,517] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:08:20,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:08:20,540] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 05:08:21,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382501.416292, 'message': 'Dec  7 05:08:19 hqnl0246134 sshd[290064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.130.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:08:21,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382501.4165275, 'message': 'Dec  7 05:08:19 hqnl0246134 sshd[290064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.130.175  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:08:23,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382503.4176672, 'message': 'Dec  7 05:08:22 hqnl0246134 sshd[290064]: Failed password for root from 137.184.130.175 port 50102 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:08:23,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382503.4178703, 'message': 'Dec  7 05:08:22 hqnl0246134 sshd[290070]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.162.37.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:08:23,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382503.4179835, 'message': 'Dec  7 05:08:22 hqnl0246134 sshd[290070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.37.223  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:08:25,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382505.4215195, 'message': 'Dec  7 05:08:23 hqnl0246134 sshd[290070]: Failed password for root from 130.162.37.223 port 52086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:08:33,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382513.4335043, 'message': 'Dec  7 05:08:32 hqnl0246134 sshd[290073]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:08:33,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382513.4337144, 'message': 'Dec  7 05:08:32 hqnl0246134 sshd[290073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:08:35,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382515.4372675, 'message': 'Dec  7 05:08:33 hqnl0246134 sshd[290073]: Failed password for root from 61.177.173.18 port 12613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 05:08:35,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382515.437641, 'message': 'Dec  7 05:08:34 hqnl0246134 sshd[290073]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:08:37,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382517.439484, 'message': 'Dec  7 05:08:36 hqnl0246134 sshd[290073]: Failed password for root from 61.177.173.18 port 12613 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-07 05:08:37,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382517.4406896, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290075]: Invalid user adrian from 163.172.60.130 port 32894', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 05:08:37,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382517.4405377, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290073]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:08:37,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382517.440819, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290075]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.60.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:08:37,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382517.4409766, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.60.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:08:39,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382519.4423735, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290085]: Invalid user irina from 152.67.254.42 port 48236', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 05:08:39,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382519.4428468, 'message': 'Dec  7 05:08:38 hqnl0246134 sshd[290109]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.133.56.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 05:08:39,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382519.4425595, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290085]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.67.254.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:08:39,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382519.4429688, 'message': 'Dec  7 05:08:38 hqnl0246134 sshd[290109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.133.56.220  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:08:39,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382519.4427264, 'message': 'Dec  7 05:08:37 hqnl0246134 sshd[290085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.67.254.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:08:41,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382521.445643, 'message': 'Dec  7 05:08:39 hqnl0246134 sshd[290073]: Failed password for root from 61.177.173.18 port 12613 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-07 05:08:41,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382521.4459128, 'message': 'Dec  7 05:08:40 hqnl0246134 sshd[290075]: Failed password for invalid user adrian from 163.172.60.130 port 32894 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 05:08:41,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382521.4460614, 'message': 'Dec  7 05:08:40 hqnl0246134 sshd[290085]: Failed password for invalid user irina from 152.67.254.42 port 48236 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0576 seconds
INFO    [2022-12-07 05:08:41,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382521.4461699, 'message': 'Dec  7 05:08:40 hqnl0246134 sshd[290109]: Failed password for root from 79.133.56.220 port 49892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-07 05:08:43,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382523.4499846, 'message': 'Dec  7 05:08:42 hqnl0246134 sshd[290085]: Disconnected from invalid user irina 152.67.254.42 port 48236 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:08:43,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382523.4501662, 'message': 'Dec  7 05:08:42 hqnl0246134 sshd[290075]: Disconnected from invalid user adrian 163.172.60.130 port 32894 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
WARNING [2022-12-07 05:08:51,413] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:08:51,414] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:09:09,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382549.4880157, 'message': 'Dec  7 05:09:08 hqnl0246134 sshd[290255]: Invalid user zabbix from 165.227.166.207 port 38706', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:09:09,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382549.4896245, 'message': 'Dec  7 05:09:08 hqnl0246134 sshd[290255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:09:09,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382549.4899285, 'message': 'Dec  7 05:09:08 hqnl0246134 sshd[290255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 05:09:11,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382551.4879053, 'message': 'Dec  7 05:09:10 hqnl0246134 sshd[290255]: Failed password for invalid user zabbix from 165.227.166.207 port 38706 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 05:09:11,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382551.4881492, 'message': 'Dec  7 05:09:11 hqnl0246134 sshd[290255]: Disconnected from invalid user zabbix 165.227.166.207 port 38706 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 05:09:12,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:09:12,702] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0452 seconds
INFO    [2022-12-07 05:09:17,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382557.4995282, 'message': 'Dec  7 05:09:16 hqnl0246134 sshd[290257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:09:17,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382557.4997826, 'message': 'Dec  7 05:09:16 hqnl0246134 sshd[290257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-07 05:09:18,035] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:09:18,035] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:09:18,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:09:18,054] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 05:09:19,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382559.5018518, 'message': 'Dec  7 05:09:17 hqnl0246134 sshd[290257]: Failed password for root from 61.177.173.18 port 15178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:09:19,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382559.5020204, 'message': 'Dec  7 05:09:18 hqnl0246134 sshd[290257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:09:20,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:09:20,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:09:20,810] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:09:20,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 05:09:21,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382561.5048661, 'message': 'Dec  7 05:09:20 hqnl0246134 sshd[290257]: Failed password for root from 61.177.173.18 port 15178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:09:21,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382561.5050523, 'message': 'Dec  7 05:09:20 hqnl0246134 sshd[290257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:09:23,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382563.505862, 'message': 'Dec  7 05:09:22 hqnl0246134 sshd[290257]: Failed password for root from 61.177.173.18 port 15178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:09:25,636] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:09:25,636] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:09:25,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:09:25,653] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0164 seconds
INFO    [2022-12-07 05:09:29,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382569.5116718, 'message': 'Dec  7 05:09:29 hqnl0246134 sshd[290276]: Invalid user crm from 201.76.115.102 port 56945', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:09:31,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382571.518233, 'message': 'Dec  7 05:09:29 hqnl0246134 sshd[290276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.76.115.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:09:31,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382571.5184627, 'message': 'Dec  7 05:09:29 hqnl0246134 sshd[290276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.76.115.102 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 05:09:33,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382573.5234606, 'message': 'Dec  7 05:09:31 hqnl0246134 sshd[290276]: Failed password for invalid user crm from 201.76.115.102 port 56945 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:09:33,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382573.5236878, 'message': 'Dec  7 05:09:32 hqnl0246134 sshd[290276]: Disconnected from invalid user crm 201.76.115.102 port 56945 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:09:35,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382575.5260642, 'message': 'Dec  7 05:09:34 hqnl0246134 sshd[290279]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 05:09:35,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382575.526451, 'message': 'Dec  7 05:09:34 hqnl0246134 sshd[290279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:09:37,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382577.5264723, 'message': 'Dec  7 05:09:36 hqnl0246134 sshd[290279]: Failed password for root from 220.80.223.144 port 34280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 05:09:51,419] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:09:51,421] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:10:03,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382603.5707667, 'message': 'Dec  7 05:10:02 hqnl0246134 sshd[290298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 05:10:03,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382603.5715597, 'message': 'Dec  7 05:10:03 hqnl0246134 sshd[290319]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.17.131 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 05:10:03,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382603.5713725, 'message': 'Dec  7 05:10:02 hqnl0246134 sshd[290298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 05:10:03,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382603.5717378, 'message': 'Dec  7 05:10:03 hqnl0246134 sshd[290319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.17.131  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 05:10:05,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382605.5778325, 'message': 'Dec  7 05:10:03 hqnl0246134 sshd[290298]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:10:05,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382605.5783527, 'message': 'Dec  7 05:10:04 hqnl0246134 sshd[290319]: Failed password for root from 134.17.17.131 port 8678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:10:05,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382605.5781915, 'message': 'Dec  7 05:10:04 hqnl0246134 sshd[290298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:10:07,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382607.590374, 'message': 'Dec  7 05:10:06 hqnl0246134 sshd[290298]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:10:07,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382607.5906246, 'message': 'Dec  7 05:10:06 hqnl0246134 sshd[290298]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:10:09,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382609.6026704, 'message': 'Dec  7 05:10:08 hqnl0246134 sshd[290298]: Failed password for root from 61.177.173.18 port 40241 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 05:10:12,669] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:10:12,693] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-07 05:10:13,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382613.605995, 'message': 'Dec  7 05:10:12 hqnl0246134 sshd[290338]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.23.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:10:13,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382613.6062112, 'message': 'Dec  7 05:10:12 hqnl0246134 sshd[290338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.23.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:10:15,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382615.611341, 'message': 'Dec  7 05:10:14 hqnl0246134 sshd[290338]: Failed password for root from 46.101.23.51 port 53532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:10:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:10:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:10:17,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:10:17,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 05:10:20,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:10:20,561] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:10:20,568] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:10:20,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 05:10:23,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382623.6220634, 'message': 'Dec  7 05:10:23 hqnl0246134 sshd[290353]: Invalid user csgoserver from 43.153.92.157 port 59672', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:10:23,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382623.6222858, 'message': 'Dec  7 05:10:23 hqnl0246134 sshd[290353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.92.157 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:10:23,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382623.6224384, 'message': 'Dec  7 05:10:23 hqnl0246134 sshd[290353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.92.157 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:10:25,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382625.6238458, 'message': 'Dec  7 05:10:25 hqnl0246134 sshd[290353]: Failed password for invalid user csgoserver from 43.153.92.157 port 59672 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:10:27,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382627.6268814, 'message': 'Dec  7 05:10:26 hqnl0246134 sshd[290353]: Disconnected from invalid user csgoserver 43.153.92.157 port 59672 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:10:28,722] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:10:28,725] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:10:28,734] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:10:28,746] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 05:10:33,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382633.6400266, 'message': 'Dec  7 05:10:32 hqnl0246134 sshd[290361]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.56.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:10:33,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382633.6403058, 'message': 'Dec  7 05:10:32 hqnl0246134 sshd[290361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.56.107  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:10:35,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382635.6430109, 'message': 'Dec  7 05:10:33 hqnl0246134 sshd[290361]: Failed password for root from 190.181.56.107 port 5469 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 05:10:39,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382639.6513119, 'message': 'Dec  7 05:10:38 hqnl0246134 sshd[290372]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.130.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:10:39,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382639.6519027, 'message': 'Dec  7 05:10:38 hqnl0246134 sshd[290372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.130.175  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:10:41,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382641.6550543, 'message': 'Dec  7 05:10:39 hqnl0246134 sshd[290372]: Failed password for root from 137.184.130.175 port 35148 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 05:10:41,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382641.6553051, 'message': 'Dec  7 05:10:40 hqnl0246134 sshd[290374]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.158.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 05:10:41,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382641.6555002, 'message': 'Dec  7 05:10:40 hqnl0246134 sshd[290374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.158.198  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 05:10:43,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382643.6573718, 'message': 'Dec  7 05:10:42 hqnl0246134 sshd[290374]: Failed password for root from 159.223.158.198 port 35062 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:10:47,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382647.6612787, 'message': 'Dec  7 05:10:46 hqnl0246134 sshd[290378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:10:47,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382647.661542, 'message': 'Dec  7 05:10:46 hqnl0246134 sshd[290378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:10:49,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382649.663513, 'message': 'Dec  7 05:10:48 hqnl0246134 sshd[290378]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:10:49,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382649.6638753, 'message': 'Dec  7 05:10:48 hqnl0246134 sshd[290378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
WARNING [2022-12-07 05:10:51,426] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:10:51,427] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:10:51,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382651.665065, 'message': 'Dec  7 05:10:50 hqnl0246134 sshd[290378]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:10:51,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382651.6652706, 'message': 'Dec  7 05:10:50 hqnl0246134 sshd[290378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:10:53,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382653.6700547, 'message': 'Dec  7 05:10:52 hqnl0246134 sshd[290378]: Failed password for root from 61.177.173.18 port 48596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:10:59,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382659.681711, 'message': 'Dec  7 05:10:58 hqnl0246134 sshd[290380]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.133.56.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 05:10:59,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382659.6821039, 'message': 'Dec  7 05:10:58 hqnl0246134 sshd[290380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.133.56.220  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:11:01,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382661.6865904, 'message': 'Dec  7 05:11:00 hqnl0246134 sshd[290380]: Failed password for mysql from 79.133.56.220 port 50852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:11:07,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382667.6994662, 'message': 'Dec  7 05:11:05 hqnl0246134 sshd[290404]: Invalid user arun from 51.83.45.110 port 39962', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-07 05:11:07,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382667.7007303, 'message': 'Dec  7 05:11:06 hqnl0246134 sshd[290394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0521 seconds
INFO    [2022-12-07 05:11:07,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382667.7001963, 'message': 'Dec  7 05:11:05 hqnl0246134 sshd[290404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.83.45.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 05:11:07,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382667.700976, 'message': 'Dec  7 05:11:06 hqnl0246134 sshd[290394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-07 05:11:07,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382667.700518, 'message': 'Dec  7 05:11:05 hqnl0246134 sshd[290404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.45.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:11:09,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382669.7011268, 'message': 'Dec  7 05:11:07 hqnl0246134 sshd[290404]: Failed password for invalid user arun from 51.83.45.110 port 39962 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 05:11:09,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382669.7016137, 'message': 'Dec  7 05:11:08 hqnl0246134 sshd[290394]: Failed password for root from 61.177.173.53 port 26498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-07 05:11:09,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382669.70141, 'message': 'Dec  7 05:11:08 hqnl0246134 sshd[290404]: Disconnected from invalid user arun 51.83.45.110 port 39962 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:11:11,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382671.7038538, 'message': 'Dec  7 05:11:10 hqnl0246134 sshd[290409]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.176.145.140 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:11:11,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382671.7044206, 'message': 'Dec  7 05:11:10 hqnl0246134 sshd[290394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:11:11,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382671.7041874, 'message': 'Dec  7 05:11:10 hqnl0246134 sshd[290409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.140  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 05:11:12,673] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:11:12,706] defence360agent.internals.the_sink: SensorIncidentList(<29 item(s)>) processed in 0.0415 seconds
INFO    [2022-12-07 05:11:13,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382673.7058423, 'message': 'Dec  7 05:11:12 hqnl0246134 sshd[290409]: Failed password for root from 181.176.145.140 port 56098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:11:13,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382673.706048, 'message': 'Dec  7 05:11:12 hqnl0246134 sshd[290394]: Failed password for root from 61.177.173.53 port 26498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 05:11:13,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382673.7061806, 'message': 'Dec  7 05:11:12 hqnl0246134 sshd[290394]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:11:15,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382675.7082295, 'message': 'Dec  7 05:11:14 hqnl0246134 sshd[290394]: Failed password for root from 61.177.173.53 port 26498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:11:17,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382677.7107005, 'message': 'Dec  7 05:11:16 hqnl0246134 sshd[290416]: Invalid user zabbix from 165.227.166.207 port 48982', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-07 05:11:17,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382677.7114487, 'message': 'Dec  7 05:11:17 hqnl0246134 sshd[290413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0552 seconds
INFO    [2022-12-07 05:11:17,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382677.7110193, 'message': 'Dec  7 05:11:16 hqnl0246134 sshd[290416]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:11:17,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382677.7116404, 'message': 'Dec  7 05:11:17 hqnl0246134 sshd[290413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.53  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:11:17,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382677.71124, 'message': 'Dec  7 05:11:16 hqnl0246134 sshd[290416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:11:17,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:11:17,945] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:11:17,961] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:11:17,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-07 05:11:19,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382679.7123013, 'message': 'Dec  7 05:11:18 hqnl0246134 sshd[290416]: Failed password for invalid user zabbix from 165.227.166.207 port 48982 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0811 seconds
INFO    [2022-12-07 05:11:19,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382679.71285, 'message': 'Dec  7 05:11:19 hqnl0246134 sshd[290413]: Failed password for root from 61.177.173.53 port 64373 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0816 seconds
INFO    [2022-12-07 05:11:19,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382679.712667, 'message': 'Dec  7 05:11:18 hqnl0246134 sshd[290416]: Disconnected from invalid user zabbix 165.227.166.207 port 48982 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 05:11:19,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382679.713078, 'message': 'Dec  7 05:11:19 hqnl0246134 sshd[290413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 05:11:20,635] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:11:20,636] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:11:20,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:11:20,654] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 05:11:23,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382683.7179816, 'message': 'Dec  7 05:11:21 hqnl0246134 sshd[290413]: Failed password for root from 61.177.173.53 port 64373 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:11:23,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382683.7181733, 'message': 'Dec  7 05:11:23 hqnl0246134 sshd[290428]: Invalid user user2 from 178.62.92.240 port 44414', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 05:11:23,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382683.718288, 'message': 'Dec  7 05:11:23 hqnl0246134 sshd[290428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.92.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:11:23,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382683.7183938, 'message': 'Dec  7 05:11:23 hqnl0246134 sshd[290428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.92.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:11:25,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382685.720532, 'message': 'Dec  7 05:11:24 hqnl0246134 sshd[290413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.53 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0582 seconds
INFO    [2022-12-07 05:11:25,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382685.7208455, 'message': 'Dec  7 05:11:25 hqnl0246134 sshd[290428]: Failed password for invalid user user2 from 178.62.92.240 port 44414 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0581 seconds
INFO    [2022-12-07 05:11:27,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382687.7223542, 'message': 'Dec  7 05:11:25 hqnl0246134 sshd[290428]: Disconnected from invalid user user2 178.62.92.240 port 44414 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0717 seconds
INFO    [2022-12-07 05:11:27,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382687.722636, 'message': 'Dec  7 05:11:26 hqnl0246134 sshd[290426]: Invalid user azureuser from 190.25.237.179 port 35046', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0719 seconds
INFO    [2022-12-07 05:11:27,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.53', 'timestamp': 1670382687.7227993, 'message': 'Dec  7 05:11:26 hqnl0246134 sshd[290413]: Failed password for root from 61.177.173.53 port 64373 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0716 seconds
INFO    [2022-12-07 05:11:27,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382687.7229486, 'message': 'Dec  7 05:11:26 hqnl0246134 sshd[290426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.25.237.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:11:27,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382687.7231026, 'message': 'Dec  7 05:11:26 hqnl0246134 sshd[290426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.25.237.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:11:29,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382689.7249417, 'message': 'Dec  7 05:11:27 hqnl0246134 sshd[290426]: Failed password for invalid user azureuser from 190.25.237.179 port 35046 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:11:29,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382689.725124, 'message': 'Dec  7 05:11:28 hqnl0246134 sshd[290426]: Disconnected from invalid user azureuser 190.25.237.179 port 35046 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:11:31,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382691.726247, 'message': 'Dec  7 05:11:31 hqnl0246134 sshd[290431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:11:31,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382691.726519, 'message': 'Dec  7 05:11:31 hqnl0246134 sshd[290431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 05:11:35,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382695.7303078, 'message': 'Dec  7 05:11:33 hqnl0246134 sshd[290431]: Failed password for root from 61.177.173.18 port 64689 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 05:11:37,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382697.7327268, 'message': 'Dec  7 05:11:36 hqnl0246134 sshd[290431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:11:37,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.205.178', 'timestamp': 1670382697.7329237, 'message': 'Dec  7 05:11:36 hqnl0246134 sshd[290442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.205.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:11:37,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.205.178', 'timestamp': 1670382697.7331016, 'message': 'Dec  7 05:11:36 hqnl0246134 sshd[290442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.205.178  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 05:11:39,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382699.7359924, 'message': 'Dec  7 05:11:38 hqnl0246134 sshd[290431]: Failed password for root from 61.177.173.18 port 64689 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 05:11:39,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.205.178', 'timestamp': 1670382699.7361808, 'message': 'Dec  7 05:11:39 hqnl0246134 sshd[290442]: Failed password for root from 159.65.205.178 port 41656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:11:41,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382701.7382803, 'message': 'Dec  7 05:11:40 hqnl0246134 sshd[290431]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:11:43,144] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:11:43,144] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:11:43,152] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:11:43,164] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 05:11:43,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382703.7416806, 'message': 'Dec  7 05:11:42 hqnl0246134 sshd[290431]: Failed password for root from 61.177.173.18 port 64689 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 05:11:51,432] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:11:51,433] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:11:51,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382711.7515104, 'message': 'Dec  7 05:11:50 hqnl0246134 sshd[290455]: Invalid user ansible from 130.162.37.223 port 44780', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:11:51,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382711.7518659, 'message': 'Dec  7 05:11:50 hqnl0246134 sshd[290455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.162.37.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:11:51,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382711.751989, 'message': 'Dec  7 05:11:50 hqnl0246134 sshd[290455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.37.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:11:53,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382713.7547657, 'message': 'Dec  7 05:11:52 hqnl0246134 sshd[290455]: Failed password for invalid user ansible from 130.162.37.223 port 44780 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:11:53,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382713.7551978, 'message': 'Dec  7 05:11:52 hqnl0246134 sshd[290452]: Invalid user firewall from 98.252.188.193 port 64040', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:11:53,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382713.755059, 'message': 'Dec  7 05:11:52 hqnl0246134 sshd[290455]: Disconnected from invalid user ansible 130.162.37.223 port 44780 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:11:53,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382713.7553768, 'message': 'Dec  7 05:11:52 hqnl0246134 sshd[290452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.252.188.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:11:53,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382713.7555516, 'message': 'Dec  7 05:11:52 hqnl0246134 sshd[290452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.252.188.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
WARNING [2022-12-07 05:11:54,200] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:11:55,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382715.7578146, 'message': 'Dec  7 05:11:54 hqnl0246134 sshd[290452]: Failed password for invalid user firewall from 98.252.188.193 port 64040 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:11:55,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670382715.7582042, 'message': 'Dec  7 05:11:55 hqnl0246134 sshd[290452]: Disconnected from invalid user firewall 98.252.188.193 port 64040 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:12:01,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382721.7649317, 'message': 'Dec  7 05:12:00 hqnl0246134 sshd[290458]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:12:01,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382721.7669125, 'message': 'Dec  7 05:12:00 hqnl0246134 sshd[290458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 05:12:03,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382723.7667456, 'message': 'Dec  7 05:12:02 hqnl0246134 sshd[290458]: Failed password for root from 220.80.223.144 port 46392 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
WARNING [2022-12-07 05:12:12,696] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:12:12,733] defence360agent.internals.the_sink: SensorIncidentList(<28 item(s)>) processed in 0.0574 seconds
INFO    [2022-12-07 05:12:17,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382737.786608, 'message': 'Dec  7 05:12:17 hqnl0246134 sshd[290490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:12:17,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382737.7868595, 'message': 'Dec  7 05:12:17 hqnl0246134 sshd[290490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:12:17,934] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:12:17,935] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:12:17,942] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:12:17,953] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 05:12:19,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382739.7909753, 'message': 'Dec  7 05:12:19 hqnl0246134 sshd[290490]: Failed password for root from 61.177.173.18 port 20969 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:12:20,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:12:20,610] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:12:20,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:12:20,629] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 05:12:21,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382741.7912767, 'message': 'Dec  7 05:12:21 hqnl0246134 sshd[290490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:12:23,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382743.7935739, 'message': 'Dec  7 05:12:23 hqnl0246134 sshd[290490]: Failed password for root from 61.177.173.18 port 20969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:12:25,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382745.7994988, 'message': 'Dec  7 05:12:25 hqnl0246134 sshd[290490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:12:29,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382749.8053088, 'message': 'Dec  7 05:12:28 hqnl0246134 sshd[290490]: Failed password for root from 61.177.173.18 port 20969 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 05:12:43,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382763.8299315, 'message': 'Dec  7 05:12:41 hqnl0246134 sshd[290535]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.202.200.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:12:43,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382763.8304222, 'message': 'Dec  7 05:12:41 hqnl0246134 sshd[290535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.202.200.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:12:43,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '35.202.200.207', 'timestamp': 1670382763.830691, 'message': 'Dec  7 05:12:43 hqnl0246134 sshd[290535]: Failed password for root from 35.202.200.207 port 1755 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:12:46,527] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:12:46,527] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:12:46,535] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:12:46,548] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 05:12:47,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382767.835615, 'message': 'Dec  7 05:12:46 hqnl0246134 sshd[290541]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.17.131 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:12:47,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382767.8359065, 'message': 'Dec  7 05:12:46 hqnl0246134 sshd[290541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.17.131  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:12:49,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382769.841237, 'message': 'Dec  7 05:12:48 hqnl0246134 sshd[290541]: Failed password for root from 134.17.17.131 port 8679 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-07 05:12:51,437] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:12:51,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:12:51,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.235.137.135', 'timestamp': 1670382771.848226, 'message': 'Dec  7 05:12:50 hqnl0246134 sshd[290523]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.235.137.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:12:51,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.235.137.135', 'timestamp': 1670382771.8484883, 'message': 'Dec  7 05:12:50 hqnl0246134 sshd[290523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:12:52,255] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:12:52,322] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:12:52,322] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:12:52,322] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:12:52,322] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:12:52,323] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:12:52,332] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:12:52,347] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0242 seconds
WARNING [2022-12-07 05:12:52,354] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:12:52,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:12:52,373] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0315 seconds
INFO    [2022-12-07 05:12:52,374] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0292 seconds
INFO    [2022-12-07 05:12:53,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.235.137.135', 'timestamp': 1670382773.850711, 'message': 'Dec  7 05:12:51 hqnl0246134 sshd[290523]: Failed password for root from 188.235.137.135 port 45315 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:12:59,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382779.8568354, 'message': 'Dec  7 05:12:58 hqnl0246134 sshd[290547]: Invalid user dev from 46.101.23.51 port 42518', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:12:59,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382779.8571544, 'message': 'Dec  7 05:12:58 hqnl0246134 sshd[290547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.23.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:12:59,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382779.857287, 'message': 'Dec  7 05:12:58 hqnl0246134 sshd[290547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.23.51 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:13:01,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382781.8611844, 'message': 'Dec  7 05:12:59 hqnl0246134 sshd[290547]: Failed password for invalid user dev from 46.101.23.51 port 42518 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:13:01,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382781.8617601, 'message': 'Dec  7 05:13:01 hqnl0246134 sshd[290549]: Invalid user master from 137.184.130.175 port 48438', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 05:13:01,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.23.51', 'timestamp': 1670382781.8615537, 'message': 'Dec  7 05:13:00 hqnl0246134 sshd[290547]: Disconnected from invalid user dev 46.101.23.51 port 42518 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:13:01,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382781.8619628, 'message': 'Dec  7 05:13:01 hqnl0246134 sshd[290549]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.130.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:13:01,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382781.8620992, 'message': 'Dec  7 05:13:01 hqnl0246134 sshd[290549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.130.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:13:02,677] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 05:13:02,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:13:02,698] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0178 seconds
INFO    [2022-12-07 05:13:03,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382783.86306, 'message': 'Dec  7 05:13:02 hqnl0246134 sshd[290551]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 05:13:03,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382783.8636212, 'message': 'Dec  7 05:13:03 hqnl0246134 sshd[290549]: Failed password for invalid user master from 137.184.130.175 port 48438 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 05:13:03,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382783.863389, 'message': 'Dec  7 05:13:02 hqnl0246134 sshd[290551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 05:13:05,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382785.8690798, 'message': 'Dec  7 05:13:03 hqnl0246134 sshd[290551]: Failed password for root from 61.177.173.18 port 31842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0785 seconds
INFO    [2022-12-07 05:13:05,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.130.175', 'timestamp': 1670382785.8700256, 'message': 'Dec  7 05:13:05 hqnl0246134 sshd[290549]: Disconnected from invalid user master 137.184.130.175 port 48438 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0785 seconds
INFO    [2022-12-07 05:13:05,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670382785.8702497, 'message': 'Dec  7 05:13:05 hqnl0246134 sshd[290571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0784 seconds
INFO    [2022-12-07 05:13:05,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382785.869711, 'message': 'Dec  7 05:13:04 hqnl0246134 sshd[290551]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:13:05,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670382785.8704405, 'message': 'Dec  7 05:13:05 hqnl0246134 sshd[290571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 05:13:07,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382787.8693085, 'message': 'Dec  7 05:13:07 hqnl0246134 sshd[290551]: Failed password for root from 61.177.173.18 port 31842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 05:13:07,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.235.114', 'timestamp': 1670382787.8694954, 'message': 'Dec  7 05:13:07 hqnl0246134 sshd[290571]: Failed password for root from 159.65.235.114 port 38816 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 05:13:09,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382789.8731616, 'message': 'Dec  7 05:13:08 hqnl0246134 sshd[290582]: Invalid user canal from 43.153.92.157 port 49178', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 05:13:09,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382789.8736732, 'message': 'Dec  7 05:13:09 hqnl0246134 sshd[290551]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 05:13:09,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382789.8733406, 'message': 'Dec  7 05:13:08 hqnl0246134 sshd[290582]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.92.157 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:13:09,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382789.8735163, 'message': 'Dec  7 05:13:08 hqnl0246134 sshd[290582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.92.157 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:13:11,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382791.8783007, 'message': 'Dec  7 05:13:10 hqnl0246134 sshd[290582]: Failed password for invalid user canal from 43.153.92.157 port 49178 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-07 05:13:11,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382791.878483, 'message': 'Dec  7 05:13:10 hqnl0246134 sshd[290551]: Failed password for root from 61.177.173.18 port 31842 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0533 seconds
INFO    [2022-12-07 05:13:11,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.187.237.243', 'timestamp': 1670382791.8786263, 'message': 'Dec  7 05:13:10 hqnl0246134 sshd[290585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.187.237.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-07 05:13:11,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382791.8795993, 'message': 'Dec  7 05:13:11 hqnl0246134 sshd[290582]: Disconnected from invalid user canal 43.153.92.157 port 49178 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:13:11,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.187.237.243', 'timestamp': 1670382791.879039, 'message': 'Dec  7 05:13:10 hqnl0246134 sshd[290585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.187.237.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
WARNING [2022-12-07 05:13:12,693] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:13:12,725] defence360agent.internals.the_sink: SensorIncidentList(<27 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-07 05:13:13,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.187.237.243', 'timestamp': 1670382793.884685, 'message': 'Dec  7 05:13:13 hqnl0246134 sshd[290585]: Failed password for root from 190.187.237.243 port 40262 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:13:15,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382795.8920581, 'message': 'Dec  7 05:13:14 hqnl0246134 sshd[290587]: Invalid user michele from 181.176.145.140 port 56816', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:13:15,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382795.892226, 'message': 'Dec  7 05:13:14 hqnl0246134 sshd[290587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.176.145.140 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:13:15,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382795.8923383, 'message': 'Dec  7 05:13:14 hqnl0246134 sshd[290587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.140 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:13:15,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382795.892493, 'message': 'Dec  7 05:13:15 hqnl0246134 sshd[290587]: Failed password for invalid user michele from 181.176.145.140 port 56816 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:13:17,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:13:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:13:17,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:13:17,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0879 seconds
INFO    [2022-12-07 05:13:17,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382797.908309, 'message': 'Dec  7 05:13:16 hqnl0246134 sshd[290587]: Disconnected from invalid user michele 181.176.145.140 port 56816 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0839 seconds
INFO    [2022-12-07 05:13:17,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382797.9087853, 'message': 'Dec  7 05:13:17 hqnl0246134 sshd[290591]: Invalid user storm from 159.223.158.198 port 37946', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0829 seconds
INFO    [2022-12-07 05:13:18,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382797.9091003, 'message': 'Dec  7 05:13:17 hqnl0246134 sshd[290591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.158.198 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:13:18,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382797.9093783, 'message': 'Dec  7 05:13:17 hqnl0246134 sshd[290591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.158.198 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:13:19,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382799.8981755, 'message': 'Dec  7 05:13:19 hqnl0246134 sshd[290591]: Failed password for invalid user storm from 159.223.158.198 port 37946 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:13:20,657] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:13:20,658] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:13:20,665] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:13:20,676] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 05:13:21,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.158.198', 'timestamp': 1670382801.901841, 'message': 'Dec  7 05:13:21 hqnl0246134 sshd[290591]: Disconnected from invalid user storm 159.223.158.198 port 37946 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:13:22,469] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:13:22,469] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:13:22,470] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 05:13:27,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382807.912807, 'message': 'Dec  7 05:13:25 hqnl0246134 sshd[290602]: Invalid user login from 79.133.56.220 port 60008', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:13:27,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382807.914316, 'message': 'Dec  7 05:13:26 hqnl0246134 sshd[290602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.133.56.220 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:13:27,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382807.9144418, 'message': 'Dec  7 05:13:26 hqnl0246134 sshd[290602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.133.56.220 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:13:29,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382809.9161634, 'message': 'Dec  7 05:13:28 hqnl0246134 sshd[290602]: Failed password for invalid user login from 79.133.56.220 port 60008 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 05:13:29,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382809.9163458, 'message': 'Dec  7 05:13:29 hqnl0246134 sshd[290605]: Invalid user zfsoft from 165.227.166.207 port 59284', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:13:29,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382809.9164526, 'message': 'Dec  7 05:13:29 hqnl0246134 sshd[290605]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 05:13:29,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382809.9165518, 'message': 'Dec  7 05:13:29 hqnl0246134 sshd[290605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:13:31,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.133.56.220', 'timestamp': 1670382811.9181159, 'message': 'Dec  7 05:13:30 hqnl0246134 sshd[290602]: Disconnected from invalid user login 79.133.56.220 port 60008 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:13:31,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382811.918309, 'message': 'Dec  7 05:13:31 hqnl0246134 sshd[290605]: Failed password for invalid user zfsoft from 165.227.166.207 port 59284 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:13:33,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382813.9219706, 'message': 'Dec  7 05:13:32 hqnl0246134 sshd[290607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 05:13:33,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382813.9225214, 'message': 'Dec  7 05:13:32 hqnl0246134 sshd[290605]: Disconnected from invalid user zfsoft 165.227.166.207 port 59284 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 05:13:33,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670382813.9226432, 'message': 'Dec  7 05:13:33 hqnl0246134 sshd[290609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 05:13:34,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382813.9221597, 'message': 'Dec  7 05:13:32 hqnl0246134 sshd[290607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:13:34,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670382813.9231231, 'message': 'Dec  7 05:13:33 hqnl0246134 sshd[290609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:13:35,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382815.9235444, 'message': 'Dec  7 05:13:34 hqnl0246134 sshd[290607]: Failed password for root from 61.177.172.108 port 23652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:13:35,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.195.33.169', 'timestamp': 1670382815.9238915, 'message': 'Dec  7 05:13:34 hqnl0246134 sshd[290609]: Failed password for root from 123.195.33.169 port 47410 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:13:37,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382817.9264429, 'message': 'Dec  7 05:13:36 hqnl0246134 sshd[290607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:13:39,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382819.9311707, 'message': 'Dec  7 05:13:38 hqnl0246134 sshd[290607]: Failed password for root from 61.177.172.108 port 23652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 05:13:41,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382821.936913, 'message': 'Dec  7 05:13:40 hqnl0246134 sshd[290607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:13:43,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382823.9423532, 'message': 'Dec  7 05:13:42 hqnl0246134 sshd[290607]: Failed password for root from 61.177.172.108 port 23652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:13:45,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382825.9469957, 'message': 'Dec  7 05:13:44 hqnl0246134 sshd[290623]: Invalid user newuser from 139.59.78.156 port 56772', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:13:45,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382825.947446, 'message': 'Dec  7 05:13:44 hqnl0246134 sshd[290621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:13:46,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382825.9471774, 'message': 'Dec  7 05:13:44 hqnl0246134 sshd[290623]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.78.156 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:13:46,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382825.9475906, 'message': 'Dec  7 05:13:44 hqnl0246134 sshd[290621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:13:46,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382825.947318, 'message': 'Dec  7 05:13:44 hqnl0246134 sshd[290623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.78.156 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:13:46,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382825.9477422, 'message': 'Dec  7 05:13:45 hqnl0246134 sshd[290623]: Failed password for invalid user newuser from 139.59.78.156 port 56772 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:13:47,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382827.9513319, 'message': 'Dec  7 05:13:45 hqnl0246134 sshd[290621]: Failed password for root from 61.177.172.108 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 05:13:47,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670382827.9518228, 'message': 'Dec  7 05:13:47 hqnl0246134 sshd[290623]: Disconnected from invalid user newuser 139.59.78.156 port 56772 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 05:13:48,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382827.951637, 'message': 'Dec  7 05:13:46 hqnl0246134 sshd[290621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:13:49,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382829.9556544, 'message': 'Dec  7 05:13:48 hqnl0246134 sshd[290625]: Invalid user rajat from 190.181.56.107 port 48216', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-07 05:13:50,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382829.9560907, 'message': 'Dec  7 05:13:48 hqnl0246134 sshd[290621]: Failed password for root from 61.177.172.108 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 05:13:50,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382829.956229, 'message': 'Dec  7 05:13:48 hqnl0246134 sshd[290627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 05:13:50,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382829.9558356, 'message': 'Dec  7 05:13:48 hqnl0246134 sshd[290625]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.56.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:13:50,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382829.9563541, 'message': 'Dec  7 05:13:49 hqnl0246134 sshd[290627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:13:50,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382829.955946, 'message': 'Dec  7 05:13:48 hqnl0246134 sshd[290625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.56.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 05:13:51,439] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:13:51,440] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:13:51,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382831.9559848, 'message': 'Dec  7 05:13:50 hqnl0246134 sshd[290625]: Failed password for invalid user rajat from 190.181.56.107 port 48216 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 05:13:52,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382831.9564447, 'message': 'Dec  7 05:13:51 hqnl0246134 sshd[290621]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-07 05:13:52,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382831.956554, 'message': 'Dec  7 05:13:51 hqnl0246134 sshd[290627]: Failed password for root from 61.177.173.18 port 46423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0430 seconds
INFO    [2022-12-07 05:13:52,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670382831.956262, 'message': 'Dec  7 05:13:50 hqnl0246134 sshd[290625]: Disconnected from invalid user rajat 190.181.56.107 port 48216 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:13:53,328] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:13:53,328] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:13:53,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:13:53,351] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 05:13:54,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382833.9580698, 'message': 'Dec  7 05:13:52 hqnl0246134 sshd[290621]: Failed password for root from 61.177.172.108 port 11056 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:13:54,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382833.958254, 'message': 'Dec  7 05:13:53 hqnl0246134 sshd[290627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 05:13:56,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382835.9610431, 'message': 'Dec  7 05:13:54 hqnl0246134 sshd[290636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 05:13:56,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382835.9615378, 'message': 'Dec  7 05:13:55 hqnl0246134 sshd[290631]: Invalid user aaron from 152.67.254.42 port 33012', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-07 05:13:56,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382835.9613395, 'message': 'Dec  7 05:13:54 hqnl0246134 sshd[290636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 05:13:56,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382835.962103, 'message': 'Dec  7 05:13:55 hqnl0246134 sshd[290627]: Failed password for root from 61.177.173.18 port 46423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:13:56,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382835.9617202, 'message': 'Dec  7 05:13:55 hqnl0246134 sshd[290631]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.67.254.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 05:13:56,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382835.9619033, 'message': 'Dec  7 05:13:55 hqnl0246134 sshd[290631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.67.254.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:13:58,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382837.9638023, 'message': 'Dec  7 05:13:57 hqnl0246134 sshd[290636]: Failed password for root from 61.177.172.108 port 39213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0789 seconds
INFO    [2022-12-07 05:13:58,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382837.967035, 'message': 'Dec  7 05:13:57 hqnl0246134 sshd[290627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0793 seconds
INFO    [2022-12-07 05:13:58,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382837.9671886, 'message': 'Dec  7 05:13:57 hqnl0246134 sshd[290631]: Failed password for invalid user aaron from 152.67.254.42 port 33012 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0786 seconds
INFO    [2022-12-07 05:14:00,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670382839.9659324, 'message': 'Dec  7 05:13:58 hqnl0246134 sshd[290631]: Disconnected from invalid user aaron 152.67.254.42 port 33012 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1046 seconds
INFO    [2022-12-07 05:14:00,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382839.9661872, 'message': 'Dec  7 05:13:59 hqnl0246134 sshd[290636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1049 seconds
INFO    [2022-12-07 05:14:00,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382839.9663503, 'message': 'Dec  7 05:13:59 hqnl0246134 sshd[290627]: Failed password for root from 61.177.173.18 port 46423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1049 seconds
INFO    [2022-12-07 05:14:02,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382841.9703922, 'message': 'Dec  7 05:14:00 hqnl0246134 sshd[290641]: Invalid user dropbox from 51.83.45.110 port 51028', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 05:14:02,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382841.971027, 'message': 'Dec  7 05:14:00 hqnl0246134 sshd[290636]: Failed password for root from 61.177.172.108 port 39213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 05:14:02,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382841.9706838, 'message': 'Dec  7 05:14:00 hqnl0246134 sshd[290641]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.83.45.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:14:02,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382841.9711359, 'message': 'Dec  7 05:14:01 hqnl0246134 sshd[290636]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:14:02,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382841.9708703, 'message': 'Dec  7 05:14:00 hqnl0246134 sshd[290641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.45.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:14:04,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382843.9732907, 'message': 'Dec  7 05:14:03 hqnl0246134 sshd[290641]: Failed password for invalid user dropbox from 51.83.45.110 port 51028 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:14:04,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382843.973521, 'message': 'Dec  7 05:14:03 hqnl0246134 sshd[290636]: Failed password for root from 61.177.172.108 port 39213 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 05:14:06,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670382845.9738798, 'message': 'Dec  7 05:14:04 hqnl0246134 sshd[290641]: Disconnected from invalid user dropbox 51.83.45.110 port 51028 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:14:06,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382845.974427, 'message': 'Dec  7 05:14:05 hqnl0246134 sshd[290652]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:14:06,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382845.9746094, 'message': 'Dec  7 05:14:05 hqnl0246134 sshd[290652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:14:08,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382847.9767175, 'message': 'Dec  7 05:14:07 hqnl0246134 sshd[290662]: Invalid user ppp from 178.62.92.240 port 33780', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:14:08,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382847.978223, 'message': 'Dec  7 05:14:07 hqnl0246134 sshd[290652]: Failed password for root from 61.177.172.108 port 15359 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:14:08,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382847.9769907, 'message': 'Dec  7 05:14:07 hqnl0246134 sshd[290662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.92.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:14:08,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382847.9781132, 'message': 'Dec  7 05:14:07 hqnl0246134 sshd[290662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.92.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:14:10,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382849.979171, 'message': 'Dec  7 05:14:09 hqnl0246134 sshd[290652]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 05:14:12,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382851.9853222, 'message': 'Dec  7 05:14:10 hqnl0246134 sshd[290662]: Failed password for invalid user ppp from 178.62.92.240 port 33780 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:14:12,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382851.9857905, 'message': 'Dec  7 05:14:11 hqnl0246134 sshd[290652]: Failed password for root from 61.177.172.108 port 15359 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:14:12,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670382851.985615, 'message': 'Dec  7 05:14:11 hqnl0246134 sshd[290662]: Disconnected from invalid user ppp 178.62.92.240 port 33780 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 05:14:13,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:14:13,291] defence360agent.internals.the_sink: SensorIncidentList(<37 item(s)>) processed in 0.6039 seconds
INFO    [2022-12-07 05:14:14,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382853.9913387, 'message': 'Dec  7 05:14:12 hqnl0246134 sshd[290652]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:14:16,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670382855.9943302, 'message': 'Dec  7 05:14:14 hqnl0246134 sshd[290652]: Failed password for root from 61.177.172.108 port 15359 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0703 seconds
INFO    [2022-12-07 05:14:16,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382855.994751, 'message': 'Dec  7 05:14:14 hqnl0246134 sshd[290664]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.60.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0702 seconds
INFO    [2022-12-07 05:14:16,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.151.75.159', 'timestamp': 1670382855.9951773, 'message': 'Dec  7 05:14:15 hqnl0246134 sshd[290670]: Invalid user admin from 121.151.75.159 port 59918', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0690 seconds
INFO    [2022-12-07 05:14:16,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382855.9949825, 'message': 'Dec  7 05:14:14 hqnl0246134 sshd[290664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.60.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:14:16,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '121.151.75.159', 'timestamp': 1670382855.9976006, 'message': 'Dec  7 05:14:15 hqnl0246134 sshd[290670]: pam_imunify(sshd:auth): [IM360_RBL] The IP 121.151.75.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:14:16,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '121.151.75.159', 'timestamp': 1670382855.997835, 'message': 'Dec  7 05:14:15 hqnl0246134 sshd[290670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.151.75.159 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 05:14:18,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.172.60.130', 'timestamp': 1670382857.9995422, 'message': 'Dec  7 05:14:16 hqnl0246134 sshd[290664]: Failed password for root from 163.172.60.130 port 50908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:14:18,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.151.75.159', 'timestamp': 1670382857.9999099, 'message': 'Dec  7 05:14:17 hqnl0246134 sshd[290670]: Failed password for invalid user admin from 121.151.75.159 port 59918 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:14:19,665] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:14:19,665] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:14:19,672] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:14:19,693] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
INFO    [2022-12-07 05:14:20,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670382860.0019417, 'message': 'Dec  7 05:14:18 hqnl0246134 sshd[290674]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 05:14:20,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670382860.002119, 'message': 'Dec  7 05:14:18 hqnl0246134 sshd[290674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:14:22,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '96.43.99.83', 'timestamp': 1670382862.0027726, 'message': 'Dec  7 05:14:20 hqnl0246134 sshd[290674]: Failed password for root from 96.43.99.83 port 38738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:14:22,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:14:22,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:14:22,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:14:22,610] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 05:14:28,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382868.0125453, 'message': 'Dec  7 05:14:27 hqnl0246134 sshd[290685]: Invalid user admin from 130.162.37.223 port 46048', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 05:14:28,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382868.0127442, 'message': 'Dec  7 05:14:27 hqnl0246134 sshd[290685]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.162.37.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 05:14:28,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382868.0128841, 'message': 'Dec  7 05:14:27 hqnl0246134 sshd[290685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.37.223 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0739 seconds
INFO    [2022-12-07 05:14:30,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382870.0146282, 'message': 'Dec  7 05:14:29 hqnl0246134 sshd[290685]: Failed password for invalid user admin from 130.162.37.223 port 46048 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-07 05:14:30,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.162.37.223', 'timestamp': 1670382870.0149188, 'message': 'Dec  7 05:14:29 hqnl0246134 sshd[290685]: Disconnected from invalid user admin 130.162.37.223 port 46048 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 05:14:34,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382874.0221455, 'message': 'Dec  7 05:14:32 hqnl0246134 sshd[290693]: Invalid user salman from 220.80.223.144 port 58132', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:14:34,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382874.0226824, 'message': 'Dec  7 05:14:33 hqnl0246134 sshd[290695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 05:14:34,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382874.0223603, 'message': 'Dec  7 05:14:32 hqnl0246134 sshd[290693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 220.80.223.144 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 05:14:34,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.137.143', 'timestamp': 1670382874.0228882, 'message': 'Dec  7 05:14:33 hqnl0246134 sshd[290698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.137.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-07 05:14:34,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382874.0227873, 'message': 'Dec  7 05:14:33 hqnl0246134 sshd[290695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 05:14:34,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382874.0224938, 'message': 'Dec  7 05:14:32 hqnl0246134 sshd[290693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.223.144 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:14:34,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.137.143', 'timestamp': 1670382874.022989, 'message': 'Dec  7 05:14:33 hqnl0246134 sshd[290698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.137.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:14:36,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382876.0238612, 'message': 'Dec  7 05:14:34 hqnl0246134 sshd[290693]: Failed password for invalid user salman from 220.80.223.144 port 58132 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0749 seconds
INFO    [2022-12-07 05:14:36,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382876.0244641, 'message': 'Dec  7 05:14:35 hqnl0246134 sshd[290695]: Failed password for root from 61.177.173.18 port 54252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0746 seconds
INFO    [2022-12-07 05:14:36,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.137.143', 'timestamp': 1670382876.0247235, 'message': 'Dec  7 05:14:35 hqnl0246134 sshd[290698]: Failed password for root from 157.245.137.143 port 53288 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0740 seconds
INFO    [2022-12-07 05:14:36,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382876.0249195, 'message': 'Dec  7 05:14:35 hqnl0246134 sshd[290695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:14:38,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '220.80.223.144', 'timestamp': 1670382878.025743, 'message': 'Dec  7 05:14:36 hqnl0246134 sshd[290693]: Disconnected from invalid user salman 220.80.223.144 port 58132 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 05:14:38,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382878.0259836, 'message': 'Dec  7 05:14:37 hqnl0246134 sshd[290695]: Failed password for root from 61.177.173.18 port 54252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:14:38,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382878.0261385, 'message': 'Dec  7 05:14:37 hqnl0246134 sshd[290695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:14:42,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382882.0267713, 'message': 'Dec  7 05:14:40 hqnl0246134 sshd[290695]: Failed password for root from 61.177.173.18 port 54252 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 05:14:51,443] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:14:51,444] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:14:54,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382894.045638, 'message': 'Dec  7 05:14:53 hqnl0246134 sshd[290712]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.76.115.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:14:54,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382894.046019, 'message': 'Dec  7 05:14:53 hqnl0246134 sshd[290712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.76.115.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:14:56,064] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.76.115.102', 'timestamp': 1670382896.046166, 'message': 'Dec  7 05:14:55 hqnl0246134 sshd[290712]: Failed password for root from 201.76.115.102 port 60423 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:14:58,519] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:14:58,520] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:14:58,529] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:14:58,541] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-07 05:15:12,707] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:15:12,743] defence360agent.internals.the_sink: SensorIncidentList(<26 item(s)>) processed in 0.0477 seconds
INFO    [2022-12-07 05:15:16,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382916.0734396, 'message': 'Dec  7 05:15:15 hqnl0246134 sshd[290760]: Invalid user postgres from 181.176.145.140 port 57476', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 05:15:16,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382916.0737586, 'message': 'Dec  7 05:15:15 hqnl0246134 sshd[290760]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.176.145.140 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:15:16,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382916.073971, 'message': 'Dec  7 05:15:15 hqnl0246134 sshd[290760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.140 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:15:17,916] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:15:17,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:15:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:15:17,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 05:15:18,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382918.0738673, 'message': 'Dec  7 05:15:17 hqnl0246134 sshd[290760]: Failed password for invalid user postgres from 181.176.145.140 port 57476 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:15:20,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.176.145.140', 'timestamp': 1670382920.076858, 'message': 'Dec  7 05:15:18 hqnl0246134 sshd[290760]: Disconnected from invalid user postgres 181.176.145.140 port 57476 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 05:15:20,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382920.0770752, 'message': 'Dec  7 05:15:18 hqnl0246134 sshd[290766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 05:15:20,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.21.145.132', 'timestamp': 1670382920.0773954, 'message': 'Dec  7 05:15:19 hqnl0246134 sshd[290774]: Invalid user denis from 68.21.145.132 port 51692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 05:15:20,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382920.0772836, 'message': 'Dec  7 05:15:18 hqnl0246134 sshd[290766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 05:15:20,665] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:15:20,666] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:15:20,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:15:20,686] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 05:15:22,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382922.0779057, 'message': 'Dec  7 05:15:20 hqnl0246134 sshd[290766]: Failed password for root from 61.177.173.18 port 14538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:15:24,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382924.0806482, 'message': 'Dec  7 05:15:22 hqnl0246134 sshd[290766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:15:26,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382926.083032, 'message': 'Dec  7 05:15:24 hqnl0246134 sshd[290766]: Failed password for root from 61.177.173.18 port 14538 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:15:26,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '68.21.145.132', 'timestamp': 1670382926.083219, 'message': 'Dec  7 05:15:24 hqnl0246134 sshd[290774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 68.21.145.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:15:26,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382926.0834556, 'message': 'Dec  7 05:15:24 hqnl0246134 sshd[290766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:15:26,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '68.21.145.132', 'timestamp': 1670382926.0833447, 'message': 'Dec  7 05:15:24 hqnl0246134 sshd[290774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.21.145.132 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:15:28,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.21.145.132', 'timestamp': 1670382928.0855122, 'message': 'Dec  7 05:15:26 hqnl0246134 sshd[290774]: Failed password for invalid user denis from 68.21.145.132 port 51692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:15:28,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382928.0857594, 'message': 'Dec  7 05:15:27 hqnl0246134 sshd[290766]: Failed password for root from 61.177.173.18 port 14538 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:15:34,124] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '68.21.145.132', 'timestamp': 1670382934.0923276, 'message': 'Dec  7 05:15:32 hqnl0246134 sshd[290774]: Disconnected from invalid user denis 68.21.145.132 port 51692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:15:34,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382934.0925252, 'message': 'Dec  7 05:15:33 hqnl0246134 sshd[290808]: Invalid user webadmin from 134.17.17.131 port 8680', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 05:15:34,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382934.092686, 'message': 'Dec  7 05:15:33 hqnl0246134 sshd[290808]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.17.131 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:15:34,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382934.0932457, 'message': 'Dec  7 05:15:33 hqnl0246134 sshd[290808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.17.131 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:15:36,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382936.0946565, 'message': 'Dec  7 05:15:34 hqnl0246134 sshd[290808]: Failed password for invalid user webadmin from 134.17.17.131 port 8680 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 05:15:36,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382936.095198, 'message': 'Dec  7 05:15:35 hqnl0246134 sshd[290806]: Invalid user dexter from 190.25.237.179 port 51840', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 05:15:36,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.17.131', 'timestamp': 1670382936.0956635, 'message': 'Dec  7 05:15:35 hqnl0246134 sshd[290808]: Disconnected from invalid user webadmin 134.17.17.131 port 8680 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 05:15:36,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382936.0953696, 'message': 'Dec  7 05:15:35 hqnl0246134 sshd[290806]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.25.237.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:15:36,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382936.095516, 'message': 'Dec  7 05:15:35 hqnl0246134 sshd[290806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.25.237.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:15:38,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382938.0960824, 'message': 'Dec  7 05:15:36 hqnl0246134 sshd[290806]: Failed password for invalid user dexter from 190.25.237.179 port 51840 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 05:15:38,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670382938.0973468, 'message': 'Dec  7 05:15:36 hqnl0246134 sshd[290819]: Invalid user roland from 2.42.206.17 port 34504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:15:38,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.25.237.179', 'timestamp': 1670382938.0972068, 'message': 'Dec  7 05:15:36 hqnl0246134 sshd[290806]: Disconnected from invalid user dexter 190.25.237.179 port 51840 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:15:38,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.42.206.17', 'timestamp': 1670382938.0975056, 'message': 'Dec  7 05:15:37 hqnl0246134 sshd[290819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.42.206.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:15:38,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.42.206.17', 'timestamp': 1670382938.0976515, 'message': 'Dec  7 05:15:37 hqnl0246134 sshd[290819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.206.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:15:40,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670382940.0980344, 'message': 'Dec  7 05:15:39 hqnl0246134 sshd[290819]: Failed password for invalid user roland from 2.42.206.17 port 34504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:15:44,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670382944.1026936, 'message': 'Dec  7 05:15:42 hqnl0246134 sshd[290819]: Disconnected from invalid user roland 2.42.206.17 port 34504 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:15:46,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382946.1048772, 'message': 'Dec  7 05:15:44 hqnl0246134 sshd[290823]: Invalid user zfsoft from 165.227.166.207 port 41350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:15:46,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382946.105246, 'message': 'Dec  7 05:15:44 hqnl0246134 sshd[290823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:15:46,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382946.1053765, 'message': 'Dec  7 05:15:44 hqnl0246134 sshd[290823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:15:48,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382948.1060379, 'message': 'Dec  7 05:15:46 hqnl0246134 sshd[290823]: Failed password for invalid user zfsoft from 165.227.166.207 port 41350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 05:15:48,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670382948.1063085, 'message': 'Dec  7 05:15:47 hqnl0246134 sshd[290823]: Disconnected from invalid user zfsoft 165.227.166.207 port 41350 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:15:50,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382950.1091146, 'message': 'Dec  7 05:15:49 hqnl0246134 sshd[290826]: Invalid user zabbix from 43.153.92.157 port 38690', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 05:15:50,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382950.1094644, 'message': 'Dec  7 05:15:49 hqnl0246134 sshd[290826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.92.157 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:15:50,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382950.1097162, 'message': 'Dec  7 05:15:49 hqnl0246134 sshd[290826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.92.157 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
WARNING [2022-12-07 05:15:51,447] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:15:51,448] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:15:52,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382952.1096659, 'message': 'Dec  7 05:15:51 hqnl0246134 sshd[290826]: Failed password for invalid user zabbix from 43.153.92.157 port 38690 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:15:54,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.92.157', 'timestamp': 1670382954.1112187, 'message': 'Dec  7 05:15:52 hqnl0246134 sshd[290826]: Disconnected from invalid user zabbix 43.153.92.157 port 38690 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:16:04,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382964.1272714, 'message': 'Dec  7 05:16:03 hqnl0246134 sshd[290835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:16:04,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382964.128189, 'message': 'Dec  7 05:16:03 hqnl0246134 sshd[290835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 05:16:06,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382966.1268303, 'message': 'Dec  7 05:16:05 hqnl0246134 sshd[290835]: Failed password for root from 61.177.173.18 port 29987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 05:16:06,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382966.127195, 'message': 'Dec  7 05:16:05 hqnl0246134 sshd[290835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:16:08,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382968.129466, 'message': 'Dec  7 05:16:07 hqnl0246134 sshd[290835]: Failed password for root from 61.177.173.18 port 29987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:16:08,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382968.1298046, 'message': 'Dec  7 05:16:08 hqnl0246134 sshd[290835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 05:16:10,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670382970.1296518, 'message': 'Dec  7 05:16:09 hqnl0246134 sshd[290835]: Failed password for root from 61.177.173.18 port 29987 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 05:16:12,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:16:12,739] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0386 seconds
INFO    [2022-12-07 05:16:14,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382974.1384354, 'message': 'Dec  7 05:16:13 hqnl0246134 sshd[290847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:16:14,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382974.1386561, 'message': 'Dec  7 05:16:13 hqnl0246134 sshd[290847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:16:16,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382976.1411183, 'message': 'Dec  7 05:16:15 hqnl0246134 sshd[290847]: Failed password for root from 61.177.172.104 port 49686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:16:18,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382978.142834, 'message': 'Dec  7 05:16:17 hqnl0246134 sshd[290847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:16:19,933] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:16:19,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:16:19,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:16:19,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 05:16:20,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382980.1462631, 'message': 'Dec  7 05:16:18 hqnl0246134 sshd[290847]: Failed password for root from 61.177.172.104 port 49686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:16:20,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382980.146437, 'message': 'Dec  7 05:16:19 hqnl0246134 sshd[290847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:16:22,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382982.149322, 'message': 'Dec  7 05:16:21 hqnl0246134 sshd[290847]: Failed password for root from 61.177.172.104 port 49686 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:16:22,678] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:16:22,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:16:22,685] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:16:22,698] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 05:16:26,377] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:16:26,378] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:16:26,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:16:26,396] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 05:16:32,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382992.1609633, 'message': 'Dec  7 05:16:30 hqnl0246134 sshd[290866]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:16:32,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382992.1611593, 'message': 'Dec  7 05:16:30 hqnl0246134 sshd[290866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:16:34,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382994.164911, 'message': 'Dec  7 05:16:32 hqnl0246134 sshd[290866]: Failed password for root from 61.177.172.104 port 23421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:16:34,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382994.1650856, 'message': 'Dec  7 05:16:32 hqnl0246134 sshd[290866]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:16:36,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382996.1672716, 'message': 'Dec  7 05:16:34 hqnl0246134 sshd[290866]: Failed password for root from 61.177.172.104 port 23421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:16:36,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382996.167604, 'message': 'Dec  7 05:16:35 hqnl0246134 sshd[290866]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:16:38,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670382998.1722763, 'message': 'Dec  7 05:16:37 hqnl0246134 sshd[290866]: Failed password for root from 61.177.172.104 port 23421 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:16:40,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383000.1743033, 'message': 'Dec  7 05:16:38 hqnl0246134 sshd[290877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:16:40,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383000.1746557, 'message': 'Dec  7 05:16:38 hqnl0246134 sshd[290877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:16:42,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383002.1762357, 'message': 'Dec  7 05:16:41 hqnl0246134 sshd[290877]: Failed password for root from 61.177.172.104 port 35740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:16:44,210] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383004.1780157, 'message': 'Dec  7 05:16:42 hqnl0246134 sshd[290880]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.78.156 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:16:44,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670383004.1782622, 'message': 'Dec  7 05:16:42 hqnl0246134 sshd[290882]: Invalid user alain from 178.62.92.240 port 51420', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:16:44,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383004.1835294, 'message': 'Dec  7 05:16:42 hqnl0246134 sshd[290880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.78.156  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 05:16:44,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.62.92.240', 'timestamp': 1670383004.1837084, 'message': 'Dec  7 05:16:42 hqnl0246134 sshd[290882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.62.92.240 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 05:16:44,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383004.1839654, 'message': 'Dec  7 05:16:43 hqnl0246134 sshd[290877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0440 seconds
INFO    [2022-12-07 05:16:44,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.62.92.240', 'timestamp': 1670383004.1838393, 'message': 'Dec  7 05:16:42 hqnl0246134 sshd[290882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.92.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:16:46,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383006.1808946, 'message': 'Dec  7 05:16:44 hqnl0246134 sshd[290880]: Failed password for root from 139.59.78.156 port 43994 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 05:16:46,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670383006.1811318, 'message': 'Dec  7 05:16:44 hqnl0246134 sshd[290882]: Failed password for invalid user alain from 178.62.92.240 port 51420 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-07 05:16:46,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383006.1813908, 'message': 'Dec  7 05:16:45 hqnl0246134 sshd[290877]: Failed password for root from 61.177.172.104 port 35740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 05:16:46,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.62.92.240', 'timestamp': 1670383006.181255, 'message': 'Dec  7 05:16:45 hqnl0246134 sshd[290882]: Disconnected from invalid user alain 178.62.92.240 port 51420 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:16:48,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383008.1815073, 'message': 'Dec  7 05:16:47 hqnl0246134 sshd[290877]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:16:50,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383010.184997, 'message': 'Dec  7 05:16:48 hqnl0246134 sshd[290884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:16:50,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383010.1853569, 'message': 'Dec  7 05:16:48 hqnl0246134 sshd[290886]: Invalid user newuser from 35.202.200.207 port 1733', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:16:50,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383010.1851838, 'message': 'Dec  7 05:16:48 hqnl0246134 sshd[290884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0596 seconds
INFO    [2022-12-07 05:16:50,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383010.1858785, 'message': 'Dec  7 05:16:49 hqnl0246134 sshd[290877]: Failed password for root from 61.177.172.104 port 35740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 05:16:50,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383010.1854863, 'message': 'Dec  7 05:16:48 hqnl0246134 sshd[290886]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.202.200.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0599 seconds
INFO    [2022-12-07 05:16:50,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670383010.185993, 'message': 'Dec  7 05:16:49 hqnl0246134 sshd[290888]: Invalid user mcserver from 51.83.45.110 port 42138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 05:16:50,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383010.1857278, 'message': 'Dec  7 05:16:48 hqnl0246134 sshd[290886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.202.200.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 05:16:50,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.83.45.110', 'timestamp': 1670383010.186094, 'message': 'Dec  7 05:16:49 hqnl0246134 sshd[290888]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.83.45.110 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-07 05:16:50,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383010.186598, 'message': 'Dec  7 05:16:50 hqnl0246134 sshd[290884]: Failed password for root from 61.177.173.18 port 45178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 05:16:50,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383010.1867273, 'message': 'Dec  7 05:16:50 hqnl0246134 sshd[290886]: Failed password for invalid user newuser from 35.202.200.207 port 1733 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 05:16:50,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.83.45.110', 'timestamp': 1670383010.186192, 'message': 'Dec  7 05:16:49 hqnl0246134 sshd[290888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.45.110 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0398 seconds
WARNING [2022-12-07 05:16:51,452] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:16:51,453] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:16:52,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383012.1897597, 'message': 'Dec  7 05:16:50 hqnl0246134 sshd[290884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 05:16:52,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383012.1900396, 'message': 'Dec  7 05:16:51 hqnl0246134 sshd[290890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 05:16:52,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383012.1903844, 'message': 'Dec  7 05:16:51 hqnl0246134 sshd[290886]: Disconnected from invalid user newuser 35.202.200.207 port 1733 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-07 05:16:52,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383012.1901891, 'message': 'Dec  7 05:16:51 hqnl0246134 sshd[290890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:16:54,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670383014.1921618, 'message': 'Dec  7 05:16:52 hqnl0246134 sshd[290888]: Failed password for invalid user mcserver from 51.83.45.110 port 42138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 05:16:54,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383014.192368, 'message': 'Dec  7 05:16:52 hqnl0246134 sshd[290884]: Failed password for root from 61.177.173.18 port 45178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-07 05:16:54,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383014.1924834, 'message': 'Dec  7 05:16:53 hqnl0246134 sshd[290890]: Failed password for root from 61.177.172.104 port 27436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0449 seconds
INFO    [2022-12-07 05:16:54,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.45.110', 'timestamp': 1670383014.192786, 'message': 'Dec  7 05:16:54 hqnl0246134 sshd[290888]: Disconnected from invalid user mcserver 51.83.45.110 port 42138 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:16:54,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383014.1926205, 'message': 'Dec  7 05:16:53 hqnl0246134 sshd[290890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:16:56,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.162.37.223', 'timestamp': 1670383016.195247, 'message': 'Dec  7 05:16:54 hqnl0246134 sshd[290892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.162.37.223 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 05:16:56,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383016.1958663, 'message': 'Dec  7 05:16:54 hqnl0246134 sshd[290884]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0471 seconds
INFO    [2022-12-07 05:16:56,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383016.196037, 'message': 'Dec  7 05:16:55 hqnl0246134 sshd[290890]: Failed password for root from 61.177.172.104 port 27436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 05:16:56,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.162.37.223', 'timestamp': 1670383016.195684, 'message': 'Dec  7 05:16:54 hqnl0246134 sshd[290892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.37.223  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 05:16:56,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383016.1962247, 'message': 'Dec  7 05:16:56 hqnl0246134 sshd[290890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:16:58,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '130.162.37.223', 'timestamp': 1670383018.1976612, 'message': 'Dec  7 05:16:56 hqnl0246134 sshd[290892]: Failed password for root from 130.162.37.223 port 34280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 05:16:58,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383018.1979089, 'message': 'Dec  7 05:16:56 hqnl0246134 sshd[290884]: Failed password for root from 61.177.173.18 port 45178 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 05:16:58,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670383018.1988232, 'message': 'Dec  7 05:16:57 hqnl0246134 sshd[290894]: Invalid user smart from 190.181.56.107 port 36282', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 05:16:58,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.56.107', 'timestamp': 1670383018.1989536, 'message': 'Dec  7 05:16:57 hqnl0246134 sshd[290894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.56.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:16:58,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.56.107', 'timestamp': 1670383018.1990707, 'message': 'Dec  7 05:16:57 hqnl0246134 sshd[290894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.56.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:17:00,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383020.197719, 'message': 'Dec  7 05:16:58 hqnl0246134 sshd[290890]: Failed password for root from 61.177.172.104 port 27436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 05:17:00,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670383020.1980045, 'message': 'Dec  7 05:16:59 hqnl0246134 sshd[290894]: Failed password for invalid user smart from 190.181.56.107 port 36282 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 05:17:02,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.56.107', 'timestamp': 1670383022.2008984, 'message': 'Dec  7 05:17:01 hqnl0246134 sshd[290894]: Disconnected from invalid user smart 190.181.56.107 port 36282 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-07 05:17:02,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383022.2012851, 'message': 'Dec  7 05:17:01 hqnl0246134 sshd[290896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 05:17:02,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383022.2040184, 'message': 'Dec  7 05:17:01 hqnl0246134 sshd[290896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:17:04,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383024.202385, 'message': 'Dec  7 05:17:04 hqnl0246134 sshd[290896]: Failed password for root from 61.177.172.104 port 54815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:17:08,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383028.2073035, 'message': 'Dec  7 05:17:06 hqnl0246134 sshd[290896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:17:10,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383030.2096272, 'message': 'Dec  7 05:17:08 hqnl0246134 sshd[290896]: Failed password for root from 61.177.172.104 port 54815 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:17:12,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383032.2124083, 'message': 'Dec  7 05:17:10 hqnl0246134 sshd[290896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 05:17:12,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:17:12,756] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0423 seconds
INFO    [2022-12-07 05:17:14,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670383034.2149353, 'message': 'Dec  7 05:17:12 hqnl0246134 sshd[290896]: Failed password for root from 61.177.172.104 port 54815 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:17:14,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383034.2168012, 'message': 'Dec  7 05:17:12 hqnl0246134 sshd[290951]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.130.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:17:14,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383034.216938, 'message': 'Dec  7 05:17:12 hqnl0246134 sshd[290951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.130.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:17:16,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383036.2174373, 'message': 'Dec  7 05:17:14 hqnl0246134 sshd[290951]: Failed password for root from 159.223.130.243 port 48806 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:17:17,863] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:17:17,863] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:17:17,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:17:17,883] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 05:17:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:17:20,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:17:20,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:17:20,640] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 05:17:34,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383054.233818, 'message': 'Dec  7 05:17:34 hqnl0246134 sshd[290966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:17:34,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383054.2340357, 'message': 'Dec  7 05:17:34 hqnl0246134 sshd[290966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:17:36,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383056.2398493, 'message': 'Dec  7 05:17:35 hqnl0246134 sshd[290966]: Failed password for root from 61.177.173.18 port 61507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0919 seconds
INFO    [2022-12-07 05:17:38,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383058.2406023, 'message': 'Dec  7 05:17:36 hqnl0246134 sshd[290966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:17:40,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383060.2417467, 'message': 'Dec  7 05:17:38 hqnl0246134 sshd[290966]: Failed password for root from 61.177.173.18 port 61507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:17:42,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383062.243933, 'message': 'Dec  7 05:17:40 hqnl0246134 sshd[290966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:17:44,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383064.2454894, 'message': 'Dec  7 05:17:43 hqnl0246134 sshd[290966]: Failed password for root from 61.177.173.18 port 61507 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:17:47,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:17:47,500] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:17:47,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:17:47,519] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 05:17:51,456] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:17:51,456] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:17:56,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383076.2639215, 'message': 'Dec  7 05:17:54 hqnl0246134 sshd[290984]: Invalid user zx from 165.227.166.207 port 51680', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 05:17:56,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383076.2646463, 'message': 'Dec  7 05:17:55 hqnl0246134 sshd[290981]: Invalid user wzy from 98.252.188.193 port 30547', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 05:17:56,336] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383076.2643034, 'message': 'Dec  7 05:17:54 hqnl0246134 sshd[290984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:17:56,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383076.2647655, 'message': 'Dec  7 05:17:55 hqnl0246134 sshd[290981]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.252.188.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:17:56,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383076.2645094, 'message': 'Dec  7 05:17:54 hqnl0246134 sshd[290984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 05:17:56,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383076.264882, 'message': 'Dec  7 05:17:55 hqnl0246134 sshd[290981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.252.188.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:17:58,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383078.2660384, 'message': 'Dec  7 05:17:56 hqnl0246134 sshd[290984]: Failed password for invalid user zx from 165.227.166.207 port 51680 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0381 seconds
INFO    [2022-12-07 05:17:58,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383078.2665598, 'message': 'Dec  7 05:17:58 hqnl0246134 sshd[290981]: Failed password for invalid user wzy from 98.252.188.193 port 30547 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 05:17:58,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383078.2664015, 'message': 'Dec  7 05:17:56 hqnl0246134 sshd[290984]: Disconnected from invalid user zx 165.227.166.207 port 51680 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:18:00,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383080.2662232, 'message': 'Dec  7 05:17:59 hqnl0246134 sshd[290981]: Disconnected from invalid user wzy 98.252.188.193 port 30547 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-07 05:18:12,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:18:12,810] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0913 seconds
INFO    [2022-12-07 05:18:17,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:18:17,951] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:18:17,958] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:18:17,970] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 05:18:20,585] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:18:20,586] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:18:20,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:18:20,603] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 05:18:22,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383102.2935874, 'message': 'Dec  7 05:18:20 hqnl0246134 sshd[291017]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.138.23.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-07 05:18:22,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383102.2940094, 'message': 'Dec  7 05:18:21 hqnl0246134 sshd[291018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 05:18:22,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383102.2942803, 'message': 'Dec  7 05:18:21 hqnl0246134 sshd[291025]: Invalid user user2 from 142.93.100.226 port 47212', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 05:18:22,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383102.2938435, 'message': 'Dec  7 05:18:20 hqnl0246134 sshd[291017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.138.23.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:18:22,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383102.294151, 'message': 'Dec  7 05:18:21 hqnl0246134 sshd[291018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:18:22,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383102.2944016, 'message': 'Dec  7 05:18:21 hqnl0246134 sshd[291025]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.100.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 05:18:22,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383102.294525, 'message': 'Dec  7 05:18:21 hqnl0246134 sshd[291025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:18:24,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383104.295684, 'message': 'Dec  7 05:18:22 hqnl0246134 sshd[291018]: Failed password for root from 61.177.173.18 port 23419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 05:18:24,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383104.2959821, 'message': 'Dec  7 05:18:23 hqnl0246134 sshd[291017]: Failed password for root from 201.138.23.117 port 34768 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0490 seconds
INFO    [2022-12-07 05:18:24,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383104.296199, 'message': 'Dec  7 05:18:23 hqnl0246134 sshd[291025]: Failed password for invalid user user2 from 142.93.100.226 port 47212 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 05:18:24,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383104.2963808, 'message': 'Dec  7 05:18:23 hqnl0246134 sshd[291018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:18:24,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383104.296491, 'message': 'Dec  7 05:18:23 hqnl0246134 sshd[291025]: Disconnected from invalid user user2 142.93.100.226 port 47212 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:18:26,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383106.297944, 'message': 'Dec  7 05:18:24 hqnl0246134 sshd[291028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.76.115.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 05:18:26,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383106.2982569, 'message': 'Dec  7 05:18:25 hqnl0246134 sshd[291018]: Failed password for root from 61.177.173.18 port 23419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 05:18:26,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383106.2981422, 'message': 'Dec  7 05:18:24 hqnl0246134 sshd[291028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.76.115.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:18:26,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383106.2983623, 'message': 'Dec  7 05:18:25 hqnl0246134 sshd[291018]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:18:28,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383108.3005311, 'message': 'Dec  7 05:18:26 hqnl0246134 sshd[291028]: Failed password for root from 201.76.115.102 port 54718 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:18:28,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383108.3007593, 'message': 'Dec  7 05:18:27 hqnl0246134 sshd[291018]: Failed password for root from 61.177.173.18 port 23419 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 05:18:46,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383126.325051, 'message': 'Dec  7 05:18:45 hqnl0246134 sshd[291042]: Invalid user tiger from 107.172.101.119 port 50724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 05:18:46,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383126.3255262, 'message': 'Dec  7 05:18:45 hqnl0246134 sshd[291042]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.101.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:18:46,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383126.3257663, 'message': 'Dec  7 05:18:45 hqnl0246134 sshd[291042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.101.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:18:47,829] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:18:47,894] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:18:47,894] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:18:47,895] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:18:47,895] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:18:47,895] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:18:47,905] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:18:47,924] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0280 seconds
WARNING [2022-12-07 05:18:47,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:18:47,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:18:47,960] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0425 seconds
INFO    [2022-12-07 05:18:47,961] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0405 seconds
INFO    [2022-12-07 05:18:48,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383128.3259344, 'message': 'Dec  7 05:18:47 hqnl0246134 sshd[291042]: Failed password for invalid user tiger from 107.172.101.119 port 50724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:18:48,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383128.3261476, 'message': 'Dec  7 05:18:47 hqnl0246134 sshd[291042]: Disconnected from invalid user tiger 107.172.101.119 port 50724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:18:49,808] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:18:49,809] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:18:49,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:18:49,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 05:18:50,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383130.3273513, 'message': 'Dec  7 05:18:50 hqnl0246134 sshd[291047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:18:50,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383130.3275595, 'message': 'Dec  7 05:18:50 hqnl0246134 sshd[291047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 05:18:51,458] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:18:51,459] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:18:54,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383134.332836, 'message': 'Dec  7 05:18:52 hqnl0246134 sshd[291047]: Failed password for root from 61.177.173.51 port 38180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:18:54,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383134.333032, 'message': 'Dec  7 05:18:54 hqnl0246134 sshd[291047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 05:18:58,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383138.3388214, 'message': 'Dec  7 05:18:56 hqnl0246134 sshd[291047]: Failed password for root from 61.177.173.51 port 38180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 05:18:58,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383138.3390512, 'message': 'Dec  7 05:18:57 hqnl0246134 sshd[291052]: Invalid user deploy from 152.67.254.42 port 48006', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:18:58,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383138.3392065, 'message': 'Dec  7 05:18:57 hqnl0246134 sshd[291052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.67.254.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:18:58,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383138.3393173, 'message': 'Dec  7 05:18:57 hqnl0246134 sshd[291052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.67.254.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:19:00,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383140.3488007, 'message': 'Dec  7 05:18:58 hqnl0246134 sshd[291047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 05:19:00,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383140.349044, 'message': 'Dec  7 05:18:59 hqnl0246134 sshd[291052]: Failed password for invalid user deploy from 152.67.254.42 port 48006 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-07 05:19:02,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383142.349923, 'message': 'Dec  7 05:19:00 hqnl0246134 sshd[291047]: Failed password for root from 61.177.173.51 port 38180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 05:19:02,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383142.3501751, 'message': 'Dec  7 05:19:01 hqnl0246134 sshd[291052]: Disconnected from invalid user deploy 152.67.254.42 port 48006 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 05:19:04,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383144.3523006, 'message': 'Dec  7 05:19:02 hqnl0246134 sshd[291056]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 05:19:04,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383144.352541, 'message': 'Dec  7 05:19:02 hqnl0246134 sshd[291056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 05:19:06,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383146.353956, 'message': 'Dec  7 05:19:04 hqnl0246134 sshd[291056]: Failed password for root from 61.177.173.51 port 28904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 05:19:08,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383148.3564603, 'message': 'Dec  7 05:19:06 hqnl0246134 sshd[291056]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:19:08,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383148.3567934, 'message': 'Dec  7 05:19:07 hqnl0246134 sshd[291069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:19:08,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383148.356961, 'message': 'Dec  7 05:19:07 hqnl0246134 sshd[291069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:19:10,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383150.3576748, 'message': 'Dec  7 05:19:09 hqnl0246134 sshd[291056]: Failed password for root from 61.177.173.51 port 28904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:19:10,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383150.3579032, 'message': 'Dec  7 05:19:09 hqnl0246134 sshd[291069]: Failed password for root from 61.177.173.18 port 35476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:19:10,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383150.3580327, 'message': 'Dec  7 05:19:09 hqnl0246134 sshd[291069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:19:12,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383152.3604803, 'message': 'Dec  7 05:19:11 hqnl0246134 sshd[291056]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:19:12,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383152.3607302, 'message': 'Dec  7 05:19:12 hqnl0246134 sshd[291069]: Failed password for root from 61.177.173.18 port 35476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
WARNING [2022-12-07 05:19:12,732] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:19:12,761] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-07 05:19:14,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383154.3648858, 'message': 'Dec  7 05:19:13 hqnl0246134 sshd[291056]: Failed password for root from 61.177.173.51 port 28904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 05:19:14,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383154.365205, 'message': 'Dec  7 05:19:14 hqnl0246134 sshd[291069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 05:19:18,036] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:19:18,037] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:19:18,038] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-07 05:19:18,137] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:19:18,137] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:19:18,145] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:19:18,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 05:19:18,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383158.3684735, 'message': 'Dec  7 05:19:16 hqnl0246134 sshd[291069]: Failed password for root from 61.177.173.18 port 35476 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:19:20,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:19:20,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:19:20,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:19:20,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 05:19:28,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.172.60.130', 'timestamp': 1670383168.3826098, 'message': 'Dec  7 05:19:26 hqnl0246134 sshd[291094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.172.60.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:19:28,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.172.60.130', 'timestamp': 1670383168.3829284, 'message': 'Dec  7 05:19:26 hqnl0246134 sshd[291094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.60.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:19:30,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.172.60.130', 'timestamp': 1670383170.3850906, 'message': 'Dec  7 05:19:28 hqnl0246134 sshd[291094]: Failed password for root from 163.172.60.130 port 40690 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 05:19:30,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383170.3853228, 'message': 'Dec  7 05:19:29 hqnl0246134 sshd[291099]: Invalid user zhanglei from 45.155.158.143 port 37538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:19:30,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383170.3856788, 'message': 'Dec  7 05:19:29 hqnl0246134 sshd[291097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.202.200.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 05:19:30,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383170.385442, 'message': 'Dec  7 05:19:29 hqnl0246134 sshd[291099]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.155.158.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:19:30,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383170.3857932, 'message': 'Dec  7 05:19:29 hqnl0246134 sshd[291097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.202.200.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:19:30,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383170.3855593, 'message': 'Dec  7 05:19:29 hqnl0246134 sshd[291099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.155.158.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:19:32,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383172.3865378, 'message': 'Dec  7 05:19:31 hqnl0246134 sshd[291099]: Failed password for invalid user zhanglei from 45.155.158.143 port 37538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:19:32,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '35.202.200.207', 'timestamp': 1670383172.386862, 'message': 'Dec  7 05:19:31 hqnl0246134 sshd[291097]: Failed password for root from 35.202.200.207 port 1746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:19:34,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383174.3920062, 'message': 'Dec  7 05:19:33 hqnl0246134 sshd[291099]: Disconnected from invalid user zhanglei 45.155.158.143 port 37538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:19:38,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383178.3972855, 'message': 'Dec  7 05:19:36 hqnl0246134 sshd[291104]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.156.51.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:19:38,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.25.237.179', 'timestamp': 1670383178.3983474, 'message': 'Dec  7 05:19:37 hqnl0246134 sshd[291102]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.25.237.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 05:19:38,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383178.3982005, 'message': 'Dec  7 05:19:36 hqnl0246134 sshd[291104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.156.51.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:19:38,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.25.237.179', 'timestamp': 1670383178.3985112, 'message': 'Dec  7 05:19:37 hqnl0246134 sshd[291102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.25.237.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 05:19:40,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383180.400686, 'message': 'Dec  7 05:19:38 hqnl0246134 sshd[291104]: Failed password for root from 186.156.51.218 port 60556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:19:40,432] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.25.237.179', 'timestamp': 1670383180.400929, 'message': 'Dec  7 05:19:39 hqnl0246134 sshd[291102]: Failed password for root from 190.25.237.179 port 40562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:19:42,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383182.4023485, 'message': 'Dec  7 05:19:40 hqnl0246134 sshd[291115]: Invalid user peer from 118.27.5.25 port 38232', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:19:42,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383182.4028451, 'message': 'Dec  7 05:19:42 hqnl0246134 sshd[291117]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.4.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:19:42,467] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383182.4025877, 'message': 'Dec  7 05:19:41 hqnl0246134 sshd[291115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.27.5.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:19:42,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383182.402948, 'message': 'Dec  7 05:19:42 hqnl0246134 sshd[291117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.4.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:19:42,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383182.4027414, 'message': 'Dec  7 05:19:41 hqnl0246134 sshd[291115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.27.5.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:19:44,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383184.4049177, 'message': 'Dec  7 05:19:42 hqnl0246134 sshd[291115]: Failed password for invalid user peer from 118.27.5.25 port 38232 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:19:46,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383186.4058857, 'message': 'Dec  7 05:19:44 hqnl0246134 sshd[291115]: Disconnected from invalid user peer 118.27.5.25 port 38232 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-07 05:19:46,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383186.4060948, 'message': 'Dec  7 05:19:44 hqnl0246134 sshd[291119]: Invalid user aaaa from 139.59.78.156 port 59438', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-07 05:19:46,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383186.4072106, 'message': 'Dec  7 05:19:45 hqnl0246134 sshd[291117]: Failed password for root from 161.35.4.85 port 59042 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-07 05:19:46,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383186.4069688, 'message': 'Dec  7 05:19:44 hqnl0246134 sshd[291119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.78.156 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:19:46,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383186.4071047, 'message': 'Dec  7 05:19:44 hqnl0246134 sshd[291119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.78.156 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:19:48,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383188.40641, 'message': 'Dec  7 05:19:47 hqnl0246134 sshd[291119]: Failed password for invalid user aaaa from 139.59.78.156 port 59438 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 05:19:48,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.78.156', 'timestamp': 1670383188.4070306, 'message': 'Dec  7 05:19:47 hqnl0246134 sshd[291119]: Disconnected from invalid user aaaa 139.59.78.156 port 59438 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
WARNING [2022-12-07 05:19:51,464] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:19:51,465] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:19:56,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383196.417252, 'message': 'Dec  7 05:19:54 hqnl0246134 sshd[291121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:19:56,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383196.417478, 'message': 'Dec  7 05:19:54 hqnl0246134 sshd[291121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:19:58,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383198.4200504, 'message': 'Dec  7 05:19:57 hqnl0246134 sshd[291121]: Failed password for root from 61.177.173.18 port 48817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:20:00,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383200.4216232, 'message': 'Dec  7 05:19:58 hqnl0246134 sshd[291121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:20:02,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '158.160.19.78', 'timestamp': 1670383202.4253454, 'message': 'Dec  7 05:20:00 hqnl0246134 sshd[291127]: pam_imunify(sshd:auth): [IM360_RBL] The IP 158.160.19.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1011 seconds
INFO    [2022-12-07 05:20:02,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383202.4257965, 'message': 'Dec  7 05:20:01 hqnl0246134 sshd[291121]: Failed password for root from 61.177.173.18 port 48817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1016 seconds
INFO    [2022-12-07 05:20:02,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '158.160.19.78', 'timestamp': 1670383202.4256132, 'message': 'Dec  7 05:20:00 hqnl0246134 sshd[291127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.19.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 05:20:04,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '158.160.19.78', 'timestamp': 1670383204.4263775, 'message': 'Dec  7 05:20:02 hqnl0246134 sshd[291127]: Failed password for root from 158.160.19.78 port 49846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0597 seconds
INFO    [2022-12-07 05:20:04,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383204.4266765, 'message': 'Dec  7 05:20:02 hqnl0246134 sshd[291125]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0602 seconds
INFO    [2022-12-07 05:20:04,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383204.4270349, 'message': 'Dec  7 05:20:03 hqnl0246134 sshd[291121]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0605 seconds
INFO    [2022-12-07 05:20:04,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383204.4271975, 'message': 'Dec  7 05:20:03 hqnl0246134 sshd[291148]: Invalid user xj from 165.227.166.207 port 33704', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 05:20:04,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383204.426848, 'message': 'Dec  7 05:20:02 hqnl0246134 sshd[291125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:20:04,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383204.4273953, 'message': 'Dec  7 05:20:03 hqnl0246134 sshd[291148]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 05:20:04,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383204.4275694, 'message': 'Dec  7 05:20:03 hqnl0246134 sshd[291148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:20:06,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383206.4288855, 'message': 'Dec  7 05:20:04 hqnl0246134 sshd[291121]: Failed password for root from 61.177.173.18 port 48817 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0609 seconds
INFO    [2022-12-07 05:20:06,491] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383206.4291983, 'message': 'Dec  7 05:20:05 hqnl0246134 sshd[291148]: Failed password for invalid user xj from 165.227.166.207 port 33704 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0604 seconds
INFO    [2022-12-07 05:20:06,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383206.430481, 'message': 'Dec  7 05:20:05 hqnl0246134 sshd[291125]: Failed password for root from 96.43.99.83 port 39874 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0600 seconds
INFO    [2022-12-07 05:20:06,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383206.430695, 'message': 'Dec  7 05:20:05 hqnl0246134 sshd[291148]: Disconnected from invalid user xj 165.227.166.207 port 33704 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:20:07,336] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:20:07,337] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:20:07,356] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:20:07,376] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0340 seconds
INFO    [2022-12-07 05:20:10,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383210.434317, 'message': 'Dec  7 05:20:09 hqnl0246134 sshd[291167]: Invalid user osmc from 3.0.202.116 port 45482', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 05:20:10,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383210.4346256, 'message': 'Dec  7 05:20:09 hqnl0246134 sshd[291167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:20:10,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383210.4367473, 'message': 'Dec  7 05:20:09 hqnl0246134 sshd[291167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:20:12,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383212.436412, 'message': 'Dec  7 05:20:11 hqnl0246134 sshd[291167]: Failed password for invalid user osmc from 3.0.202.116 port 45482 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 05:20:12,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:20:12,790] defence360agent.internals.the_sink: SensorIncidentList(<40 item(s)>) processed in 0.0617 seconds
INFO    [2022-12-07 05:20:14,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383214.4400845, 'message': 'Dec  7 05:20:12 hqnl0246134 sshd[291167]: Disconnected from invalid user osmc 3.0.202.116 port 45482 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:20:17,840] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:20:17,840] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:20:17,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:20:17,859] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 05:20:22,433] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:20:22,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:20:22,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:20:22,453] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:20:40,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383240.4639258, 'message': 'Dec  7 05:20:39 hqnl0246134 sshd[291198]: Invalid user deploy from 210.14.6.60 port 41108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 05:20:40,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383240.464501, 'message': 'Dec  7 05:20:40 hqnl0246134 sshd[291198]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.14.6.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 05:20:40,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383240.46471, 'message': 'Dec  7 05:20:40 hqnl0246134 sshd[291198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.14.6.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:20:42,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383242.4670436, 'message': 'Dec  7 05:20:40 hqnl0246134 sshd[291217]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:20:42,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383242.4675143, 'message': 'Dec  7 05:20:41 hqnl0246134 sshd[291198]: Failed password for invalid user deploy from 210.14.6.60 port 41108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 05:20:42,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383242.4673765, 'message': 'Dec  7 05:20:40 hqnl0246134 sshd[291217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:20:42,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383242.467636, 'message': 'Dec  7 05:20:42 hqnl0246134 sshd[291198]: Disconnected from invalid user deploy 210.14.6.60 port 41108 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:20:44,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383244.4697096, 'message': 'Dec  7 05:20:42 hqnl0246134 sshd[291217]: Failed password for root from 61.177.173.18 port 59918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:20:46,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383246.478033, 'message': 'Dec  7 05:20:44 hqnl0246134 sshd[291217]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:20:48,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383248.4826953, 'message': 'Dec  7 05:20:47 hqnl0246134 sshd[291217]: Failed password for root from 61.177.173.18 port 59918 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 05:20:48,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.89.163.71', 'timestamp': 1670383248.4828932, 'message': 'Dec  7 05:20:47 hqnl0246134 sshd[291186]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.89.163.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 05:20:48,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.89.163.71', 'timestamp': 1670383248.4830098, 'message': 'Dec  7 05:20:47 hqnl0246134 sshd[291186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.89.163.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:20:50,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383250.4849203, 'message': 'Dec  7 05:20:49 hqnl0246134 sshd[291217]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 05:20:50,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '85.89.163.71', 'timestamp': 1670383250.485181, 'message': 'Dec  7 05:20:49 hqnl0246134 sshd[291186]: Failed password for root from 85.89.163.71 port 36562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0487 seconds
WARNING [2022-12-07 05:20:51,468] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:20:51,469] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:20:52,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383252.4887152, 'message': 'Dec  7 05:20:51 hqnl0246134 sshd[291217]: Failed password for root from 61.177.173.18 port 59918 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:20:58,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383258.4988031, 'message': 'Dec  7 05:20:57 hqnl0246134 sshd[291249]: Invalid user rachel from 182.93.7.194 port 45836', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:20:58,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383258.4990113, 'message': 'Dec  7 05:20:57 hqnl0246134 sshd[291249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.93.7.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 05:20:58,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383258.499152, 'message': 'Dec  7 05:20:57 hqnl0246134 sshd[291249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.7.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:21:00,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383260.5615652, 'message': 'Dec  7 05:20:59 hqnl0246134 sshd[291249]: Failed password for invalid user rachel from 182.93.7.194 port 45836 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:21:00,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383260.5617318, 'message': 'Dec  7 05:21:00 hqnl0246134 sshd[291249]: Disconnected from invalid user rachel 182.93.7.194 port 45836 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 05:21:12,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:21:12,794] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0604 seconds
INFO    [2022-12-07 05:21:17,778] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:21:17,779] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:21:17,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:21:17,797] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:21:20,349] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:21:20,349] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:21:20,357] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:21:20,369] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 05:21:28,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383288.5647378, 'message': 'Dec  7 05:21:27 hqnl0246134 sshd[291283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 05:21:28,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383288.5654445, 'message': 'Dec  7 05:21:27 hqnl0246134 sshd[291282]: Invalid user helen from 210.14.6.60 port 39542', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 05:21:28,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383288.5652509, 'message': 'Dec  7 05:21:27 hqnl0246134 sshd[291283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:21:28,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383288.5658698, 'message': 'Dec  7 05:21:27 hqnl0246134 sshd[291282]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.14.6.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:21:28,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383288.5661688, 'message': 'Dec  7 05:21:27 hqnl0246134 sshd[291282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.14.6.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:21:30,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383290.692816, 'message': 'Dec  7 05:21:29 hqnl0246134 sshd[291283]: Failed password for root from 61.177.173.18 port 25676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 05:21:30,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383290.6929858, 'message': 'Dec  7 05:21:29 hqnl0246134 sshd[291282]: Failed password for invalid user helen from 210.14.6.60 port 39542 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 05:21:32,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383292.5669553, 'message': 'Dec  7 05:21:31 hqnl0246134 sshd[291282]: Disconnected from invalid user helen 210.14.6.60 port 39542 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 05:21:32,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383292.5672126, 'message': 'Dec  7 05:21:31 hqnl0246134 sshd[291283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 05:21:33,565] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:21:33,565] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:21:33,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:21:33,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 05:21:34,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383294.5714297, 'message': 'Dec  7 05:21:33 hqnl0246134 sshd[291283]: Failed password for root from 61.177.173.18 port 25676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:21:34,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383294.5717413, 'message': 'Dec  7 05:21:33 hqnl0246134 sshd[291283]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 05:21:36,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383296.5753543, 'message': 'Dec  7 05:21:35 hqnl0246134 sshd[291283]: Failed password for root from 61.177.173.18 port 25676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 05:21:51,475] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:21:51,476] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 05:21:54,203] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:21:56,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383316.6170037, 'message': 'Dec  7 05:21:55 hqnl0246134 sshd[291303]: Invalid user student from 51.15.83.17 port 13510', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:21:56,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383316.617453, 'message': 'Dec  7 05:21:55 hqnl0246134 sshd[291303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.83.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:21:56,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383316.617637, 'message': 'Dec  7 05:21:55 hqnl0246134 sshd[291303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.83.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:21:58,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383318.6198766, 'message': 'Dec  7 05:21:57 hqnl0246134 sshd[291303]: Failed password for invalid user student from 51.15.83.17 port 13510 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:22:00,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383320.6307995, 'message': 'Dec  7 05:21:59 hqnl0246134 sshd[291303]: Disconnected from invalid user student 51.15.83.17 port 13510 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:22:06,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383326.6452632, 'message': 'Dec  7 05:22:05 hqnl0246134 sshd[291314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.76.115.102 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:22:06,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383326.645661, 'message': 'Dec  7 05:22:05 hqnl0246134 sshd[291314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.76.115.102  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:22:08,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.76.115.102', 'timestamp': 1670383328.6481645, 'message': 'Dec  7 05:22:07 hqnl0246134 sshd[291314]: Failed password for root from 201.76.115.102 port 49027 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 05:22:12,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:22:12,779] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0405 seconds
INFO    [2022-12-07 05:22:14,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383334.658338, 'message': 'Dec  7 05:22:12 hqnl0246134 sshd[291335]: Invalid user xjga from 165.227.166.207 port 44022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:22:14,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383334.6589081, 'message': 'Dec  7 05:22:13 hqnl0246134 sshd[291333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 05:22:14,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383334.6586106, 'message': 'Dec  7 05:22:12 hqnl0246134 sshd[291335]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.227.166.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 05:22:14,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383334.6591983, 'message': 'Dec  7 05:22:14 hqnl0246134 sshd[291337]: Invalid user irina from 210.14.6.60 port 44498', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 05:22:14,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383334.65904, 'message': 'Dec  7 05:22:13 hqnl0246134 sshd[291333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 05:22:14,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383334.658801, 'message': 'Dec  7 05:22:12 hqnl0246134 sshd[291335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.166.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:22:14,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383334.6592999, 'message': 'Dec  7 05:22:14 hqnl0246134 sshd[291337]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.14.6.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:22:14,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383334.6593978, 'message': 'Dec  7 05:22:14 hqnl0246134 sshd[291337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.14.6.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:22:16,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383336.6625283, 'message': 'Dec  7 05:22:14 hqnl0246134 sshd[291335]: Failed password for invalid user xjga from 165.227.166.207 port 44022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0597 seconds
INFO    [2022-12-07 05:22:16,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383336.6630144, 'message': 'Dec  7 05:22:15 hqnl0246134 sshd[291333]: Failed password for root from 61.177.173.18 port 37917 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0606 seconds
INFO    [2022-12-07 05:22:16,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.227.166.207', 'timestamp': 1670383336.6628752, 'message': 'Dec  7 05:22:15 hqnl0246134 sshd[291335]: Disconnected from invalid user xjga 165.227.166.207 port 44022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:22:17,950] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:22:17,950] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:22:17,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:22:17,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 05:22:18,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383338.664684, 'message': 'Dec  7 05:22:16 hqnl0246134 sshd[291337]: Failed password for invalid user irina from 210.14.6.60 port 44498 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:22:18,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383338.6649508, 'message': 'Dec  7 05:22:17 hqnl0246134 sshd[291333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 05:22:20,508] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:22:20,508] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:22:20,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:22:20,527] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:22:20,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.14.6.60', 'timestamp': 1670383340.669659, 'message': 'Dec  7 05:22:18 hqnl0246134 sshd[291337]: Disconnected from invalid user irina 210.14.6.60 port 44498 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 05:22:20,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383340.6698482, 'message': 'Dec  7 05:22:19 hqnl0246134 sshd[291333]: Failed password for root from 61.177.173.18 port 37917 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:22:20,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383340.6699743, 'message': 'Dec  7 05:22:19 hqnl0246134 sshd[291333]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:22:22,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383342.6732295, 'message': 'Dec  7 05:22:22 hqnl0246134 sshd[291333]: Failed password for root from 61.177.173.18 port 37917 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:22:22,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383342.6734824, 'message': 'Dec  7 05:22:22 hqnl0246134 sshd[291350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.155.158.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 05:22:22,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383342.673656, 'message': 'Dec  7 05:22:22 hqnl0246134 sshd[291350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.155.158.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:22:24,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383344.673902, 'message': 'Dec  7 05:22:23 hqnl0246134 sshd[291350]: Failed password for root from 45.155.158.143 port 54092 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:22:28,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383348.6819108, 'message': 'Dec  7 05:22:27 hqnl0246134 sshd[291353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:22:28,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383348.6821165, 'message': 'Dec  7 05:22:27 hqnl0246134 sshd[291353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:22:30,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383350.691699, 'message': 'Dec  7 05:22:28 hqnl0246134 sshd[291353]: Failed password for root from 159.65.235.114 port 42046 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:22:30,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383350.6919575, 'message': 'Dec  7 05:22:30 hqnl0246134 sshd[291357]: Invalid user ts3srv from 69.250.26.126 port 48326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:22:30,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383350.692086, 'message': 'Dec  7 05:22:30 hqnl0246134 sshd[291357]: pam_imunify(sshd:auth): [IM360_RBL] The IP 69.250.26.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1282 seconds
INFO    [2022-12-07 05:22:30,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383350.6922297, 'message': 'Dec  7 05:22:30 hqnl0246134 sshd[291357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.250.26.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:22:32,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383352.6942868, 'message': 'Dec  7 05:22:32 hqnl0246134 sshd[291357]: Failed password for invalid user ts3srv from 69.250.26.126 port 48326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:22:32,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383352.6946826, 'message': 'Dec  7 05:22:32 hqnl0246134 sshd[291357]: Disconnected from invalid user ts3srv 69.250.26.126 port 48326 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
WARNING [2022-12-07 05:22:51,480] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:22:51,482] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:22:58,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383378.74858, 'message': 'Dec  7 05:22:58 hqnl0246134 sshd[291371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 05:22:58,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383378.7496006, 'message': 'Dec  7 05:22:58 hqnl0246134 sshd[291371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:23:00,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383380.7504418, 'message': 'Dec  7 05:22:59 hqnl0246134 sshd[291371]: Failed password for root from 61.177.173.18 port 42560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:23:00,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383380.750636, 'message': 'Dec  7 05:23:00 hqnl0246134 sshd[291371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:23:02,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383382.7593021, 'message': 'Dec  7 05:23:02 hqnl0246134 sshd[291371]: Failed password for root from 61.177.173.18 port 42560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:23:02,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383382.7595973, 'message': 'Dec  7 05:23:02 hqnl0246134 sshd[291371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:23:04,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383384.7657535, 'message': 'Dec  7 05:23:03 hqnl0246134 sshd[291381]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.205.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:23:04,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383384.7660403, 'message': 'Dec  7 05:23:03 hqnl0246134 sshd[291381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.205.178  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:23:06,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383386.768886, 'message': 'Dec  7 05:23:05 hqnl0246134 sshd[291371]: Failed password for root from 61.177.173.18 port 42560 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 05:23:06,819] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383386.7691429, 'message': 'Dec  7 05:23:05 hqnl0246134 sshd[291381]: Failed password for root from 159.65.205.178 port 58356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0487 seconds
INFO    [2022-12-07 05:23:08,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:23:08,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:23:08,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:23:08,359] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0319 seconds
WARNING [2022-12-07 05:23:12,750] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:23:12,779] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0375 seconds
INFO    [2022-12-07 05:23:17,733] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:23:17,733] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:23:17,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:23:17,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 05:23:18,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383398.7941117, 'message': 'Dec  7 05:23:18 hqnl0246134 sshd[291396]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:23:18,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383398.794308, 'message': 'Dec  7 05:23:18 hqnl0246134 sshd[291396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:23:20,444] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:23:20,445] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:23:20,452] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:23:20,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:23:20,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383400.8002086, 'message': 'Dec  7 05:23:20 hqnl0246134 sshd[291396]: Failed password for root from 96.43.99.83 port 37596 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 05:23:34,851] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383414.832135, 'message': 'Dec  7 05:23:32 hqnl0246134 sshd[291411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:23:34,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383414.8324564, 'message': 'Dec  7 05:23:32 hqnl0246134 sshd[291411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:23:36,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383416.8339431, 'message': 'Dec  7 05:23:35 hqnl0246134 sshd[291411]: Failed password for root from 61.177.173.36 port 22569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:23:38,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383418.8383477, 'message': 'Dec  7 05:23:37 hqnl0246134 sshd[291411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 05:23:40,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383420.8452399, 'message': 'Dec  7 05:23:39 hqnl0246134 sshd[291411]: Failed password for root from 61.177.173.36 port 22569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 05:23:40,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383420.845623, 'message': 'Dec  7 05:23:40 hqnl0246134 sshd[291413]: Invalid user aa from 98.252.188.193 port 53569', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:23:40,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383420.8458858, 'message': 'Dec  7 05:23:40 hqnl0246134 sshd[291413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 98.252.188.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:23:40,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383420.8461118, 'message': 'Dec  7 05:23:40 hqnl0246134 sshd[291413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.252.188.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:23:42,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383422.8509045, 'message': 'Dec  7 05:23:41 hqnl0246134 sshd[291411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:23:42,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383422.8511515, 'message': 'Dec  7 05:23:42 hqnl0246134 sshd[291413]: Failed password for invalid user aa from 98.252.188.193 port 53569 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:23:42,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '98.252.188.193', 'timestamp': 1670383422.8512723, 'message': 'Dec  7 05:23:42 hqnl0246134 sshd[291413]: Disconnected from invalid user aa 98.252.188.193 port 53569 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:23:44,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383424.8554661, 'message': 'Dec  7 05:23:43 hqnl0246134 sshd[291411]: Failed password for root from 61.177.173.36 port 22569 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 05:23:44,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383424.8556707, 'message': 'Dec  7 05:23:43 hqnl0246134 sshd[291426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.130.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-07 05:23:44,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383424.8559525, 'message': 'Dec  7 05:23:43 hqnl0246134 sshd[291427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-07 05:23:44,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383424.855848, 'message': 'Dec  7 05:23:43 hqnl0246134 sshd[291426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.130.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:23:44,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383424.8560708, 'message': 'Dec  7 05:23:43 hqnl0246134 sshd[291427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:23:46,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383426.8583817, 'message': 'Dec  7 05:23:45 hqnl0246134 sshd[291432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0639 seconds
INFO    [2022-12-07 05:23:46,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383426.8588839, 'message': 'Dec  7 05:23:45 hqnl0246134 sshd[291426]: Failed password for root from 159.223.130.243 port 43734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0637 seconds
INFO    [2022-12-07 05:23:46,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383426.8590703, 'message': 'Dec  7 05:23:45 hqnl0246134 sshd[291427]: Failed password for root from 61.177.173.18 port 64861 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-07 05:23:46,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383426.8587027, 'message': 'Dec  7 05:23:45 hqnl0246134 sshd[291432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 05:23:48,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383428.8632617, 'message': 'Dec  7 05:23:47 hqnl0246134 sshd[291432]: Failed password for root from 61.177.173.36 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:23:48,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383428.8635166, 'message': 'Dec  7 05:23:48 hqnl0246134 sshd[291427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:23:50,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383430.8673892, 'message': 'Dec  7 05:23:49 hqnl0246134 sshd[291432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:23:50,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383430.867675, 'message': 'Dec  7 05:23:50 hqnl0246134 sshd[291427]: Failed password for root from 61.177.173.18 port 64861 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:23:50,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383430.8695834, 'message': 'Dec  7 05:23:50 hqnl0246134 sshd[291427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-07 05:23:51,485] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:23:51,486] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:23:52,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383432.870572, 'message': 'Dec  7 05:23:52 hqnl0246134 sshd[291432]: Failed password for root from 61.177.173.36 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 05:23:52,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383432.8708632, 'message': 'Dec  7 05:23:52 hqnl0246134 sshd[291427]: Failed password for root from 61.177.173.18 port 64861 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 05:23:54,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383434.8732994, 'message': 'Dec  7 05:23:54 hqnl0246134 sshd[291432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:23:56,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383436.884393, 'message': 'Dec  7 05:23:56 hqnl0246134 sshd[291432]: Failed password for root from 61.177.173.36 port 12867 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:23:58,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383438.8959956, 'message': 'Dec  7 05:23:58 hqnl0246134 sshd[291436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:23:58,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383438.896332, 'message': 'Dec  7 05:23:58 hqnl0246134 sshd[291436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:24:00,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383440.9051962, 'message': 'Dec  7 05:23:59 hqnl0246134 sshd[291436]: Failed password for root from 61.177.173.36 port 53622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:24:00,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383440.9067025, 'message': 'Dec  7 05:24:00 hqnl0246134 sshd[291438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:24:01,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383440.9064786, 'message': 'Dec  7 05:24:00 hqnl0246134 sshd[291436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1446 seconds
INFO    [2022-12-07 05:24:01,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383440.9068468, 'message': 'Dec  7 05:24:00 hqnl0246134 sshd[291438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1445 seconds
INFO    [2022-12-07 05:24:02,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383442.9091322, 'message': 'Dec  7 05:24:01 hqnl0246134 sshd[291440]: Invalid user helen from 152.67.254.42 port 50696', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 05:24:02,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383442.9135764, 'message': 'Dec  7 05:24:02 hqnl0246134 sshd[291436]: Failed password for root from 61.177.173.36 port 53622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 05:24:02,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383442.913711, 'message': 'Dec  7 05:24:02 hqnl0246134 sshd[291438]: Failed password for root from 61.177.172.114 port 18684 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0456 seconds
INFO    [2022-12-07 05:24:02,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383442.9093435, 'message': 'Dec  7 05:24:01 hqnl0246134 sshd[291440]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.67.254.42 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:24:02,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383442.9094973, 'message': 'Dec  7 05:24:01 hqnl0246134 sshd[291440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.67.254.42 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:24:04,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383444.9127038, 'message': 'Dec  7 05:24:03 hqnl0246134 sshd[291440]: Failed password for invalid user helen from 152.67.254.42 port 50696 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:24:04,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383444.9130352, 'message': 'Dec  7 05:24:04 hqnl0246134 sshd[291438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0467 seconds
INFO    [2022-12-07 05:24:04,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383444.9142013, 'message': 'Dec  7 05:24:04 hqnl0246134 sshd[291436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.36 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:24:06,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.67.254.42', 'timestamp': 1670383446.9140744, 'message': 'Dec  7 05:24:05 hqnl0246134 sshd[291440]: Disconnected from invalid user helen 152.67.254.42 port 50696 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:24:06,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383446.9143097, 'message': 'Dec  7 05:24:06 hqnl0246134 sshd[291438]: Failed password for root from 61.177.172.114 port 18684 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 05:24:06,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.36', 'timestamp': 1670383446.9144256, 'message': 'Dec  7 05:24:06 hqnl0246134 sshd[291436]: Failed password for root from 61.177.173.36 port 53622 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:24:08,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383448.9167225, 'message': 'Dec  7 05:24:07 hqnl0246134 sshd[291438]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:24:09,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:24:09,754] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:24:09,763] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:24:09,776] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 05:24:10,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383450.9178128, 'message': 'Dec  7 05:24:09 hqnl0246134 sshd[291438]: Failed password for root from 61.177.172.114 port 18684 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 05:24:12,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:24:12,782] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-07 05:24:12,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383452.9219556, 'message': 'Dec  7 05:24:12 hqnl0246134 sshd[291468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:24:12,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383452.9221325, 'message': 'Dec  7 05:24:12 hqnl0246134 sshd[291468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:24:16,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383456.9285693, 'message': 'Dec  7 05:24:14 hqnl0246134 sshd[291468]: Failed password for root from 61.177.172.114 port 13660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:24:17,800] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:24:17,801] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:24:17,808] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:24:17,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 05:24:18,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383458.934829, 'message': 'Dec  7 05:24:17 hqnl0246134 sshd[291468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:24:20,263] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:24:20,263] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:24:20,272] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:24:20,284] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 05:24:20,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383460.9424424, 'message': 'Dec  7 05:24:19 hqnl0246134 sshd[291468]: Failed password for root from 61.177.172.114 port 13660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:24:22,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383462.9469929, 'message': 'Dec  7 05:24:21 hqnl0246134 sshd[291468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:24:24,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383464.9526553, 'message': 'Dec  7 05:24:23 hqnl0246134 sshd[291468]: Failed password for root from 61.177.172.114 port 13660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:24:26,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383466.9557009, 'message': 'Dec  7 05:24:25 hqnl0246134 sshd[291481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:24:26,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383466.9559119, 'message': 'Dec  7 05:24:25 hqnl0246134 sshd[291481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:24:29,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383468.9582775, 'message': 'Dec  7 05:24:27 hqnl0246134 sshd[291481]: Failed password for root from 61.177.172.114 port 59407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0525 seconds
INFO    [2022-12-07 05:24:29,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383468.9590573, 'message': 'Dec  7 05:24:27 hqnl0246134 sshd[291483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-07 05:24:29,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383468.9592826, 'message': 'Dec  7 05:24:27 hqnl0246134 sshd[291481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 05:24:29,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383468.9591672, 'message': 'Dec  7 05:24:27 hqnl0246134 sshd[291483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-07 05:24:31,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383470.961322, 'message': 'Dec  7 05:24:29 hqnl0246134 sshd[291486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-07 05:24:31,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383470.96186, 'message': 'Dec  7 05:24:29 hqnl0246134 sshd[291483]: Failed password for root from 123.195.33.169 port 43914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0480 seconds
INFO    [2022-12-07 05:24:31,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383470.9620337, 'message': 'Dec  7 05:24:29 hqnl0246134 sshd[291481]: Failed password for root from 61.177.172.114 port 59407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 05:24:31,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383470.9616325, 'message': 'Dec  7 05:24:29 hqnl0246134 sshd[291486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:24:32,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383472.9618719, 'message': 'Dec  7 05:24:31 hqnl0246134 sshd[291486]: Failed password for root from 61.177.173.18 port 18023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:24:32,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383472.962998, 'message': 'Dec  7 05:24:31 hqnl0246134 sshd[291481]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:24:33,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383472.9628863, 'message': 'Dec  7 05:24:31 hqnl0246134 sshd[291486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:24:34,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383474.9641135, 'message': 'Dec  7 05:24:33 hqnl0246134 sshd[291486]: Failed password for root from 61.177.173.18 port 18023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:24:34,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383474.9643564, 'message': 'Dec  7 05:24:34 hqnl0246134 sshd[291481]: Failed password for root from 61.177.172.114 port 59407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:24:36,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383476.9662085, 'message': 'Dec  7 05:24:35 hqnl0246134 sshd[291486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:24:39,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383478.9746675, 'message': 'Dec  7 05:24:37 hqnl0246134 sshd[291490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 05:24:39,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383478.9751935, 'message': 'Dec  7 05:24:37 hqnl0246134 sshd[291486]: Failed password for root from 61.177.173.18 port 18023 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:24:39,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383478.9750507, 'message': 'Dec  7 05:24:37 hqnl0246134 sshd[291490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:24:41,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383480.9818394, 'message': 'Dec  7 05:24:39 hqnl0246134 sshd[291490]: Failed password for root from 61.177.172.114 port 40573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 05:24:41,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383480.982077, 'message': 'Dec  7 05:24:39 hqnl0246134 sshd[291500]: Invalid user idc from 118.27.5.25 port 45106', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:24:41,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383480.9822943, 'message': 'Dec  7 05:24:39 hqnl0246134 sshd[291490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:24:41,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383480.982189, 'message': 'Dec  7 05:24:39 hqnl0246134 sshd[291500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.27.5.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:24:41,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383480.982808, 'message': 'Dec  7 05:24:39 hqnl0246134 sshd[291500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.27.5.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 05:24:43,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383482.985395, 'message': 'Dec  7 05:24:41 hqnl0246134 sshd[291500]: Failed password for invalid user idc from 118.27.5.25 port 45106 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:24:43,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383482.9856665, 'message': 'Dec  7 05:24:41 hqnl0246134 sshd[291490]: Failed password for root from 61.177.172.114 port 40573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 05:24:45,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383484.9886699, 'message': 'Dec  7 05:24:43 hqnl0246134 sshd[291500]: Disconnected from invalid user idc 118.27.5.25 port 45106 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:24:45,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383484.9894888, 'message': 'Dec  7 05:24:44 hqnl0246134 sshd[291490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:24:47,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.114', 'timestamp': 1670383486.9970837, 'message': 'Dec  7 05:24:46 hqnl0246134 sshd[291490]: Failed password for root from 61.177.172.114 port 40573 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
WARNING [2022-12-07 05:24:51,490] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:24:51,491] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:25:01,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.187.237.243', 'timestamp': 1670383501.027791, 'message': 'Dec  7 05:24:59 hqnl0246134 sshd[291506]: Invalid user guest from 190.187.237.243 port 40848', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 05:25:01,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.187.237.243', 'timestamp': 1670383501.0282085, 'message': 'Dec  7 05:24:59 hqnl0246134 sshd[291506]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.187.237.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:25:01,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.187.237.243', 'timestamp': 1670383501.0284138, 'message': 'Dec  7 05:24:59 hqnl0246134 sshd[291506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.187.237.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:25:03,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.187.237.243', 'timestamp': 1670383503.0343497, 'message': 'Dec  7 05:25:01 hqnl0246134 sshd[291506]: Failed password for invalid user guest from 190.187.237.243 port 40848 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:25:03,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.187.237.243', 'timestamp': 1670383503.0365038, 'message': 'Dec  7 05:25:01 hqnl0246134 sshd[291506]: Disconnected from invalid user guest 190.187.237.243 port 40848 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:25:05,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383505.0399406, 'message': 'Dec  7 05:25:04 hqnl0246134 sshd[291527]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.4.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:25:05,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383505.040232, 'message': 'Dec  7 05:25:04 hqnl0246134 sshd[291527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.4.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:25:07,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383507.039221, 'message': 'Dec  7 05:25:06 hqnl0246134 sshd[291527]: Failed password for root from 161.35.4.85 port 44346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
WARNING [2022-12-07 05:25:12,764] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:25:12,798] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0467 seconds
INFO    [2022-12-07 05:25:17,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383517.0736217, 'message': 'Dec  7 05:25:16 hqnl0246134 sshd[291553]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.155.158.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:25:17,127] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383517.0815735, 'message': 'Dec  7 05:25:16 hqnl0246134 sshd[291553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.155.158.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:25:18,166] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:25:18,167] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:25:18,174] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:25:18,186] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:25:19,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383519.0858576, 'message': 'Dec  7 05:25:17 hqnl0246134 sshd[291555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 05:25:19,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.155.158.143', 'timestamp': 1670383519.0864003, 'message': 'Dec  7 05:25:18 hqnl0246134 sshd[291553]: Failed password for root from 45.155.158.143 port 53118 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0512 seconds
INFO    [2022-12-07 05:25:19,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383519.0861614, 'message': 'Dec  7 05:25:17 hqnl0246134 sshd[291555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 05:25:20,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:25:20,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:25:20,974] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:25:20,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 05:25:21,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383521.0890079, 'message': 'Dec  7 05:25:19 hqnl0246134 sshd[291555]: Failed password for root from 61.177.173.18 port 37954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:25:21,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383521.089253, 'message': 'Dec  7 05:25:20 hqnl0246134 sshd[291555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:25:23,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383523.0898538, 'message': 'Dec  7 05:25:22 hqnl0246134 sshd[291555]: Failed password for root from 61.177.173.18 port 37954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:25:23,288] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:25:23,289] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:25:23,296] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:25:23,308] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 05:25:25,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383525.0934284, 'message': 'Dec  7 05:25:24 hqnl0246134 sshd[291555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:25:27,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383527.0944016, 'message': 'Dec  7 05:25:26 hqnl0246134 sshd[291555]: Failed password for root from 61.177.173.18 port 37954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:25:39,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383539.107953, 'message': 'Dec  7 05:25:37 hqnl0246134 sshd[291574]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 05:25:39,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383539.1085007, 'message': 'Dec  7 05:25:37 hqnl0246134 sshd[291574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:25:41,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383541.107205, 'message': 'Dec  7 05:25:39 hqnl0246134 sshd[291574]: Failed password for root from 159.65.235.114 port 58832 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:25:43,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383543.109215, 'message': 'Dec  7 05:25:41 hqnl0246134 sshd[291587]: Invalid user toto from 3.0.202.116 port 34800', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 05:25:43,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383543.1096983, 'message': 'Dec  7 05:25:41 hqnl0246134 sshd[291587]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:25:43,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383543.1098738, 'message': 'Dec  7 05:25:41 hqnl0246134 sshd[291587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:25:45,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383545.1107328, 'message': 'Dec  7 05:25:43 hqnl0246134 sshd[291589]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.205.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0682 seconds
INFO    [2022-12-07 05:25:45,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383545.1116025, 'message': 'Dec  7 05:25:43 hqnl0246134 sshd[291587]: Failed password for invalid user toto from 3.0.202.116 port 34800 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0677 seconds
INFO    [2022-12-07 05:25:45,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383545.1112492, 'message': 'Dec  7 05:25:43 hqnl0246134 sshd[291589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.205.178  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-07 05:25:45,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383545.1118388, 'message': 'Dec  7 05:25:44 hqnl0246134 sshd[291587]: Disconnected from invalid user toto 3.0.202.116 port 34800 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 05:25:47,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383547.1126242, 'message': 'Dec  7 05:25:45 hqnl0246134 sshd[291589]: Failed password for root from 159.65.205.178 port 46800 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0219 seconds
WARNING [2022-12-07 05:25:51,496] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:25:51,497] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:25:53,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.221.173.142', 'timestamp': 1670383553.1180239, 'message': 'Dec  7 05:25:51 hqnl0246134 sshd[291591]: Invalid user admin from 50.221.173.142 port 51628', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:25:53,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.221.173.142', 'timestamp': 1670383553.1183994, 'message': 'Dec  7 05:25:51 hqnl0246134 sshd[291591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.221.173.142 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:25:53,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.221.173.142', 'timestamp': 1670383553.1185448, 'message': 'Dec  7 05:25:51 hqnl0246134 sshd[291591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.221.173.142 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:25:55,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.221.173.142', 'timestamp': 1670383555.1200767, 'message': 'Dec  7 05:25:53 hqnl0246134 sshd[291591]: Failed password for invalid user admin from 50.221.173.142 port 51628 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:25:55,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '50.221.173.142', 'timestamp': 1670383555.120347, 'message': 'Dec  7 05:25:55 hqnl0246134 sshd[291591]: Disconnected from invalid user admin 50.221.173.142 port 51628 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:26:05,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383565.1308715, 'message': 'Dec  7 05:26:03 hqnl0246134 sshd[291603]: Invalid user web from 107.172.101.119 port 47072', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 05:26:05,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383565.1313403, 'message': 'Dec  7 05:26:03 hqnl0246134 sshd[291603]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.101.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:26:05,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383565.1316175, 'message': 'Dec  7 05:26:03 hqnl0246134 sshd[291603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.101.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 05:26:07,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383567.1330466, 'message': 'Dec  7 05:26:05 hqnl0246134 sshd[291606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:26:07,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383567.1334522, 'message': 'Dec  7 05:26:05 hqnl0246134 sshd[291603]: Failed password for invalid user web from 107.172.101.119 port 47072 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:26:07,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383567.1332932, 'message': 'Dec  7 05:26:05 hqnl0246134 sshd[291606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:26:07,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383567.1335845, 'message': 'Dec  7 05:26:05 hqnl0246134 sshd[291603]: Disconnected from invalid user web 107.172.101.119 port 47072 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:26:09,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383569.1371348, 'message': 'Dec  7 05:26:07 hqnl0246134 sshd[291606]: Failed password for root from 61.177.173.18 port 61549 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:26:09,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383569.1376274, 'message': 'Dec  7 05:26:07 hqnl0246134 sshd[291606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:26:11,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383571.139898, 'message': 'Dec  7 05:26:09 hqnl0246134 sshd[291606]: Failed password for root from 61.177.173.18 port 61549 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:26:11,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383571.1410165, 'message': 'Dec  7 05:26:10 hqnl0246134 sshd[291606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 05:26:12,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:26:12,810] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0510 seconds
INFO    [2022-12-07 05:26:13,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383573.141685, 'message': 'Dec  7 05:26:12 hqnl0246134 sshd[291606]: Failed password for root from 61.177.173.18 port 61549 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:26:17,993] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:26:17,994] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:26:18,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:26:18,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 05:26:20,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:26:20,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:26:20,800] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:26:20,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 05:26:27,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383587.162376, 'message': 'Dec  7 05:26:25 hqnl0246134 sshd[291631]: Invalid user ts3 from 182.93.7.194 port 36156', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:26:27,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383587.1626348, 'message': 'Dec  7 05:26:25 hqnl0246134 sshd[291631]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.93.7.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:26:27,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383587.1630638, 'message': 'Dec  7 05:26:25 hqnl0246134 sshd[291631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.7.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:26:28,591] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:26:28,657] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:26:28,658] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:26:28,658] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:26:28,659] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:26:28,659] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:26:28,670] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:26:28,686] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0261 seconds
WARNING [2022-12-07 05:26:28,692] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:26:28,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:26:28,711] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0309 seconds
INFO    [2022-12-07 05:26:28,712] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0289 seconds
INFO    [2022-12-07 05:26:29,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383589.167114, 'message': 'Dec  7 05:26:27 hqnl0246134 sshd[291631]: Failed password for invalid user ts3 from 182.93.7.194 port 36156 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:26:31,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383591.1717384, 'message': 'Dec  7 05:26:29 hqnl0246134 sshd[291631]: Disconnected from invalid user ts3 182.93.7.194 port 36156 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:26:32,388] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:26:32,388] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:26:32,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:26:32,406] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 05:26:37,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383597.1785684, 'message': 'Dec  7 05:26:36 hqnl0246134 sshd[291637]: Invalid user hy from 96.43.99.83 port 35310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 05:26:37,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.245.187.6', 'timestamp': 1670383597.1854265, 'message': 'Dec  7 05:26:36 hqnl0246134 sshd[291642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.245.187.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:26:37,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383597.1850424, 'message': 'Dec  7 05:26:36 hqnl0246134 sshd[291637]: pam_imunify(sshd:auth): [IM360_RBL] The IP 96.43.99.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1338 seconds
INFO    [2022-12-07 05:26:37,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.245.187.6', 'timestamp': 1670383597.1855476, 'message': 'Dec  7 05:26:36 hqnl0246134 sshd[291642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.187.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1344 seconds
INFO    [2022-12-07 05:26:37,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383597.1852658, 'message': 'Dec  7 05:26:36 hqnl0246134 sshd[291637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.43.99.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 05:26:39,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383599.180997, 'message': 'Dec  7 05:26:38 hqnl0246134 sshd[291637]: Failed password for invalid user hy from 96.43.99.83 port 35310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:26:39,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.245.187.6', 'timestamp': 1670383599.1813872, 'message': 'Dec  7 05:26:38 hqnl0246134 sshd[291642]: Failed password for root from 172.245.187.6 port 45366 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:26:41,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '96.43.99.83', 'timestamp': 1670383601.1827397, 'message': 'Dec  7 05:26:40 hqnl0246134 sshd[291637]: Disconnected from invalid user hy 96.43.99.83 port 35310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 05:26:45,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.199.93.112', 'timestamp': 1670383605.1880245, 'message': 'Dec  7 05:26:43 hqnl0246134 sshd[291652]: Invalid user ftpd from 198.199.93.112 port 50684', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 05:26:45,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.199.93.112', 'timestamp': 1670383605.1885376, 'message': 'Dec  7 05:26:43 hqnl0246134 sshd[291652]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.199.93.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:26:45,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.199.93.112', 'timestamp': 1670383605.1887274, 'message': 'Dec  7 05:26:43 hqnl0246134 sshd[291652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.93.112 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:26:47,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383607.1888778, 'message': 'Dec  7 05:26:45 hqnl0246134 sshd[291654]: Invalid user ed from 159.223.130.243 port 33234', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-07 05:26:47,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.199.93.112', 'timestamp': 1670383607.1895995, 'message': 'Dec  7 05:26:46 hqnl0246134 sshd[291652]: Failed password for invalid user ftpd from 198.199.93.112 port 50684 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0518 seconds
INFO    [2022-12-07 05:26:47,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383607.1891882, 'message': 'Dec  7 05:26:45 hqnl0246134 sshd[291654]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.130.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:26:47,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383607.189391, 'message': 'Dec  7 05:26:45 hqnl0246134 sshd[291654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.130.243 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:26:49,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383609.1918128, 'message': 'Dec  7 05:26:47 hqnl0246134 sshd[291656]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 05:26:49,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383609.1923037, 'message': 'Dec  7 05:26:48 hqnl0246134 sshd[291654]: Failed password for invalid user ed from 159.223.130.243 port 33234 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0455 seconds
INFO    [2022-12-07 05:26:49,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.199.93.112', 'timestamp': 1670383609.19244, 'message': 'Dec  7 05:26:48 hqnl0246134 sshd[291652]: Disconnected from invalid user ftpd 198.199.93.112 port 50684 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 05:26:49,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383609.1921434, 'message': 'Dec  7 05:26:47 hqnl0246134 sshd[291656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:26:51,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383611.1967568, 'message': 'Dec  7 05:26:49 hqnl0246134 sshd[291654]: Disconnected from invalid user ed 159.223.130.243 port 33234 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 05:26:51,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383611.1969774, 'message': 'Dec  7 05:26:49 hqnl0246134 sshd[291656]: Failed password for root from 61.177.173.51 port 20905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 05:26:51,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383611.1971319, 'message': 'Dec  7 05:26:49 hqnl0246134 sshd[291658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 05:26:51,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383611.1978004, 'message': 'Dec  7 05:26:49 hqnl0246134 sshd[291656]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 05:26:51,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383611.1972659, 'message': 'Dec  7 05:26:49 hqnl0246134 sshd[291658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
WARNING [2022-12-07 05:26:51,502] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:26:51,503] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:26:53,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383613.1982052, 'message': 'Dec  7 05:26:51 hqnl0246134 sshd[291658]: Failed password for root from 61.177.173.18 port 58938 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 05:26:53,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383613.1985874, 'message': 'Dec  7 05:26:51 hqnl0246134 sshd[291656]: Failed password for root from 61.177.173.51 port 20905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 05:26:53,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383613.1988058, 'message': 'Dec  7 05:26:52 hqnl0246134 sshd[291658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:26:53,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383613.1990435, 'message': 'Dec  7 05:26:52 hqnl0246134 sshd[291656]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:26:55,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383615.1993697, 'message': 'Dec  7 05:26:53 hqnl0246134 sshd[291658]: Failed password for root from 61.177.173.18 port 58938 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 05:26:55,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383615.1996891, 'message': 'Dec  7 05:26:53 hqnl0246134 sshd[291656]: Failed password for root from 61.177.173.51 port 20905 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 05:26:55,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383615.1998515, 'message': 'Dec  7 05:26:54 hqnl0246134 sshd[291658]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:26:57,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383617.2027318, 'message': 'Dec  7 05:26:56 hqnl0246134 sshd[291658]: Failed password for root from 61.177.173.18 port 58938 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:26:57,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383617.2032053, 'message': 'Dec  7 05:26:56 hqnl0246134 sshd[291662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:26:57,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383617.2035294, 'message': 'Dec  7 05:26:56 hqnl0246134 sshd[291662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:26:58,944] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:26:58,944] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:26:58,945] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 05:26:59,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383619.2019458, 'message': 'Dec  7 05:26:58 hqnl0246134 sshd[291662]: Failed password for root from 61.177.173.51 port 39616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:27:01,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383621.2048366, 'message': 'Dec  7 05:27:00 hqnl0246134 sshd[291662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:27:01,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383621.2050364, 'message': 'Dec  7 05:27:00 hqnl0246134 sshd[291686]: Invalid user delete from 210.106.108.250 port 34206', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:27:01,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383621.2051868, 'message': 'Dec  7 05:27:00 hqnl0246134 sshd[291686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.106.108.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:27:01,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383621.205338, 'message': 'Dec  7 05:27:00 hqnl0246134 sshd[291686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.106.108.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:27:03,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383623.2063267, 'message': 'Dec  7 05:27:03 hqnl0246134 sshd[291662]: Failed password for root from 61.177.173.51 port 39616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:27:05,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383625.2094293, 'message': 'Dec  7 05:27:03 hqnl0246134 sshd[291686]: Failed password for invalid user delete from 210.106.108.250 port 34206 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0603 seconds
INFO    [2022-12-07 05:27:05,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383625.2098105, 'message': 'Dec  7 05:27:04 hqnl0246134 sshd[291696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.138.23.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0608 seconds
INFO    [2022-12-07 05:27:05,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383625.2104495, 'message': 'Dec  7 05:27:04 hqnl0246134 sshd[291662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0601 seconds
INFO    [2022-12-07 05:27:05,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383625.2102354, 'message': 'Dec  7 05:27:04 hqnl0246134 sshd[291686]: Disconnected from invalid user delete 210.106.108.250 port 34206 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 05:27:05,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383625.210051, 'message': 'Dec  7 05:27:04 hqnl0246134 sshd[291696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.138.23.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:27:07,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383627.2105274, 'message': 'Dec  7 05:27:06 hqnl0246134 sshd[291696]: Failed password for root from 201.138.23.117 port 49110 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:27:07,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670383627.2109807, 'message': 'Dec  7 05:27:06 hqnl0246134 sshd[291662]: Failed password for root from 61.177.173.51 port 39616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
WARNING [2022-12-07 05:27:12,789] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:27:12,841] defence360agent.internals.the_sink: SensorIncidentList(<28 item(s)>) processed in 0.0696 seconds
INFO    [2022-12-07 05:27:13,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383633.2190235, 'message': 'Dec  7 05:27:11 hqnl0246134 sshd[291714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.4.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:27:13,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383633.2192457, 'message': 'Dec  7 05:27:11 hqnl0246134 sshd[291714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.4.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:27:15,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383635.2208097, 'message': 'Dec  7 05:27:13 hqnl0246134 sshd[291714]: Failed password for root from 161.35.4.85 port 51376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:27:17,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:27:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:27:17,899] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:27:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0264 seconds
INFO    [2022-12-07 05:27:20,480] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:27:20,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:27:20,496] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:27:20,508] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0273 seconds
INFO    [2022-12-07 05:27:27,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383647.230156, 'message': 'Dec  7 05:27:26 hqnl0246134 sshd[291729]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.27.5.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:27:27,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383647.2303848, 'message': 'Dec  7 05:27:26 hqnl0246134 sshd[291729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.27.5.25  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:27:29,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383649.2327816, 'message': 'Dec  7 05:27:28 hqnl0246134 sshd[291729]: Failed password for root from 118.27.5.25 port 58040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:27:35,277] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383655.241365, 'message': 'Dec  7 05:27:34 hqnl0246134 sshd[291733]: Invalid user firewall from 186.156.51.218 port 42288', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 05:27:35,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383655.2420018, 'message': 'Dec  7 05:27:34 hqnl0246134 sshd[291732]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 05:27:35,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383655.2416773, 'message': 'Dec  7 05:27:34 hqnl0246134 sshd[291733]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.156.51.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:27:35,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383655.2421548, 'message': 'Dec  7 05:27:34 hqnl0246134 sshd[291732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:27:35,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383655.2418516, 'message': 'Dec  7 05:27:34 hqnl0246134 sshd[291733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.156.51.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:27:37,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383657.2426755, 'message': 'Dec  7 05:27:35 hqnl0246134 sshd[291736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0610 seconds
INFO    [2022-12-07 05:27:37,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383657.2432568, 'message': 'Dec  7 05:27:36 hqnl0246134 sshd[291733]: Failed password for invalid user firewall from 186.156.51.218 port 42288 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0623 seconds
INFO    [2022-12-07 05:27:37,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383657.2434604, 'message': 'Dec  7 05:27:36 hqnl0246134 sshd[291732]: Failed password for root from 123.195.33.169 port 37078 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-07 05:27:37,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383657.2430146, 'message': 'Dec  7 05:27:35 hqnl0246134 sshd[291736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:27:39,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383659.2450533, 'message': 'Dec  7 05:27:37 hqnl0246134 sshd[291736]: Failed password for root from 61.177.173.18 port 16204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 05:27:39,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383659.245418, 'message': 'Dec  7 05:27:37 hqnl0246134 sshd[291736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:27:41,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383661.2459128, 'message': 'Dec  7 05:27:39 hqnl0246134 sshd[291736]: Failed password for root from 61.177.173.18 port 16204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:27:41,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383661.2461398, 'message': 'Dec  7 05:27:39 hqnl0246134 sshd[291736]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:27:43,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383663.2484145, 'message': 'Dec  7 05:27:41 hqnl0246134 sshd[291736]: Failed password for root from 61.177.173.18 port 16204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:27:44,614] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:27:44,614] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:27:44,623] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:27:44,636] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 05:27:47,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670383667.2550907, 'message': 'Dec  7 05:27:46 hqnl0246134 sshd[291733]: Disconnected from invalid user firewall 186.156.51.218 port 42288 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 05:27:51,505] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:27:51,506] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:27:53,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383673.2649336, 'message': 'Dec  7 05:27:52 hqnl0246134 sshd[291755]: Invalid user carlos from 142.93.100.226 port 34030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 05:27:53,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383673.2651088, 'message': 'Dec  7 05:27:52 hqnl0246134 sshd[291755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.100.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:27:53,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383673.2652225, 'message': 'Dec  7 05:27:52 hqnl0246134 sshd[291755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:27:55,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383675.2662811, 'message': 'Dec  7 05:27:53 hqnl0246134 sshd[291755]: Failed password for invalid user carlos from 142.93.100.226 port 34030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:27:55,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383675.266491, 'message': 'Dec  7 05:27:54 hqnl0246134 sshd[291755]: Disconnected from invalid user carlos 142.93.100.226 port 34030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
WARNING [2022-12-07 05:28:12,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:28:12,818] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0401 seconds
INFO    [2022-12-07 05:28:17,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383697.3023863, 'message': 'Dec  7 05:28:16 hqnl0246134 sshd[291780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.83.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 05:28:17,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383697.3029046, 'message': 'Dec  7 05:28:16 hqnl0246134 sshd[291780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.83.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:28:17,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:28:17,898] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:28:17,906] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:28:17,918] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 05:28:19,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383699.3025615, 'message': 'Dec  7 05:28:18 hqnl0246134 sshd[291780]: Failed password for root from 51.15.83.17 port 38859 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:28:20,673] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:28:20,673] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:28:20,681] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:28:20,692] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 05:28:21,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383701.3045132, 'message': 'Dec  7 05:28:20 hqnl0246134 sshd[291793]: Invalid user administrator from 159.65.205.178 port 35246', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 05:28:21,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383701.3050745, 'message': 'Dec  7 05:28:21 hqnl0246134 sshd[291791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 69.250.26.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 05:28:21,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383701.3047886, 'message': 'Dec  7 05:28:20 hqnl0246134 sshd[291793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.205.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:28:21,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383701.3051834, 'message': 'Dec  7 05:28:21 hqnl0246134 sshd[291791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.250.26.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:28:21,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383701.3049324, 'message': 'Dec  7 05:28:20 hqnl0246134 sshd[291793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.205.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:28:23,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383703.308547, 'message': 'Dec  7 05:28:22 hqnl0246134 sshd[291791]: Failed password for root from 69.250.26.126 port 43666 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0527 seconds
INFO    [2022-12-07 05:28:23,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383703.3088057, 'message': 'Dec  7 05:28:22 hqnl0246134 sshd[291793]: Failed password for invalid user administrator from 159.65.205.178 port 35246 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-07 05:28:23,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383703.3090615, 'message': 'Dec  7 05:28:22 hqnl0246134 sshd[291795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-07 05:28:23,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.205.178', 'timestamp': 1670383703.3089516, 'message': 'Dec  7 05:28:22 hqnl0246134 sshd[291793]: Disconnected from invalid user administrator 159.65.205.178 port 35246 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:28:23,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383703.309168, 'message': 'Dec  7 05:28:22 hqnl0246134 sshd[291795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:28:25,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383705.3099816, 'message': 'Dec  7 05:28:24 hqnl0246134 sshd[291795]: Failed password for root from 61.177.173.18 port 44153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 05:28:25,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383705.3102987, 'message': 'Dec  7 05:28:25 hqnl0246134 sshd[291797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 05:28:25,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383705.310178, 'message': 'Dec  7 05:28:25 hqnl0246134 sshd[291795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-07 05:28:25,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383705.3104029, 'message': 'Dec  7 05:28:25 hqnl0246134 sshd[291797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0547 seconds
INFO    [2022-12-07 05:28:27,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383707.3118415, 'message': 'Dec  7 05:28:26 hqnl0246134 sshd[291797]: Failed password for root from 61.177.173.52 port 12125 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:28:27,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383707.3120217, 'message': 'Dec  7 05:28:27 hqnl0246134 sshd[291795]: Failed password for root from 61.177.173.18 port 44153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:28:27,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383707.3122334, 'message': 'Dec  7 05:28:27 hqnl0246134 sshd[291797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:28:29,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383709.314738, 'message': 'Dec  7 05:28:28 hqnl0246134 sshd[291797]: Failed password for root from 61.177.173.52 port 12125 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 05:28:31,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383711.316898, 'message': 'Dec  7 05:28:29 hqnl0246134 sshd[291795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 05:28:31,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383711.3171391, 'message': 'Dec  7 05:28:29 hqnl0246134 sshd[291797]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:28:33,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383713.3196213, 'message': 'Dec  7 05:28:31 hqnl0246134 sshd[291795]: Failed password for root from 61.177.173.18 port 44153 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 05:28:33,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383713.3198068, 'message': 'Dec  7 05:28:31 hqnl0246134 sshd[291797]: Failed password for root from 61.177.173.52 port 12125 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:28:37,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383717.3256876, 'message': 'Dec  7 05:28:35 hqnl0246134 sshd[291799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 05:28:37,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383717.3261688, 'message': 'Dec  7 05:28:35 hqnl0246134 sshd[291799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:28:37,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383717.3263836, 'message': 'Dec  7 05:28:37 hqnl0246134 sshd[291799]: Failed password for root from 61.177.173.52 port 46454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:28:39,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383719.3264084, 'message': 'Dec  7 05:28:37 hqnl0246134 sshd[291799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:28:39,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383719.3268106, 'message': 'Dec  7 05:28:38 hqnl0246134 sshd[291801]: Invalid user ed from 159.65.235.114 port 47390', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:28:39,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383719.3269522, 'message': 'Dec  7 05:28:38 hqnl0246134 sshd[291801]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.235.114 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:28:39,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383719.3270714, 'message': 'Dec  7 05:28:38 hqnl0246134 sshd[291801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.235.114 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:28:41,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383721.328505, 'message': 'Dec  7 05:28:40 hqnl0246134 sshd[291801]: Failed password for invalid user ed from 159.65.235.114 port 47390 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:28:41,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383721.3286955, 'message': 'Dec  7 05:28:40 hqnl0246134 sshd[291799]: Failed password for root from 61.177.173.52 port 46454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 05:28:43,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.235.114', 'timestamp': 1670383723.3302248, 'message': 'Dec  7 05:28:41 hqnl0246134 sshd[291801]: Disconnected from invalid user ed 159.65.235.114 port 47390 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:28:43,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383723.3304205, 'message': 'Dec  7 05:28:42 hqnl0246134 sshd[291799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:28:45,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383725.3329508, 'message': 'Dec  7 05:28:44 hqnl0246134 sshd[291799]: Failed password for root from 61.177.173.52 port 46454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:28:47,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:28:47,335] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:28:47,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:28:47,365] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-07 05:28:47,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383727.3371093, 'message': 'Dec  7 05:28:46 hqnl0246134 sshd[291816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:28:47,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383727.3372378, 'message': 'Dec  7 05:28:46 hqnl0246134 sshd[291816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:28:49,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383729.338078, 'message': 'Dec  7 05:28:47 hqnl0246134 sshd[291816]: Failed password for root from 61.177.173.52 port 16750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:28:49,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383729.338291, 'message': 'Dec  7 05:28:48 hqnl0246134 sshd[291816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:28:51,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383731.3394084, 'message': 'Dec  7 05:28:50 hqnl0246134 sshd[291816]: Failed password for root from 61.177.173.52 port 16750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:28:51,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383731.3396227, 'message': 'Dec  7 05:28:50 hqnl0246134 sshd[291816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 05:28:51,512] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:28:51,513] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:28:53,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383733.3441272, 'message': 'Dec  7 05:28:52 hqnl0246134 sshd[291816]: Failed password for root from 61.177.173.52 port 16750 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 05:28:55,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383735.346436, 'message': 'Dec  7 05:28:54 hqnl0246134 sshd[291825]: Invalid user dmdba from 35.200.141.182 port 59042', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:28:55,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383735.346907, 'message': 'Dec  7 05:28:54 hqnl0246134 sshd[291824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:28:55,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383735.3466837, 'message': 'Dec  7 05:28:54 hqnl0246134 sshd[291825]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:28:55,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383735.3470163, 'message': 'Dec  7 05:28:54 hqnl0246134 sshd[291824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:28:55,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383735.3467994, 'message': 'Dec  7 05:28:54 hqnl0246134 sshd[291825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:28:57,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383737.3485038, 'message': 'Dec  7 05:28:56 hqnl0246134 sshd[291825]: Failed password for invalid user dmdba from 35.200.141.182 port 59042 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-07 05:28:57,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383737.3487585, 'message': 'Dec  7 05:28:56 hqnl0246134 sshd[291824]: Failed password for root from 61.177.173.52 port 21531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 05:28:57,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383737.3488903, 'message': 'Dec  7 05:28:57 hqnl0246134 sshd[291824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:28:59,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383739.3501961, 'message': 'Dec  7 05:28:58 hqnl0246134 sshd[291825]: Disconnected from invalid user dmdba 35.200.141.182 port 59042 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:28:59,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.52', 'timestamp': 1670383739.350499, 'message': 'Dec  7 05:28:58 hqnl0246134 sshd[291824]: Failed password for root from 61.177.173.52 port 21531 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:29:03,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383743.353784, 'message': 'Dec  7 05:29:01 hqnl0246134 sshd[291829]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.106.108.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 05:29:03,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383743.3539908, 'message': 'Dec  7 05:29:01 hqnl0246134 sshd[291829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.106.108.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 05:29:05,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383745.358258, 'message': 'Dec  7 05:29:03 hqnl0246134 sshd[291829]: Failed password for root from 210.106.108.250 port 45798 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 05:29:07,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.23.63.23', 'timestamp': 1670383747.361313, 'message': 'Dec  7 05:29:05 hqnl0246134 sshd[291839]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.23.63.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:29:07,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.23.63.23', 'timestamp': 1670383747.3615022, 'message': 'Dec  7 05:29:05 hqnl0246134 sshd[291839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.63.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:29:07,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.23.63.23', 'timestamp': 1670383747.3616374, 'message': 'Dec  7 05:29:07 hqnl0246134 sshd[291839]: Failed password for root from 182.23.63.23 port 46122 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:29:09,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383749.3669887, 'message': 'Dec  7 05:29:07 hqnl0246134 sshd[291841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 05:29:09,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383749.3675983, 'message': 'Dec  7 05:29:07 hqnl0246134 sshd[291841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 05:29:11,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383751.368052, 'message': 'Dec  7 05:29:09 hqnl0246134 sshd[291841]: Failed password for root from 61.177.173.18 port 54206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-07 05:29:12,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:29:12,824] defence360agent.internals.the_sink: SensorIncidentList(<27 item(s)>) processed in 0.0417 seconds
INFO    [2022-12-07 05:29:13,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383753.3712566, 'message': 'Dec  7 05:29:11 hqnl0246134 sshd[291841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 05:29:13,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383753.371458, 'message': 'Dec  7 05:29:13 hqnl0246134 sshd[291853]: Invalid user monitor from 161.35.4.85 port 58416', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 05:29:13,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383753.3715863, 'message': 'Dec  7 05:29:13 hqnl0246134 sshd[291853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.4.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:29:13,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383753.3716946, 'message': 'Dec  7 05:29:13 hqnl0246134 sshd[291853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.4.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 05:29:15,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383755.3741643, 'message': 'Dec  7 05:29:13 hqnl0246134 sshd[291841]: Failed password for root from 61.177.173.18 port 54206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:29:15,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383755.374598, 'message': 'Dec  7 05:29:14 hqnl0246134 sshd[291853]: Failed password for invalid user monitor from 161.35.4.85 port 58416 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:29:15,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383755.374437, 'message': 'Dec  7 05:29:14 hqnl0246134 sshd[291841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 05:29:17,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383757.3771112, 'message': 'Dec  7 05:29:16 hqnl0246134 sshd[291841]: Failed password for root from 61.177.173.18 port 54206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:29:17,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.4.85', 'timestamp': 1670383757.3773854, 'message': 'Dec  7 05:29:16 hqnl0246134 sshd[291853]: Disconnected from invalid user monitor 161.35.4.85 port 58416 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:29:19,890] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:29:19,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:29:19,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:29:19,910] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 05:29:24,499] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:29:24,499] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:29:24,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:29:24,522] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 05:29:33,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383773.3986816, 'message': 'Dec  7 05:29:32 hqnl0246134 sshd[291868]: Invalid user guest from 201.138.23.117 port 60244', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 05:29:33,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383773.3989432, 'message': 'Dec  7 05:29:32 hqnl0246134 sshd[291868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.138.23.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:29:33,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383773.3990529, 'message': 'Dec  7 05:29:32 hqnl0246134 sshd[291868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.138.23.117 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:29:35,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383775.400777, 'message': 'Dec  7 05:29:34 hqnl0246134 sshd[291868]: Failed password for invalid user guest from 201.138.23.117 port 60244 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:29:37,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383777.4036636, 'message': 'Dec  7 05:29:35 hqnl0246134 sshd[291868]: Disconnected from invalid user guest 201.138.23.117 port 60244 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 05:29:37,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383777.4038966, 'message': 'Dec  7 05:29:35 hqnl0246134 sshd[291872]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.130.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 05:29:37,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383777.4040344, 'message': 'Dec  7 05:29:35 hqnl0246134 sshd[291872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.130.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:29:39,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.130.243', 'timestamp': 1670383779.4066157, 'message': 'Dec  7 05:29:37 hqnl0246134 sshd[291872]: Failed password for root from 159.223.130.243 port 50964 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:29:39,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383779.407396, 'message': 'Dec  7 05:29:38 hqnl0246134 sshd[291874]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.106.108.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:29:39,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383779.4075696, 'message': 'Dec  7 05:29:38 hqnl0246134 sshd[291874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.106.108.250  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:29:41,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383781.4085217, 'message': 'Dec  7 05:29:41 hqnl0246134 sshd[291874]: Failed password for root from 210.106.108.250 port 50244 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 05:29:51,516] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:29:51,517] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:29:57,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383797.422916, 'message': 'Dec  7 05:29:55 hqnl0246134 sshd[291889]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:29:57,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383797.4231372, 'message': 'Dec  7 05:29:55 hqnl0246134 sshd[291889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:29:59,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383799.4251187, 'message': 'Dec  7 05:29:57 hqnl0246134 sshd[291889]: Failed password for root from 61.177.173.18 port 17292 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:29:59,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383799.425306, 'message': 'Dec  7 05:29:58 hqnl0246134 sshd[291889]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:30:01,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383801.4272702, 'message': 'Dec  7 05:30:00 hqnl0246134 sshd[291889]: Failed password for root from 61.177.173.18 port 17292 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 05:30:01,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383801.42756, 'message': 'Dec  7 05:30:00 hqnl0246134 sshd[291889]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:30:01,540] defence360agent.files: Updating all files
INFO    [2022-12-07 05:30:01,856] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:01,857] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 05:30:02,215] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:02,216] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 05:30:02,492] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:02,493] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 05:30:02,922] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:02,923] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 05:30:02,923] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 05:30:03,192] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 03:30:03 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E653809DC643E'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 05:30:03,195] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 05:30:03,196] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 05:30:03,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383803.6660874, 'message': 'Dec  7 05:30:01 hqnl0246134 sshd[291894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0598 seconds
INFO    [2022-12-07 05:30:03,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383803.666506, 'message': 'Dec  7 05:30:02 hqnl0246134 sshd[291889]: Failed password for root from 61.177.173.18 port 17292 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0600 seconds
INFO    [2022-12-07 05:30:03,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383803.6663249, 'message': 'Dec  7 05:30:01 hqnl0246134 sshd[291894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:30:03,984] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:03,985] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 05:30:04,246] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:04,246] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 05:30:04,509] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:04,509] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 05:30:04,945] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:04,946] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 05:30:05,396] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 05:30:05,397] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 05:30:05,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383805.4319348, 'message': 'Dec  7 05:30:04 hqnl0246134 sshd[291894]: Failed password for root from 35.200.141.182 port 42746 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:30:06,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:30:06,912] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:30:06,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:30:06,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0299 seconds
INFO    [2022-12-07 05:30:09,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383809.4407463, 'message': 'Dec  7 05:30:07 hqnl0246134 sshd[291924]: Invalid user tf2server from 118.27.5.25 port 42752', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 05:30:09,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383809.4413788, 'message': 'Dec  7 05:30:07 hqnl0246134 sshd[291921]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.101.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:30:09,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383809.441089, 'message': 'Dec  7 05:30:07 hqnl0246134 sshd[291924]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.27.5.25 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:30:09,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383809.4415517, 'message': 'Dec  7 05:30:07 hqnl0246134 sshd[291921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.101.119  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 05:30:09,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383809.4412587, 'message': 'Dec  7 05:30:07 hqnl0246134 sshd[291924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.27.5.25 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:30:11,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383811.4437351, 'message': 'Dec  7 05:30:09 hqnl0246134 sshd[291924]: Failed password for invalid user tf2server from 118.27.5.25 port 42752 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:30:11,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383811.4439702, 'message': 'Dec  7 05:30:09 hqnl0246134 sshd[291921]: Failed password for root from 107.172.101.119 port 59136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0325 seconds
WARNING [2022-12-07 05:30:12,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:30:12,838] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-07 05:30:13,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.27.5.25', 'timestamp': 1670383813.4473307, 'message': 'Dec  7 05:30:11 hqnl0246134 sshd[291924]: Disconnected from invalid user tf2server 118.27.5.25 port 42752 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:30:17,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670383817.449967, 'message': 'Dec  7 05:30:15 hqnl0246134 sshd[291945]: Invalid user whmcs from 143.198.94.205 port 33698', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 05:30:17,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.94.205', 'timestamp': 1670383817.4502203, 'message': 'Dec  7 05:30:16 hqnl0246134 sshd[291945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.94.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:30:17,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.94.205', 'timestamp': 1670383817.4503753, 'message': 'Dec  7 05:30:16 hqnl0246134 sshd[291945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.94.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:30:18,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:30:18,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:30:18,101] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:30:18,113] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 05:30:19,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670383819.456606, 'message': 'Dec  7 05:30:18 hqnl0246134 sshd[291945]: Failed password for invalid user whmcs from 143.198.94.205 port 33698 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:30:19,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670383819.456848, 'message': 'Dec  7 05:30:19 hqnl0246134 sshd[291945]: Disconnected from invalid user whmcs 143.198.94.205 port 33698 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:30:20,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:30:20,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:30:20,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:30:20,842] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 05:30:21,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383821.454237, 'message': 'Dec  7 05:30:19 hqnl0246134 sshd[291955]: Invalid user newuser from 210.106.108.250 port 54668', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:30:21,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383821.4544313, 'message': 'Dec  7 05:30:19 hqnl0246134 sshd[291955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.106.108.250 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:30:21,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383821.4545672, 'message': 'Dec  7 05:30:19 hqnl0246134 sshd[291955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.106.108.250 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:30:23,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383823.4579117, 'message': 'Dec  7 05:30:21 hqnl0246134 sshd[291955]: Failed password for invalid user newuser from 210.106.108.250 port 54668 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:30:23,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.106.108.250', 'timestamp': 1670383823.4581418, 'message': 'Dec  7 05:30:23 hqnl0246134 sshd[291955]: Disconnected from invalid user newuser 210.106.108.250 port 54668 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:30:31,319] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:30:31,387] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:30:31,387] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:30:31,388] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:30:31,388] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:30:31,388] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:30:31,399] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:30:31,414] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0257 seconds
WARNING [2022-12-07 05:30:31,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:30:31,424] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:30:31,440] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0314 seconds
INFO    [2022-12-07 05:30:31,442] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0294 seconds
INFO    [2022-12-07 05:30:37,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383837.489582, 'message': 'Dec  7 05:30:36 hqnl0246134 sshd[291968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 05:30:37,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383837.489973, 'message': 'Dec  7 05:30:36 hqnl0246134 sshd[291968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:30:39,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.195.33.169', 'timestamp': 1670383839.4915965, 'message': 'Dec  7 05:30:38 hqnl0246134 sshd[291968]: Failed password for root from 123.195.33.169 port 37368 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 05:30:43,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383843.4980526, 'message': 'Dec  7 05:30:42 hqnl0246134 sshd[291978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:30:43,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383843.4983335, 'message': 'Dec  7 05:30:42 hqnl0246134 sshd[291978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:30:45,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383845.5025115, 'message': 'Dec  7 05:30:44 hqnl0246134 sshd[291978]: Failed password for root from 61.177.173.18 port 27501 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:30:45,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383845.5028608, 'message': 'Dec  7 05:30:45 hqnl0246134 sshd[291981]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:30:45,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383845.5027354, 'message': 'Dec  7 05:30:44 hqnl0246134 sshd[291978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 05:30:45,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383845.50303, 'message': 'Dec  7 05:30:45 hqnl0246134 sshd[291981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 05:30:47,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383847.5055213, 'message': 'Dec  7 05:30:47 hqnl0246134 sshd[291978]: Failed password for root from 61.177.173.18 port 27501 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:30:47,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383847.5057747, 'message': 'Dec  7 05:30:47 hqnl0246134 sshd[292006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.83.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:30:47,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383847.5059364, 'message': 'Dec  7 05:30:47 hqnl0246134 sshd[292006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.83.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:30:49,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383849.5090845, 'message': 'Dec  7 05:30:47 hqnl0246134 sshd[291981]: Failed password for root from 35.200.141.182 port 51400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0399 seconds
INFO    [2022-12-07 05:30:49,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383849.5092762, 'message': 'Dec  7 05:30:48 hqnl0246134 sshd[291978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-07 05:30:49,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.15.83.17', 'timestamp': 1670383849.509387, 'message': 'Dec  7 05:30:49 hqnl0246134 sshd[292006]: Failed password for root from 51.15.83.17 port 27814 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0402 seconds
WARNING [2022-12-07 05:30:51,518] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:30:51,519] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:30:51,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383851.51103, 'message': 'Dec  7 05:30:50 hqnl0246134 sshd[291978]: Failed password for root from 61.177.173.18 port 27501 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:30:55,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670383855.5191202, 'message': 'Dec  7 05:30:53 hqnl0246134 sshd[292010]: Invalid user elena from 122.3.192.83 port 7066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:30:55,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.3.192.83', 'timestamp': 1670383855.5193555, 'message': 'Dec  7 05:30:53 hqnl0246134 sshd[292010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.3.192.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:30:55,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.3.192.83', 'timestamp': 1670383855.5194747, 'message': 'Dec  7 05:30:53 hqnl0246134 sshd[292010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.3.192.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:30:57,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383857.5217032, 'message': 'Dec  7 05:30:55 hqnl0246134 sshd[292012]: Invalid user web from 142.93.100.226 port 43884', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 05:30:57,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670383857.5219727, 'message': 'Dec  7 05:30:56 hqnl0246134 sshd[292010]: Failed password for invalid user elena from 122.3.192.83 port 7066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:30:57,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383857.5229578, 'message': 'Dec  7 05:30:56 hqnl0246134 sshd[292012]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.100.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 05:30:57,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670383857.523168, 'message': 'Dec  7 05:30:57 hqnl0246134 sshd[292010]: Disconnected from invalid user elena 122.3.192.83 port 7066 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:30:57,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383857.5230656, 'message': 'Dec  7 05:30:56 hqnl0246134 sshd[292012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:30:59,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383859.5252595, 'message': 'Dec  7 05:30:58 hqnl0246134 sshd[292012]: Failed password for invalid user web from 142.93.100.226 port 43884 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:31:01,515] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:31:01,515] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:31:01,516] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 05:31:01,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670383861.5255961, 'message': 'Dec  7 05:31:00 hqnl0246134 sshd[292012]: Disconnected from invalid user web 142.93.100.226 port 43884 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:31:09,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383869.537362, 'message': 'Dec  7 05:31:08 hqnl0246134 sshd[292024]: pam_imunify(sshd:auth): [IM360_RBL] The IP 69.250.26.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 05:31:09,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383869.5377526, 'message': 'Dec  7 05:31:08 hqnl0246134 sshd[292024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.250.26.126  user=www-data', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:31:11,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '69.250.26.126', 'timestamp': 1670383871.5390062, 'message': 'Dec  7 05:31:10 hqnl0246134 sshd[292024]: Failed password for www-data from 69.250.26.126 port 32890 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 05:31:12,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:31:12,868] defence360agent.internals.the_sink: SensorIncidentList(<29 item(s)>) processed in 0.0725 seconds
INFO    [2022-12-07 05:31:16,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:31:16,738] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:31:16,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:31:16,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 05:31:19,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:31:19,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:31:19,946] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:31:19,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 05:31:21,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383881.5518553, 'message': 'Dec  7 05:31:21 hqnl0246134 sshd[292047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.93.7.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:31:21,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383881.552152, 'message': 'Dec  7 05:31:21 hqnl0246134 sshd[292047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.7.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:31:23,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.93.7.194', 'timestamp': 1670383883.5526483, 'message': 'Dec  7 05:31:23 hqnl0246134 sshd[292047]: Failed password for root from 182.93.7.194 port 55576 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:31:24,527] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:31:24,528] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:31:24,536] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:31:24,553] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-07 05:31:25,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.42.176.235', 'timestamp': 1670383885.5543668, 'message': 'Dec  7 05:31:25 hqnl0246134 sshd[292054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.42.176.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:31:25,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.42.176.235', 'timestamp': 1670383885.5546868, 'message': 'Dec  7 05:31:25 hqnl0246134 sshd[292054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.42.176.235  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:31:27,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670383887.5564313, 'message': 'Dec  7 05:31:25 hqnl0246134 sshd[292060]: Invalid user atualiza from 2.42.206.17 port 35955', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 05:31:27,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.42.176.235', 'timestamp': 1670383887.5570388, 'message': 'Dec  7 05:31:26 hqnl0246134 sshd[292054]: Failed password for root from 200.42.176.235 port 51528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 05:31:27,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383887.5571432, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292062]: Invalid user clement from 35.200.141.182 port 60044', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 05:31:27,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.42.206.17', 'timestamp': 1670383887.556811, 'message': 'Dec  7 05:31:25 hqnl0246134 sshd[292060]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.42.206.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:31:27,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383887.5572731, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 35.200.141.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:31:27,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.42.206.17', 'timestamp': 1670383887.556927, 'message': 'Dec  7 05:31:25 hqnl0246134 sshd[292060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.206.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:31:27,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383887.5573986, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:31:29,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670383889.5586214, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292060]: Failed password for invalid user atualiza from 2.42.206.17 port 35955 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 05:31:29,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383889.5589151, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 05:31:29,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.181.233.243', 'timestamp': 1670383889.5591905, 'message': 'Dec  7 05:31:28 hqnl0246134 sshd[292067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.181.233.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 05:31:29,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383889.559076, 'message': 'Dec  7 05:31:27 hqnl0246134 sshd[292065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 05:31:29,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383889.559783, 'message': 'Dec  7 05:31:29 hqnl0246134 sshd[292062]: Failed password for invalid user clement from 35.200.141.182 port 60044 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 05:31:29,642] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.181.233.243', 'timestamp': 1670383889.5596807, 'message': 'Dec  7 05:31:28 hqnl0246134 sshd[292067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.181.233.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 05:31:31,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '35.200.141.182', 'timestamp': 1670383891.5614643, 'message': 'Dec  7 05:31:29 hqnl0246134 sshd[292062]: Disconnected from invalid user clement 35.200.141.182 port 60044 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0670 seconds
INFO    [2022-12-07 05:31:31,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.42.206.17', 'timestamp': 1670383891.5617328, 'message': 'Dec  7 05:31:29 hqnl0246134 sshd[292060]: Disconnected from invalid user atualiza 2.42.206.17 port 35955 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-07 05:31:31,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383891.5618753, 'message': 'Dec  7 05:31:30 hqnl0246134 sshd[292065]: Failed password for root from 61.177.173.18 port 40422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0682 seconds
INFO    [2022-12-07 05:31:31,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.181.233.243', 'timestamp': 1670383891.5619912, 'message': 'Dec  7 05:31:30 hqnl0246134 sshd[292067]: Failed password for root from 2.181.233.243 port 30592 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0681 seconds
INFO    [2022-12-07 05:31:31,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383891.5620947, 'message': 'Dec  7 05:31:30 hqnl0246134 sshd[292069]: Invalid user amit from 3.0.202.116 port 52524', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0677 seconds
INFO    [2022-12-07 05:31:31,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383891.5625908, 'message': 'Dec  7 05:31:31 hqnl0246134 sshd[292069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 3.0.202.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:31:31,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383891.5627177, 'message': 'Dec  7 05:31:31 hqnl0246134 sshd[292069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.0.202.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:31:33,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383893.5634184, 'message': 'Dec  7 05:31:32 hqnl0246134 sshd[292065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:31:35,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383895.5659642, 'message': 'Dec  7 05:31:33 hqnl0246134 sshd[292069]: Failed password for invalid user amit from 3.0.202.116 port 52524 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:31:35,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383895.5662646, 'message': 'Dec  7 05:31:34 hqnl0246134 sshd[292065]: Failed password for root from 61.177.173.18 port 40422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:31:35,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '3.0.202.116', 'timestamp': 1670383895.5663774, 'message': 'Dec  7 05:31:35 hqnl0246134 sshd[292069]: Disconnected from invalid user amit 3.0.202.116 port 52524 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:31:37,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383897.5663433, 'message': 'Dec  7 05:31:36 hqnl0246134 sshd[292065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:31:39,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383899.5688205, 'message': 'Dec  7 05:31:38 hqnl0246134 sshd[292065]: Failed password for root from 61.177.173.18 port 40422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-07 05:31:51,525] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:31:51,526] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 05:31:54,205] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:32:11,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '132.148.77.160', 'timestamp': 1670383931.662701, 'message': 'Dec  7 05:32:10 hqnl0246134 sshd[292103]: pam_imunify(sshd:auth): [IM360_RBL] The IP 132.148.77.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:32:11,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '132.148.77.160', 'timestamp': 1670383931.663086, 'message': 'Dec  7 05:32:10 hqnl0246134 sshd[292103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.77.160  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 05:32:12,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:32:12,851] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0482 seconds
INFO    [2022-12-07 05:32:13,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '132.148.77.160', 'timestamp': 1670383933.66615, 'message': 'Dec  7 05:32:12 hqnl0246134 sshd[292103]: Failed password for root from 132.148.77.160 port 35008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 05:32:15,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383935.6690814, 'message': 'Dec  7 05:32:13 hqnl0246134 sshd[292114]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.138.23.117 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0677 seconds
INFO    [2022-12-07 05:32:15,740] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383935.6696057, 'message': 'Dec  7 05:32:15 hqnl0246134 sshd[292116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0683 seconds
INFO    [2022-12-07 05:32:15,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383935.6693783, 'message': 'Dec  7 05:32:13 hqnl0246134 sshd[292114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.138.23.117  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0585 seconds
INFO    [2022-12-07 05:32:15,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383935.6697984, 'message': 'Dec  7 05:32:15 hqnl0246134 sshd[292116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0528 seconds
INFO    [2022-12-07 05:32:17,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.138.23.117', 'timestamp': 1670383937.6696122, 'message': 'Dec  7 05:32:16 hqnl0246134 sshd[292114]: Failed password for root from 201.138.23.117 port 36204 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:32:18,627] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:32:18,628] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:32:18,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:32:18,646] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 05:32:19,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383939.6741676, 'message': 'Dec  7 05:32:17 hqnl0246134 sshd[292116]: Failed password for root from 61.177.173.18 port 51659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:32:19,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383939.674357, 'message': 'Dec  7 05:32:19 hqnl0246134 sshd[292116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 05:32:21,294] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:32:21,295] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:32:21,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:32:21,322] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
INFO    [2022-12-07 05:32:21,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383941.6781561, 'message': 'Dec  7 05:32:21 hqnl0246134 sshd[292116]: Failed password for root from 61.177.173.18 port 51659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:32:23,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383943.6819391, 'message': 'Dec  7 05:32:21 hqnl0246134 sshd[292116]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:32:25,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383945.6836612, 'message': 'Dec  7 05:32:24 hqnl0246134 sshd[292116]: Failed password for root from 61.177.173.18 port 51659 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 05:32:28,575] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:32:28,576] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:32:28,584] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:32:28,596] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 05:32:51,529] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:32:51,532] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:33:03,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383983.7251875, 'message': 'Dec  7 05:33:02 hqnl0246134 sshd[292152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:33:03,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383983.7258332, 'message': 'Dec  7 05:33:02 hqnl0246134 sshd[292152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:33:05,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383985.7266788, 'message': 'Dec  7 05:33:03 hqnl0246134 sshd[292162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 05:33:05,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383985.7270002, 'message': 'Dec  7 05:33:04 hqnl0246134 sshd[292152]: Failed password for root from 61.177.173.18 port 63022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0428 seconds
INFO    [2022-12-07 05:33:05,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383985.7268693, 'message': 'Dec  7 05:33:03 hqnl0246134 sshd[292162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:33:07,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383987.7288094, 'message': 'Dec  7 05:33:05 hqnl0246134 sshd[292164]: Invalid user oracle from 107.172.101.119 port 42948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0435 seconds
INFO    [2022-12-07 05:33:07,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383987.7292862, 'message': 'Dec  7 05:33:06 hqnl0246134 sshd[292152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 05:33:07,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383987.7293913, 'message': 'Dec  7 05:33:06 hqnl0246134 sshd[292162]: Failed password for root from 61.177.173.39 port 51759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-07 05:33:07,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383987.7290013, 'message': 'Dec  7 05:33:05 hqnl0246134 sshd[292164]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.172.101.119 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:33:07,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383987.7291646, 'message': 'Dec  7 05:33:05 hqnl0246134 sshd[292164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.101.119 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:33:09,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383989.732199, 'message': 'Dec  7 05:33:08 hqnl0246134 sshd[292162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1284 seconds
INFO    [2022-12-07 05:33:09,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383989.7324033, 'message': 'Dec  7 05:33:08 hqnl0246134 sshd[292164]: Failed password for invalid user oracle from 107.172.101.119 port 42948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1290 seconds
INFO    [2022-12-07 05:33:09,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383989.732784, 'message': 'Dec  7 05:33:08 hqnl0246134 sshd[292152]: Failed password for root from 61.177.173.18 port 63022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1300 seconds
INFO    [2022-12-07 05:33:09,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.172.101.119', 'timestamp': 1670383989.7330961, 'message': 'Dec  7 05:33:09 hqnl0246134 sshd[292164]: Disconnected from invalid user oracle 107.172.101.119 port 42948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 05:33:09,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383989.7332058, 'message': 'Dec  7 05:33:09 hqnl0246134 sshd[292162]: Failed password for root from 61.177.173.39 port 51759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 05:33:09,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383989.7329624, 'message': 'Dec  7 05:33:08 hqnl0246134 sshd[292152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0394 seconds
INFO    [2022-12-07 05:33:11,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383991.7368624, 'message': 'Dec  7 05:33:10 hqnl0246134 sshd[292162]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 05:33:11,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670383991.7373106, 'message': 'Dec  7 05:33:10 hqnl0246134 sshd[292152]: Failed password for root from 61.177.173.18 port 63022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0481 seconds
WARNING [2022-12-07 05:33:12,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:33:12,841] defence360agent.internals.the_sink: SensorIncidentList(<13 item(s)>) processed in 0.0337 seconds
INFO    [2022-12-07 05:33:13,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383993.7386804, 'message': 'Dec  7 05:33:12 hqnl0246134 sshd[292162]: Failed password for root from 61.177.173.39 port 51759 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:33:17,813] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:33:17,814] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:33:17,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:33:17,845] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
INFO    [2022-12-07 05:33:17,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383997.8159442, 'message': 'Dec  7 05:33:15 hqnl0246134 sshd[292176]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:33:17,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383997.8160982, 'message': 'Dec  7 05:33:15 hqnl0246134 sshd[292176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:33:19,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670383999.750231, 'message': 'Dec  7 05:33:18 hqnl0246134 sshd[292176]: Failed password for root from 61.177.173.39 port 39617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:33:20,434] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:33:20,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:33:20,443] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:33:20,458] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 05:33:21,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384001.7580774, 'message': 'Dec  7 05:33:20 hqnl0246134 sshd[292176]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:33:23,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384003.7606733, 'message': 'Dec  7 05:33:21 hqnl0246134 sshd[292176]: Failed password for root from 61.177.173.39 port 39617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 05:33:23,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384003.7609463, 'message': 'Dec  7 05:33:22 hqnl0246134 sshd[292176]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:33:25,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384005.764659, 'message': 'Dec  7 05:33:24 hqnl0246134 sshd[292176]: Failed password for root from 61.177.173.39 port 39617 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 05:33:25,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670384005.7649796, 'message': 'Dec  7 05:33:25 hqnl0246134 sshd[292192]: Invalid user admin from 51.15.83.17 port 16823', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 05:33:27,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.15.83.17', 'timestamp': 1670384007.765939, 'message': 'Dec  7 05:33:25 hqnl0246134 sshd[292192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.15.83.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:33:27,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.15.83.17', 'timestamp': 1670384007.7661786, 'message': 'Dec  7 05:33:25 hqnl0246134 sshd[292192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.83.17 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:33:29,378] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:33:29,378] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:33:29,388] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:33:29,400] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 05:33:29,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384009.7693174, 'message': 'Dec  7 05:33:28 hqnl0246134 sshd[292196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:33:29,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670384009.7697167, 'message': 'Dec  7 05:33:28 hqnl0246134 sshd[292192]: Failed password for invalid user admin from 51.15.83.17 port 16823 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:33:29,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384009.7696006, 'message': 'Dec  7 05:33:28 hqnl0246134 sshd[292196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 05:33:29,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.15.83.17', 'timestamp': 1670384009.7698236, 'message': 'Dec  7 05:33:29 hqnl0246134 sshd[292192]: Disconnected from invalid user admin 51.15.83.17 port 16823 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:33:31,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384011.7701554, 'message': 'Dec  7 05:33:29 hqnl0246134 sshd[292196]: Failed password for root from 61.177.173.39 port 41963 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:33:31,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384011.770433, 'message': 'Dec  7 05:33:30 hqnl0246134 sshd[292196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:33:33,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384013.7758703, 'message': 'Dec  7 05:33:32 hqnl0246134 sshd[292196]: Failed password for root from 61.177.173.39 port 41963 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:33:33,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384013.776124, 'message': 'Dec  7 05:33:32 hqnl0246134 sshd[292196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:33:35,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384015.7806556, 'message': 'Dec  7 05:33:34 hqnl0246134 sshd[292202]: pam_imunify(sshd:auth): [IM360_RBL] The IP 158.160.19.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 05:33:35,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.39', 'timestamp': 1670384015.7810206, 'message': 'Dec  7 05:33:34 hqnl0246134 sshd[292196]: Failed password for root from 61.177.173.39 port 41963 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 05:33:35,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384015.7808528, 'message': 'Dec  7 05:33:34 hqnl0246134 sshd[292202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.19.78  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:33:37,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384017.7834413, 'message': 'Dec  7 05:33:36 hqnl0246134 sshd[292202]: Failed password for root from 158.160.19.78 port 58488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:33:49,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384029.8287868, 'message': 'Dec  7 05:33:49 hqnl0246134 sshd[292214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:33:49,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384029.8294356, 'message': 'Dec  7 05:33:49 hqnl0246134 sshd[292214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 05:33:51,537] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:33:51,538] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:33:51,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384031.835487, 'message': 'Dec  7 05:33:51 hqnl0246134 sshd[292214]: Failed password for root from 61.177.173.18 port 21332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:33:53,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384033.8412716, 'message': 'Dec  7 05:33:53 hqnl0246134 sshd[292214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:33:55,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384035.8502948, 'message': 'Dec  7 05:33:55 hqnl0246134 sshd[292214]: Failed password for root from 61.177.173.18 port 21332 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:33:57,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384037.853037, 'message': 'Dec  7 05:33:56 hqnl0246134 sshd[292214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:33:59,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384039.8632925, 'message': 'Dec  7 05:33:58 hqnl0246134 sshd[292214]: Failed password for root from 61.177.173.18 port 21332 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:34:05,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670384045.8750732, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292245]: Invalid user openkm from 69.250.26.126 port 50358', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 05:34:05,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670384045.8756385, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292247]: Invalid user oracle from 142.93.100.226 port 43700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 05:34:05,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '69.250.26.126', 'timestamp': 1670384045.8753006, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 69.250.26.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:34:05,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '142.93.100.226', 'timestamp': 1670384045.87577, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292247]: pam_imunify(sshd:auth): [IM360_RBL] The IP 142.93.100.226 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:34:05,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '69.250.26.126', 'timestamp': 1670384045.875457, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.250.26.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:34:05,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '142.93.100.226', 'timestamp': 1670384045.875936, 'message': 'Dec  7 05:34:04 hqnl0246134 sshd[292247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:34:07,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670384047.8777032, 'message': 'Dec  7 05:34:06 hqnl0246134 sshd[292245]: Failed password for invalid user openkm from 69.250.26.126 port 50358 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:34:07,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670384047.8778975, 'message': 'Dec  7 05:34:06 hqnl0246134 sshd[292247]: Failed password for invalid user oracle from 142.93.100.226 port 43700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 05:34:07,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '142.93.100.226', 'timestamp': 1670384047.8780074, 'message': 'Dec  7 05:34:06 hqnl0246134 sshd[292247]: Disconnected from invalid user oracle 142.93.100.226 port 43700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:34:09,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '69.250.26.126', 'timestamp': 1670384049.878387, 'message': 'Dec  7 05:34:07 hqnl0246134 sshd[292245]: Disconnected from invalid user openkm 69.250.26.126 port 50358 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
WARNING [2022-12-07 05:34:12,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:34:12,852] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0395 seconds
INFO    [2022-12-07 05:34:17,827] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:34:17,828] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:34:17,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:34:17,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 05:34:20,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:34:20,785] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:34:20,793] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:34:20,805] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 05:34:23,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384063.897572, 'message': 'Dec  7 05:34:23 hqnl0246134 sshd[292271]: Invalid user cliente from 206.189.113.201 port 41348', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:34:25,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384065.9004612, 'message': 'Dec  7 05:34:24 hqnl0246134 sshd[292271]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.113.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:34:25,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384065.900682, 'message': 'Dec  7 05:34:24 hqnl0246134 sshd[292271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.113.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:34:27,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384067.9038813, 'message': 'Dec  7 05:34:26 hqnl0246134 sshd[292271]: Failed password for invalid user cliente from 206.189.113.201 port 41348 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:34:27,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384067.904105, 'message': 'Dec  7 05:34:26 hqnl0246134 sshd[292271]: Disconnected from invalid user cliente 206.189.113.201 port 41348 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:34:35,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384075.9157522, 'message': 'Dec  7 05:34:35 hqnl0246134 sshd[292276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 05:34:35,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384075.9163964, 'message': 'Dec  7 05:34:35 hqnl0246134 sshd[292276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:34:37,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384077.917639, 'message': 'Dec  7 05:34:37 hqnl0246134 sshd[292276]: Failed password for root from 61.177.173.18 port 36483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:34:37,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384077.9250276, 'message': 'Dec  7 05:34:37 hqnl0246134 sshd[292276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:34:39,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384079.9197636, 'message': 'Dec  7 05:34:39 hqnl0246134 sshd[292276]: Failed password for root from 61.177.173.18 port 36483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:34:41,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384081.92287, 'message': 'Dec  7 05:34:40 hqnl0246134 sshd[292276]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:34:41,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384081.9233456, 'message': 'Dec  7 05:34:40 hqnl0246134 sshd[292281]: Invalid user musikbot from 137.184.41.247 port 44566', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:34:41,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384081.923858, 'message': 'Dec  7 05:34:41 hqnl0246134 sshd[292276]: Failed password for root from 61.177.173.18 port 36483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:34:41,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384081.923526, 'message': 'Dec  7 05:34:40 hqnl0246134 sshd[292281]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:34:42,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384081.923713, 'message': 'Dec  7 05:34:40 hqnl0246134 sshd[292281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:34:42,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384081.9240048, 'message': 'Dec  7 05:34:41 hqnl0246134 sshd[292281]: Failed password for invalid user musikbot from 137.184.41.247 port 44566 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:34:43,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384083.9224, 'message': 'Dec  7 05:34:43 hqnl0246134 sshd[292281]: Disconnected from invalid user musikbot 137.184.41.247 port 44566 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 05:34:44,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:34:44,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:34:44,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:34:44,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 05:34:47,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384087.923419, 'message': 'Dec  7 05:34:46 hqnl0246134 sshd[292297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:34:47,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384087.9238307, 'message': 'Dec  7 05:34:46 hqnl0246134 sshd[292297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:34:49,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384089.9241312, 'message': 'Dec  7 05:34:48 hqnl0246134 sshd[292297]: Failed password for root from 61.177.172.108 port 32106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:34:49,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384089.92439, 'message': 'Dec  7 05:34:49 hqnl0246134 sshd[292302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:34:49,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384089.924511, 'message': 'Dec  7 05:34:49 hqnl0246134 sshd[292302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 05:34:51,541] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:34:51,542] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:34:51,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384091.9271038, 'message': 'Dec  7 05:34:50 hqnl0246134 sshd[292297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 05:34:51,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384091.9273005, 'message': 'Dec  7 05:34:51 hqnl0246134 sshd[292302]: Failed password for root from 61.177.173.50 port 13358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 05:34:51,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384091.9274125, 'message': 'Dec  7 05:34:51 hqnl0246134 sshd[292305]: Invalid user nikhil from 43.131.30.179 port 38256', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 05:34:51,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384091.9275358, 'message': 'Dec  7 05:34:51 hqnl0246134 sshd[292302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:34:53,817] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:34:53,884] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:34:53,884] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:34:53,885] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:34:53,885] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:34:53,885] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:34:53,894] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:34:53,909] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0239 seconds
WARNING [2022-12-07 05:34:53,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:34:53,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:34:53,946] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0426 seconds
INFO    [2022-12-07 05:34:53,949] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0421 seconds
INFO    [2022-12-07 05:34:53,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384093.9295018, 'message': 'Dec  7 05:34:51 hqnl0246134 sshd[292305]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.30.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 05:34:53,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384093.9298885, 'message': 'Dec  7 05:34:52 hqnl0246134 sshd[292297]: Failed password for root from 61.177.172.108 port 32106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 05:34:54,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384093.9296665, 'message': 'Dec  7 05:34:51 hqnl0246134 sshd[292305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:34:54,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384093.929996, 'message': 'Dec  7 05:34:52 hqnl0246134 sshd[292297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:34:54,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384093.930099, 'message': 'Dec  7 05:34:53 hqnl0246134 sshd[292297]: Failed password for root from 61.177.172.108 port 32106 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:34:55,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384095.9331033, 'message': 'Dec  7 05:34:53 hqnl0246134 sshd[292302]: Failed password for root from 61.177.173.50 port 13358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:34:55,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384095.9333003, 'message': 'Dec  7 05:34:54 hqnl0246134 sshd[292305]: Failed password for invalid user nikhil from 43.131.30.179 port 38256 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:34:55,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384095.933412, 'message': 'Dec  7 05:34:55 hqnl0246134 sshd[292307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.255.244  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 05:34:57,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384097.9359558, 'message': 'Dec  7 05:34:56 hqnl0246134 sshd[292305]: Disconnected from invalid user nikhil 43.131.30.179 port 38256 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 05:34:57,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384097.936135, 'message': 'Dec  7 05:34:56 hqnl0246134 sshd[292302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0447 seconds
INFO    [2022-12-07 05:34:57,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384097.9363596, 'message': 'Dec  7 05:34:56 hqnl0246134 sshd[292308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 05:34:58,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384097.9370756, 'message': 'Dec  7 05:34:56 hqnl0246134 sshd[292308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:34:59,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384099.9386842, 'message': 'Dec  7 05:34:57 hqnl0246134 sshd[292302]: Failed password for root from 61.177.173.50 port 13358 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 05:34:59,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384099.9389193, 'message': 'Dec  7 05:34:58 hqnl0246134 sshd[292307]: Failed password for root from 198.12.255.244 port 56010 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 05:34:59,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384099.939654, 'message': 'Dec  7 05:34:58 hqnl0246134 sshd[292308]: Failed password for root from 61.177.172.108 port 63619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 05:35:00,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384099.9398613, 'message': 'Dec  7 05:34:59 hqnl0246134 sshd[292311]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 05:35:00,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384099.9397588, 'message': 'Dec  7 05:34:58 hqnl0246134 sshd[292308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:35:00,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384099.9399607, 'message': 'Dec  7 05:34:59 hqnl0246134 sshd[292311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.50  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:35:02,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384101.9425197, 'message': 'Dec  7 05:35:00 hqnl0246134 sshd[292308]: Failed password for root from 61.177.172.108 port 63619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0836 seconds
INFO    [2022-12-07 05:35:02,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384101.94298, 'message': 'Dec  7 05:35:01 hqnl0246134 sshd[292311]: Failed password for root from 61.177.173.50 port 47325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0838 seconds
INFO    [2022-12-07 05:35:02,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384101.9428, 'message': 'Dec  7 05:35:01 hqnl0246134 sshd[292308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 05:35:03,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384103.9429595, 'message': 'Dec  7 05:35:02 hqnl0246134 sshd[292311]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:35:03,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384103.943192, 'message': 'Dec  7 05:35:02 hqnl0246134 sshd[292308]: Failed password for root from 61.177.172.108 port 63619 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:35:05,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384105.9445949, 'message': 'Dec  7 05:35:04 hqnl0246134 sshd[292311]: Failed password for root from 61.177.173.50 port 47325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:35:05,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384105.9449162, 'message': 'Dec  7 05:35:05 hqnl0246134 sshd[292332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:35:06,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384105.9448023, 'message': 'Dec  7 05:35:04 hqnl0246134 sshd[292311]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.50 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:35:06,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384105.9450245, 'message': 'Dec  7 05:35:05 hqnl0246134 sshd[292332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 05:35:06,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.50', 'timestamp': 1670384105.9451277, 'message': 'Dec  7 05:35:05 hqnl0246134 sshd[292311]: Failed password for root from 61.177.173.50 port 47325 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:35:07,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384107.9464142, 'message': 'Dec  7 05:35:06 hqnl0246134 sshd[292332]: Failed password for root from 61.177.172.108 port 31911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:35:07,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384107.9466085, 'message': 'Dec  7 05:35:07 hqnl0246134 sshd[292332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:35:09,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384109.9476917, 'message': 'Dec  7 05:35:09 hqnl0246134 sshd[292332]: Failed password for root from 61.177.172.108 port 31911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:35:10,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384109.948029, 'message': 'Dec  7 05:35:09 hqnl0246134 sshd[292332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:35:11,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384111.9497383, 'message': 'Dec  7 05:35:11 hqnl0246134 sshd[292332]: Failed password for root from 61.177.172.108 port 31911 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-07 05:35:12,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:35:12,864] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0452 seconds
INFO    [2022-12-07 05:35:15,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384115.9547203, 'message': 'Dec  7 05:35:15 hqnl0246134 sshd[292352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:35:15,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384115.9549856, 'message': 'Dec  7 05:35:15 hqnl0246134 sshd[292352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:35:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:35:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:35:17,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:35:18,005] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0464 seconds
INFO    [2022-12-07 05:35:18,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384117.9597824, 'message': 'Dec  7 05:35:16 hqnl0246134 sshd[292356]: Invalid user dev from 41.32.132.77 port 39940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 05:35:18,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384117.960568, 'message': 'Dec  7 05:35:17 hqnl0246134 sshd[292352]: Failed password for root from 61.177.172.108 port 12717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 05:35:18,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384117.959917, 'message': 'Dec  7 05:35:16 hqnl0246134 sshd[292356]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.32.132.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 05:35:18,039] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384117.960674, 'message': 'Dec  7 05:35:17 hqnl0246134 sshd[292352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:35:18,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384117.9604464, 'message': 'Dec  7 05:35:16 hqnl0246134 sshd[292356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.32.132.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:35:20,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384119.9578452, 'message': 'Dec  7 05:35:18 hqnl0246134 sshd[292356]: Failed password for invalid user dev from 41.32.132.77 port 39940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-07 05:35:20,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384119.9583201, 'message': 'Dec  7 05:35:19 hqnl0246134 sshd[292366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-07 05:35:20,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384119.9587133, 'message': 'Dec  7 05:35:19 hqnl0246134 sshd[292352]: Failed password for root from 61.177.172.108 port 12717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0510 seconds
INFO    [2022-12-07 05:35:20,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384119.9581432, 'message': 'Dec  7 05:35:19 hqnl0246134 sshd[292356]: Disconnected from invalid user dev 41.32.132.77 port 39940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:35:20,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384119.9584925, 'message': 'Dec  7 05:35:19 hqnl0246134 sshd[292366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:35:20,690] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:35:20,691] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:35:20,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:35:20,716] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
INFO    [2022-12-07 05:35:21,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384121.9586995, 'message': 'Dec  7 05:35:20 hqnl0246134 sshd[292352]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 05:35:21,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384121.9589474, 'message': 'Dec  7 05:35:21 hqnl0246134 sshd[292366]: Failed password for root from 61.177.173.18 port 42706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:35:23,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670384123.9612188, 'message': 'Dec  7 05:35:22 hqnl0246134 sshd[292352]: Failed password for root from 61.177.172.108 port 12717 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:35:23,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384123.9614718, 'message': 'Dec  7 05:35:22 hqnl0246134 sshd[292366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:35:24,023] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:35:24,023] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:35:24,024] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-07 05:35:25,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384125.9622386, 'message': 'Dec  7 05:35:24 hqnl0246134 sshd[292366]: Failed password for root from 61.177.173.18 port 42706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:35:28,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384127.9635983, 'message': 'Dec  7 05:35:26 hqnl0246134 sshd[292372]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.152.137.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0766 seconds
INFO    [2022-12-07 05:35:28,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384127.9645853, 'message': 'Dec  7 05:35:26 hqnl0246134 sshd[292366]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0772 seconds
INFO    [2022-12-07 05:35:28,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384127.9643435, 'message': 'Dec  7 05:35:26 hqnl0246134 sshd[292372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.152.137.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 05:35:28,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384127.9651034, 'message': 'Dec  7 05:35:27 hqnl0246134 sshd[292372]: Failed password for root from 52.152.137.218 port 47312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:35:29,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384129.964347, 'message': 'Dec  7 05:35:28 hqnl0246134 sshd[292366]: Failed password for root from 61.177.173.18 port 42706 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:35:50,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384149.99069, 'message': 'Dec  7 05:35:49 hqnl0246134 sshd[292385]: Invalid user helpdesk from 190.12.102.58 port 48153', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 05:35:50,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384149.991359, 'message': 'Dec  7 05:35:49 hqnl0246134 sshd[292385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.12.102.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:35:50,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384149.9915318, 'message': 'Dec  7 05:35:49 hqnl0246134 sshd[292385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.12.102.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 05:35:51,547] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:35:51,548] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:35:52,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384151.9936678, 'message': 'Dec  7 05:35:51 hqnl0246134 sshd[292385]: Failed password for invalid user helpdesk from 190.12.102.58 port 48153 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:35:54,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384153.9950287, 'message': 'Dec  7 05:35:52 hqnl0246134 sshd[292385]: Disconnected from invalid user helpdesk 190.12.102.58 port 48153 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:35:55,409] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:35:55,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:35:55,417] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:35:55,429] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 05:36:06,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384166.0150883, 'message': 'Dec  7 05:36:04 hqnl0246134 sshd[292404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 05:36:06,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.187.237.243', 'timestamp': 1670384166.0155027, 'message': 'Dec  7 05:36:05 hqnl0246134 sshd[292406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.187.237.243 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 05:36:06,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384166.0153751, 'message': 'Dec  7 05:36:04 hqnl0246134 sshd[292404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0351 seconds
INFO    [2022-12-07 05:36:06,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.187.237.243', 'timestamp': 1670384166.0156612, 'message': 'Dec  7 05:36:05 hqnl0246134 sshd[292406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.187.237.243  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 05:36:08,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384168.0182455, 'message': 'Dec  7 05:36:06 hqnl0246134 sshd[292404]: Failed password for root from 61.177.173.18 port 60703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:36:08,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384168.018663, 'message': 'Dec  7 05:36:06 hqnl0246134 sshd[292408]: Invalid user sam from 61.82.54.57 port 54602', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 05:36:08,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384168.018494, 'message': 'Dec  7 05:36:06 hqnl0246134 sshd[292404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 05:36:08,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.187.237.243', 'timestamp': 1670384168.019102, 'message': 'Dec  7 05:36:07 hqnl0246134 sshd[292406]: Failed password for root from 190.187.237.243 port 41258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 05:36:08,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384168.0188253, 'message': 'Dec  7 05:36:07 hqnl0246134 sshd[292408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.82.54.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 05:36:08,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384168.018949, 'message': 'Dec  7 05:36:07 hqnl0246134 sshd[292408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.54.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:36:10,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384170.0173502, 'message': 'Dec  7 05:36:08 hqnl0246134 sshd[292404]: Failed password for root from 61.177.173.18 port 60703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:36:10,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384170.017645, 'message': 'Dec  7 05:36:09 hqnl0246134 sshd[292408]: Failed password for invalid user sam from 61.82.54.57 port 54602 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:36:12,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384172.0205295, 'message': 'Dec  7 05:36:10 hqnl0246134 sshd[292408]: Disconnected from invalid user sam 61.82.54.57 port 54602 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:36:12,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384172.0208864, 'message': 'Dec  7 05:36:11 hqnl0246134 sshd[292404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0345 seconds
WARNING [2022-12-07 05:36:12,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:36:12,858] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-07 05:36:14,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384174.022088, 'message': 'Dec  7 05:36:12 hqnl0246134 sshd[292404]: Failed password for root from 61.177.173.18 port 60703 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:36:18,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:36:18,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:36:18,017] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:36:18,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-07 05:36:18,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384178.0257425, 'message': 'Dec  7 05:36:16 hqnl0246134 sshd[292423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.42.206.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:36:18,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384178.0260174, 'message': 'Dec  7 05:36:17 hqnl0246134 sshd[292425]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.110.100.228 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:36:18,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384178.0259113, 'message': 'Dec  7 05:36:16 hqnl0246134 sshd[292423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.206.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 05:36:18,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384178.0261412, 'message': 'Dec  7 05:36:17 hqnl0246134 sshd[292425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 05:36:20,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384180.0289955, 'message': 'Dec  7 05:36:18 hqnl0246134 sshd[292423]: Failed password for root from 2.42.206.17 port 59359 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:36:20,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384180.029171, 'message': 'Dec  7 05:36:18 hqnl0246134 sshd[292425]: Failed password for root from 193.110.100.228 port 25334 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:36:20,569] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:36:20,570] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:36:20,577] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:36:20,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 05:36:26,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384186.0340922, 'message': 'Dec  7 05:36:24 hqnl0246134 sshd[292437]: Invalid user spa from 191.55.86.28 port 39353', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:36:26,073] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384186.03438, 'message': 'Dec  7 05:36:25 hqnl0246134 sshd[292437]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.55.86.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:36:26,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384186.0345201, 'message': 'Dec  7 05:36:25 hqnl0246134 sshd[292437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.55.86.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:36:28,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384188.037091, 'message': 'Dec  7 05:36:27 hqnl0246134 sshd[292437]: Failed password for invalid user spa from 191.55.86.28 port 39353 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 05:36:28,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384188.0372758, 'message': 'Dec  7 05:36:27 hqnl0246134 sshd[292437]: Disconnected from invalid user spa 191.55.86.28 port 39353 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:36:30,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384190.0380719, 'message': 'Dec  7 05:36:29 hqnl0246134 sshd[292440]: Invalid user admin from 167.114.152.155 port 43502', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:36:30,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384190.0383077, 'message': 'Dec  7 05:36:30 hqnl0246134 sshd[292440]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.152.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:36:30,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384190.0384326, 'message': 'Dec  7 05:36:30 hqnl0246134 sshd[292440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.152.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:36:32,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384192.0414586, 'message': 'Dec  7 05:36:31 hqnl0246134 sshd[292440]: Failed password for invalid user admin from 167.114.152.155 port 43502 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 05:36:34,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384194.0420027, 'message': 'Dec  7 05:36:33 hqnl0246134 sshd[292440]: Disconnected from invalid user admin 167.114.152.155 port 43502 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:36:48,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384208.0573688, 'message': 'Dec  7 05:36:46 hqnl0246134 sshd[292455]: Invalid user manoj from 80.68.15.249 port 41286', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:36:48,102] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384208.0579543, 'message': 'Dec  7 05:36:46 hqnl0246134 sshd[292455]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.68.15.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:36:48,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384208.0581293, 'message': 'Dec  7 05:36:46 hqnl0246134 sshd[292455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.15.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 05:36:50,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384210.0577233, 'message': 'Dec  7 05:36:48 hqnl0246134 sshd[292455]: Failed password for invalid user manoj from 80.68.15.249 port 41286 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:36:50,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384210.0579844, 'message': 'Dec  7 05:36:49 hqnl0246134 sshd[292455]: Disconnected from invalid user manoj 80.68.15.249 port 41286 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 05:36:51,551] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:36:51,553] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:36:52,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384212.0613682, 'message': 'Dec  7 05:36:50 hqnl0246134 sshd[292457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 05:36:52,112] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384212.061894, 'message': 'Dec  7 05:36:50 hqnl0246134 sshd[292457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:36:54,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384214.0639334, 'message': 'Dec  7 05:36:52 hqnl0246134 sshd[292457]: Failed password for root from 61.177.173.18 port 19055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 05:36:56,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384216.0673761, 'message': 'Dec  7 05:36:55 hqnl0246134 sshd[292457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:36:58,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384218.0709612, 'message': 'Dec  7 05:36:56 hqnl0246134 sshd[292457]: Failed password for root from 61.177.173.18 port 19055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:36:58,110] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384218.0712047, 'message': 'Dec  7 05:36:57 hqnl0246134 sshd[292457]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:37:00,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384220.073312, 'message': 'Dec  7 05:36:59 hqnl0246134 sshd[292457]: Failed password for root from 61.177.173.18 port 19055 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 05:37:12,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:37:12,889] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0601 seconds
INFO    [2022-12-07 05:37:17,749] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:37:17,750] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:37:17,756] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:37:17,767] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 05:37:18,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670384238.0939405, 'message': 'Dec  7 05:37:17 hqnl0246134 sshd[292496]: Invalid user guest3 from 123.195.33.169 port 34626', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:37:18,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670384238.0941243, 'message': 'Dec  7 05:37:17 hqnl0246134 sshd[292496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:37:18,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670384238.0942519, 'message': 'Dec  7 05:37:17 hqnl0246134 sshd[292496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:37:20,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670384240.0980642, 'message': 'Dec  7 05:37:19 hqnl0246134 sshd[292496]: Failed password for invalid user guest3 from 123.195.33.169 port 34626 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 05:37:20,261] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:37:20,261] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:37:20,270] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:37:20,281] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 05:37:24,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670384244.1025167, 'message': 'Dec  7 05:37:22 hqnl0246134 sshd[292496]: Disconnected from invalid user guest3 123.195.33.169 port 34626 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:37:25,044] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:37:25,045] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:37:25,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:37:25,064] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 05:37:30,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384250.1084766, 'message': 'Dec  7 05:37:29 hqnl0246134 sshd[292515]: Invalid user student7 from 172.245.187.6 port 45948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:37:32,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384252.1147227, 'message': 'Dec  7 05:37:30 hqnl0246134 sshd[292515]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.245.187.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:37:32,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384252.1150274, 'message': 'Dec  7 05:37:30 hqnl0246134 sshd[292515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.187.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:37:32,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384252.115181, 'message': 'Dec  7 05:37:31 hqnl0246134 sshd[292515]: Failed password for invalid user student7 from 172.245.187.6 port 45948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:37:34,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384254.117174, 'message': 'Dec  7 05:37:33 hqnl0246134 sshd[292515]: Disconnected from invalid user student7 172.245.187.6 port 45948 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:37:38,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384258.1206024, 'message': 'Dec  7 05:37:37 hqnl0246134 sshd[292518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:37:38,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384258.121794, 'message': 'Dec  7 05:37:37 hqnl0246134 sshd[292518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:37:40,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384260.128619, 'message': 'Dec  7 05:37:39 hqnl0246134 sshd[292518]: Failed password for root from 61.177.173.18 port 35384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:37:40,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384260.1288996, 'message': 'Dec  7 05:37:39 hqnl0246134 sshd[292518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:37:42,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384262.1308517, 'message': 'Dec  7 05:37:41 hqnl0246134 sshd[292518]: Failed password for root from 61.177.173.18 port 35384 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 05:37:42,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384262.1332784, 'message': 'Dec  7 05:37:41 hqnl0246134 sshd[292518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:37:44,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384264.1326547, 'message': 'Dec  7 05:37:43 hqnl0246134 sshd[292518]: Failed password for root from 61.177.173.18 port 35384 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 05:37:46,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384266.1341627, 'message': 'Dec  7 05:37:44 hqnl0246134 sshd[292555]: Invalid user karen from 20.232.173.174 port 59478', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 05:37:46,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384266.1344075, 'message': 'Dec  7 05:37:44 hqnl0246134 sshd[292555]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.173.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:37:46,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384266.137329, 'message': 'Dec  7 05:37:44 hqnl0246134 sshd[292555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.173.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 05:37:48,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384268.1365309, 'message': 'Dec  7 05:37:47 hqnl0246134 sshd[292555]: Failed password for invalid user karen from 20.232.173.174 port 59478 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0772 seconds
INFO    [2022-12-07 05:37:48,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384268.13781, 'message': 'Dec  7 05:37:47 hqnl0246134 sshd[292555]: Disconnected from invalid user karen 20.232.173.174 port 59478 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0682 seconds
WARNING [2022-12-07 05:37:51,556] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:37:51,557] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:37:56,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384276.1526392, 'message': 'Dec  7 05:37:55 hqnl0246134 sshd[292561]: Invalid user monitor from 158.160.19.78 port 57460', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:37:56,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384276.1528955, 'message': 'Dec  7 05:37:55 hqnl0246134 sshd[292561]: pam_imunify(sshd:auth): [IM360_RBL] The IP 158.160.19.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:37:56,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384276.1530585, 'message': 'Dec  7 05:37:55 hqnl0246134 sshd[292561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.19.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:37:58,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384278.1564631, 'message': 'Dec  7 05:37:57 hqnl0246134 sshd[292561]: Failed password for invalid user monitor from 158.160.19.78 port 57460 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:38:00,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '158.160.19.78', 'timestamp': 1670384280.1590343, 'message': 'Dec  7 05:37:58 hqnl0246134 sshd[292561]: Disconnected from invalid user monitor 158.160.19.78 port 57460 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 05:38:12,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:38:12,872] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-07 05:38:17,960] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:38:17,960] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:38:17,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:38:17,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 05:38:20,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384300.1832802, 'message': 'Dec  7 05:38:18 hqnl0246134 sshd[292585]: Invalid user bocloud from 172.247.104.122 port 57968', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:38:20,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384300.1835656, 'message': 'Dec  7 05:38:18 hqnl0246134 sshd[292585]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.247.104.122 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 05:38:20,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384300.1837237, 'message': 'Dec  7 05:38:18 hqnl0246134 sshd[292585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.104.122 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 05:38:20,536] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:38:20,537] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:38:20,545] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:38:20,557] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 05:38:22,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384302.1856139, 'message': 'Dec  7 05:38:21 hqnl0246134 sshd[292585]: Failed password for invalid user bocloud from 172.247.104.122 port 57968 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:38:22,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384302.185843, 'message': 'Dec  7 05:38:21 hqnl0246134 sshd[292585]: Disconnected from invalid user bocloud 172.247.104.122 port 57968 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:38:26,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384306.190067, 'message': 'Dec  7 05:38:24 hqnl0246134 sshd[292592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:38:26,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384306.1903472, 'message': 'Dec  7 05:38:24 hqnl0246134 sshd[292592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:38:28,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384308.1928759, 'message': 'Dec  7 05:38:26 hqnl0246134 sshd[292592]: Failed password for root from 61.177.173.18 port 51597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 05:38:28,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384308.1931298, 'message': 'Dec  7 05:38:27 hqnl0246134 sshd[292592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:38:30,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384310.194793, 'message': 'Dec  7 05:38:29 hqnl0246134 sshd[292592]: Failed password for root from 61.177.173.18 port 51597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 05:38:32,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384312.1959944, 'message': 'Dec  7 05:38:31 hqnl0246134 sshd[292592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:38:34,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384314.1977005, 'message': 'Dec  7 05:38:33 hqnl0246134 sshd[292592]: Failed password for root from 61.177.173.18 port 51597 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:38:36,077] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:38:36,077] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:38:36,085] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:38:36,096] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 05:38:44,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670384324.205339, 'message': 'Dec  7 05:38:43 hqnl0246134 sshd[292610]: Invalid user user15 from 186.156.51.218 port 59405', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 05:38:44,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '186.156.51.218', 'timestamp': 1670384324.2058496, 'message': 'Dec  7 05:38:43 hqnl0246134 sshd[292610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 186.156.51.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:38:44,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '186.156.51.218', 'timestamp': 1670384324.2060466, 'message': 'Dec  7 05:38:43 hqnl0246134 sshd[292610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.156.51.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:38:46,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670384326.2056339, 'message': 'Dec  7 05:38:45 hqnl0246134 sshd[292610]: Failed password for invalid user user15 from 186.156.51.218 port 59405 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:38:50,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384330.2102683, 'message': 'Dec  7 05:38:49 hqnl0246134 sshd[292613]: Invalid user ubuntu from 43.131.33.71 port 39692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:38:50,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '186.156.51.218', 'timestamp': 1670384330.211007, 'message': 'Dec  7 05:38:49 hqnl0246134 sshd[292610]: Disconnected from invalid user user15 186.156.51.218 port 59405 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:38:50,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384330.2105782, 'message': 'Dec  7 05:38:49 hqnl0246134 sshd[292613]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.33.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:38:50,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384330.2107873, 'message': 'Dec  7 05:38:49 hqnl0246134 sshd[292613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.33.71 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 05:38:51,560] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:38:51,561] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:38:52,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384332.2130198, 'message': 'Dec  7 05:38:51 hqnl0246134 sshd[292613]: Failed password for invalid user ubuntu from 43.131.33.71 port 39692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:38:54,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384334.2136507, 'message': 'Dec  7 05:38:53 hqnl0246134 sshd[292613]: Disconnected from invalid user ubuntu 43.131.33.71 port 39692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 05:39:12,850] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:39:12,874] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-07 05:39:14,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384354.242127, 'message': 'Dec  7 05:39:12 hqnl0246134 sshd[292756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:39:14,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384354.2423558, 'message': 'Dec  7 05:39:12 hqnl0246134 sshd[292756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 05:39:16,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384356.2426758, 'message': 'Dec  7 05:39:14 hqnl0246134 sshd[292756]: Failed password for root from 61.177.173.18 port 11957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:39:18,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384358.2461782, 'message': 'Dec  7 05:39:16 hqnl0246134 sshd[292756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:39:19,791] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:39:19,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:39:19,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:39:19,810] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 05:39:20,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384360.2490747, 'message': 'Dec  7 05:39:18 hqnl0246134 sshd[292756]: Failed password for root from 61.177.173.18 port 11957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:39:20,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384360.2492695, 'message': 'Dec  7 05:39:18 hqnl0246134 sshd[292756]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:39:22,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384362.2507918, 'message': 'Dec  7 05:39:20 hqnl0246134 sshd[292756]: Failed password for root from 61.177.173.18 port 11957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 05:39:22,299] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384362.2510812, 'message': 'Dec  7 05:39:20 hqnl0246134 sshd[292768]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.199.93.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:39:22,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.221.173.142', 'timestamp': 1670384362.2514741, 'message': 'Dec  7 05:39:20 hqnl0246134 sshd[292753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.221.173.142 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 05:39:22,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384362.2512648, 'message': 'Dec  7 05:39:20 hqnl0246134 sshd[292768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.93.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:39:22,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.221.173.142', 'timestamp': 1670384362.2516646, 'message': 'Dec  7 05:39:20 hqnl0246134 sshd[292753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.221.173.142  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:39:22,487] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:39:22,488] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:39:22,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:39:22,510] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 05:39:24,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384364.2533197, 'message': 'Dec  7 05:39:22 hqnl0246134 sshd[292768]: Failed password for root from 198.199.93.112 port 49094 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 05:39:24,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.221.173.142', 'timestamp': 1670384364.2535348, 'message': 'Dec  7 05:39:22 hqnl0246134 sshd[292753]: Failed password for root from 50.221.173.142 port 42488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-07 05:39:24,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384364.253747, 'message': 'Dec  7 05:39:23 hqnl0246134 sshd[292780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.137.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 05:39:24,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384364.2539108, 'message': 'Dec  7 05:39:23 hqnl0246134 sshd[292780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.137.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:39:26,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384366.2542114, 'message': 'Dec  7 05:39:26 hqnl0246134 sshd[292780]: Failed password for root from 157.245.137.143 port 33998 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:39:28,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.235.137.135', 'timestamp': 1670384368.2564795, 'message': 'Dec  7 05:39:26 hqnl0246134 sshd[292751]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.235.137.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:39:28,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.235.137.135', 'timestamp': 1670384368.2567446, 'message': 'Dec  7 05:39:26 hqnl0246134 sshd[292751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:39:30,279] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.235.137.135', 'timestamp': 1670384370.259247, 'message': 'Dec  7 05:39:29 hqnl0246134 sshd[292751]: Failed password for root from 188.235.137.135 port 34267 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:39:46,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384386.2826166, 'message': 'Dec  7 05:39:45 hqnl0246134 sshd[292792]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.68.15.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 05:39:46,327] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384386.2831302, 'message': 'Dec  7 05:39:45 hqnl0246134 sshd[292792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.15.249  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:39:48,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384388.284457, 'message': 'Dec  7 05:39:47 hqnl0246134 sshd[292792]: Failed password for root from 80.68.15.249 port 55728 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:39:50,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384390.2860234, 'message': 'Dec  7 05:39:49 hqnl0246134 sshd[292794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.23.63.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 05:39:50,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384390.2862291, 'message': 'Dec  7 05:39:49 hqnl0246134 sshd[292794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.63.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
WARNING [2022-12-07 05:39:51,563] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:39:51,563] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:39:51,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:39:51,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:39:51,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:39:51,888] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 05:39:52,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384392.289053, 'message': 'Dec  7 05:39:51 hqnl0246134 sshd[292794]: Failed password for root from 182.23.63.23 port 50210 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:39:58,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384398.2988806, 'message': 'Dec  7 05:39:56 hqnl0246134 sshd[292802]: Invalid user josh from 181.48.99.155 port 38924', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:39:58,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384398.2997246, 'message': 'Dec  7 05:39:57 hqnl0246134 sshd[292804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 05:39:58,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384398.2993076, 'message': 'Dec  7 05:39:57 hqnl0246134 sshd[292802]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.48.99.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 05:39:58,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384398.2999065, 'message': 'Dec  7 05:39:57 hqnl0246134 sshd[292804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 05:39:58,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384398.2995214, 'message': 'Dec  7 05:39:57 hqnl0246134 sshd[292802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.48.99.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 05:40:00,330] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384400.30092, 'message': 'Dec  7 05:39:58 hqnl0246134 sshd[292802]: Failed password for invalid user josh from 181.48.99.155 port 38924 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:40:00,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384400.301102, 'message': 'Dec  7 05:39:59 hqnl0246134 sshd[292804]: Failed password for root from 61.177.173.18 port 22044 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:40:00,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384400.3012106, 'message': 'Dec  7 05:39:59 hqnl0246134 sshd[292802]: Disconnected from invalid user josh 181.48.99.155 port 38924 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:40:02,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384402.3074765, 'message': 'Dec  7 05:40:02 hqnl0246134 sshd[292804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 05:40:06,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.18', 'timestamp': 1670384406.306049, 'message': 'Dec  7 05:40:04 hqnl0246134 sshd[292804]: Failed password for root from 61.177.173.18 port 22044 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:40:12,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384412.3126106, 'message': 'Dec  7 05:40:10 hqnl0246134 sshd[292835]: Invalid user ashish from 190.12.102.58 port 44487', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:40:12,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384412.3133543, 'message': 'Dec  7 05:40:10 hqnl0246134 sshd[292835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.12.102.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:40:12,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384412.3135161, 'message': 'Dec  7 05:40:10 hqnl0246134 sshd[292835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.12.102.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 05:40:12,852] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:40:12,880] defence360agent.internals.the_sink: SensorIncidentList(<27 item(s)>) processed in 0.0363 seconds
INFO    [2022-12-07 05:40:14,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384414.3141592, 'message': 'Dec  7 05:40:12 hqnl0246134 sshd[292835]: Failed password for invalid user ashish from 190.12.102.58 port 44487 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:40:14,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384414.3143337, 'message': 'Dec  7 05:40:13 hqnl0246134 sshd[292835]: Disconnected from invalid user ashish 190.12.102.58 port 44487 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:40:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:40:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:40:17,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:40:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 05:40:18,337] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384418.318261, 'message': 'Dec  7 05:40:17 hqnl0246134 sshd[292853]: Invalid user dev from 172.245.187.6 port 46148', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:40:18,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384418.3184416, 'message': 'Dec  7 05:40:17 hqnl0246134 sshd[292853]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.245.187.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:40:18,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384418.3186083, 'message': 'Dec  7 05:40:17 hqnl0246134 sshd[292853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.187.6 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 05:40:20,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384420.3233917, 'message': 'Dec  7 05:40:19 hqnl0246134 sshd[292853]: Failed password for invalid user dev from 172.245.187.6 port 46148 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 05:40:20,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:40:20,605] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:40:20,611] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:40:20,625] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 05:40:22,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384422.3285882, 'message': 'Dec  7 05:40:20 hqnl0246134 sshd[292853]: Disconnected from invalid user dev 172.245.187.6 port 46148 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:40:32,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384432.3476543, 'message': 'Dec  7 05:40:30 hqnl0246134 sshd[292868]: Invalid user jack from 159.223.125.135 port 45430', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:40:32,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384432.3478515, 'message': 'Dec  7 05:40:30 hqnl0246134 sshd[292868]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.125.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:40:32,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384432.347979, 'message': 'Dec  7 05:40:30 hqnl0246134 sshd[292868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.125.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:40:32,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384432.3480964, 'message': 'Dec  7 05:40:32 hqnl0246134 sshd[292868]: Failed password for invalid user jack from 159.223.125.135 port 45430 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:40:34,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384434.3525624, 'message': 'Dec  7 05:40:32 hqnl0246134 sshd[292868]: Disconnected from invalid user jack 159.223.125.135 port 45430 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 05:40:51,567] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:40:51,569] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:41:12,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384472.4083161, 'message': 'Dec  7 05:41:11 hqnl0246134 sshd[292892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 05:41:12,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384472.4091728, 'message': 'Dec  7 05:41:11 hqnl0246134 sshd[292892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
WARNING [2022-12-07 05:41:12,861] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:41:12,899] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0505 seconds
INFO    [2022-12-07 05:41:14,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384474.4109592, 'message': 'Dec  7 05:41:13 hqnl0246134 sshd[292892]: Failed password for root from 61.177.173.37 port 49701 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0458 seconds
INFO    [2022-12-07 05:41:14,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384474.4112375, 'message': 'Dec  7 05:41:13 hqnl0246134 sshd[292902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.42.206.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 05:41:14,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384474.411712, 'message': 'Dec  7 05:41:13 hqnl0246134 sshd[292892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 05:41:14,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384474.4114387, 'message': 'Dec  7 05:41:13 hqnl0246134 sshd[292902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.206.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 05:41:16,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.42.206.17', 'timestamp': 1670384476.4127553, 'message': 'Dec  7 05:41:14 hqnl0246134 sshd[292902]: Failed password for root from 2.42.206.17 port 54530 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:41:16,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384476.4129257, 'message': 'Dec  7 05:41:15 hqnl0246134 sshd[292892]: Failed password for root from 61.177.173.37 port 49701 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:41:16,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384476.4130356, 'message': 'Dec  7 05:41:15 hqnl0246134 sshd[292892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:41:18,100] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:41:18,101] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:41:18,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:41:18,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 05:41:18,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384478.41358, 'message': 'Dec  7 05:41:17 hqnl0246134 sshd[292892]: Failed password for root from 61.177.173.37 port 49701 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:41:19,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:41:19,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:41:19,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:41:19,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 05:41:22,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384482.4246922, 'message': 'Dec  7 05:41:21 hqnl0246134 sshd[292918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:41:22,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384482.4248724, 'message': 'Dec  7 05:41:21 hqnl0246134 sshd[292918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:41:22,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:41:22,814] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:41:22,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:41:22,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 05:41:24,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384484.4283326, 'message': 'Dec  7 05:41:23 hqnl0246134 sshd[292918]: Failed password for root from 61.177.173.37 port 30163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:41:26,492] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384486.4304087, 'message': 'Dec  7 05:41:25 hqnl0246134 sshd[292918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0613 seconds
INFO    [2022-12-07 05:41:26,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384486.430729, 'message': 'Dec  7 05:41:26 hqnl0246134 sshd[292923]: Invalid user almacen from 191.55.86.28 port 40938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0611 seconds
INFO    [2022-12-07 05:41:26,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384486.4309282, 'message': 'Dec  7 05:41:26 hqnl0246134 sshd[292923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.55.86.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:41:26,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384486.4311235, 'message': 'Dec  7 05:41:26 hqnl0246134 sshd[292923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.55.86.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 05:41:28,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384488.4354382, 'message': 'Dec  7 05:41:27 hqnl0246134 sshd[292918]: Failed password for root from 61.177.173.37 port 30163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:41:28,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384488.4358234, 'message': 'Dec  7 05:41:28 hqnl0246134 sshd[292923]: Failed password for invalid user almacen from 191.55.86.28 port 40938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:41:28,488] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384488.435687, 'message': 'Dec  7 05:41:27 hqnl0246134 sshd[292918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:41:30,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384490.4379873, 'message': 'Dec  7 05:41:29 hqnl0246134 sshd[292923]: Disconnected from invalid user almacen 191.55.86.28 port 40938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:41:30,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384490.4382145, 'message': 'Dec  7 05:41:29 hqnl0246134 sshd[292918]: Failed password for root from 61.177.173.37 port 30163 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 05:41:32,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384492.4433599, 'message': 'Dec  7 05:41:31 hqnl0246134 sshd[292927]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 05:41:32,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384492.443644, 'message': 'Dec  7 05:41:31 hqnl0246134 sshd[292927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 05:41:34,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384494.4436579, 'message': 'Dec  7 05:41:33 hqnl0246134 sshd[292927]: Failed password for root from 61.177.173.37 port 58488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:41:34,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384494.443843, 'message': 'Dec  7 05:41:33 hqnl0246134 sshd[292927]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:41:36,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384496.445774, 'message': 'Dec  7 05:41:36 hqnl0246134 sshd[292927]: Failed password for root from 61.177.173.37 port 58488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 05:41:38,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384498.450823, 'message': 'Dec  7 05:41:38 hqnl0246134 sshd[292927]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 05:41:40,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384500.4548194, 'message': 'Dec  7 05:41:40 hqnl0246134 sshd[292927]: Failed password for root from 61.177.173.37 port 58488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:41:42,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384502.458289, 'message': 'Dec  7 05:41:42 hqnl0246134 sshd[292932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 05:41:42,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384502.4587154, 'message': 'Dec  7 05:41:42 hqnl0246134 sshd[292932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:41:44,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384504.4607954, 'message': 'Dec  7 05:41:43 hqnl0246134 sshd[292932]: Failed password for root from 61.177.173.37 port 32006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:41:44,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384504.461045, 'message': 'Dec  7 05:41:44 hqnl0246134 sshd[292932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:41:46,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384506.461813, 'message': 'Dec  7 05:41:44 hqnl0246134 sshd[292942]: Invalid user josh from 132.148.77.160 port 55176', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:41:46,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384506.4623117, 'message': 'Dec  7 05:41:46 hqnl0246134 sshd[292932]: Failed password for root from 61.177.173.37 port 32006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:41:46,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384506.4620483, 'message': 'Dec  7 05:41:44 hqnl0246134 sshd[292942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 132.148.77.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:41:46,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384506.4621618, 'message': 'Dec  7 05:41:44 hqnl0246134 sshd[292942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.77.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:41:48,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384508.4626584, 'message': 'Dec  7 05:41:46 hqnl0246134 sshd[292932]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:41:48,496] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384508.4630215, 'message': 'Dec  7 05:41:46 hqnl0246134 sshd[292942]: Failed password for invalid user josh from 132.148.77.160 port 55176 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:41:48,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384508.4633503, 'message': 'Dec  7 05:41:48 hqnl0246134 sshd[292932]: Failed password for root from 61.177.173.37 port 32006 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 05:41:48,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384508.4631782, 'message': 'Dec  7 05:41:47 hqnl0246134 sshd[292942]: Disconnected from invalid user josh 132.148.77.160 port 55176 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:41:50,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384510.4655874, 'message': 'Dec  7 05:41:50 hqnl0246134 sshd[292945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:41:50,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384510.4658947, 'message': 'Dec  7 05:41:50 hqnl0246134 sshd[292945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 05:41:51,571] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:41:51,572] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:41:52,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384512.467735, 'message': 'Dec  7 05:41:52 hqnl0246134 sshd[292945]: Failed password for root from 61.177.173.37 port 45957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:41:52,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384512.467913, 'message': 'Dec  7 05:41:52 hqnl0246134 sshd[292945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 05:41:54,208] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:41:54,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 11323, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384514.471223, 'message': 'Dec  7 05:41:54 hqnl0246134 sshd[292945]: Failed password for root from 61.177.173.37 port 45957 ssh2', 'severity': 5, 'name': 'Active Response. SSHD brute force attack (Port is protected)', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:41:56,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384516.4741952, 'message': 'Dec  7 05:41:54 hqnl0246134 sshd[292945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:41:56,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.37', 'timestamp': 1670384516.4744668, 'message': 'Dec  7 05:41:56 hqnl0246134 sshd[292945]: Failed password for root from 61.177.173.37 port 45957 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:41:58,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384518.4765716, 'message': 'Dec  7 05:41:58 hqnl0246134 sshd[292971]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.159.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:41:58,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384518.476871, 'message': 'Dec  7 05:41:58 hqnl0246134 sshd[292971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.159.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:42:00,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384520.4807012, 'message': 'Dec  7 05:41:58 hqnl0246134 sshd[292970]: Invalid user ubuntu from 123.140.114.196 port 49868', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 05:42:00,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384520.4816566, 'message': 'Dec  7 05:41:59 hqnl0246134 sshd[292976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.137.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 05:42:00,560] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384520.4811292, 'message': 'Dec  7 05:41:58 hqnl0246134 sshd[292970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.140.114.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 05:42:00,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384520.4820924, 'message': 'Dec  7 05:41:59 hqnl0246134 sshd[292974]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.199.93.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 05:42:00,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384520.481862, 'message': 'Dec  7 05:41:59 hqnl0246134 sshd[292976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.137.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 05:42:00,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384520.4813688, 'message': 'Dec  7 05:41:58 hqnl0246134 sshd[292970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0621 seconds
INFO    [2022-12-07 05:42:00,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384520.4823415, 'message': 'Dec  7 05:41:59 hqnl0246134 sshd[292974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.93.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0630 seconds
INFO    [2022-12-07 05:42:00,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384520.4827971, 'message': 'Dec  7 05:42:00 hqnl0246134 sshd[292971]: Failed password for root from 152.32.159.52 port 48550 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-07 05:42:00,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384520.4825885, 'message': 'Dec  7 05:42:00 hqnl0246134 sshd[292970]: Failed password for invalid user ubuntu from 123.140.114.196 port 49868 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:42:02,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384522.4823022, 'message': 'Dec  7 05:42:00 hqnl0246134 sshd[292976]: Failed password for root from 157.245.137.143 port 39858 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0631 seconds
INFO    [2022-12-07 05:42:02,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384522.4825976, 'message': 'Dec  7 05:42:01 hqnl0246134 sshd[292974]: Failed password for root from 198.199.93.112 port 37678 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0634 seconds
INFO    [2022-12-07 05:42:02,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384522.4827242, 'message': 'Dec  7 05:42:01 hqnl0246134 sshd[292970]: Disconnected from invalid user ubuntu 123.140.114.196 port 49868 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0633 seconds
INFO    [2022-12-07 05:42:06,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384526.4865978, 'message': 'Dec  7 05:42:05 hqnl0246134 sshd[292979]: Invalid user student7 from 41.32.132.77 port 34812', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 05:42:06,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384526.4870117, 'message': 'Dec  7 05:42:05 hqnl0246134 sshd[292979]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.32.132.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:42:06,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384526.4872103, 'message': 'Dec  7 05:42:05 hqnl0246134 sshd[292979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.32.132.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:42:08,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384528.4890335, 'message': 'Dec  7 05:42:06 hqnl0246134 sshd[292979]: Failed password for invalid user student7 from 41.32.132.77 port 34812 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:42:08,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384528.4892402, 'message': 'Dec  7 05:42:07 hqnl0246134 sshd[292979]: Disconnected from invalid user student7 41.32.132.77 port 34812 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:42:10,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384530.4931188, 'message': 'Dec  7 05:42:08 hqnl0246134 sshd[292999]: Invalid user template from 190.12.102.58 port 58464', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:42:10,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384530.4932892, 'message': 'Dec  7 05:42:08 hqnl0246134 sshd[292999]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.12.102.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:42:10,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384530.4934437, 'message': 'Dec  7 05:42:08 hqnl0246134 sshd[292999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.12.102.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:42:12,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384532.4972403, 'message': 'Dec  7 05:42:10 hqnl0246134 sshd[292999]: Failed password for invalid user template from 190.12.102.58 port 58464 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 05:42:12,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384532.4975867, 'message': 'Dec  7 05:42:12 hqnl0246134 sshd[292999]: Disconnected from invalid user template 190.12.102.58 port 58464 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 05:42:12,860] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:42:12,896] defence360agent.internals.the_sink: SensorIncidentList(<31 item(s)>) processed in 0.0438 seconds
INFO    [2022-12-07 05:42:17,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:42:17,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:42:17,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:42:17,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 05:42:22,482] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:42:22,483] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:42:22,495] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:42:22,513] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 05:42:25,081] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:42:25,145] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:42:25,145] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:42:25,145] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:42:25,146] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:42:25,146] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:42:25,155] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:42:25,173] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0262 seconds
WARNING [2022-12-07 05:42:25,180] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:42:25,183] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:42:25,201] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0349 seconds
INFO    [2022-12-07 05:42:25,202] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0326 seconds
INFO    [2022-12-07 05:42:34,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384554.5433834, 'message': 'Dec  7 05:42:33 hqnl0246134 sshd[293028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.110.100.228 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:42:34,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384554.543636, 'message': 'Dec  7 05:42:33 hqnl0246134 sshd[293028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:42:36,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384556.5492597, 'message': 'Dec  7 05:42:35 hqnl0246134 sshd[293028]: Failed password for root from 193.110.100.228 port 11189 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:42:38,091] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:42:38,092] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:42:38,099] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:42:38,110] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 05:42:40,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384560.5580494, 'message': 'Dec  7 05:42:40 hqnl0246134 sshd[293036]: Invalid user admin2 from 137.184.41.247 port 60042', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:42:40,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384560.558275, 'message': 'Dec  7 05:42:40 hqnl0246134 sshd[293036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:42:40,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384560.5584116, 'message': 'Dec  7 05:42:40 hqnl0246134 sshd[293036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:42:42,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384562.5604978, 'message': 'Dec  7 05:42:42 hqnl0246134 sshd[293036]: Failed password for invalid user admin2 from 137.184.41.247 port 60042 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 05:42:44,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384564.5625534, 'message': 'Dec  7 05:42:44 hqnl0246134 sshd[293047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:42:44,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384564.5627928, 'message': 'Dec  7 05:42:44 hqnl0246134 sshd[293047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 05:42:46,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384566.565356, 'message': 'Dec  7 05:42:44 hqnl0246134 sshd[293036]: Disconnected from invalid user admin2 137.184.41.247 port 60042 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:42:46,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384566.565751, 'message': 'Dec  7 05:42:45 hqnl0246134 sshd[293047]: Failed password for root from 61.177.173.51 port 63251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:42:48,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384568.566747, 'message': 'Dec  7 05:42:48 hqnl0246134 sshd[293047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:42:50,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384570.5685735, 'message': 'Dec  7 05:42:49 hqnl0246134 sshd[293047]: Failed password for root from 61.177.173.51 port 63251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0673 seconds
INFO    [2022-12-07 05:42:50,719] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384570.5688758, 'message': 'Dec  7 05:42:50 hqnl0246134 sshd[293047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0823 seconds
WARNING [2022-12-07 05:42:51,576] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:42:51,577] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:42:52,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384572.5696301, 'message': 'Dec  7 05:42:50 hqnl0246134 sshd[293055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.245.187.6 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0924 seconds
INFO    [2022-12-07 05:42:52,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384572.5700555, 'message': 'Dec  7 05:42:52 hqnl0246134 sshd[293047]: Failed password for root from 61.177.173.51 port 63251 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0926 seconds
INFO    [2022-12-07 05:42:52,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384572.5699303, 'message': 'Dec  7 05:42:50 hqnl0246134 sshd[293055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.187.6  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0469 seconds
INFO    [2022-12-07 05:42:54,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.245.187.6', 'timestamp': 1670384574.5738308, 'message': 'Dec  7 05:42:52 hqnl0246134 sshd[293055]: Failed password for root from 172.245.187.6 port 46340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 05:42:54,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384574.574245, 'message': 'Dec  7 05:42:54 hqnl0246134 sshd[293059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 05:42:54,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384574.5744433, 'message': 'Dec  7 05:42:54 hqnl0246134 sshd[293059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.51  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 05:42:56,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384576.5750768, 'message': 'Dec  7 05:42:56 hqnl0246134 sshd[293059]: Failed password for root from 61.177.173.51 port 48749 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:43:00,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384580.5817437, 'message': 'Dec  7 05:42:58 hqnl0246134 sshd[293059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 05:43:00,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384580.5820427, 'message': 'Dec  7 05:42:58 hqnl0246134 sshd[293061]: Invalid user mysqler from 167.114.152.155 port 48574', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:43:00,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384580.582171, 'message': 'Dec  7 05:42:58 hqnl0246134 sshd[293061]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.152.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:43:00,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384580.5823143, 'message': 'Dec  7 05:42:58 hqnl0246134 sshd[293061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.152.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:43:02,381] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:43:02,381] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:43:02,382] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 05:43:02,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384582.5820346, 'message': 'Dec  7 05:43:00 hqnl0246134 sshd[293059]: Failed password for root from 61.177.173.51 port 48749 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 05:43:02,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384582.5822663, 'message': 'Dec  7 05:43:01 hqnl0246134 sshd[293061]: Failed password for invalid user mysqler from 167.114.152.155 port 48574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 05:43:04,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384584.6575708, 'message': 'Dec  7 05:43:02 hqnl0246134 sshd[293059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.51 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 05:43:04,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384584.6577601, 'message': 'Dec  7 05:43:03 hqnl0246134 sshd[293061]: Disconnected from invalid user mysqler 167.114.152.155 port 48574 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 05:43:06,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.51', 'timestamp': 1670384586.5869992, 'message': 'Dec  7 05:43:05 hqnl0246134 sshd[293059]: Failed password for root from 61.177.173.51 port 48749 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-07 05:43:12,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:43:12,905] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0468 seconds
INFO    [2022-12-07 05:43:16,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384596.6026356, 'message': 'Dec  7 05:43:15 hqnl0246134 sshd[293078]: Invalid user user from 182.23.63.23 port 36702', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:43:16,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384596.6028388, 'message': 'Dec  7 05:43:15 hqnl0246134 sshd[293078]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.23.63.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:43:16,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384596.6029656, 'message': 'Dec  7 05:43:15 hqnl0246134 sshd[293078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.63.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:43:17,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:43:17,912] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:43:17,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:43:17,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 05:43:18,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384598.6053085, 'message': 'Dec  7 05:43:17 hqnl0246134 sshd[293078]: Failed password for invalid user user from 182.23.63.23 port 36702 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:43:20,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384600.6055825, 'message': 'Dec  7 05:43:19 hqnl0246134 sshd[293078]: Disconnected from invalid user user 182.23.63.23 port 36702 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:43:20,797] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:43:20,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:43:20,804] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:43:20,815] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 05:43:24,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384604.6101294, 'message': 'Dec  7 05:43:22 hqnl0246134 sshd[293093]: Invalid user test2 from 122.3.192.83 port 60070', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:43:24,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384604.610389, 'message': 'Dec  7 05:43:23 hqnl0246134 sshd[293093]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.3.192.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:43:24,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384604.6105022, 'message': 'Dec  7 05:43:23 hqnl0246134 sshd[293093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.3.192.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:43:26,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384606.6123745, 'message': 'Dec  7 05:43:25 hqnl0246134 sshd[293093]: Failed password for invalid user test2 from 122.3.192.83 port 60070 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 05:43:28,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384608.6151936, 'message': 'Dec  7 05:43:27 hqnl0246134 sshd[293093]: Disconnected from invalid user test2 122.3.192.83 port 60070 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:43:50,697] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384630.6434305, 'message': 'Dec  7 05:43:50 hqnl0246134 sshd[293105]: Invalid user tst from 80.68.15.249 port 40212', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 05:43:50,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384630.6447294, 'message': 'Dec  7 05:43:50 hqnl0246134 sshd[293105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.68.15.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:43:50,734] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384630.6450486, 'message': 'Dec  7 05:43:50 hqnl0246134 sshd[293105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.15.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 05:43:51,580] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:43:51,581] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:43:52,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384632.644338, 'message': 'Dec  7 05:43:52 hqnl0246134 sshd[293105]: Failed password for invalid user tst from 80.68.15.249 port 40212 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:43:54,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384634.646303, 'message': 'Dec  7 05:43:54 hqnl0246134 sshd[293105]: Disconnected from invalid user tst 80.68.15.249 port 40212 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-07 05:43:56,651] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:43:56,651] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:43:56,659] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:43:56,671] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:44:00,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384640.6541996, 'message': 'Dec  7 05:44:00 hqnl0246134 sshd[293113]: Invalid user dp from 191.55.86.28 port 58498', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:44:00,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384640.6544778, 'message': 'Dec  7 05:44:00 hqnl0246134 sshd[293113]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.55.86.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:44:00,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384640.6568465, 'message': 'Dec  7 05:44:00 hqnl0246134 sshd[293113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.55.86.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:44:02,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384642.6564577, 'message': 'Dec  7 05:44:02 hqnl0246134 sshd[293113]: Failed password for invalid user dp from 191.55.86.28 port 58498 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:44:04,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384644.6599512, 'message': 'Dec  7 05:44:03 hqnl0246134 sshd[293113]: Disconnected from invalid user dp 191.55.86.28 port 58498 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-07 05:44:12,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:44:12,895] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-07 05:44:16,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384656.6708386, 'message': 'Dec  7 05:44:15 hqnl0246134 sshd[293134]: Invalid user user from 190.12.102.58 port 44208', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:44:16,708] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384656.6710925, 'message': 'Dec  7 05:44:15 hqnl0246134 sshd[293134]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.12.102.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:44:16,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384656.6712537, 'message': 'Dec  7 05:44:15 hqnl0246134 sshd[293134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.12.102.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:44:17,760] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:44:17,761] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:44:17,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:44:17,781] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 05:44:18,700] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384658.6726046, 'message': 'Dec  7 05:44:18 hqnl0246134 sshd[293134]: Failed password for invalid user user from 190.12.102.58 port 44208 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 05:44:18,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384658.6727822, 'message': 'Dec  7 05:44:18 hqnl0246134 sshd[293143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.30.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:44:18,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384658.6728945, 'message': 'Dec  7 05:44:18 hqnl0246134 sshd[293143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:44:20,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:44:20,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:44:20,340] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:44:20,351] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 05:44:20,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.12.102.58', 'timestamp': 1670384660.6770244, 'message': 'Dec  7 05:44:20 hqnl0246134 sshd[293134]: Disconnected from invalid user user 190.12.102.58 port 44208 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 05:44:20,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384660.6771955, 'message': 'Dec  7 05:44:20 hqnl0246134 sshd[293143]: Failed password for root from 43.131.30.179 port 43296 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:44:32,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384672.6932027, 'message': 'Dec  7 05:44:31 hqnl0246134 sshd[293149]: Invalid user kk from 132.148.77.160 port 47462', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 05:44:32,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384672.693605, 'message': 'Dec  7 05:44:31 hqnl0246134 sshd[293149]: pam_imunify(sshd:auth): [IM360_RBL] The IP 132.148.77.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:44:32,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384672.6938193, 'message': 'Dec  7 05:44:31 hqnl0246134 sshd[293149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.77.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:44:34,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384674.6947122, 'message': 'Dec  7 05:44:33 hqnl0246134 sshd[293152]: Invalid user design from 61.82.54.57 port 39902', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:44:34,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384674.6960628, 'message': 'Dec  7 05:44:34 hqnl0246134 sshd[293149]: Failed password for invalid user kk from 132.148.77.160 port 47462 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:44:34,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384674.69579, 'message': 'Dec  7 05:44:33 hqnl0246134 sshd[293152]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.82.54.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:44:34,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384674.6958985, 'message': 'Dec  7 05:44:33 hqnl0246134 sshd[293152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.54.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:44:36,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384676.6970563, 'message': 'Dec  7 05:44:35 hqnl0246134 sshd[293152]: Failed password for invalid user design from 61.82.54.57 port 39902 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 05:44:36,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384676.69749, 'message': 'Dec  7 05:44:36 hqnl0246134 sshd[293149]: Disconnected from invalid user kk 132.148.77.160 port 47462 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 05:44:36,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384676.6973417, 'message': 'Dec  7 05:44:36 hqnl0246134 sshd[293152]: Disconnected from invalid user design 61.82.54.57 port 39902 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:44:40,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384680.701577, 'message': 'Dec  7 05:44:39 hqnl0246134 sshd[293154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.199.93.112 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:44:40,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384680.701895, 'message': 'Dec  7 05:44:39 hqnl0246134 sshd[293154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.93.112  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:44:42,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.199.93.112', 'timestamp': 1670384682.7048357, 'message': 'Dec  7 05:44:41 hqnl0246134 sshd[293154]: Failed password for root from 198.199.93.112 port 54490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 05:44:44,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384684.7058942, 'message': 'Dec  7 05:44:44 hqnl0246134 sshd[293165]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.245.137.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:44:44,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384684.7061796, 'message': 'Dec  7 05:44:44 hqnl0246134 sshd[293165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.137.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:44:46,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.245.137.143', 'timestamp': 1670384686.7104747, 'message': 'Dec  7 05:44:46 hqnl0246134 sshd[293165]: Failed password for root from 157.245.137.143 port 38610 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 05:44:51,584] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:44:51,586] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:44:54,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384694.7182634, 'message': 'Dec  7 05:44:53 hqnl0246134 sshd[293167]: Invalid user professor from 172.247.104.122 port 42574', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 05:44:54,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384694.7186859, 'message': 'Dec  7 05:44:54 hqnl0246134 sshd[293167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.247.104.122 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:44:54,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384694.720848, 'message': 'Dec  7 05:44:54 hqnl0246134 sshd[293167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.104.122 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:44:56,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384696.7205968, 'message': 'Dec  7 05:44:56 hqnl0246134 sshd[293167]: Failed password for invalid user professor from 172.247.104.122 port 42574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:44:58,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384698.7230682, 'message': 'Dec  7 05:44:57 hqnl0246134 sshd[293167]: Disconnected from invalid user professor 172.247.104.122 port 42574 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:45:00,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384700.7261817, 'message': 'Dec  7 05:44:59 hqnl0246134 sshd[293170]: Invalid user sdbadmin from 206.189.31.90 port 41142', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:45:00,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384700.7263937, 'message': 'Dec  7 05:45:00 hqnl0246134 sshd[293170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.31.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 05:45:00,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384700.7265089, 'message': 'Dec  7 05:45:00 hqnl0246134 sshd[293170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.31.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 05:45:02,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384702.728722, 'message': 'Dec  7 05:45:01 hqnl0246134 sshd[293170]: Failed password for invalid user sdbadmin from 206.189.31.90 port 41142 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 05:45:02,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384702.7289972, 'message': 'Dec  7 05:45:02 hqnl0246134 sshd[293170]: Disconnected from invalid user sdbadmin 206.189.31.90 port 41142 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 05:45:06,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384706.7338223, 'message': 'Dec  7 05:45:05 hqnl0246134 sshd[293194]: Invalid user b from 152.32.159.52 port 38014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:45:06,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384706.73403, 'message': 'Dec  7 05:45:05 hqnl0246134 sshd[293194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.159.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:45:06,789] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384706.73423, 'message': 'Dec  7 05:45:05 hqnl0246134 sshd[293194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.159.52 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:45:08,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384708.7364295, 'message': 'Dec  7 05:45:07 hqnl0246134 sshd[293194]: Failed password for invalid user b from 152.32.159.52 port 38014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:45:08,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384708.7367795, 'message': 'Dec  7 05:45:07 hqnl0246134 sshd[293196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:45:08,798] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384708.7366538, 'message': 'Dec  7 05:45:07 hqnl0246134 sshd[293194]: Disconnected from invalid user b 152.32.159.52 port 38014 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:45:08,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384708.7368865, 'message': 'Dec  7 05:45:07 hqnl0246134 sshd[293196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 05:45:10,042] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:45:10,043] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:45:10,051] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:45:10,064] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 05:45:10,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384710.7381382, 'message': 'Dec  7 05:45:09 hqnl0246134 sshd[293196]: Failed password for root from 61.177.172.19 port 58908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:45:12,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384712.7406514, 'message': 'Dec  7 05:45:11 hqnl0246134 sshd[293196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-07 05:45:12,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:45:12,916] defence360agent.internals.the_sink: SensorIncidentList(<30 item(s)>) processed in 0.0503 seconds
INFO    [2022-12-07 05:45:14,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384714.742119, 'message': 'Dec  7 05:45:13 hqnl0246134 sshd[293196]: Failed password for root from 61.177.172.19 port 58908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:45:14,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384714.7424045, 'message': 'Dec  7 05:45:13 hqnl0246134 sshd[293196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 05:45:16,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384716.744218, 'message': 'Dec  7 05:45:15 hqnl0246134 sshd[293196]: Failed password for root from 61.177.172.19 port 58908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:45:18,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384718.7461982, 'message': 'Dec  7 05:45:17 hqnl0246134 sshd[293222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:45:18,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384718.7464385, 'message': 'Dec  7 05:45:17 hqnl0246134 sshd[293222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:45:19,797] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:45:19,797] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:45:19,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:45:19,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
INFO    [2022-12-07 05:45:20,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384720.748263, 'message': 'Dec  7 05:45:19 hqnl0246134 sshd[293222]: Failed password for root from 61.177.172.19 port 29646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:45:22,402] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:45:22,402] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:45:22,410] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:45:22,422] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:45:22,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384722.750328, 'message': 'Dec  7 05:45:21 hqnl0246134 sshd[293222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:45:24,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384724.7508326, 'message': 'Dec  7 05:45:24 hqnl0246134 sshd[293222]: Failed password for root from 61.177.172.19 port 29646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 05:45:26,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.166.211', 'timestamp': 1670384726.7528713, 'message': 'Dec  7 05:45:26 hqnl0246134 sshd[293238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.166.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 05:45:26,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384726.753265, 'message': 'Dec  7 05:45:26 hqnl0246134 sshd[293222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 05:45:26,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.166.211', 'timestamp': 1670384726.7531064, 'message': 'Dec  7 05:45:26 hqnl0246134 sshd[293238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.166.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:45:28,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.166.211', 'timestamp': 1670384728.755389, 'message': 'Dec  7 05:45:27 hqnl0246134 sshd[293238]: Failed password for root from 43.135.166.211 port 50992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0486 seconds
INFO    [2022-12-07 05:45:28,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384728.7556612, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293222]: Failed password for root from 61.177.172.19 port 29646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 05:45:28,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384728.7558699, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293240]: Invalid user discord from 181.48.99.155 port 54404', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 05:45:28,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384728.7559936, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293240]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.48.99.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:45:28,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384728.7561357, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.48.99.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 05:45:30,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384730.7560325, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293242]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.110.100.228 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 05:45:30,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384730.7564514, 'message': 'Dec  7 05:45:28 hqnl0246134 sshd[293242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 05:45:32,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384732.7573054, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293240]: Failed password for invalid user discord from 181.48.99.155 port 54404 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0583 seconds
INFO    [2022-12-07 05:45:32,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384732.7575355, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293242]: Failed password for root from 193.110.100.228 port 14483 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-07 05:45:32,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384732.7576835, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0592 seconds
INFO    [2022-12-07 05:45:32,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384732.75795, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0591 seconds
INFO    [2022-12-07 05:45:32,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384732.7578034, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 05:45:32,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384732.7582307, 'message': 'Dec  7 05:45:32 hqnl0246134 sshd[293240]: Disconnected from invalid user discord 181.48.99.155 port 54404 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 05:45:32,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384732.7581058, 'message': 'Dec  7 05:45:31 hqnl0246134 sshd[293246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 05:45:34,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384734.7592635, 'message': 'Dec  7 05:45:33 hqnl0246134 sshd[293249]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.12.255.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 05:45:34,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384734.7598503, 'message': 'Dec  7 05:45:34 hqnl0246134 sshd[293245]: Failed password for root from 137.184.41.247 port 49642 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 05:45:34,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384734.7604892, 'message': 'Dec  7 05:45:34 hqnl0246134 sshd[293246]: Failed password for root from 61.177.172.19 port 28926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0420 seconds
INFO    [2022-12-07 05:45:34,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384734.759727, 'message': 'Dec  7 05:45:33 hqnl0246134 sshd[293249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.255.244  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:45:36,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384736.7590795, 'message': 'Dec  7 05:45:36 hqnl0246134 sshd[293249]: Failed password for root from 198.12.255.244 port 49658 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 05:45:36,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384736.759424, 'message': 'Dec  7 05:45:36 hqnl0246134 sshd[293246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:45:38,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384738.7602234, 'message': 'Dec  7 05:45:38 hqnl0246134 sshd[293246]: Failed password for root from 61.177.172.19 port 28926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 05:45:38,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384738.7604825, 'message': 'Dec  7 05:45:38 hqnl0246134 sshd[293246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:45:42,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384742.765928, 'message': 'Dec  7 05:45:40 hqnl0246134 sshd[293246]: Failed password for root from 61.177.172.19 port 28926 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 05:45:44,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384744.7702937, 'message': 'Dec  7 05:45:44 hqnl0246134 sshd[293260]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 05:45:44,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384744.7705913, 'message': 'Dec  7 05:45:44 hqnl0246134 sshd[293260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.19  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:45:46,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384746.7750986, 'message': 'Dec  7 05:45:45 hqnl0246134 sshd[293262]: Invalid user admin from 123.140.114.196 port 42176', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 05:45:46,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384746.775616, 'message': 'Dec  7 05:45:46 hqnl0246134 sshd[293260]: Failed password for root from 61.177.172.19 port 14242 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 05:45:46,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384746.7753477, 'message': 'Dec  7 05:45:45 hqnl0246134 sshd[293262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.140.114.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:45:46,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384746.77549, 'message': 'Dec  7 05:45:45 hqnl0246134 sshd[293262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:45:48,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384748.7771862, 'message': 'Dec  7 05:45:47 hqnl0246134 sshd[293262]: Failed password for invalid user admin from 123.140.114.196 port 42176 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:45:48,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384748.7774494, 'message': 'Dec  7 05:45:48 hqnl0246134 sshd[293260]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:45:50,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384750.778058, 'message': 'Dec  7 05:45:49 hqnl0246134 sshd[293262]: Disconnected from invalid user admin 123.140.114.196 port 42176 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 05:45:50,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384750.7783153, 'message': 'Dec  7 05:45:49 hqnl0246134 sshd[293265]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.152.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 05:45:50,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384750.7785516, 'message': 'Dec  7 05:45:50 hqnl0246134 sshd[293260]: Failed password for root from 61.177.172.19 port 14242 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 05:45:50,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384750.7784314, 'message': 'Dec  7 05:45:49 hqnl0246134 sshd[293265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.152.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 05:45:51,590] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:45:51,591] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:45:52,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384752.7810726, 'message': 'Dec  7 05:45:51 hqnl0246134 sshd[293260]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.19 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:45:52,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384752.781295, 'message': 'Dec  7 05:45:51 hqnl0246134 sshd[293265]: Failed password for root from 167.114.152.155 port 35314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 05:45:54,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.19', 'timestamp': 1670384754.783349, 'message': 'Dec  7 05:45:53 hqnl0246134 sshd[293260]: Failed password for root from 61.177.172.19 port 14242 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:45:58,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384758.7893913, 'message': 'Dec  7 05:45:57 hqnl0246134 sshd[293269]: Invalid user backuppc from 200.42.176.235 port 46966', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:45:58,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384758.7896707, 'message': 'Dec  7 05:45:57 hqnl0246134 sshd[293269]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.42.176.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:45:58,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384758.7898357, 'message': 'Dec  7 05:45:57 hqnl0246134 sshd[293269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.42.176.235 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:46:00,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384760.7892692, 'message': 'Dec  7 05:45:59 hqnl0246134 sshd[293269]: Failed password for invalid user backuppc from 200.42.176.235 port 46966 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:46:02,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384762.7927458, 'message': 'Dec  7 05:46:01 hqnl0246134 sshd[293269]: Disconnected from invalid user backuppc 200.42.176.235 port 46966 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 05:46:12,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:46:12,922] defence360agent.internals.the_sink: SensorIncidentList(<27 item(s)>) processed in 0.0516 seconds
INFO    [2022-12-07 05:46:18,276] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:46:18,277] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:46:18,283] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:46:18,296] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:46:20,949] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:46:20,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:46:20,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:46:20,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 05:46:22,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384782.8107445, 'message': 'Dec  7 05:46:21 hqnl0246134 sshd[293302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.173.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:46:22,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384782.8110833, 'message': 'Dec  7 05:46:21 hqnl0246134 sshd[293302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.173.174  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:46:24,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384784.8143754, 'message': 'Dec  7 05:46:23 hqnl0246134 sshd[293302]: Failed password for root from 20.232.173.174 port 35022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:46:27,788] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:46:27,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:46:27,796] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:46:27,807] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 05:46:32,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384792.8204963, 'message': 'Dec  7 05:46:31 hqnl0246134 sshd[293312]: Invalid user chris from 80.68.15.249 port 52858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:46:32,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384792.8211164, 'message': 'Dec  7 05:46:31 hqnl0246134 sshd[293312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 80.68.15.249 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:46:32,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384792.8212411, 'message': 'Dec  7 05:46:31 hqnl0246134 sshd[293312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.15.249 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:46:34,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384794.8220272, 'message': 'Dec  7 05:46:32 hqnl0246134 sshd[293312]: Failed password for invalid user chris from 80.68.15.249 port 52858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 05:46:34,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '80.68.15.249', 'timestamp': 1670384794.8221974, 'message': 'Dec  7 05:46:33 hqnl0246134 sshd[293312]: Disconnected from invalid user chris 80.68.15.249 port 52858 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:46:38,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384798.8269968, 'message': 'Dec  7 05:46:38 hqnl0246134 sshd[293314]: Invalid user yolanda from 191.55.86.28 port 47827', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 05:46:38,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384798.8274183, 'message': 'Dec  7 05:46:38 hqnl0246134 sshd[293314]: pam_imunify(sshd:auth): [IM360_RBL] The IP 191.55.86.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:46:38,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384798.8275347, 'message': 'Dec  7 05:46:38 hqnl0246134 sshd[293314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.55.86.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:46:40,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384800.8290992, 'message': 'Dec  7 05:46:40 hqnl0246134 sshd[293314]: Failed password for invalid user yolanda from 191.55.86.28 port 47827 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:46:40,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384800.829326, 'message': 'Dec  7 05:46:40 hqnl0246134 sshd[293316]: Invalid user ark from 122.3.192.83 port 23488', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:46:40,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384800.8294823, 'message': 'Dec  7 05:46:40 hqnl0246134 sshd[293316]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.3.192.83 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:46:40,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384800.8295994, 'message': 'Dec  7 05:46:40 hqnl0246134 sshd[293316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.3.192.83 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:46:42,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '191.55.86.28', 'timestamp': 1670384802.830403, 'message': 'Dec  7 05:46:41 hqnl0246134 sshd[293314]: Disconnected from invalid user yolanda 191.55.86.28 port 47827 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 05:46:44,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384804.8328412, 'message': 'Dec  7 05:46:43 hqnl0246134 sshd[293326]: Invalid user wzh from 159.223.125.135 port 33824', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 05:46:44,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384804.8333626, 'message': 'Dec  7 05:46:43 hqnl0246134 sshd[293316]: Failed password for invalid user ark from 122.3.192.83 port 23488 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 05:46:44,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384804.8330765, 'message': 'Dec  7 05:46:43 hqnl0246134 sshd[293326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.125.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:46:44,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.3.192.83', 'timestamp': 1670384804.8334825, 'message': 'Dec  7 05:46:44 hqnl0246134 sshd[293316]: Disconnected from invalid user ark 122.3.192.83 port 23488 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 05:46:44,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384804.8332446, 'message': 'Dec  7 05:46:43 hqnl0246134 sshd[293326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.125.135 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:46:46,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384806.8346093, 'message': 'Dec  7 05:46:44 hqnl0246134 sshd[293326]: Failed password for invalid user wzh from 159.223.125.135 port 33824 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:46:46,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384806.8348901, 'message': 'Dec  7 05:46:46 hqnl0246134 sshd[293326]: Disconnected from invalid user wzh 159.223.125.135 port 33824 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 05:46:50,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384810.8381634, 'message': 'Dec  7 05:46:50 hqnl0246134 sshd[293332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.30.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 05:46:50,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384810.8385267, 'message': 'Dec  7 05:46:50 hqnl0246134 sshd[293332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
WARNING [2022-12-07 05:46:51,599] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:46:51,600] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:46:54,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384814.8391874, 'message': 'Dec  7 05:46:52 hqnl0246134 sshd[293332]: Failed password for root from 43.131.30.179 port 58224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 05:46:56,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384816.8423834, 'message': 'Dec  7 05:46:55 hqnl0246134 sshd[293334]: Invalid user dev from 182.23.63.23 port 51428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 05:46:56,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384816.8426738, 'message': 'Dec  7 05:46:55 hqnl0246134 sshd[293334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.23.63.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:46:56,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384816.8428342, 'message': 'Dec  7 05:46:55 hqnl0246134 sshd[293334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.63.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:46:58,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384818.8420763, 'message': 'Dec  7 05:46:57 hqnl0246134 sshd[293334]: Failed password for invalid user dev from 182.23.63.23 port 51428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 05:46:58,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.23.63.23', 'timestamp': 1670384818.8423545, 'message': 'Dec  7 05:46:58 hqnl0246134 sshd[293334]: Disconnected from invalid user dev 182.23.63.23 port 51428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 05:47:08,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384828.8543243, 'message': 'Dec  7 05:47:08 hqnl0246134 sshd[293346]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.32.132.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 05:47:08,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384828.8546906, 'message': 'Dec  7 05:47:08 hqnl0246134 sshd[293346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.32.132.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:47:10,875] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.32.132.77', 'timestamp': 1670384830.8563495, 'message': 'Dec  7 05:47:09 hqnl0246134 sshd[293346]: Failed password for root from 41.32.132.77 port 50164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 05:47:12,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:47:12,916] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0418 seconds
INFO    [2022-12-07 05:47:14,883] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384834.860622, 'message': 'Dec  7 05:47:13 hqnl0246134 sshd[293367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.33.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 05:47:14,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384834.860869, 'message': 'Dec  7 05:47:13 hqnl0246134 sshd[293367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.33.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 05:47:16,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384836.8618586, 'message': 'Dec  7 05:47:15 hqnl0246134 sshd[293367]: Failed password for root from 43.131.33.71 port 49636 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 05:47:20,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:47:20,084] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:47:20,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:47:20,104] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 05:47:20,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384840.8665314, 'message': 'Dec  7 05:47:19 hqnl0246134 sshd[293376]: Invalid user discord from 132.148.77.160 port 39910', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:47:20,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384840.8667183, 'message': 'Dec  7 05:47:19 hqnl0246134 sshd[293376]: pam_imunify(sshd:auth): [IM360_RBL] The IP 132.148.77.160 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:47:20,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384840.8668404, 'message': 'Dec  7 05:47:19 hqnl0246134 sshd[293376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.77.160 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:47:22,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:47:22,893] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:47:22,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:47:22,935] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0406 seconds
INFO    [2022-12-07 05:47:22,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384842.8958666, 'message': 'Dec  7 05:47:21 hqnl0246134 sshd[293376]: Failed password for invalid user discord from 132.148.77.160 port 39910 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 05:47:24,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '132.148.77.160', 'timestamp': 1670384844.8699176, 'message': 'Dec  7 05:47:23 hqnl0246134 sshd[293376]: Disconnected from invalid user discord 132.148.77.160 port 39910 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:47:34,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384854.886232, 'message': 'Dec  7 05:47:34 hqnl0246134 sshd[293389]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.82.54.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 05:47:34,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384854.8875885, 'message': 'Dec  7 05:47:34 hqnl0246134 sshd[293389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.54.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:47:36,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.82.54.57', 'timestamp': 1670384856.886131, 'message': 'Dec  7 05:47:35 hqnl0246134 sshd[293389]: Failed password for root from 61.82.54.57 port 56488 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0537 seconds
INFO    [2022-12-07 05:47:39,557] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:47:39,557] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:47:39,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:47:39,592] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0337 seconds
INFO    [2022-12-07 05:47:44,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384864.895507, 'message': 'Dec  7 05:47:44 hqnl0246134 sshd[293409]: Invalid user aa from 172.247.104.122 port 36641', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 05:47:44,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384864.895904, 'message': 'Dec  7 05:47:44 hqnl0246134 sshd[293409]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.247.104.122 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:47:44,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384864.8960602, 'message': 'Dec  7 05:47:44 hqnl0246134 sshd[293409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.104.122 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:47:46,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384866.898239, 'message': 'Dec  7 05:47:45 hqnl0246134 sshd[293409]: Failed password for invalid user aa from 172.247.104.122 port 36641 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:47:48,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.247.104.122', 'timestamp': 1670384868.901282, 'message': 'Dec  7 05:47:47 hqnl0246134 sshd[293409]: Disconnected from invalid user aa 172.247.104.122 port 36641 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:47:48,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384868.9015331, 'message': 'Dec  7 05:47:48 hqnl0246134 sshd[293411]: Invalid user ankit from 143.198.94.205 port 33310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:47:48,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384868.9017322, 'message': 'Dec  7 05:47:48 hqnl0246134 sshd[293411]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.94.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:47:48,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384868.901871, 'message': 'Dec  7 05:47:48 hqnl0246134 sshd[293411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.94.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 05:47:50,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384870.9043589, 'message': 'Dec  7 05:47:50 hqnl0246134 sshd[293411]: Failed password for invalid user ankit from 143.198.94.205 port 33310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 05:47:51,602] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:47:51,603] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:47:52,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384872.9058044, 'message': 'Dec  7 05:47:51 hqnl0246134 sshd[293411]: Disconnected from invalid user ankit 143.198.94.205 port 33310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:48:05,929] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:48:05,996] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:48:05,997] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:48:05,997] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:48:05,997] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:48:05,997] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:48:06,006] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:48:06,021] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0232 seconds
WARNING [2022-12-07 05:48:06,028] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:48:06,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:48:06,048] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0321 seconds
INFO    [2022-12-07 05:48:06,049] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-07 05:48:08,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384888.9273026, 'message': 'Dec  7 05:48:08 hqnl0246134 sshd[293426]: Invalid user csgoserver from 152.32.159.52 port 54898', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 05:48:08,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384888.9275725, 'message': 'Dec  7 05:48:08 hqnl0246134 sshd[293426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.159.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 05:48:09,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384888.9276874, 'message': 'Dec  7 05:48:08 hqnl0246134 sshd[293426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.159.52 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:48:10,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384890.9300294, 'message': 'Dec  7 05:48:10 hqnl0246134 sshd[293426]: Failed password for invalid user csgoserver from 152.32.159.52 port 54898 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 05:48:12,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:48:12,912] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 05:48:13,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '152.32.159.52', 'timestamp': 1670384892.9330132, 'message': 'Dec  7 05:48:11 hqnl0246134 sshd[293426]: Disconnected from invalid user csgoserver 152.32.159.52 port 54898 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1226 seconds
INFO    [2022-12-07 05:48:13,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384892.9332001, 'message': 'Dec  7 05:48:12 hqnl0246134 sshd[293428]: Invalid user ruby from 137.184.41.247 port 39246', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1231 seconds
INFO    [2022-12-07 05:48:13,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384892.933312, 'message': 'Dec  7 05:48:12 hqnl0246134 sshd[293428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.41.247 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:48:13,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384892.9337351, 'message': 'Dec  7 05:48:12 hqnl0246134 sshd[293428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.41.247 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 05:48:14,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384894.935764, 'message': 'Dec  7 05:48:13 hqnl0246134 sshd[293428]: Failed password for invalid user ruby from 137.184.41.247 port 39246 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:48:16,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.41.247', 'timestamp': 1670384896.9380422, 'message': 'Dec  7 05:48:15 hqnl0246134 sshd[293428]: Disconnected from invalid user ruby 137.184.41.247 port 39246 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:48:18,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:48:18,062] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:48:18,071] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:48:18,083] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 05:48:19,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384898.9408162, 'message': 'Dec  7 05:48:17 hqnl0246134 sshd[293441]: Invalid user nikhil from 193.110.100.228 port 21674', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0641 seconds
INFO    [2022-12-07 05:48:19,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384898.9416409, 'message': 'Dec  7 05:48:18 hqnl0246134 sshd[293446]: Invalid user test1 from 198.12.255.244 port 39668', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0648 seconds
INFO    [2022-12-07 05:48:19,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384898.9411473, 'message': 'Dec  7 05:48:17 hqnl0246134 sshd[293441]: pam_imunify(sshd:auth): [IM360_RBL] The IP 193.110.100.228 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0543 seconds
INFO    [2022-12-07 05:48:19,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384898.9418592, 'message': 'Dec  7 05:48:18 hqnl0246134 sshd[293446]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.12.255.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-07 05:48:19,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384898.9414065, 'message': 'Dec  7 05:48:17 hqnl0246134 sshd[293441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 05:48:19,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384898.9420707, 'message': 'Dec  7 05:48:18 hqnl0246134 sshd[293446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.255.244 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 05:48:20,714] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:48:20,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:48:20,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:48:20,737] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 05:48:20,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384900.9427896, 'message': 'Dec  7 05:48:19 hqnl0246134 sshd[293441]: Failed password for invalid user nikhil from 193.110.100.228 port 21674 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 05:48:20,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384900.9432132, 'message': 'Dec  7 05:48:20 hqnl0246134 sshd[293446]: Failed password for invalid user test1 from 198.12.255.244 port 39668 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 05:48:21,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '193.110.100.228', 'timestamp': 1670384900.9430447, 'message': 'Dec  7 05:48:19 hqnl0246134 sshd[293441]: Disconnected from invalid user nikhil 193.110.100.228 port 21674 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:48:22,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.12.255.244', 'timestamp': 1670384902.944935, 'message': 'Dec  7 05:48:21 hqnl0246134 sshd[293446]: Disconnected from invalid user test1 198.12.255.244 port 39668 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 05:48:22,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384902.9451337, 'message': 'Dec  7 05:48:22 hqnl0246134 sshd[293453]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.48.99.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 05:48:22,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384902.9452455, 'message': 'Dec  7 05:48:22 hqnl0246134 sshd[293453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.48.99.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:48:26,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.48.99.155', 'timestamp': 1670384906.9512916, 'message': 'Dec  7 05:48:24 hqnl0246134 sshd[293453]: Failed password for root from 181.48.99.155 port 42850 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 05:48:26,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384906.9515252, 'message': 'Dec  7 05:48:26 hqnl0246134 sshd[293456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.114.152.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 05:48:27,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384906.9516997, 'message': 'Dec  7 05:48:26 hqnl0246134 sshd[293456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.152.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:48:28,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.114.152.155', 'timestamp': 1670384908.9548879, 'message': 'Dec  7 05:48:28 hqnl0246134 sshd[293456]: Failed password for root from 167.114.152.155 port 51284 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 05:48:36,128] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:48:36,129] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:48:36,130] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 05:48:49,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384928.9746044, 'message': 'Dec  7 05:48:48 hqnl0246134 sshd[293467]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.140.114.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 05:48:49,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384928.975318, 'message': 'Dec  7 05:48:48 hqnl0246134 sshd[293467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:48:50,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.140.114.196', 'timestamp': 1670384930.9777298, 'message': 'Dec  7 05:48:50 hqnl0246134 sshd[293467]: Failed password for root from 123.140.114.196 port 59478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 05:48:51,609] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:48:51,610] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:48:53,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384932.9784184, 'message': 'Dec  7 05:48:52 hqnl0246134 sshd[293474]: Invalid user julia from 52.152.137.218 port 11249', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 05:48:54,224] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:48:54,225] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:48:54,232] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:48:54,244] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:48:55,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384934.9805148, 'message': 'Dec  7 05:48:53 hqnl0246134 sshd[293474]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.152.137.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 05:48:55,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384934.980728, 'message': 'Dec  7 05:48:53 hqnl0246134 sshd[293474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.152.137.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:48:57,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384936.9828815, 'message': 'Dec  7 05:48:55 hqnl0246134 sshd[293474]: Failed password for invalid user julia from 52.152.137.218 port 11249 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 05:48:57,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670384936.9830663, 'message': 'Dec  7 05:48:56 hqnl0246134 sshd[293474]: Disconnected from invalid user julia 52.152.137.218 port 11249 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 05:49:05,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384944.9930978, 'message': 'Dec  7 05:49:03 hqnl0246134 sshd[293486]: Invalid user work from 20.232.173.174 port 45104', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 05:49:05,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384944.9934204, 'message': 'Dec  7 05:49:03 hqnl0246134 sshd[293486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.173.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:49:05,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384944.9936266, 'message': 'Dec  7 05:49:03 hqnl0246134 sshd[293486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.173.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 05:49:07,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384946.9936538, 'message': 'Dec  7 05:49:06 hqnl0246134 sshd[293486]: Failed password for invalid user work from 20.232.173.174 port 45104 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:49:09,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670384949.0009844, 'message': 'Dec  7 05:49:08 hqnl0246134 sshd[293486]: Disconnected from invalid user work 20.232.173.174 port 45104 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
WARNING [2022-12-07 05:49:12,890] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:49:12,934] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0519 seconds
INFO    [2022-12-07 05:49:13,025] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384953.0060096, 'message': 'Dec  7 05:49:12 hqnl0246134 sshd[293489]: Invalid user hadoop from 206.189.31.90 port 46432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:49:13,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384953.0061836, 'message': 'Dec  7 05:49:12 hqnl0246134 sshd[293489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.31.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:49:13,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384953.006294, 'message': 'Dec  7 05:49:12 hqnl0246134 sshd[293489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.31.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 05:49:15,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384955.008954, 'message': 'Dec  7 05:49:13 hqnl0246134 sshd[293489]: Failed password for invalid user hadoop from 206.189.31.90 port 46432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:49:15,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670384955.0093153, 'message': 'Dec  7 05:49:13 hqnl0246134 sshd[293489]: Disconnected from invalid user hadoop 206.189.31.90 port 46432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:49:17,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384957.0099535, 'message': 'Dec  7 05:49:16 hqnl0246134 sshd[293504]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.30.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:49:17,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384957.0101624, 'message': 'Dec  7 05:49:16 hqnl0246134 sshd[293504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 05:49:17,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:49:17,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:49:17,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:49:17,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 05:49:19,049] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.30.179', 'timestamp': 1670384959.013017, 'message': 'Dec  7 05:49:18 hqnl0246134 sshd[293504]: Failed password for root from 43.131.30.179 port 44922 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 05:49:19,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384959.0132627, 'message': 'Dec  7 05:49:18 hqnl0246134 sshd[293511]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.125.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 05:49:19,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384959.0134792, 'message': 'Dec  7 05:49:18 hqnl0246134 sshd[293511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.125.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:49:20,434] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:49:20,434] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:49:20,444] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:49:20,457] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 05:49:21,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.125.135', 'timestamp': 1670384961.014813, 'message': 'Dec  7 05:49:20 hqnl0246134 sshd[293511]: Failed password for root from 159.223.125.135 port 40954 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 05:49:27,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384967.0285156, 'message': 'Dec  7 05:49:26 hqnl0246134 sshd[293517]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.94.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:49:27,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384967.0287454, 'message': 'Dec  7 05:49:26 hqnl0246134 sshd[293517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.94.205  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:49:29,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.94.205', 'timestamp': 1670384969.0351353, 'message': 'Dec  7 05:49:28 hqnl0246134 sshd[293517]: Failed password for root from 143.198.94.205 port 43492 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:49:35,062] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.89.163.71', 'timestamp': 1670384975.0422795, 'message': 'Dec  7 05:49:33 hqnl0246134 sshd[293492]: Invalid user mc from 85.89.163.71 port 58958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:49:35,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '85.89.163.71', 'timestamp': 1670384975.0425844, 'message': 'Dec  7 05:49:34 hqnl0246134 sshd[293492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 85.89.163.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 05:49:35,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '85.89.163.71', 'timestamp': 1670384975.0427518, 'message': 'Dec  7 05:49:34 hqnl0246134 sshd[293492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.89.163.71 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:49:37,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.89.163.71', 'timestamp': 1670384977.0476136, 'message': 'Dec  7 05:49:36 hqnl0246134 sshd[293492]: Failed password for invalid user mc from 85.89.163.71 port 58958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 05:49:39,072] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '85.89.163.71', 'timestamp': 1670384979.045975, 'message': 'Dec  7 05:49:38 hqnl0246134 sshd[293492]: Disconnected from invalid user mc 85.89.163.71 port 58958 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 05:49:45,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384985.05632, 'message': 'Dec  7 05:49:43 hqnl0246134 sshd[293520]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.113.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 05:49:45,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384985.056781, 'message': 'Dec  7 05:49:43 hqnl0246134 sshd[293520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.113.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 05:49:47,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.113.201', 'timestamp': 1670384987.0604663, 'message': 'Dec  7 05:49:45 hqnl0246134 sshd[293520]: Failed password for root from 206.189.113.201 port 37982 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 05:49:47,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384987.060813, 'message': 'Dec  7 05:49:46 hqnl0246134 sshd[293531]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.42.176.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 05:49:47,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384987.06093, 'message': 'Dec  7 05:49:46 hqnl0246134 sshd[293531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.42.176.235  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:49:49,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.42.176.235', 'timestamp': 1670384989.0620117, 'message': 'Dec  7 05:49:48 hqnl0246134 sshd[293531]: Failed password for root from 200.42.176.235 port 33958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:49:51,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384991.0654593, 'message': 'Dec  7 05:49:49 hqnl0246134 sshd[293535]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.33.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:49:51,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384991.0657337, 'message': 'Dec  7 05:49:49 hqnl0246134 sshd[293535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.33.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 05:49:51,617] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:49:51,618] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:49:53,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.33.71', 'timestamp': 1670384993.0684106, 'message': 'Dec  7 05:49:51 hqnl0246134 sshd[293535]: Failed password for root from 43.131.33.71 port 35326 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 05:50:12,901] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:50:12,945] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0592 seconds
INFO    [2022-12-07 05:50:18,228] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:50:18,228] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:50:18,237] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:50:18,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
INFO    [2022-12-07 05:50:21,213] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:50:21,213] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:50:21,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:50:21,244] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
INFO    [2022-12-07 05:50:27,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.247.104.122', 'timestamp': 1670385027.1071787, 'message': 'Dec  7 05:50:26 hqnl0246134 sshd[293593]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.247.104.122 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:50:27,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.247.104.122', 'timestamp': 1670385027.1074276, 'message': 'Dec  7 05:50:26 hqnl0246134 sshd[293593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.104.122  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:50:29,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.82.54.57', 'timestamp': 1670385029.1090121, 'message': 'Dec  7 05:50:27 hqnl0246134 sshd[293596]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.82.54.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:50:29,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.247.104.122', 'timestamp': 1670385029.109393, 'message': 'Dec  7 05:50:27 hqnl0246134 sshd[293593]: Failed password for root from 172.247.104.122 port 58940 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:50:29,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.82.54.57', 'timestamp': 1670385029.109249, 'message': 'Dec  7 05:50:27 hqnl0246134 sshd[293596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.54.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:50:29,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.82.54.57', 'timestamp': 1670385029.1115913, 'message': 'Dec  7 05:50:29 hqnl0246134 sshd[293596]: Failed password for root from 61.82.54.57 port 44848 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:50:31,059] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:50:31,059] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:50:31,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:50:31,079] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 05:50:41,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385041.1180577, 'message': 'Dec  7 05:50:39 hqnl0246134 sshd[293604]: Invalid user evangeline from 43.135.166.211 port 54242', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 05:50:41,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385041.1183605, 'message': 'Dec  7 05:50:39 hqnl0246134 sshd[293604]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.166.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:50:41,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385041.1240726, 'message': 'Dec  7 05:50:39 hqnl0246134 sshd[293604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.166.211 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:50:43,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385043.1207457, 'message': 'Dec  7 05:50:41 hqnl0246134 sshd[293604]: Failed password for invalid user evangeline from 43.135.166.211 port 54242 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:50:43,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385043.120989, 'message': 'Dec  7 05:50:41 hqnl0246134 sshd[293604]: Disconnected from invalid user evangeline 43.135.166.211 port 54242 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 05:50:45,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385045.1262264, 'message': 'Dec  7 05:50:43 hqnl0246134 sshd[293606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 05:50:45,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385045.1267648, 'message': 'Dec  7 05:50:43 hqnl0246134 sshd[293606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:50:47,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385047.1285152, 'message': 'Dec  7 05:50:46 hqnl0246134 sshd[293606]: Failed password for root from 61.177.173.46 port 15913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:50:49,167] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385049.1325788, 'message': 'Dec  7 05:50:47 hqnl0246134 sshd[293606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:50:51,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385051.1338995, 'message': 'Dec  7 05:50:50 hqnl0246134 sshd[293606]: Failed password for root from 61.177.173.46 port 15913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-07 05:50:51,622] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:50:51,623] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:50:53,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385053.1366508, 'message': 'Dec  7 05:50:52 hqnl0246134 sshd[293606]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:50:55,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385055.137874, 'message': 'Dec  7 05:50:54 hqnl0246134 sshd[293606]: Failed password for root from 61.177.173.46 port 15913 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:50:59,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385059.1423066, 'message': 'Dec  7 05:50:58 hqnl0246134 sshd[293616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:50:59,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385059.1425927, 'message': 'Dec  7 05:50:58 hqnl0246134 sshd[293616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:51:01,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385061.1445205, 'message': 'Dec  7 05:51:00 hqnl0246134 sshd[293616]: Failed password for root from 61.177.173.46 port 27323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:51:03,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385063.1458948, 'message': 'Dec  7 05:51:02 hqnl0246134 sshd[293616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:51:05,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '152.32.159.52', 'timestamp': 1670385065.1486921, 'message': 'Dec  7 05:51:03 hqnl0246134 sshd[293626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 152.32.159.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0476 seconds
INFO    [2022-12-07 05:51:05,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385065.1573799, 'message': 'Dec  7 05:51:03 hqnl0246134 sshd[293616]: Failed password for root from 61.177.173.46 port 27323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 05:51:05,228] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '152.32.159.52', 'timestamp': 1670385065.1489122, 'message': 'Dec  7 05:51:03 hqnl0246134 sshd[293626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.159.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 05:51:05,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385065.1576474, 'message': 'Dec  7 05:51:04 hqnl0246134 sshd[293616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 05:51:07,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '152.32.159.52', 'timestamp': 1670385067.1498618, 'message': 'Dec  7 05:51:05 hqnl0246134 sshd[293626]: Failed password for root from 152.32.159.52 port 43544 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 05:51:07,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385067.1507921, 'message': 'Dec  7 05:51:06 hqnl0246134 sshd[293616]: Failed password for root from 61.177.173.46 port 27323 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
WARNING [2022-12-07 05:51:12,905] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:51:12,938] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0413 seconds
INFO    [2022-12-07 05:51:17,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.12.255.244', 'timestamp': 1670385077.1606643, 'message': 'Dec  7 05:51:15 hqnl0246134 sshd[293638]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.12.255.244 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 05:51:17,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.12.255.244', 'timestamp': 1670385077.1610198, 'message': 'Dec  7 05:51:16 hqnl0246134 sshd[293638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.255.244  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:51:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:51:17,815] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:51:17,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:51:17,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 05:51:19,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670385079.1619778, 'message': 'Dec  7 05:51:17 hqnl0246134 sshd[293642]: Invalid user kk from 181.48.99.155 port 59518', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 05:51:19,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.12.255.244', 'timestamp': 1670385079.1660736, 'message': 'Dec  7 05:51:17 hqnl0246134 sshd[293638]: Failed password for root from 198.12.255.244 port 57894 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-07 05:51:19,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.48.99.155', 'timestamp': 1670385079.1657994, 'message': 'Dec  7 05:51:17 hqnl0246134 sshd[293642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.48.99.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 05:51:19,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.48.99.155', 'timestamp': 1670385079.165966, 'message': 'Dec  7 05:51:17 hqnl0246134 sshd[293642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.48.99.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:51:20,455] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:51:20,456] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:51:20,463] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:51:20,474] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 05:51:21,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670385081.1644733, 'message': 'Dec  7 05:51:20 hqnl0246134 sshd[293642]: Failed password for invalid user kk from 181.48.99.155 port 59518 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:51:23,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.48.99.155', 'timestamp': 1670385083.1659763, 'message': 'Dec  7 05:51:22 hqnl0246134 sshd[293642]: Disconnected from invalid user kk 181.48.99.155 port 59518 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:51:35,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670385095.1800735, 'message': 'Dec  7 05:51:34 hqnl0246134 sshd[293657]: Invalid user admin from 143.198.94.205 port 44566', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:51:35,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.94.205', 'timestamp': 1670385095.1807382, 'message': 'Dec  7 05:51:34 hqnl0246134 sshd[293657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.94.205 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:51:35,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.94.205', 'timestamp': 1670385095.1809132, 'message': 'Dec  7 05:51:34 hqnl0246134 sshd[293657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.94.205 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:51:37,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670385097.180345, 'message': 'Dec  7 05:51:36 hqnl0246134 sshd[293657]: Failed password for invalid user admin from 143.198.94.205 port 44566 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 05:51:39,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385099.1823583, 'message': 'Dec  7 05:51:37 hqnl0246134 sshd[293659]: Invalid user git from 52.152.137.218 port 58481', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 05:51:39,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.94.205', 'timestamp': 1670385099.1829042, 'message': 'Dec  7 05:51:38 hqnl0246134 sshd[293657]: Disconnected from invalid user admin 143.198.94.205 port 44566 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 05:51:39,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385099.1826153, 'message': 'Dec  7 05:51:37 hqnl0246134 sshd[293659]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.152.137.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:51:39,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385099.1827848, 'message': 'Dec  7 05:51:37 hqnl0246134 sshd[293659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.152.137.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:51:40,157] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 05:51:40,158] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 05:51:40,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:51:40,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:51:40,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:51:40,652] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
INFO    [2022-12-07 05:51:41,033] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 05:51:41,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385101.1846201, 'message': 'Dec  7 05:51:40 hqnl0246134 sshd[293659]: Failed password for invalid user git from 52.152.137.218 port 58481 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:51:43,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385103.1857595, 'message': 'Dec  7 05:51:41 hqnl0246134 sshd[293659]: Disconnected from invalid user git 52.152.137.218 port 58481 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 05:51:47,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385107.1921906, 'message': 'Dec  7 05:51:46 hqnl0246134 sshd[293687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 05:51:47,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385107.1926744, 'message': 'Dec  7 05:51:46 hqnl0246134 sshd[293687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:51:49,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385109.1954896, 'message': 'Dec  7 05:51:48 hqnl0246134 sshd[293687]: Failed password for root from 61.177.173.48 port 46460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 05:51:51,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385111.1980143, 'message': 'Dec  7 05:51:50 hqnl0246134 sshd[293687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 05:51:51,625] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:51:51,625] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:51:53,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385113.20093, 'message': 'Dec  7 05:51:51 hqnl0246134 sshd[293690]: Invalid user postgres from 206.189.31.90 port 35014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:51:53,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385113.2014942, 'message': 'Dec  7 05:51:51 hqnl0246134 sshd[293687]: Failed password for root from 61.177.173.48 port 46460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 05:51:53,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385113.2011883, 'message': 'Dec  7 05:51:51 hqnl0246134 sshd[293690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.31.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 05:51:53,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385113.2017064, 'message': 'Dec  7 05:51:52 hqnl0246134 sshd[293687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 05:51:53,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385113.201357, 'message': 'Dec  7 05:51:51 hqnl0246134 sshd[293690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.31.90 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:51:53,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385113.2018123, 'message': 'Dec  7 05:51:52 hqnl0246134 sshd[293690]: Failed password for invalid user postgres from 206.189.31.90 port 35014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0165 seconds
WARNING [2022-12-07 05:51:54,210] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 05:51:55,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385115.202099, 'message': 'Dec  7 05:51:53 hqnl0246134 sshd[293690]: Disconnected from invalid user postgres 206.189.31.90 port 35014 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0618 seconds
INFO    [2022-12-07 05:51:55,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.140.114.196', 'timestamp': 1670385115.2023425, 'message': 'Dec  7 05:51:54 hqnl0246134 sshd[293692]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.140.114.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0627 seconds
INFO    [2022-12-07 05:51:55,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385115.2025776, 'message': 'Dec  7 05:51:54 hqnl0246134 sshd[293687]: Failed password for root from 61.177.173.48 port 46460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0633 seconds
INFO    [2022-12-07 05:51:55,297] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.140.114.196', 'timestamp': 1670385115.202459, 'message': 'Dec  7 05:51:54 hqnl0246134 sshd[293692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:51:57,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.140.114.196', 'timestamp': 1670385117.2048318, 'message': 'Dec  7 05:51:56 hqnl0246134 sshd[293692]: Failed password for root from 123.140.114.196 port 48552 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 05:51:57,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385117.205083, 'message': 'Dec  7 05:51:56 hqnl0246134 sshd[293696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-07 05:51:57,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385117.2053008, 'message': 'Dec  7 05:51:56 hqnl0246134 sshd[293696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:51:59,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.125.135', 'timestamp': 1670385119.2072194, 'message': 'Dec  7 05:51:57 hqnl0246134 sshd[293698]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.125.135 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 05:51:59,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.32.132.77', 'timestamp': 1670385119.2075696, 'message': 'Dec  7 05:51:57 hqnl0246134 sshd[293694]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.32.132.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 05:51:59,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385119.2077868, 'message': 'Dec  7 05:51:58 hqnl0246134 sshd[293696]: Failed password for root from 61.177.173.48 port 12356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 05:51:59,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.125.135', 'timestamp': 1670385119.2074306, 'message': 'Dec  7 05:51:57 hqnl0246134 sshd[293698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.125.135  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:51:59,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.32.132.77', 'timestamp': 1670385119.2076802, 'message': 'Dec  7 05:51:57 hqnl0246134 sshd[293694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.32.132.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 05:52:01,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.125.135', 'timestamp': 1670385121.2101998, 'message': 'Dec  7 05:51:59 hqnl0246134 sshd[293698]: Failed password for root from 159.223.125.135 port 36338 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0482 seconds
INFO    [2022-12-07 05:52:01,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.32.132.77', 'timestamp': 1670385121.2103906, 'message': 'Dec  7 05:51:59 hqnl0246134 sshd[293694]: Failed password for root from 41.32.132.77 port 59460 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 05:52:01,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385121.2105167, 'message': 'Dec  7 05:51:59 hqnl0246134 sshd[293700]: Invalid user gitlab from 206.189.113.201 port 44770', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 05:52:01,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385121.2114577, 'message': 'Dec  7 05:52:00 hqnl0246134 sshd[293696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 05:52:01,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385121.2109149, 'message': 'Dec  7 05:51:59 hqnl0246134 sshd[293700]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.113.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 05:52:01,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385121.2113366, 'message': 'Dec  7 05:51:59 hqnl0246134 sshd[293700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.113.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:52:03,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385123.2127078, 'message': 'Dec  7 05:52:01 hqnl0246134 sshd[293700]: Failed password for invalid user gitlab from 206.189.113.201 port 44770 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:52:03,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385123.212888, 'message': 'Dec  7 05:52:02 hqnl0246134 sshd[293700]: Disconnected from invalid user gitlab 206.189.113.201 port 44770 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:52:05,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385125.2140908, 'message': 'Dec  7 05:52:03 hqnl0246134 sshd[293696]: Failed password for root from 61.177.173.48 port 12356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 05:52:05,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670385125.2143009, 'message': 'Dec  7 05:52:04 hqnl0246134 sshd[293709]: Invalid user anon from 20.232.173.174 port 53700', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:52:05,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385125.2151692, 'message': 'Dec  7 05:52:05 hqnl0246134 sshd[293696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 05:52:05,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '20.232.173.174', 'timestamp': 1670385125.2144117, 'message': 'Dec  7 05:52:04 hqnl0246134 sshd[293709]: pam_imunify(sshd:auth): [IM360_RBL] The IP 20.232.173.174 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 05:52:05,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '20.232.173.174', 'timestamp': 1670385125.2150102, 'message': 'Dec  7 05:52:04 hqnl0246134 sshd[293709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.232.173.174 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 05:52:09,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670385129.2182486, 'message': 'Dec  7 05:52:07 hqnl0246134 sshd[293709]: Failed password for invalid user anon from 20.232.173.174 port 53700 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 05:52:09,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385129.2186804, 'message': 'Dec  7 05:52:07 hqnl0246134 sshd[293696]: Failed password for root from 61.177.173.48 port 12356 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 05:52:11,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '20.232.173.174', 'timestamp': 1670385131.2226334, 'message': 'Dec  7 05:52:09 hqnl0246134 sshd[293709]: Disconnected from invalid user anon 20.232.173.174 port 53700 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 05:52:11,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385131.2228587, 'message': 'Dec  7 05:52:11 hqnl0246134 sshd[293721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 05:52:11,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385131.2229881, 'message': 'Dec  7 05:52:11 hqnl0246134 sshd[293721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.48  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 05:52:12,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:52:12,951] defence360agent.internals.the_sink: SensorIncidentList(<33 item(s)>) processed in 0.0459 seconds
INFO    [2022-12-07 05:52:15,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385135.2287388, 'message': 'Dec  7 05:52:13 hqnl0246134 sshd[293721]: Failed password for root from 61.177.173.48 port 20762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 05:52:17,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385137.230175, 'message': 'Dec  7 05:52:15 hqnl0246134 sshd[293721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:52:17,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385137.23036, 'message': 'Dec  7 05:52:16 hqnl0246134 sshd[293721]: Failed password for root from 61.177.173.48 port 20762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:52:18,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:52:18,053] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:52:18,061] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:52:18,073] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 05:52:19,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385139.2333422, 'message': 'Dec  7 05:52:17 hqnl0246134 sshd[293721]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.48 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 05:52:21,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.48', 'timestamp': 1670385141.2342584, 'message': 'Dec  7 05:52:19 hqnl0246134 sshd[293721]: Failed password for root from 61.177.173.48 port 20762 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 05:52:22,591] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:52:22,592] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:52:22,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:52:22,609] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 05:52:31,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.33.71', 'timestamp': 1670385151.2487032, 'message': 'Dec  7 05:52:29 hqnl0246134 sshd[293742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.33.71 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 05:52:31,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.33.71', 'timestamp': 1670385151.2489665, 'message': 'Dec  7 05:52:29 hqnl0246134 sshd[293742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.33.71  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:52:33,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.33.71', 'timestamp': 1670385153.2500393, 'message': 'Dec  7 05:52:31 hqnl0246134 sshd[293742]: Failed password for root from 43.131.33.71 port 42258 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 05:52:39,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '50.221.173.142', 'timestamp': 1670385159.254163, 'message': 'Dec  7 05:52:38 hqnl0246134 sshd[293744]: pam_imunify(sshd:auth): [IM360_RBL] The IP 50.221.173.142 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 05:52:39,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '50.221.173.142', 'timestamp': 1670385159.2544308, 'message': 'Dec  7 05:52:38 hqnl0246134 sshd[293744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.221.173.142  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:52:41,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '50.221.173.142', 'timestamp': 1670385161.25701, 'message': 'Dec  7 05:52:40 hqnl0246134 sshd[293744]: Failed password for root from 50.221.173.142 port 33340 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 05:52:51,629] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:52:51,631] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 05:53:12,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:53:12,947] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0350 seconds
INFO    [2022-12-07 05:53:17,910] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:53:17,910] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:53:17,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:53:17,937] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-07 05:53:20,517] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:53:20,518] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:53:20,525] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:53:20,535] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
INFO    [2022-12-07 05:53:25,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385205.320456, 'message': 'Dec  7 05:53:24 hqnl0246134 sshd[293787]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.166.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:53:25,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385205.3207207, 'message': 'Dec  7 05:53:24 hqnl0246134 sshd[293787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.166.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 05:53:27,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385207.3220308, 'message': 'Dec  7 05:53:26 hqnl0246134 sshd[293787]: Failed password for root from 43.135.166.211 port 49794 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 05:53:29,236] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:53:29,237] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:53:29,244] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:53:29,255] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 05:53:33,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.42.176.235', 'timestamp': 1670385213.333955, 'message': 'Dec  7 05:53:32 hqnl0246134 sshd[293794]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.42.176.235 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 05:53:33,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.42.176.235', 'timestamp': 1670385213.334296, 'message': 'Dec  7 05:53:32 hqnl0246134 sshd[293794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.42.176.235  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:53:35,356] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '200.42.176.235', 'timestamp': 1670385215.336412, 'message': 'Dec  7 05:53:33 hqnl0246134 sshd[293794]: Failed password for root from 200.42.176.235 port 49098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 05:53:51,637] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:53:51,639] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:53:53,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385233.3640015, 'message': 'Dec  7 05:53:52 hqnl0246134 sshd[293805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 05:53:53,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385233.3646355, 'message': 'Dec  7 05:53:52 hqnl0246134 sshd[293805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 05:53:55,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385235.3652475, 'message': 'Dec  7 05:53:54 hqnl0246134 sshd[293805]: Failed password for root from 61.177.172.104 port 38933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:53:55,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385235.3654363, 'message': 'Dec  7 05:53:54 hqnl0246134 sshd[293805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 05:53:57,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385237.3658373, 'message': 'Dec  7 05:53:56 hqnl0246134 sshd[293805]: Failed password for root from 61.177.172.104 port 38933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:53:57,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385237.3660357, 'message': 'Dec  7 05:53:57 hqnl0246134 sshd[293805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 05:53:59,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385239.367907, 'message': 'Dec  7 05:53:58 hqnl0246134 sshd[293805]: Failed password for root from 61.177.172.104 port 38933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:54:01,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385241.3707669, 'message': 'Dec  7 05:54:01 hqnl0246134 sshd[293807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 05:54:01,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385241.3709674, 'message': 'Dec  7 05:54:01 hqnl0246134 sshd[293807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 05:54:05,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385245.3737915, 'message': 'Dec  7 05:54:03 hqnl0246134 sshd[293807]: Failed password for root from 61.177.172.104 port 53172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:54:07,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385247.377385, 'message': 'Dec  7 05:54:05 hqnl0246134 sshd[293807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 05:54:07,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385247.3776433, 'message': 'Dec  7 05:54:07 hqnl0246134 sshd[293807]: Failed password for root from 61.177.172.104 port 53172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 05:54:09,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385249.3796127, 'message': 'Dec  7 05:54:07 hqnl0246134 sshd[293807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:54:11,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385251.383151, 'message': 'Dec  7 05:54:10 hqnl0246134 sshd[293807]: Failed password for root from 61.177.172.104 port 53172 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0324 seconds
WARNING [2022-12-07 05:54:12,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:54:12,950] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0345 seconds
INFO    [2022-12-07 05:54:13,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385253.386591, 'message': 'Dec  7 05:54:12 hqnl0246134 sshd[293819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.113.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 05:54:13,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385253.3868687, 'message': 'Dec  7 05:54:12 hqnl0246134 sshd[293819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.113.201  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 05:54:15,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385255.387212, 'message': 'Dec  7 05:54:13 hqnl0246134 sshd[293817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 05:54:15,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.113.201', 'timestamp': 1670385255.3877919, 'message': 'Dec  7 05:54:14 hqnl0246134 sshd[293819]: Failed password for root from 206.189.113.201 port 51504 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 05:54:15,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385255.3876412, 'message': 'Dec  7 05:54:13 hqnl0246134 sshd[293817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 05:54:17,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385257.3892157, 'message': 'Dec  7 05:54:16 hqnl0246134 sshd[293817]: Failed password for root from 61.177.172.104 port 42312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 05:54:19,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385259.389831, 'message': 'Dec  7 05:54:18 hqnl0246134 sshd[293817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:54:19,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:54:19,740] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:54:19,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:54:19,758] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 05:54:21,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385261.3926778, 'message': 'Dec  7 05:54:19 hqnl0246134 sshd[293817]: Failed password for root from 61.177.172.104 port 42312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 05:54:21,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385261.3929288, 'message': 'Dec  7 05:54:20 hqnl0246134 sshd[293817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:54:22,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:54:22,583] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:54:22,590] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:54:22,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 05:54:23,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.104', 'timestamp': 1670385263.3938425, 'message': 'Dec  7 05:54:21 hqnl0246134 sshd[293817]: Failed password for root from 61.177.172.104 port 42312 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 05:54:31,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385271.410257, 'message': 'Dec  7 05:54:30 hqnl0246134 sshd[293843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.31.90 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:54:31,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385271.410491, 'message': 'Dec  7 05:54:30 hqnl0246134 sshd[293843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.31.90  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 05:54:33,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '206.189.31.90', 'timestamp': 1670385273.4142773, 'message': 'Dec  7 05:54:32 hqnl0246134 sshd[293843]: Failed password for root from 206.189.31.90 port 51830 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 05:54:39,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385279.4264157, 'message': 'Dec  7 05:54:39 hqnl0246134 sshd[293847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.152.137.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 05:54:39,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385279.4269485, 'message': 'Dec  7 05:54:39 hqnl0246134 sshd[293847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.152.137.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 05:54:41,450] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.152.137.218', 'timestamp': 1670385281.428399, 'message': 'Dec  7 05:54:40 hqnl0246134 sshd[293847]: Failed password for root from 52.152.137.218 port 49270 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 05:54:43,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:54:43,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:54:43,815] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:54:43,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
WARNING [2022-12-07 05:54:51,645] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:54:51,647] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:55:05,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385305.4667838, 'message': 'Dec  7 05:55:03 hqnl0246134 sshd[293882]: Invalid user zabbix from 123.195.33.169 port 46816', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0385 seconds
INFO    [2022-12-07 05:55:05,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385305.4676743, 'message': 'Dec  7 05:55:04 hqnl0246134 sshd[293882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 05:55:05,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385305.4678664, 'message': 'Dec  7 05:55:04 hqnl0246134 sshd[293882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 05:55:07,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385307.4681811, 'message': 'Dec  7 05:55:05 hqnl0246134 sshd[293882]: Failed password for invalid user zabbix from 123.195.33.169 port 46816 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:55:07,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385307.4683852, 'message': 'Dec  7 05:55:06 hqnl0246134 sshd[293882]: Disconnected from invalid user zabbix 123.195.33.169 port 46816 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 05:55:12,928] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:55:12,954] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 05:55:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:55:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:55:17,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:55:17,978] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 05:55:20,639] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:55:20,639] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:55:20,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:55:20,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 05:55:22,803] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:55:22,870] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:55:22,871] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:55:22,871] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:55:22,871] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:55:22,872] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:55:22,891] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:55:22,909] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0368 seconds
WARNING [2022-12-07 05:55:22,916] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:55:22,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:55:22,942] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0383 seconds
INFO    [2022-12-07 05:55:22,944] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0372 seconds
INFO    [2022-12-07 05:55:37,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385337.5240119, 'message': 'Dec  7 05:55:35 hqnl0246134 sshd[293923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 05:55:37,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385337.5243902, 'message': 'Dec  7 05:55:35 hqnl0246134 sshd[293923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 05:55:39,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385339.5270028, 'message': 'Dec  7 05:55:37 hqnl0246134 sshd[293923]: Failed password for root from 61.177.172.108 port 28542 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 05:55:41,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385341.528842, 'message': 'Dec  7 05:55:39 hqnl0246134 sshd[293923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 05:55:43,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385343.529992, 'message': 'Dec  7 05:55:41 hqnl0246134 sshd[293923]: Failed password for root from 61.177.172.108 port 28542 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 05:55:43,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385343.530165, 'message': 'Dec  7 05:55:42 hqnl0246134 sshd[293923]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:55:45,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385345.5331516, 'message': 'Dec  7 05:55:43 hqnl0246134 sshd[293923]: Failed password for root from 61.177.172.108 port 28542 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 05:55:47,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385347.5341709, 'message': 'Dec  7 05:55:45 hqnl0246134 sshd[293926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 05:55:47,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385347.5344927, 'message': 'Dec  7 05:55:45 hqnl0246134 sshd[293926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 05:55:47,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385347.53465, 'message': 'Dec  7 05:55:47 hqnl0246134 sshd[293926]: Failed password for root from 61.177.172.108 port 58801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0401 seconds
INFO    [2022-12-07 05:55:49,556] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385349.5367823, 'message': 'Dec  7 05:55:48 hqnl0246134 sshd[293926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 05:55:51,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385351.5381267, 'message': 'Dec  7 05:55:50 hqnl0246134 sshd[293926]: Failed password for root from 61.177.172.108 port 58801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 05:55:51,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385351.53839, 'message': 'Dec  7 05:55:51 hqnl0246134 sshd[293939]: Invalid user admin from 91.212.166.22 port 45052', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 05:55:51,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385351.5385609, 'message': 'Dec  7 05:55:51 hqnl0246134 sshd[293939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.212.166.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 05:55:51,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385351.5387263, 'message': 'Dec  7 05:55:51 hqnl0246134 sshd[293939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.212.166.22 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 05:55:51,649] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:55:51,649] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:55:53,070] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:55:53,071] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:55:53,072] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-07 05:55:53,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385353.540994, 'message': 'Dec  7 05:55:52 hqnl0246134 sshd[293926]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 05:55:53,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385353.541212, 'message': 'Dec  7 05:55:53 hqnl0246134 sshd[293939]: Failed password for invalid user admin from 91.212.166.22 port 45052 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 05:55:55,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385355.5468183, 'message': 'Dec  7 05:55:54 hqnl0246134 sshd[293926]: Failed password for root from 61.177.172.108 port 58801 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 05:55:57,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385357.5491664, 'message': 'Dec  7 05:55:56 hqnl0246134 sshd[293942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 05:55:57,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385357.5494149, 'message': 'Dec  7 05:55:56 hqnl0246134 sshd[293942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:55:59,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385359.5554943, 'message': 'Dec  7 05:55:58 hqnl0246134 sshd[293939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.212.166.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-07 05:55:59,608] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385359.555811, 'message': 'Dec  7 05:55:58 hqnl0246134 sshd[293942]: Failed password for root from 61.177.172.108 port 35941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-07 05:56:01,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385361.5607498, 'message': 'Dec  7 05:56:00 hqnl0246134 sshd[293939]: Failed password for invalid user admin from 91.212.166.22 port 45052 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 05:56:01,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385361.5609481, 'message': 'Dec  7 05:56:00 hqnl0246134 sshd[293942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 05:56:03,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385363.5627286, 'message': 'Dec  7 05:56:02 hqnl0246134 sshd[293942]: Failed password for root from 61.177.172.108 port 35941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 05:56:03,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385363.5630744, 'message': 'Dec  7 05:56:03 hqnl0246134 sshd[293942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 05:56:05,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385365.5648544, 'message': 'Dec  7 05:56:04 hqnl0246134 sshd[293942]: Failed password for root from 61.177.172.108 port 35941 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 05:56:05,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385365.5651865, 'message': 'Dec  7 05:56:04 hqnl0246134 sshd[293939]: pam_imunify(sshd:auth): [IM360_RBL] The IP 91.212.166.22 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-07 05:56:05,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385365.5653994, 'message': 'Dec  7 05:56:05 hqnl0246134 sshd[293953]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.166.211 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-07 05:56:05,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385365.5660305, 'message': 'Dec  7 05:56:05 hqnl0246134 sshd[293953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.166.211  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 05:56:07,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '91.212.166.22', 'timestamp': 1670385367.5701, 'message': 'Dec  7 05:56:06 hqnl0246134 sshd[293939]: Failed password for invalid user admin from 91.212.166.22 port 45052 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0678 seconds
INFO    [2022-12-07 05:56:07,640] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385367.5703647, 'message': 'Dec  7 05:56:06 hqnl0246134 sshd[293955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-07 05:56:07,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.166.211', 'timestamp': 1670385367.5710905, 'message': 'Dec  7 05:56:07 hqnl0246134 sshd[293953]: Failed password for root from 43.135.166.211 port 49962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0685 seconds
INFO    [2022-12-07 05:56:07,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385367.570591, 'message': 'Dec  7 05:56:06 hqnl0246134 sshd[293955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.108  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 05:56:09,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385369.5746734, 'message': 'Dec  7 05:56:08 hqnl0246134 sshd[293955]: Failed password for root from 61.177.172.108 port 59050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 05:56:09,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385369.5758502, 'message': 'Dec  7 05:56:09 hqnl0246134 sshd[293955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 05:56:11,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385371.5773354, 'message': 'Dec  7 05:56:10 hqnl0246134 sshd[293955]: Failed password for root from 61.177.172.108 port 59050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 05:56:11,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385371.5775464, 'message': 'Dec  7 05:56:11 hqnl0246134 sshd[293955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.172.108 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 05:56:11,745] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:56:11,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:56:11,753] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:56:11,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
WARNING [2022-12-07 05:56:12,930] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:56:12,951] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0279 seconds
INFO    [2022-12-07 05:56:13,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.172.108', 'timestamp': 1670385373.5819943, 'message': 'Dec  7 05:56:13 hqnl0246134 sshd[293955]: Failed password for root from 61.177.172.108 port 59050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 05:56:17,854] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:56:17,855] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:56:17,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:56:17,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 05:56:20,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:56:20,554] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:56:20,562] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:56:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
WARNING [2022-12-07 05:56:51,661] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:56:51,663] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:56:55,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385415.6425467, 'message': 'Dec  7 05:56:53 hqnl0246134 sshd[293996]: Invalid user dang from 123.195.33.169 port 55652', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 05:56:55,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385415.64333, 'message': 'Dec  7 05:56:53 hqnl0246134 sshd[293996]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 05:56:55,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385415.6435664, 'message': 'Dec  7 05:56:53 hqnl0246134 sshd[293996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 05:56:57,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385417.6435633, 'message': 'Dec  7 05:56:55 hqnl0246134 sshd[293996]: Failed password for invalid user dang from 123.195.33.169 port 55652 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 05:56:57,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385417.6437624, 'message': 'Dec  7 05:56:56 hqnl0246134 sshd[293996]: Disconnected from invalid user dang 123.195.33.169 port 55652 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-07 05:57:12,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:57:12,956] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0292 seconds
INFO    [2022-12-07 05:57:18,059] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:57:18,060] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:57:18,067] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:57:18,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 05:57:20,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:57:20,730] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:57:20,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:57:20,748] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-07 05:57:51,666] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:57:51,668] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:58:18,171] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:58:18,172] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:58:18,182] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:58:18,196] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-07 05:58:20,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:58:20,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:58:20,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:58:20,959] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-07 05:58:29,044] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 05:58:29,113] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 05:58:29,115] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 05:58:29,115] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 05:58:29,115] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 05:58:29,115] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 05:58:29,126] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 05:58:29,146] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0299 seconds
WARNING [2022-12-07 05:58:29,153] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 05:58:29,155] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:58:29,172] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0319 seconds
INFO    [2022-12-07 05:58:29,173] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0295 seconds
INFO    [2022-12-07 05:58:47,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385527.7761145, 'message': 'Dec  7 05:58:46 hqnl0246134 sshd[294088]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0569 seconds
INFO    [2022-12-07 05:58:47,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385527.7774992, 'message': 'Dec  7 05:58:46 hqnl0246134 sshd[294091]: pam_imunify(sshd:auth): [IM360_RBL] The IP 123.195.33.169 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 05:58:47,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385527.777228, 'message': 'Dec  7 05:58:46 hqnl0246134 sshd[294088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 05:58:47,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385527.7778242, 'message': 'Dec  7 05:58:46 hqnl0246134 sshd[294091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.195.33.169  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 05:58:49,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385529.777093, 'message': 'Dec  7 05:58:47 hqnl0246134 sshd[294088]: Failed password for root from 61.177.173.46 port 53578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0590 seconds
INFO    [2022-12-07 05:58:49,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '123.195.33.169', 'timestamp': 1670385529.7774868, 'message': 'Dec  7 05:58:48 hqnl0246134 sshd[294091]: Failed password for root from 123.195.33.169 port 41996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0593 seconds
INFO    [2022-12-07 05:58:49,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385529.777765, 'message': 'Dec  7 05:58:48 hqnl0246134 sshd[294088]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
WARNING [2022-12-07 05:58:51,671] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:58:51,672] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 05:58:51,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385531.7783382, 'message': 'Dec  7 05:58:50 hqnl0246134 sshd[294088]: Failed password for root from 61.177.173.46 port 53578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 05:58:53,401] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:58:53,401] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:58:53,409] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:58:53,427] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 05:58:53,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385533.7808437, 'message': 'Dec  7 05:58:52 hqnl0246134 sshd[294088]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 05:58:55,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385535.7818258, 'message': 'Dec  7 05:58:54 hqnl0246134 sshd[294088]: Failed password for root from 61.177.173.46 port 53578 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 05:58:57,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385537.787778, 'message': 'Dec  7 05:58:56 hqnl0246134 sshd[294107]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 05:58:57,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385537.7880845, 'message': 'Dec  7 05:58:56 hqnl0246134 sshd[294107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.46  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 05:58:59,245] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 05:58:59,246] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 05:58:59,246] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 05:58:59,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385539.7883518, 'message': 'Dec  7 05:58:59 hqnl0246134 sshd[294107]: Failed password for root from 61.177.173.46 port 54852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 05:59:01,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385541.7937553, 'message': 'Dec  7 05:59:01 hqnl0246134 sshd[294107]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:59:03,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385543.7984152, 'message': 'Dec  7 05:59:03 hqnl0246134 sshd[294107]: Failed password for root from 61.177.173.46 port 54852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 05:59:03,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385543.7986612, 'message': 'Dec  7 05:59:03 hqnl0246134 sshd[294107]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.46 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 05:59:05,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.46', 'timestamp': 1670385545.8026307, 'message': 'Dec  7 05:59:04 hqnl0246134 sshd[294107]: Failed password for root from 61.177.173.46 port 54852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0299 seconds
WARNING [2022-12-07 05:59:12,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:59:12,965] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0270 seconds
INFO    [2022-12-07 05:59:19,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:59:19,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:59:19,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:59:19,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0239 seconds
INFO    [2022-12-07 05:59:22,511] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 05:59:22,512] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 05:59:22,521] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 05:59:22,533] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-07 05:59:51,676] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 05:59:51,678] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:00:05,400] defence360agent.files: Updating all files
INFO    [2022-12-07 06:00:05,746] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:05,746] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 06:00:06,037] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:06,038] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 06:00:06,357] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:06,358] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 06:00:06,696] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:06,697] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 06:00:06,697] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 06:00:07,017] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 04:00:06 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E66DC064B5FB8'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 06:00:07,019] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 06:00:07,020] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 06:00:07,611] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:07,611] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 06:00:07,876] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:07,876] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 06:00:08,202] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:08,203] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 06:00:08,604] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:08,605] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 06:00:09,052] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 06:00:09,054] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 06:00:17,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:00:17,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:00:17,871] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:00:17,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-07 06:00:20,546] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:00:20,547] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:00:20,554] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:00:20,566] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-07 06:00:51,683] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:00:51,685] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:01:11,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385671.9611819, 'message': 'Dec  7 06:01:11 hqnl0246134 sshd[294234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 06:01:12,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385671.961991, 'message': 'Dec  7 06:01:11 hqnl0246134 sshd[294234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 06:01:12,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:01:12,974] defence360agent.internals.the_sink: SensorIncidentList(<2 item(s)>) processed in 0.0303 seconds
INFO    [2022-12-07 06:01:13,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385673.9617844, 'message': 'Dec  7 06:01:13 hqnl0246134 sshd[294234]: Failed password for root from 61.177.173.35 port 61621 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 06:01:14,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385673.9654186, 'message': 'Dec  7 06:01:13 hqnl0246134 sshd[294234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 06:01:15,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385675.9635625, 'message': 'Dec  7 06:01:15 hqnl0246134 sshd[294234]: Failed password for root from 61.177.173.35 port 61621 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 06:01:17,826] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:01:17,827] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:01:17,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:01:17,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 06:01:17,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385677.9655921, 'message': 'Dec  7 06:01:17 hqnl0246134 sshd[294234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 06:01:20,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385679.9679663, 'message': 'Dec  7 06:01:19 hqnl0246134 sshd[294234]: Failed password for root from 61.177.173.35 port 61621 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 06:01:20,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:01:20,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:01:20,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:01:20,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 06:01:21,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385681.9710026, 'message': 'Dec  7 06:01:21 hqnl0246134 sshd[294255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 06:01:22,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385681.9712336, 'message': 'Dec  7 06:01:21 hqnl0246134 sshd[294255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 06:01:22,615] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:01:22,615] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:01:22,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:01:22,635] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 06:01:23,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385683.9731677, 'message': 'Dec  7 06:01:23 hqnl0246134 sshd[294255]: Failed password for root from 61.177.173.35 port 32527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 06:01:24,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385683.9736407, 'message': 'Dec  7 06:01:23 hqnl0246134 sshd[294255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 06:01:26,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385685.9738014, 'message': 'Dec  7 06:01:25 hqnl0246134 sshd[294255]: Failed password for root from 61.177.173.35 port 32527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 06:01:28,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385687.9765925, 'message': 'Dec  7 06:01:25 hqnl0246134 sshd[294255]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 06:01:29,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385689.977955, 'message': 'Dec  7 06:01:28 hqnl0246134 sshd[294255]: Failed password for root from 61.177.173.35 port 32527 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 06:01:34,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385693.9825037, 'message': 'Dec  7 06:01:31 hqnl0246134 sshd[294266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 06:01:34,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385693.9828022, 'message': 'Dec  7 06:01:32 hqnl0246134 sshd[294266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.35  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 06:01:34,044] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385693.9829168, 'message': 'Dec  7 06:01:33 hqnl0246134 sshd[294266]: Failed password for root from 61.177.173.35 port 53846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 06:01:36,003] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385695.9845896, 'message': 'Dec  7 06:01:34 hqnl0246134 sshd[294266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 06:01:36,021] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385695.9848611, 'message': 'Dec  7 06:01:35 hqnl0246134 sshd[294266]: Failed password for root from 61.177.173.35 port 53846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 06:01:38,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385697.9871852, 'message': 'Dec  7 06:01:36 hqnl0246134 sshd[294266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 61.177.173.35 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 06:01:40,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '61.177.173.35', 'timestamp': 1670385699.987765, 'message': 'Dec  7 06:01:38 hqnl0246134 sshd[294266]: Failed password for root from 61.177.173.35 port 53846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
WARNING [2022-12-07 06:01:51,689] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:01:51,691] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:01:54,214] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 06:02:12,957] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:02:12,977] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-07 06:02:16,635] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:02:16,702] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:02:16,703] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:02:16,703] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:02:16,703] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:02:16,704] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:02:16,714] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:02:16,730] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0261 seconds
WARNING [2022-12-07 06:02:16,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:02:16,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:02:16,759] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0350 seconds
INFO    [2022-12-07 06:02:16,761] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0328 seconds
INFO    [2022-12-07 06:02:17,986] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:02:17,986] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:02:17,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:02:18,006] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 06:02:22,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:02:22,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:02:22,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:02:22,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 06:02:47,361] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:02:47,363] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:02:47,364] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 06:02:51,695] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:02:51,696] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:03:19,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:03:19,916] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:03:19,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:03:19,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 06:03:22,961] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:03:22,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:03:22,970] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:03:22,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-07 06:03:51,702] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:03:51,704] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:04:18,064] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:04:18,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:04:18,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:04:18,091] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-07 06:04:20,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:04:20,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:04:20,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:04:20,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
WARNING [2022-12-07 06:04:51,707] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:04:51,709] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:05:18,192] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:05:18,193] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:05:18,203] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:05:18,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-07 06:05:20,901] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:05:20,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:05:20,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:05:20,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 06:05:51,715] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:05:51,716] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:06:18,084] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:06:18,086] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:06:18,102] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:06:18,142] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0542 seconds
INFO    [2022-12-07 06:06:21,248] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:06:21,249] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:06:21,256] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:06:21,267] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-07 06:06:51,724] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:06:51,725] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:07:20,092] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:07:20,094] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:07:20,114] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:07:20,140] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0441 seconds
INFO    [2022-12-07 06:07:24,795] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:07:24,795] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:07:24,802] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:07:24,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-07 06:07:51,729] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:07:51,731] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:08:17,969] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:08:17,969] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:08:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:08:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-07 06:08:20,712] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:08:20,713] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:08:20,719] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:08:20,730] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-07 06:08:51,734] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:08:51,736] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:08:55,778] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:08:55,847] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:08:55,848] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:08:55,848] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:08:55,848] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:08:55,849] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:08:55,866] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:08:55,884] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0347 seconds
WARNING [2022-12-07 06:08:55,892] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:08:55,894] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:08:55,913] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0343 seconds
INFO    [2022-12-07 06:08:55,914] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0320 seconds
INFO    [2022-12-07 06:09:17,878] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:09:17,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:09:17,951] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:09:17,997] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1167 seconds
INFO    [2022-12-07 06:09:20,518] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:09:20,519] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:09:20,527] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:09:20,540] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 06:09:36,811] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:09:36,813] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:09:36,815] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 06:09:51,739] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:09:51,740] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:10:19,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:10:19,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:10:19,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:10:19,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0339 seconds
INFO    [2022-12-07 06:10:24,458] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:10:24,458] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:10:24,468] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:10:24,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
WARNING [2022-12-07 06:10:51,742] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:10:51,743] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:11:17,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:11:17,922] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:11:17,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:11:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-07 06:11:22,488] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:11:22,489] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:11:22,498] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:11:22,511] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-07 06:11:51,748] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:11:51,750] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:11:54,217] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 06:12:19,952] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:12:19,953] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:12:19,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:12:19,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 06:12:22,601] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:12:22,601] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:12:22,612] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:12:22,626] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
WARNING [2022-12-07 06:12:51,755] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:12:51,756] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:13:01,874] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 06:13:01,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:13:01,904] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0293 seconds
INFO    [2022-12-07 06:13:18,112] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:13:18,113] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:13:18,121] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:13:18,133] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 06:13:22,624] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:13:22,624] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:13:22,635] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:13:22,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
WARNING [2022-12-07 06:13:51,759] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:13:51,761] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:14:17,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:14:17,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:14:17,877] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:14:17,895] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-07 06:14:20,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:14:20,594] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:14:20,603] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:14:20,616] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-07 06:14:51,768] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:14:51,769] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:15:19,735] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:15:19,736] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:15:19,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:15:19,762] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-07 06:15:22,286] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:15:22,286] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:15:22,294] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:15:22,306] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 06:15:31,337] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:15:31,580] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:15:31,580] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:15:31,581] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:15:31,581] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:15:31,581] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:15:31,594] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:15:31,611] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0289 seconds
WARNING [2022-12-07 06:15:31,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:15:31,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:15:31,636] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0310 seconds
INFO    [2022-12-07 06:15:31,637] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0286 seconds
WARNING [2022-12-07 06:15:51,773] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:15:51,774] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:16:06,722] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:16:06,723] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:16:06,724] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 06:16:17,854] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:16:17,854] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:16:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:16:17,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 06:16:20,572] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:16:20,573] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:16:20,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:16:20,593] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-07 06:16:51,779] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:16:51,781] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:17:17,912] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:17:17,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:17:17,925] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:17:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-07 06:17:22,595] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:17:22,595] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:17:22,607] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:17:22,622] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
WARNING [2022-12-07 06:17:51,783] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:17:51,784] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:18:18,019] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:18:18,020] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:18:18,030] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:18:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 06:18:20,847] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:18:20,848] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:18:20,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:18:20,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
INFO    [2022-12-07 06:18:49,256] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670386729.2316682, 'message': 'Dec  7 06:18:48 hqnl0246134 sshd[295244]: Accepted password for supportwwwuser from 212.58.119.251 port 1180 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0234 seconds
WARNING [2022-12-07 06:18:51,787] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:18:51,789] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:19:13,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:19:13,647] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.6425 seconds
INFO    [2022-12-07 06:19:13,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670386753.5750802, 'message': 'Dec  7 06:19:12 hqnl0246134 sshd[295327]: Accepted password for supportwwwuser from 212.58.119.251 port 10536 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0747 seconds
INFO    [2022-12-07 06:19:20,467] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:19:20,468] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:19:20,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:19:20,584] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1113 seconds
INFO    [2022-12-07 06:19:23,559] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:19:23,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:19:23,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:19:23,586] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 06:19:27,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670386767.2696493, 'message': 'Dec  7 06:19:26 hqnl0246134 sshd[295386]: Accepted password for supportwwwuser from 212.58.119.251 port 10543 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0771 seconds
WARNING [2022-12-07 06:19:51,791] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:19:51,793] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:20:13,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:20:13,135] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.1239 seconds
INFO    [2022-12-07 06:20:18,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:20:18,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:20:18,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:20:18,872] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 06:20:22,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:20:22,039] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:20:22,048] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:20:22,062] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
WARNING [2022-12-07 06:20:51,796] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:20:51,798] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:20:56,186] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:20:56,264] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:20:56,268] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:20:56,268] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:20:56,269] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:20:56,269] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:20:56,299] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:20:56,325] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0542 seconds
WARNING [2022-12-07 06:20:56,333] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:20:56,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:20:56,366] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0506 seconds
INFO    [2022-12-07 06:20:56,369] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0464 seconds
INFO    [2022-12-07 06:21:20,632] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:21:20,633] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:21:20,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:21:20,657] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 06:21:24,087] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:21:24,088] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:21:24,109] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:21:24,122] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 06:21:26,463] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:21:26,463] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:21:26,465] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 06:21:51,801] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:21:51,804] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:21:54,220] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 06:21:55,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670386915.4218152, 'message': 'Dec  7 06:21:53 hqnl0246134 sshd[295613]: Accepted password for supportwwwuser from 212.58.119.251 port 10619 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0391 seconds
WARNING [2022-12-07 06:22:13,040] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:22:13,133] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.1121 seconds
INFO    [2022-12-07 06:22:22,077] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:22:22,078] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:22:22,090] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:22:22,116] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0364 seconds
INFO    [2022-12-07 06:22:31,247] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:22:31,248] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:22:31,272] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:22:31,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0469 seconds
WARNING [2022-12-07 06:22:51,807] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:22:51,811] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:23:23,483] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:23:23,485] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:23:23,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:23:23,628] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1398 seconds
INFO    [2022-12-07 06:23:29,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:23:29,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:23:30,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:23:30,124] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1342 seconds
WARNING [2022-12-07 06:23:51,819] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:23:51,821] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:24:18,157] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:24:18,158] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:24:18,169] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:24:18,192] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0334 seconds
INFO    [2022-12-07 06:24:20,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:24:20,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:24:20,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:24:20,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 06:24:42,799] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:24:42,932] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:24:42,933] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:24:42,933] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:24:42,933] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:24:42,934] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:24:42,955] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:24:42,990] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0542 seconds
WARNING [2022-12-07 06:24:42,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:24:43,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:24:43,018] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0518 seconds
INFO    [2022-12-07 06:24:43,019] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0326 seconds
WARNING [2022-12-07 06:24:51,824] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:24:51,825] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:25:06,061] defence360agent.subsys.panels.generic.panel: Integrations script users failed with exit code 127 
b'/bin/sh: 1: /path/to/get-users-script.sh: not found\n'
WARNING [2022-12-07 06:25:06,062] defence360agent.subsys.panels.generic.panel: Applying default implementation of users and domains lists
INFO    [2022-12-07 06:25:06,072] defence360agent.simple_rpc: Response: method - ['check-domains'], data - {'result': 'warnings', 'messages': ['Domains not found']}
WARNING [2022-12-07 06:25:06,082] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:25:06,101] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['check-domains'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'check-domains']}) processed in 0.0449 seconds
INFO    [2022-12-07 06:25:13,065] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:25:13,067] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:25:13,073] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-07 06:25:17,793] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:25:17,794] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:25:17,801] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:25:17,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 06:25:20,442] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:25:20,442] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:25:20,450] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:25:20,463] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-07 06:25:51,830] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:25:51,831] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:26:17,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:26:17,769] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:26:17,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:26:17,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0244 seconds
INFO    [2022-12-07 06:26:21,069] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:26:21,070] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:26:21,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:26:21,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
WARNING [2022-12-07 06:26:51,834] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:26:51,836] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:27:17,814] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:27:17,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:27:17,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:27:17,845] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-07 06:27:20,312] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:27:20,312] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:27:20,321] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:27:20,333] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
WARNING [2022-12-07 06:27:51,846] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:27:51,848] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:27:57,254] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:27:57,324] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:27:57,325] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:27:57,325] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:27:57,325] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:27:57,326] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:27:57,343] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:27:57,373] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0458 seconds
WARNING [2022-12-07 06:27:57,382] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:27:57,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:27:57,411] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0484 seconds
INFO    [2022-12-07 06:27:57,413] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0440 seconds
INFO    [2022-12-07 06:28:18,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:28:18,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:28:18,021] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:28:18,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0336 seconds
INFO    [2022-12-07 06:28:20,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:28:20,742] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:28:20,751] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:28:20,763] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 06:28:37,107] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:28:37,108] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:28:37,109] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 06:28:51,853] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:28:51,854] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:29:17,753] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:29:17,754] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:29:17,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:29:17,780] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-07 06:29:20,341] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:29:20,342] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:29:20,351] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:29:20,363] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-07 06:29:51,857] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:29:51,858] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:30:09,063] defence360agent.files: Updating all files
INFO    [2022-12-07 06:30:09,402] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:09,402] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 06:30:09,801] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:09,802] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 06:30:10,068] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:10,069] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 06:30:10,363] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:10,363] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 06:30:10,364] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 06:30:10,624] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 04:30:10 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E687FF5AA9E52'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 06:30:10,627] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 06:30:10,628] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 06:30:11,181] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:11,182] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 06:30:11,449] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:11,450] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 06:30:11,774] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:11,775] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 06:30:12,157] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:12,158] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 06:30:12,714] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 06:30:12,716] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 06:30:17,970] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:30:17,970] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:30:17,982] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:30:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 06:30:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:30:20,621] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:30:20,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:30:20,655] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0330 seconds
WARNING [2022-12-07 06:30:51,866] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:30:51,867] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:31:17,996] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:31:17,997] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:31:18,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:31:18,022] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-07 06:31:22,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:31:22,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:31:22,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:31:22,585] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
WARNING [2022-12-07 06:31:51,873] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:31:51,874] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:31:54,232] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 06:32:17,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:32:17,926] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:32:17,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:32:17,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-07 06:32:22,740] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:32:22,741] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:32:22,749] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:32:22,761] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-07 06:32:51,880] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:32:51,882] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:33:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:33:17,975] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:33:17,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:33:17,998] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 06:33:20,765] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:33:20,766] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:33:20,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:33:20,785] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-07 06:33:51,887] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:33:51,889] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:34:17,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:34:17,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:34:17,874] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:34:17,890] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0277 seconds
INFO    [2022-12-07 06:34:20,679] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:34:20,679] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:34:20,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:34:20,701] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
WARNING [2022-12-07 06:34:51,892] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:34:51,894] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:35:17,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:35:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:35:17,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:35:17,873] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0246 seconds
INFO    [2022-12-07 06:35:20,470] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:35:20,470] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:35:20,480] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:35:20,492] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
WARNING [2022-12-07 06:35:51,897] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:35:51,898] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:35:54,143] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:35:54,209] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:35:54,210] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:35:54,210] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:35:54,210] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:35:54,211] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:35:54,222] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:35:54,239] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0281 seconds
WARNING [2022-12-07 06:35:54,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:35:54,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:35:54,264] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0310 seconds
INFO    [2022-12-07 06:35:54,266] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0290 seconds
INFO    [2022-12-07 06:36:17,926] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:36:17,927] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:36:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:36:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 06:36:20,692] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:36:20,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:36:20,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:36:20,713] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 06:36:24,336] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:36:24,337] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:36:24,337] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 06:36:51,901] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:36:51,902] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:37:18,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:37:18,136] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:37:18,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:37:18,170] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0327 seconds
INFO    [2022-12-07 06:37:20,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:37:20,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:37:20,857] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:37:20,868] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-07 06:37:51,905] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:37:51,906] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:38:17,757] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:38:17,758] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:38:17,767] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:38:17,779] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 06:38:20,325] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:38:20,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:38:20,332] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:38:20,343] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
WARNING [2022-12-07 06:38:51,909] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:38:51,911] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:39:17,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:39:17,968] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:39:17,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:39:17,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0262 seconds
INFO    [2022-12-07 06:39:20,713] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:39:20,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:39:20,721] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:39:20,734] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 06:39:51,919] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:39:51,922] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:39:53,304] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:39:53,373] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:39:53,374] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:39:53,374] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:39:53,374] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:39:53,375] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:39:53,389] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:39:53,406] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0301 seconds
WARNING [2022-12-07 06:39:53,413] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:39:53,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:39:53,431] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0307 seconds
INFO    [2022-12-07 06:39:53,432] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0289 seconds
INFO    [2022-12-07 06:40:17,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:40:17,694] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:40:17,704] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:40:17,717] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 06:40:20,319] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:40:20,320] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:40:20,326] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:40:20,338] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 06:40:23,501] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:40:23,502] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:40:23,503] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 06:40:51,925] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:40:51,926] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:41:17,777] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:41:17,778] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:41:17,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:41:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-07 06:41:20,736] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:41:20,736] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:41:20,745] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:41:20,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
WARNING [2022-12-07 06:41:51,930] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:41:51,931] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:41:54,236] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 06:42:17,856] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:42:17,857] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:42:17,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:42:17,884] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0253 seconds
INFO    [2022-12-07 06:42:20,563] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:42:20,564] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:42:20,572] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:42:20,583] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 06:42:51,933] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:42:51,935] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:43:17,904] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:43:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:43:17,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:43:17,925] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 06:43:20,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:43:20,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:43:20,568] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:43:20,579] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 06:43:51,938] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:43:51,939] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:44:18,007] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:44:18,008] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:44:18,017] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:44:18,032] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 06:44:20,869] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:44:20,869] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:44:20,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:44:20,890] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-07 06:44:51,943] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:44:51,945] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:45:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:45:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:45:18,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:45:18,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 06:45:20,824] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:45:20,825] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:45:20,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:45:20,846] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 06:45:31,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388331.9453757, 'message': 'Dec  7 06:45:30 hqnl0246134 sshd[297036]: Invalid user hadoop from 46.101.223.61 port 52446', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 06:45:31,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388331.9458094, 'message': 'Dec  7 06:45:30 hqnl0246134 sshd[297036]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.223.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 06:45:32,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388331.94598, 'message': 'Dec  7 06:45:30 hqnl0246134 sshd[297036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.223.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 06:45:33,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388333.9466846, 'message': 'Dec  7 06:45:32 hqnl0246134 sshd[297036]: Failed password for invalid user hadoop from 46.101.223.61 port 52446 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 06:45:35,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388335.949795, 'message': 'Dec  7 06:45:34 hqnl0246134 sshd[297036]: Disconnected from invalid user hadoop 46.101.223.61 port 52446 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 06:45:36,558] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:45:36,558] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:45:36,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:45:36,577] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 06:45:51,948] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:45:51,949] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:46:13,197] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:46:13,238] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0612 seconds
INFO    [2022-12-07 06:46:17,781] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:46:17,781] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:46:17,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:46:17,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 06:46:20,613] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:46:20,613] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:46:20,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:46:20,641] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0271 seconds
WARNING [2022-12-07 06:46:51,952] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:46:51,953] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:47:07,571] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:47:07,638] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:47:07,639] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:47:07,639] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:47:07,639] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:47:07,640] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:47:07,656] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:47:07,688] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0469 seconds
WARNING [2022-12-07 06:47:07,701] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:47:07,705] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:47:07,735] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0616 seconds
INFO    [2022-12-07 06:47:07,736] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0557 seconds
INFO    [2022-12-07 06:47:17,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:47:17,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:47:17,954] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:47:17,966] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
INFO    [2022-12-07 06:47:20,603] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:47:20,604] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:47:20,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:47:20,624] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 06:47:37,766] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:47:37,767] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:47:37,768] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 06:47:38,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670388458.1621342, 'message': 'Dec  7 06:47:36 hqnl0246134 sshd[297143]: Invalid user username from 84.255.249.179 port 55294', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 06:47:38,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.255.249.179', 'timestamp': 1670388458.1627498, 'message': 'Dec  7 06:47:36 hqnl0246134 sshd[297143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.255.249.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 06:47:38,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.255.249.179', 'timestamp': 1670388458.1630101, 'message': 'Dec  7 06:47:36 hqnl0246134 sshd[297143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.249.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 06:47:40,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670388460.161556, 'message': 'Dec  7 06:47:38 hqnl0246134 sshd[297143]: Failed password for invalid user username from 84.255.249.179 port 55294 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 06:47:40,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670388460.1689682, 'message': 'Dec  7 06:47:38 hqnl0246134 sshd[297143]: Disconnected from invalid user username 84.255.249.179 port 55294 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 06:47:51,958] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:47:51,959] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:48:13,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:48:13,229] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-07 06:48:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:48:17,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:48:17,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:48:17,872] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 06:48:20,497] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:48:20,498] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:48:20,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:48:20,518] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
WARNING [2022-12-07 06:48:51,966] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:48:51,968] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:48:56,362] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388536.330063, 'message': 'Dec  7 06:48:55 hqnl0246134 sshd[297195]: Invalid user hadoop from 43.131.29.54 port 40688', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 06:48:56,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388536.3309972, 'message': 'Dec  7 06:48:56 hqnl0246134 sshd[297195]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.29.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 06:48:56,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388536.3312747, 'message': 'Dec  7 06:48:56 hqnl0246134 sshd[297195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.29.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 06:49:00,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388540.3486593, 'message': 'Dec  7 06:48:58 hqnl0246134 sshd[297195]: Failed password for invalid user hadoop from 43.131.29.54 port 40688 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 06:49:00,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388540.3490183, 'message': 'Dec  7 06:48:59 hqnl0246134 sshd[297195]: Disconnected from invalid user hadoop 43.131.29.54 port 40688 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 06:49:02,004] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:49:02,004] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:49:02,016] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:49:02,028] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
WARNING [2022-12-07 06:49:13,203] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:49:13,225] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0316 seconds
INFO    [2022-12-07 06:49:17,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:49:17,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:49:17,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:49:17,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 06:49:20,681] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:49:20,681] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:49:20,691] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:49:20,712] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-07 06:49:24,412] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670388564.3931432, 'message': 'Dec  7 06:49:24 hqnl0246134 sshd[297232]: Invalid user git from 103.90.226.179 port 42506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 06:49:24,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.90.226.179', 'timestamp': 1670388564.393399, 'message': 'Dec  7 06:49:24 hqnl0246134 sshd[297232]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.90.226.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 06:49:24,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.90.226.179', 'timestamp': 1670388564.3935647, 'message': 'Dec  7 06:49:24 hqnl0246134 sshd[297232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 06:49:28,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670388568.3976114, 'message': 'Dec  7 06:49:26 hqnl0246134 sshd[297232]: Failed password for invalid user git from 103.90.226.179 port 42506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0477 seconds
INFO    [2022-12-07 06:49:28,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670388568.397973, 'message': 'Dec  7 06:49:28 hqnl0246134 sshd[297234]: Invalid user teste from 43.153.82.56 port 37238', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 06:49:28,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.82.56', 'timestamp': 1670388568.398135, 'message': 'Dec  7 06:49:28 hqnl0246134 sshd[297234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.82.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 06:49:28,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.82.56', 'timestamp': 1670388568.3982694, 'message': 'Dec  7 06:49:28 hqnl0246134 sshd[297234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.82.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 06:49:30,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670388570.398635, 'message': 'Dec  7 06:49:28 hqnl0246134 sshd[297232]: Disconnected from invalid user git 103.90.226.179 port 42506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 06:49:30,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670388570.399645, 'message': 'Dec  7 06:49:30 hqnl0246134 sshd[297234]: Failed password for invalid user teste from 43.153.82.56 port 37238 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 06:49:34,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670388574.4029777, 'message': 'Dec  7 06:49:32 hqnl0246134 sshd[297234]: Disconnected from invalid user teste 43.153.82.56 port 37238 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 06:49:51,971] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:49:51,972] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:50:13,213] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:50:13,245] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0445 seconds
INFO    [2022-12-07 06:50:19,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:50:19,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:50:19,312] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:50:19,328] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 06:50:22,062] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:50:22,062] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:50:22,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:50:22,083] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
WARNING [2022-12-07 06:50:51,977] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:50:51,978] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:51:17,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:51:17,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:51:17,949] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:51:17,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 06:51:20,596] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:51:20,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:51:20,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:51:20,615] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 06:51:40,164] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 06:51:40,167] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 06:51:40,992] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 06:51:50,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388710.6894138, 'message': 'Dec  7 06:51:49 hqnl0246134 sshd[297371]: Invalid user test from 46.101.223.61 port 45432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 06:51:50,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388710.6900125, 'message': 'Dec  7 06:51:49 hqnl0246134 sshd[297371]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.223.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 06:51:50,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388710.6902256, 'message': 'Dec  7 06:51:49 hqnl0246134 sshd[297371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.223.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 06:51:51,981] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:51:51,982] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:51:52,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388712.6898263, 'message': 'Dec  7 06:51:50 hqnl0246134 sshd[297371]: Failed password for invalid user test from 46.101.223.61 port 45432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 06:51:52,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388712.690099, 'message': 'Dec  7 06:51:51 hqnl0246134 sshd[297371]: Disconnected from invalid user test 46.101.223.61 port 45432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 06:51:53,817] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:51:53,817] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:51:53,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:51:53,835] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-07 06:51:54,239] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 06:52:13,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:52:13,259] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0506 seconds
INFO    [2022-12-07 06:52:17,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:52:17,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:52:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:52:17,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 06:52:20,493] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:52:20,495] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:52:20,504] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:52:20,516] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 06:52:24,753] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '113.200.105.23', 'timestamp': 1670388744.7323327, 'message': 'Dec  7 06:52:23 hqnl0246134 sshd[297416]: pam_imunify(sshd:auth): [IM360_RBL] The IP 113.200.105.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 06:52:24,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '113.200.105.23', 'timestamp': 1670388744.7326658, 'message': 'Dec  7 06:52:23 hqnl0246134 sshd[297416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.200.105.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 06:52:26,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '113.200.105.23', 'timestamp': 1670388746.7340338, 'message': 'Dec  7 06:52:25 hqnl0246134 sshd[297416]: Failed password for root from 113.200.105.23 port 42598 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 06:52:48,486] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:52:48,552] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:52:48,553] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:52:48,553] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:52:48,553] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:52:48,554] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:52:48,567] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:52:48,584] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0292 seconds
WARNING [2022-12-07 06:52:48,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:52:48,593] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:52:48,610] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-07 06:52:48,611] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0297 seconds
WARNING [2022-12-07 06:52:51,984] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:52:51,984] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:53:13,225] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:53:13,253] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0394 seconds
INFO    [2022-12-07 06:53:18,048] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:53:18,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:53:18,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:53:18,068] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 06:53:18,680] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:53:18,681] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:53:18,682] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 06:53:22,594] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:53:22,595] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:53:22,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:53:22,612] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0166 seconds
WARNING [2022-12-07 06:53:51,987] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:53:51,989] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:53:52,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388832.8338797, 'message': 'Dec  7 06:53:51 hqnl0246134 sshd[297478]: Invalid user saurabh from 46.101.223.61 port 47344', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 06:53:52,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388832.8345003, 'message': 'Dec  7 06:53:51 hqnl0246134 sshd[297478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.223.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 06:53:52,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388832.8347907, 'message': 'Dec  7 06:53:51 hqnl0246134 sshd[297478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.223.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 06:53:54,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388834.834376, 'message': 'Dec  7 06:53:53 hqnl0246134 sshd[297478]: Failed password for invalid user saurabh from 46.101.223.61 port 47344 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 06:53:56,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388836.8378167, 'message': 'Dec  7 06:53:55 hqnl0246134 sshd[297478]: Disconnected from invalid user saurabh 46.101.223.61 port 47344 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 06:53:57,668] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:53:57,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:53:57,678] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:53:57,690] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
WARNING [2022-12-07 06:54:13,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:54:13,253] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-07 06:54:14,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.252.98.138', 'timestamp': 1670388854.8575325, 'message': 'Dec  7 06:54:13 hqnl0246134 sshd[297505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.252.98.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 06:54:14,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.252.98.138', 'timestamp': 1670388854.8578553, 'message': 'Dec  7 06:54:13 hqnl0246134 sshd[297505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.252.98.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 06:54:16,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.252.98.138', 'timestamp': 1670388856.8595927, 'message': 'Dec  7 06:54:15 hqnl0246134 sshd[297505]: Failed password for root from 198.252.98.138 port 51004 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 06:54:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:54:17,974] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:54:17,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:54:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 06:54:20,951] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:54:20,952] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:54:20,966] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:54:20,982] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
WARNING [2022-12-07 06:54:51,994] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:54:51,995] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:55:13,236] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:55:13,258] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0347 seconds
INFO    [2022-12-07 06:55:17,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:55:17,772] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:55:17,785] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:55:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0301 seconds
INFO    [2022-12-07 06:55:20,441] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:55:20,442] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:55:20,450] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:55:20,461] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 06:55:46,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388946.9687123, 'message': 'Dec  7 06:55:46 hqnl0246134 sshd[297592]: Invalid user giovanni from 46.101.223.61 port 49256', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 06:55:47,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388946.9691706, 'message': 'Dec  7 06:55:46 hqnl0246134 sshd[297592]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.223.61 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 06:55:47,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388946.969352, 'message': 'Dec  7 06:55:46 hqnl0246134 sshd[297592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.223.61 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 06:55:48,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388948.966899, 'message': 'Dec  7 06:55:48 hqnl0246134 sshd[297592]: Failed password for invalid user giovanni from 46.101.223.61 port 49256 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 06:55:51,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.223.61', 'timestamp': 1670388950.9673653, 'message': 'Dec  7 06:55:50 hqnl0246134 sshd[297592]: Disconnected from invalid user giovanni 46.101.223.61 port 49256 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
WARNING [2022-12-07 06:55:51,997] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:55:51,998] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:55:53,271] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:55:53,272] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:55:53,279] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:55:53,290] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
WARNING [2022-12-07 06:56:13,238] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:56:13,262] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-07 06:56:17,704] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:56:17,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:56:17,713] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:56:17,725] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 06:56:20,319] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:56:20,320] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:56:20,327] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:56:20,339] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 06:56:21,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388981.0164974, 'message': 'Dec  7 06:56:20 hqnl0246134 sshd[297630]: Invalid user saurabh from 43.131.29.54 port 54992', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 06:56:21,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388981.0167844, 'message': 'Dec  7 06:56:20 hqnl0246134 sshd[297630]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.29.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 06:56:21,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388981.016965, 'message': 'Dec  7 06:56:20 hqnl0246134 sshd[297630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.29.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 06:56:23,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388983.019532, 'message': 'Dec  7 06:56:22 hqnl0246134 sshd[297630]: Failed password for invalid user saurabh from 43.131.29.54 port 54992 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 06:56:25,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670388985.024935, 'message': 'Dec  7 06:56:24 hqnl0246134 sshd[297630]: Disconnected from invalid user saurabh 43.131.29.54 port 54992 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 06:56:52,002] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:56:52,003] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:57:01,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389021.0754862, 'message': 'Dec  7 06:57:00 hqnl0246134 sshd[297654]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 06:57:01,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389021.0759873, 'message': 'Dec  7 06:57:00 hqnl0246134 sshd[297654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 06:57:03,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389023.0776405, 'message': 'Dec  7 06:57:02 hqnl0246134 sshd[297654]: Failed password for root from 41.129.106.43 port 57098 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 06:57:13,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:57:13,266] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-07 06:57:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:57:17,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:57:17,896] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:57:17,908] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 06:57:20,530] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:57:20,531] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:57:20,538] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:57:20,549] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 06:57:27,140] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389047.118061, 'message': 'Dec  7 06:57:26 hqnl0246134 sshd[297684]: Invalid user irene from 43.153.82.56 port 35324', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 06:57:27,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389047.1184697, 'message': 'Dec  7 06:57:26 hqnl0246134 sshd[297684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.82.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 06:57:27,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389047.1186814, 'message': 'Dec  7 06:57:26 hqnl0246134 sshd[297684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.82.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 06:57:29,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389049.1219776, 'message': 'Dec  7 06:57:28 hqnl0246134 sshd[297684]: Failed password for invalid user irene from 43.153.82.56 port 35324 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 06:57:31,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389051.1254098, 'message': 'Dec  7 06:57:30 hqnl0246134 sshd[297684]: Disconnected from invalid user irene 43.153.82.56 port 35324 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 06:57:32,646] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:57:32,647] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:57:32,656] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:57:32,668] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-07 06:57:52,006] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:57:52,008] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 06:58:13,244] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:58:13,266] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0311 seconds
INFO    [2022-12-07 06:58:18,139] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:58:18,139] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:58:18,147] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:58:18,158] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 06:58:20,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:58:20,783] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:58:20,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:58:20,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 06:58:52,011] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:58:52,013] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:58:55,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389135.2990844, 'message': 'Dec  7 06:58:53 hqnl0246134 sshd[297752]: Invalid user test from 43.131.29.54 port 45000', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 06:58:55,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389135.3004048, 'message': 'Dec  7 06:58:53 hqnl0246134 sshd[297752]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.29.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 06:58:55,374] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389135.3007112, 'message': 'Dec  7 06:58:53 hqnl0246134 sshd[297752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.29.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 06:58:55,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389135.3009493, 'message': 'Dec  7 06:58:55 hqnl0246134 sshd[297752]: Failed password for invalid user test from 43.131.29.54 port 45000 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 06:58:57,316] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389137.2993464, 'message': 'Dec  7 06:58:55 hqnl0246134 sshd[297752]: Disconnected from invalid user test 43.131.29.54 port 45000 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
WARNING [2022-12-07 06:59:13,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:59:13,291] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0507 seconds
INFO    [2022-12-07 06:59:18,024] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:59:18,025] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:59:18,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:59:18,048] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 06:59:20,580] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 06:59:20,580] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 06:59:20,589] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:59:20,601] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 06:59:25,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389165.3490942, 'message': 'Dec  7 06:59:23 hqnl0246134 sshd[297782]: Invalid user postgres from 84.255.249.179 port 57348', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 06:59:25,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389165.3494685, 'message': 'Dec  7 06:59:23 hqnl0246134 sshd[297782]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.255.249.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 06:59:25,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389165.3496945, 'message': 'Dec  7 06:59:23 hqnl0246134 sshd[297782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.249.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 06:59:25,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389165.357647, 'message': 'Dec  7 06:59:25 hqnl0246134 sshd[297782]: Failed password for invalid user postgres from 84.255.249.179 port 57348 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 06:59:27,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389167.3522, 'message': 'Dec  7 06:59:25 hqnl0246134 sshd[297782]: Disconnected from invalid user postgres 84.255.249.179 port 57348 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 06:59:28,734] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 06:59:28,802] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 06:59:28,802] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 06:59:28,802] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 06:59:28,803] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 06:59:28,803] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 06:59:28,812] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 06:59:28,829] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0260 seconds
WARNING [2022-12-07 06:59:28,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 06:59:28,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 06:59:28,854] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0316 seconds
INFO    [2022-12-07 06:59:28,856] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0289 seconds
INFO    [2022-12-07 06:59:37,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389177.37286, 'message': 'Dec  7 06:59:37 hqnl0246134 sshd[297795]: Invalid user exx from 43.153.82.56 port 57834', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 06:59:37,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389177.3739827, 'message': 'Dec  7 06:59:37 hqnl0246134 sshd[297795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.82.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 06:59:37,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389177.374107, 'message': 'Dec  7 06:59:37 hqnl0246134 sshd[297795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.82.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 06:59:39,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389179.37544, 'message': 'Dec  7 06:59:38 hqnl0246134 sshd[297795]: Failed password for invalid user exx from 43.153.82.56 port 57834 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 06:59:41,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389181.3791833, 'message': 'Dec  7 06:59:40 hqnl0246134 sshd[297795]: Disconnected from invalid user exx 43.153.82.56 port 57834 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-07 06:59:52,016] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 06:59:52,018] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 06:59:58,956] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 06:59:58,956] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 06:59:58,957] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 07:00:12,718] defence360agent.files: Updating all files
INFO    [2022-12-07 07:00:13,072] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:13,073] defence360agent.files: ossec files update finished (not updated)
WARNING [2022-12-07 07:00:13,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:00:13,285] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0384 seconds
INFO    [2022-12-07 07:00:13,367] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:13,367] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 07:00:13,689] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:13,690] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 07:00:13,972] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:13,972] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 07:00:13,973] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 07:00:14,234] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 05:00:14 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E6A23E535CAF7'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 07:00:14,236] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 07:00:14,237] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 07:00:14,872] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:14,873] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 07:00:15,135] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:15,136] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 07:00:15,401] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:15,402] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 07:00:15,793] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:15,793] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 07:00:16,203] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 07:00:16,206] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 07:00:17,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:00:17,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:00:17,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:00:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-07 07:00:20,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:00:20,914] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:00:20,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:00:20,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
WARNING [2022-12-07 07:00:52,021] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:00:52,022] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:01:20,319] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:01:20,320] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:01:20,330] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:01:20,344] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0234 seconds
INFO    [2022-12-07 07:01:25,603] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:01:25,604] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:01:25,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:01:25,625] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 07:01:31,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389291.5133002, 'message': 'Dec  7 07:01:30 hqnl0246134 sshd[297922]: Invalid user giovanni from 43.131.29.54 port 35008', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 07:01:31,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389291.5136898, 'message': 'Dec  7 07:01:30 hqnl0246134 sshd[297922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.29.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 07:01:31,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389291.5138886, 'message': 'Dec  7 07:01:30 hqnl0246134 sshd[297922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.29.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 07:01:33,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389293.5139472, 'message': 'Dec  7 07:01:32 hqnl0246134 sshd[297922]: Failed password for invalid user giovanni from 43.131.29.54 port 35008 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:01:35,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.29.54', 'timestamp': 1670389295.517867, 'message': 'Dec  7 07:01:34 hqnl0246134 sshd[297922]: Disconnected from invalid user giovanni 43.131.29.54 port 35008 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 07:01:36,815] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:01:36,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:01:36,826] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:01:36,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
WARNING [2022-12-07 07:01:52,026] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:01:52,028] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:01:54,241] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 07:01:55,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389315.5380518, 'message': 'Dec  7 07:01:53 hqnl0246134 sshd[297934]: Invalid user user5 from 43.153.82.56 port 58786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 07:01:55,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389315.5388064, 'message': 'Dec  7 07:01:53 hqnl0246134 sshd[297934]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.82.56 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:01:55,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389315.5390654, 'message': 'Dec  7 07:01:53 hqnl0246134 sshd[297934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.82.56 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 07:01:57,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389317.5388882, 'message': 'Dec  7 07:01:56 hqnl0246134 sshd[297934]: Failed password for invalid user user5 from 43.153.82.56 port 58786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 07:01:57,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.82.56', 'timestamp': 1670389317.5393999, 'message': 'Dec  7 07:01:56 hqnl0246134 sshd[297934]: Disconnected from invalid user user5 43.153.82.56 port 58786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 07:02:13,265] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:02:13,287] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0357 seconds
INFO    [2022-12-07 07:02:17,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:02:17,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:02:17,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:02:17,988] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 07:02:21,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389341.567806, 'message': 'Dec  7 07:02:19 hqnl0246134 sshd[297970]: Invalid user upload from 84.255.249.179 port 49706', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:02:21,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389341.5680487, 'message': 'Dec  7 07:02:19 hqnl0246134 sshd[297970]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.255.249.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:02:21,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389341.5681825, 'message': 'Dec  7 07:02:19 hqnl0246134 sshd[297970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.249.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:02:22,611] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:02:22,611] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:02:22,618] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:02:22,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 07:02:23,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389343.5692024, 'message': 'Dec  7 07:02:21 hqnl0246134 sshd[297970]: Failed password for invalid user upload from 84.255.249.179 port 49706 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 07:02:23,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389343.5694127, 'message': 'Dec  7 07:02:21 hqnl0246134 sshd[297970]: Disconnected from invalid user upload 84.255.249.179 port 49706 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:02:25,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389345.5699697, 'message': 'Dec  7 07:02:25 hqnl0246134 sshd[297978]: Invalid user git from 41.129.106.43 port 51670', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 07:02:25,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389345.5701947, 'message': 'Dec  7 07:02:25 hqnl0246134 sshd[297978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 07:02:25,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389345.5703385, 'message': 'Dec  7 07:02:25 hqnl0246134 sshd[297978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 07:02:27,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389347.5734756, 'message': 'Dec  7 07:02:26 hqnl0246134 sshd[297978]: Failed password for invalid user git from 41.129.106.43 port 51670 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:02:27,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389347.5737119, 'message': 'Dec  7 07:02:27 hqnl0246134 sshd[297978]: Disconnected from invalid user git 41.129.106.43 port 51670 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 07:02:52,032] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:02:52,034] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:03:13,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:03:13,296] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0374 seconds
INFO    [2022-12-07 07:03:18,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:03:18,136] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:03:18,151] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:03:18,168] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0311 seconds
INFO    [2022-12-07 07:03:20,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:03:20,937] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:03:20,944] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:03:20,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 07:03:52,040] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:03:52,042] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:04:17,832] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:04:17,833] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:04:17,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:04:17,858] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0239 seconds
INFO    [2022-12-07 07:04:20,493] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:04:20,493] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:04:20,501] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:04:20,513] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 07:04:21,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389461.714362, 'message': 'Dec  7 07:04:19 hqnl0246134 sshd[298055]: pam_imunify(sshd:auth): [IM360_RBL] The IP 113.200.105.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:04:21,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389461.7146275, 'message': 'Dec  7 07:04:19 hqnl0246134 sshd[298055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.200.105.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0160 seconds
INFO    [2022-12-07 07:04:23,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389463.714719, 'message': 'Dec  7 07:04:22 hqnl0246134 sshd[298055]: Failed password for root from 113.200.105.23 port 50544 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:04:26,606] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:04:26,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:04:26,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:04:26,627] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 07:04:43,293] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:04:43,363] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:04:43,364] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:04:43,364] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:04:43,364] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:04:43,365] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:04:43,379] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:04:43,398] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0321 seconds
WARNING [2022-12-07 07:04:43,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:04:43,408] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:04:43,427] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0360 seconds
INFO    [2022-12-07 07:04:43,430] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0340 seconds
WARNING [2022-12-07 07:04:52,045] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:04:52,046] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:05:09,818] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389509.79074, 'message': 'Dec  7 07:05:09 hqnl0246134 sshd[298119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 84.255.249.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 07:05:09,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389509.7913384, 'message': 'Dec  7 07:05:09 hqnl0246134 sshd[298119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.249.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:05:11,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '84.255.249.179', 'timestamp': 1670389511.793452, 'message': 'Dec  7 07:05:11 hqnl0246134 sshd[298119]: Failed password for root from 84.255.249.179 port 41962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 07:05:13,275] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:05:13,297] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0301 seconds
INFO    [2022-12-07 07:05:13,494] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:05:13,494] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:05:13,495] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 07:05:17,930] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:05:17,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:05:17,938] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:05:17,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 07:05:19,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389519.8040192, 'message': 'Dec  7 07:05:18 hqnl0246134 sshd[298133]: Invalid user jm from 41.129.106.43 port 39460', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:05:19,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389519.8050194, 'message': 'Dec  7 07:05:18 hqnl0246134 sshd[298133]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 07:05:19,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389519.8051376, 'message': 'Dec  7 07:05:18 hqnl0246134 sshd[298133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:05:20,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:05:20,644] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:05:20,653] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:05:20,665] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 07:05:21,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389521.8063269, 'message': 'Dec  7 07:05:20 hqnl0246134 sshd[298133]: Failed password for invalid user jm from 41.129.106.43 port 39460 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 07:05:23,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389523.8082116, 'message': 'Dec  7 07:05:22 hqnl0246134 sshd[298133]: Disconnected from invalid user jm 41.129.106.43 port 39460 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 07:05:52,048] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:05:52,049] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:05:55,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389555.8643332, 'message': 'Dec  7 07:05:54 hqnl0246134 sshd[298151]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.252.98.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 07:05:55,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389555.8649635, 'message': 'Dec  7 07:05:54 hqnl0246134 sshd[298151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.252.98.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 07:05:57,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389557.8641434, 'message': 'Dec  7 07:05:56 hqnl0246134 sshd[298151]: Failed password for root from 198.252.98.138 port 55150 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 07:06:13,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:06:13,372] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0934 seconds
INFO    [2022-12-07 07:06:18,029] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:06:18,029] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:06:18,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:06:18,049] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 07:06:20,830] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:06:20,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:06:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:06:20,850] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 07:06:41,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389601.961457, 'message': 'Dec  7 07:06:40 hqnl0246134 sshd[298196]: Invalid user log from 103.90.226.179 port 37398', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 07:06:42,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389601.961868, 'message': 'Dec  7 07:06:40 hqnl0246134 sshd[298196]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.90.226.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:06:42,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389601.96203, 'message': 'Dec  7 07:06:40 hqnl0246134 sshd[298196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.179 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:06:43,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389603.9614885, 'message': 'Dec  7 07:06:43 hqnl0246134 sshd[298196]: Failed password for invalid user log from 103.90.226.179 port 37398 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:06:43,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389603.9616995, 'message': 'Dec  7 07:06:43 hqnl0246134 sshd[298196]: Disconnected from invalid user log 103.90.226.179 port 37398 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 07:06:46,097] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:06:46,098] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:06:46,105] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:06:46,116] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-07 07:06:52,053] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:06:52,054] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:07:13,297] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:07:13,329] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0440 seconds
INFO    [2022-12-07 07:07:17,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:07:17,914] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:07:17,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:07:17,933] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 07:07:20,641] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:07:20,642] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:07:20,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:07:20,659] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 07:07:40,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389660.071625, 'message': 'Dec  7 07:07:38 hqnl0246134 sshd[298252]: pam_imunify(sshd:auth): [IM360_RBL] The IP 113.200.105.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 07:07:40,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389660.0722167, 'message': 'Dec  7 07:07:38 hqnl0246134 sshd[298252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.200.105.23  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 07:07:42,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389662.074789, 'message': 'Dec  7 07:07:40 hqnl0246134 sshd[298252]: Failed password for root from 113.200.105.23 port 51522 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 07:07:52,058] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:07:52,059] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:08:13,299] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:08:13,333] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-07 07:08:16,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389696.1412714, 'message': 'Dec  7 07:08:15 hqnl0246134 sshd[298275]: Invalid user agnes from 41.129.106.43 port 55474', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 07:08:16,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389696.1415703, 'message': 'Dec  7 07:08:16 hqnl0246134 sshd[298275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.129.106.43 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 07:08:16,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389696.1417632, 'message': 'Dec  7 07:08:16 hqnl0246134 sshd[298275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.129.106.43 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 07:08:18,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:08:18,297] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:08:18,306] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:08:18,318] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 07:08:20,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389700.1444836, 'message': 'Dec  7 07:08:18 hqnl0246134 sshd[298275]: Failed password for invalid user agnes from 41.129.106.43 port 55474 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0646 seconds
INFO    [2022-12-07 07:08:20,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.129.106.43', 'timestamp': 1670389700.1447444, 'message': 'Dec  7 07:08:19 hqnl0246134 sshd[298275]: Disconnected from invalid user agnes 41.129.106.43 port 55474 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-07 07:08:23,362] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:08:23,363] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:08:23,380] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:08:23,420] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0560 seconds
WARNING [2022-12-07 07:08:52,062] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:08:52,063] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:09:13,308] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:09:13,332] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0359 seconds
INFO    [2022-12-07 07:09:13,631] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:09:13,699] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:09:13,700] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:09:13,700] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:09:13,701] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:09:13,701] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:09:13,710] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:09:13,729] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0274 seconds
WARNING [2022-12-07 07:09:13,736] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:09:13,739] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:09:13,756] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0351 seconds
INFO    [2022-12-07 07:09:13,757] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0322 seconds
INFO    [2022-12-07 07:09:17,898] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:09:17,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:09:17,909] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:09:17,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 07:09:20,591] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:09:20,592] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:09:20,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:09:20,613] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 07:09:43,836] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:09:43,837] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:09:43,838] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 07:09:52,068] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:09:52,069] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:10:18,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:10:18,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:10:18,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:10:18,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-07 07:10:23,540] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:10:23,541] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:10:23,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:10:23,561] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 07:10:24,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389824.3814814, 'message': 'Dec  7 07:10:23 hqnl0246134 sshd[298525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.90.226.179 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 07:10:24,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389824.3819287, 'message': 'Dec  7 07:10:23 hqnl0246134 sshd[298525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.179  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 07:10:26,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.90.226.179', 'timestamp': 1670389826.3821363, 'message': 'Dec  7 07:10:24 hqnl0246134 sshd[298525]: Failed password for root from 103.90.226.179 port 50996 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 07:10:28,346] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:10:28,347] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:10:28,373] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:10:28,392] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0306 seconds
WARNING [2022-12-07 07:10:52,072] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:10:52,073] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:11:02,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389862.434825, 'message': 'Dec  7 07:11:01 hqnl0246134 sshd[298550]: Invalid user leo from 113.200.105.23 port 52502', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 07:11:02,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389862.4354436, 'message': 'Dec  7 07:11:01 hqnl0246134 sshd[298550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 113.200.105.23 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 07:11:02,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389862.4377105, 'message': 'Dec  7 07:11:01 hqnl0246134 sshd[298550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.200.105.23 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 07:11:04,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389864.4371214, 'message': 'Dec  7 07:11:03 hqnl0246134 sshd[298550]: Failed password for invalid user leo from 113.200.105.23 port 52502 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 07:11:04,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '113.200.105.23', 'timestamp': 1670389864.437907, 'message': 'Dec  7 07:11:04 hqnl0246134 sshd[298550]: Disconnected from invalid user leo 113.200.105.23 port 52502 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 07:11:13,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:11:13,342] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-07 07:11:19,388] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:11:19,401] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:11:19,421] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:11:19,478] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0755 seconds
INFO    [2022-12-07 07:11:22,705] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:11:22,706] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:11:22,717] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:11:22,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0269 seconds
WARNING [2022-12-07 07:11:52,083] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:11:52,084] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:11:54,247] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 07:12:18,021] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:12:18,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:12:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:12:18,046] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0226 seconds
INFO    [2022-12-07 07:12:18,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389938.5664365, 'message': 'Dec  7 07:12:17 hqnl0246134 sshd[298631]: Invalid user liferay from 198.252.98.138 port 41934', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 07:12:18,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389938.5667417, 'message': 'Dec  7 07:12:17 hqnl0246134 sshd[298631]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.252.98.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 07:12:18,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389938.56689, 'message': 'Dec  7 07:12:17 hqnl0246134 sshd[298631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.252.98.138 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 07:12:20,634] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:12:20,635] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:12:20,646] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:12:20,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389940.565866, 'message': 'Dec  7 07:12:19 hqnl0246134 sshd[298631]: Failed password for invalid user liferay from 198.252.98.138 port 41934 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0937 seconds
INFO    [2022-12-07 07:12:20,664] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0282 seconds
INFO    [2022-12-07 07:12:22,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.252.98.138', 'timestamp': 1670389942.5665355, 'message': 'Dec  7 07:12:20 hqnl0246134 sshd[298631]: Disconnected from invalid user liferay 198.252.98.138 port 41934 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 07:12:26,173] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:12:26,174] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:12:26,182] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:12:26,197] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
WARNING [2022-12-07 07:12:52,086] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:12:52,087] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:12:55,562] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:12:55,632] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:12:55,633] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:12:55,633] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:12:55,633] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:12:55,634] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:12:55,647] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:12:55,665] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0306 seconds
WARNING [2022-12-07 07:12:55,673] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:12:55,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:12:55,694] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0354 seconds
INFO    [2022-12-07 07:12:55,696] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0337 seconds
INFO    [2022-12-07 07:13:02,471] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 07:13:02,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:13:02,507] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0339 seconds
WARNING [2022-12-07 07:13:13,326] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:13:13,348] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-07 07:13:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:13:17,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:13:17,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:13:17,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 07:13:20,746] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:13:20,746] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:13:20,754] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:13:20,766] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 07:13:26,210] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:13:26,211] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:13:26,212] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 07:13:52,094] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:13:52,095] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:14:19,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:14:19,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:14:19,819] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:14:19,834] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0258 seconds
INFO    [2022-12-07 07:14:22,899] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:14:22,899] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:14:22,907] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:14:22,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-07 07:14:52,098] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:14:52,100] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:15:17,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:15:17,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:15:17,786] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:15:17,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-07 07:15:22,226] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:15:22,226] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:15:22,235] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:15:22,248] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
WARNING [2022-12-07 07:15:52,106] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:15:52,107] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:16:17,829] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:16:17,830] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:16:17,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:16:17,856] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-07 07:16:20,407] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:16:20,407] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:16:20,414] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:16:20,426] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 07:16:52,119] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:16:52,121] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:17:17,888] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:17:17,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:17:17,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:17:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
INFO    [2022-12-07 07:17:20,570] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:17:20,571] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:17:20,581] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:17:20,594] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
WARNING [2022-12-07 07:17:52,130] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:17:52,132] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:18:18,329] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:18:18,330] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:18:18,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:18:18,368] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0358 seconds
INFO    [2022-12-07 07:18:20,967] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:18:20,967] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:18:20,976] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:18:20,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 07:18:22,022] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:18:22,088] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:18:22,088] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:18:22,089] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:18:22,089] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:18:22,089] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:18:22,099] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:18:22,125] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0350 seconds
WARNING [2022-12-07 07:18:22,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:18:22,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:18:22,172] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0567 seconds
INFO    [2022-12-07 07:18:22,175] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0544 seconds
INFO    [2022-12-07 07:18:47,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.252.98.138', 'timestamp': 1670390327.0894678, 'message': 'Dec  7 07:18:47 hqnl0246134 sshd[298954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.252.98.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 07:18:47,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.252.98.138', 'timestamp': 1670390327.0902503, 'message': 'Dec  7 07:18:47 hqnl0246134 sshd[298954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.252.98.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 07:18:49,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.252.98.138', 'timestamp': 1670390329.0935163, 'message': 'Dec  7 07:18:48 hqnl0246134 sshd[298954]: Failed password for root from 198.252.98.138 port 38018 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 07:18:52,136] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:18:52,143] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:18:52,217] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:18:52,218] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:18:52,220] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 07:19:13,344] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:19:13,367] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0336 seconds
INFO    [2022-12-07 07:19:17,985] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:19:17,986] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:19:17,996] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:19:18,011] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0236 seconds
INFO    [2022-12-07 07:19:22,247] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:19:22,248] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:19:22,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:19:22,269] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
WARNING [2022-12-07 07:19:52,146] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:19:52,148] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:20:18,144] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:20:18,145] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:20:18,157] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:20:18,171] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
INFO    [2022-12-07 07:20:21,056] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:20:21,056] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:20:21,064] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:20:21,076] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-07 07:20:52,152] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:20:52,155] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:21:18,277] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:21:18,278] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:21:18,289] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:21:18,302] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-07 07:21:22,728] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:21:22,729] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:21:22,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:21:22,750] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
WARNING [2022-12-07 07:21:52,176] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:21:52,179] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:21:54,319] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 07:22:17,816] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:22:17,817] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:22:17,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:22:17,848] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0294 seconds
INFO    [2022-12-07 07:22:20,313] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:22:20,314] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:22:20,322] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:22:20,333] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 07:22:34,566] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:22:34,636] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:22:34,637] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:22:34,637] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:22:34,637] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:22:34,638] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:22:34,656] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:22:34,686] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0471 seconds
WARNING [2022-12-07 07:22:34,698] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:22:34,701] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:22:34,722] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0464 seconds
INFO    [2022-12-07 07:22:34,724] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0414 seconds
WARNING [2022-12-07 07:22:52,182] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:22:52,185] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:23:04,793] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:23:04,794] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:23:04,795] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-07 07:23:18,129] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:23:18,130] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:23:18,142] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:23:18,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-07 07:23:20,734] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:23:20,734] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:23:20,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:23:20,752] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
WARNING [2022-12-07 07:23:52,190] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:23:52,194] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:24:17,861] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:24:17,862] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:24:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:24:17,890] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0266 seconds
INFO    [2022-12-07 07:24:20,584] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:24:20,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:24:20,595] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:24:20,612] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
WARNING [2022-12-07 07:24:52,197] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:24:52,198] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:25:18,891] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:25:18,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:25:18,903] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:25:18,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-07 07:25:21,479] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:25:21,480] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:25:21,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:25:21,506] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
WARNING [2022-12-07 07:25:52,202] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:25:52,204] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:26:17,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:26:17,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:26:17,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:26:17,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 07:26:20,593] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:26:20,594] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:26:20,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:26:20,612] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 07:26:21,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.25.210', 'timestamp': 1670390781.8179414, 'message': 'Dec  7 07:26:19 hqnl0246134 sshd[299316]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.25.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 07:26:21,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.25.210', 'timestamp': 1670390781.8182704, 'message': 'Dec  7 07:26:19 hqnl0246134 sshd[299316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.25.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 07:26:23,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.181.25.210', 'timestamp': 1670390783.829143, 'message': 'Dec  7 07:26:22 hqnl0246134 sshd[299316]: Failed password for root from 190.181.25.210 port 44371 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:26:26,444] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:26:26,444] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:26:26,451] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:26:26,462] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
WARNING [2022-12-07 07:26:52,209] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:26:52,213] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:27:14,138] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:27:14,159] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.8045 seconds
INFO    [2022-12-07 07:27:17,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:27:17,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:27:17,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:27:17,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 07:27:22,442] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:27:22,442] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:27:22,449] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:27:22,461] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 07:27:52,217] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:27:52,220] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:28:18,122] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:28:18,122] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:28:18,133] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:28:18,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 07:28:20,961] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:28:20,961] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:28:20,969] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:28:20,983] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 07:28:26,111] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.1.200.180', 'timestamp': 1670390906.09186, 'message': 'Dec  7 07:28:25 hqnl0246134 sshd[299426]: Invalid user iot from 190.1.200.180 port 40360', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:28:26,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.1.200.180', 'timestamp': 1670390906.0926769, 'message': 'Dec  7 07:28:25 hqnl0246134 sshd[299426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.1.200.180 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 07:28:26,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.1.200.180', 'timestamp': 1670390906.0927842, 'message': 'Dec  7 07:28:25 hqnl0246134 sshd[299426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.200.180 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 07:28:30,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.1.200.180', 'timestamp': 1670390910.0993683, 'message': 'Dec  7 07:28:28 hqnl0246134 sshd[299426]: Failed password for invalid user iot from 190.1.200.180 port 40360 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 07:28:30,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.1.200.180', 'timestamp': 1670390910.0998156, 'message': 'Dec  7 07:28:29 hqnl0246134 sshd[299426]: Disconnected from invalid user iot 190.1.200.180 port 40360 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 07:28:34,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670390914.1022387, 'message': 'Dec  7 07:28:32 hqnl0246134 sshd[299428]: Invalid user common from 103.89.85.18 port 56172', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 07:28:34,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.18', 'timestamp': 1670390914.102506, 'message': 'Dec  7 07:28:32 hqnl0246134 sshd[299428]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 07:28:34,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.18', 'timestamp': 1670390914.10269, 'message': 'Dec  7 07:28:32 hqnl0246134 sshd[299428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:28:36,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670390916.1060352, 'message': 'Dec  7 07:28:34 hqnl0246134 sshd[299428]: Failed password for invalid user common from 103.89.85.18 port 56172 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 07:28:36,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670390916.1063156, 'message': 'Dec  7 07:28:35 hqnl0246134 sshd[299428]: Disconnected from invalid user common 103.89.85.18 port 56172 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
WARNING [2022-12-07 07:28:52,225] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:28:52,227] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:29:13,372] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:29:13,412] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0495 seconds
INFO    [2022-12-07 07:29:14,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.145.143.242', 'timestamp': 1670390954.1756177, 'message': 'Dec  7 07:29:13 hqnl0246134 sshd[299460]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.145.143.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 07:29:14,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.145.143.242', 'timestamp': 1670390954.176016, 'message': 'Dec  7 07:29:13 hqnl0246134 sshd[299460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.145.143.242  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 07:29:16,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.145.143.242', 'timestamp': 1670390956.1834214, 'message': 'Dec  7 07:29:15 hqnl0246134 sshd[299460]: Failed password for root from 190.145.143.242 port 33902 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 07:29:17,897] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:29:17,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:29:17,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:29:17,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 07:29:20,836] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:29:20,836] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:29:20,843] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:29:20,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-07 07:29:52,230] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:29:52,234] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:29:56,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670390996.229383, 'message': 'Dec  7 07:29:56 hqnl0246134 sshd[299491]: Invalid user student01 from 200.52.201.26 port 48902', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 07:29:58,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.52.201.26', 'timestamp': 1670390998.230044, 'message': 'Dec  7 07:29:56 hqnl0246134 sshd[299491]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.52.201.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 07:29:58,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.52.201.26', 'timestamp': 1670390998.2303936, 'message': 'Dec  7 07:29:56 hqnl0246134 sshd[299491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.52.201.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:29:58,290] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670390998.2307024, 'message': 'Dec  7 07:29:58 hqnl0246134 sshd[299491]: Failed password for invalid user student01 from 200.52.201.26 port 48902 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 07:30:00,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391000.2325149, 'message': 'Dec  7 07:29:59 hqnl0246134 sshd[299491]: Disconnected from invalid user student01 200.52.201.26 port 48902 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 07:30:03,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:30:03,533] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:30:03,544] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:30:03,559] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0245 seconds
INFO    [2022-12-07 07:30:10,884] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:30:10,953] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:30:10,954] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:30:10,954] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:30:10,954] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:30:10,955] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:30:10,965] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:30:10,983] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0279 seconds
WARNING [2022-12-07 07:30:10,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:30:10,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:30:11,019] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0433 seconds
INFO    [2022-12-07 07:30:11,021] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0409 seconds
WARNING [2022-12-07 07:30:13,374] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:30:13,394] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0273 seconds
INFO    [2022-12-07 07:30:16,208] defence360agent.files: Updating all files
INFO    [2022-12-07 07:30:16,595] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:16,595] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 07:30:16,903] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:16,904] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 07:30:17,245] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:17,246] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 07:30:17,578] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:17,578] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 07:30:17,579] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 07:30:17,840] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 05:30:17 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E6BC7D475E741'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 07:30:17,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:30:17,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 07:30:17,912] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 07:30:17,913] defence360agent.files: php-immunity files update finished (not updated)
WARNING [2022-12-07 07:30:18,193] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:30:18,204] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.2923 seconds
INFO    [2022-12-07 07:30:18,457] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:18,458] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 07:30:18,818] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:18,819] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 07:30:19,082] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:19,082] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 07:30:19,480] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:19,481] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 07:30:19,899] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 07:30:19,901] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 07:30:20,677] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:30:20,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:30:20,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:30:20,699] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 07:30:22,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391022.2612112, 'message': 'Dec  7 07:30:21 hqnl0246134 sshd[299550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.228.139.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:30:22,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391022.261416, 'message': 'Dec  7 07:30:21 hqnl0246134 sshd[299550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.139.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:30:26,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391026.2659028, 'message': 'Dec  7 07:30:24 hqnl0246134 sshd[299550]: Failed password for root from 2.228.139.162 port 18900 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 07:30:41,100] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:30:41,101] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:30:41,102] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 07:30:52,238] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:30:52,239] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:31:13,391] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:31:13,428] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0545 seconds
INFO    [2022-12-07 07:31:19,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:31:19,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:31:19,995] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:31:20,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0286 seconds
INFO    [2022-12-07 07:31:23,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:31:23,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:31:23,135] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:31:23,146] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 07:31:30,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391090.3474433, 'message': 'Dec  7 07:31:29 hqnl0246134 sshd[299599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.155.4 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 07:31:30,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391090.347865, 'message': 'Dec  7 07:31:29 hqnl0246134 sshd[299599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.155.4  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:31:32,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391092.3494956, 'message': 'Dec  7 07:31:31 hqnl0246134 sshd[299599]: Failed password for root from 43.135.155.4 port 33882 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 07:31:36,054] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:31:36,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:31:36,066] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:31:36,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
WARNING [2022-12-07 07:31:52,242] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:31:52,244] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:31:54,321] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 07:32:13,392] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:32:13,414] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 07:32:18,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:32:18,012] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:32:18,020] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:32:18,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 07:32:22,646] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:32:22,647] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:32:22,655] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:32:22,668] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 07:32:42,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391162.4063404, 'message': 'Dec  7 07:32:40 hqnl0246134 sshd[299674]: Invalid user vodafone from 139.59.189.130 port 33692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 07:32:42,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391162.406977, 'message': 'Dec  7 07:32:40 hqnl0246134 sshd[299674]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.189.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 07:32:42,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391162.4072316, 'message': 'Dec  7 07:32:40 hqnl0246134 sshd[299674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.189.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 07:32:44,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391164.4069676, 'message': 'Dec  7 07:32:42 hqnl0246134 sshd[299674]: Failed password for invalid user vodafone from 139.59.189.130 port 33692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 07:32:44,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391164.4072824, 'message': 'Dec  7 07:32:44 hqnl0246134 sshd[299674]: Disconnected from invalid user vodafone 139.59.189.130 port 33692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 07:32:52,248] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:32:52,249] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:33:04,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.255.208.138', 'timestamp': 1670391184.4272287, 'message': 'Dec  7 07:33:03 hqnl0246134 sshd[299686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.255.208.138 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 07:33:04,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.255.208.138', 'timestamp': 1670391184.4275026, 'message': 'Dec  7 07:33:03 hqnl0246134 sshd[299686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.255.208.138  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 07:33:06,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '197.255.208.138', 'timestamp': 1670391186.4305534, 'message': 'Dec  7 07:33:06 hqnl0246134 sshd[299686]: Failed password for root from 197.255.208.138 port 49868 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0264 seconds
WARNING [2022-12-07 07:33:13,395] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:33:13,418] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0315 seconds
INFO    [2022-12-07 07:33:18,163] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:33:18,164] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:33:18,170] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:33:18,181] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 07:33:20,973] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:33:20,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:33:20,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:33:20,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 07:33:52,251] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:33:52,252] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:33:56,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391236.4992683, 'message': 'Dec  7 07:33:55 hqnl0246134 sshd[299719]: Invalid user oracle from 103.89.85.18 port 34984', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 07:33:56,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391236.4997787, 'message': 'Dec  7 07:33:55 hqnl0246134 sshd[299719]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:33:56,561] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391236.4999852, 'message': 'Dec  7 07:33:55 hqnl0246134 sshd[299719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:33:58,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391238.4856827, 'message': 'Dec  7 07:33:57 hqnl0246134 sshd[299719]: Failed password for invalid user oracle from 103.89.85.18 port 34984 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:34:00,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391240.4890292, 'message': 'Dec  7 07:33:58 hqnl0246134 sshd[299719]: Disconnected from invalid user oracle 103.89.85.18 port 34984 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 07:34:01,505] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:34:01,506] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:34:01,524] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:34:01,544] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0370 seconds
INFO    [2022-12-07 07:34:12,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391252.500559, 'message': 'Dec  7 07:34:12 hqnl0246134 sshd[299742]: Invalid user rancher from 205.134.184.98 port 46012', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
WARNING [2022-12-07 07:34:13,397] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:34:13,418] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0288 seconds
INFO    [2022-12-07 07:34:14,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391254.5027425, 'message': 'Dec  7 07:34:12 hqnl0246134 sshd[299742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 205.134.184.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 07:34:14,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391254.5029373, 'message': 'Dec  7 07:34:12 hqnl0246134 sshd[299742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.134.184.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 07:34:14,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391254.503151, 'message': 'Dec  7 07:34:14 hqnl0246134 sshd[299742]: Failed password for invalid user rancher from 205.134.184.98 port 46012 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 07:34:16,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391256.5056164, 'message': 'Dec  7 07:34:15 hqnl0246134 sshd[299742]: Disconnected from invalid user rancher 205.134.184.98 port 46012 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0668 seconds
INFO    [2022-12-07 07:34:18,160] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:34:18,161] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:34:18,185] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:34:18,199] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 07:34:20,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:34:20,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:34:20,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:34:20,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
WARNING [2022-12-07 07:34:52,258] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:34:52,259] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:35:13,416] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:35:13,448] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0463 seconds
INFO    [2022-12-07 07:35:18,230] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:35:18,231] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:35:18,243] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:35:18,254] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 07:35:20,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391320.5705528, 'message': 'Dec  7 07:35:20 hqnl0246134 sshd[299823]: Invalid user rtorrent from 159.89.230.196 port 36348', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:35:20,935] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:35:20,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:35:20,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:35:20,954] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 07:35:22,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391322.57255, 'message': 'Dec  7 07:35:20 hqnl0246134 sshd[299823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.230.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 07:35:22,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391322.5729313, 'message': 'Dec  7 07:35:20 hqnl0246134 sshd[299823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.230.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 07:35:24,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391324.5748713, 'message': 'Dec  7 07:35:23 hqnl0246134 sshd[299823]: Failed password for invalid user rtorrent from 159.89.230.196 port 36348 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:35:26,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391326.577713, 'message': 'Dec  7 07:35:24 hqnl0246134 sshd[299823]: Disconnected from invalid user rtorrent 159.89.230.196 port 36348 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:35:27,350] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:35:27,350] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:35:27,360] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:35:27,372] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0214 seconds
INFO    [2022-12-07 07:35:38,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391338.5989838, 'message': 'Dec  7 07:35:37 hqnl0246134 sshd[299837]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.84.137 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 07:35:38,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391338.599754, 'message': 'Dec  7 07:35:37 hqnl0246134 sshd[299838]: Invalid user jenkins from 197.255.216.210 port 52530', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0390 seconds
INFO    [2022-12-07 07:35:38,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391338.599583, 'message': 'Dec  7 07:35:37 hqnl0246134 sshd[299837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.84.137  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 07:35:38,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391338.5998738, 'message': 'Dec  7 07:35:37 hqnl0246134 sshd[299838]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.255.216.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 07:35:38,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391338.5999997, 'message': 'Dec  7 07:35:37 hqnl0246134 sshd[299838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.255.216.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 07:35:40,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391340.59401, 'message': 'Dec  7 07:35:39 hqnl0246134 sshd[299837]: Failed password for root from 51.250.84.137 port 54008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 07:35:40,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391340.5942469, 'message': 'Dec  7 07:35:40 hqnl0246134 sshd[299838]: Failed password for invalid user jenkins from 197.255.216.210 port 52530 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 07:35:42,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391342.5968087, 'message': 'Dec  7 07:35:41 hqnl0246134 sshd[299838]: Disconnected from invalid user jenkins 197.255.216.210 port 52530 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:35:50,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391350.6056726, 'message': 'Dec  7 07:35:48 hqnl0246134 sshd[299852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 07:35:50,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391350.6059043, 'message': 'Dec  7 07:35:48 hqnl0246134 sshd[299852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.18  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 07:35:52,262] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:35:52,263] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:35:52,626] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391352.6075027, 'message': 'Dec  7 07:35:50 hqnl0246134 sshd[299852]: Failed password for root from 103.89.85.18 port 33814 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 07:36:13,420] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:36:13,447] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0369 seconds
INFO    [2022-12-07 07:36:17,919] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:36:17,920] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:36:17,927] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:36:17,939] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 07:36:21,051] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:36:21,051] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:36:21,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:36:21,110] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0580 seconds
INFO    [2022-12-07 07:36:46,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391406.6565022, 'message': 'Dec  7 07:36:46 hqnl0246134 sshd[299899]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.90.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 07:36:48,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391408.6553435, 'message': 'Dec  7 07:36:46 hqnl0246134 sshd[299899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.90.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 07:36:48,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391408.6555882, 'message': 'Dec  7 07:36:48 hqnl0246134 sshd[299899]: Failed password for root from 128.199.90.73 port 33498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 07:36:51,610] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:36:51,610] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:36:51,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:36:51,629] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-07 07:36:52,267] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:36:52,267] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:37:00,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391420.6719043, 'message': 'Dec  7 07:37:00 hqnl0246134 sshd[299910]: Invalid user ubuntu from 197.255.216.210 port 43732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:37:00,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391420.6723104, 'message': 'Dec  7 07:37:00 hqnl0246134 sshd[299910]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.255.216.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 07:37:00,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391420.672492, 'message': 'Dec  7 07:37:00 hqnl0246134 sshd[299910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.255.216.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:37:02,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391422.6738935, 'message': 'Dec  7 07:37:02 hqnl0246134 sshd[299910]: Failed password for invalid user ubuntu from 197.255.216.210 port 43732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 07:37:04,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391424.6757324, 'message': 'Dec  7 07:37:02 hqnl0246134 sshd[299910]: Disconnected from invalid user ubuntu 197.255.216.210 port 43732 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 07:37:06,698] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391426.6782506, 'message': 'Dec  7 07:37:06 hqnl0246134 sshd[299920]: Invalid user sysadmin from 43.135.155.4 port 47786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:37:06,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391426.678498, 'message': 'Dec  7 07:37:06 hqnl0246134 sshd[299920]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.155.4 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:37:06,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391426.6786687, 'message': 'Dec  7 07:37:06 hqnl0246134 sshd[299920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.155.4 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 07:37:08,717] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391428.6812174, 'message': 'Dec  7 07:37:07 hqnl0246134 sshd[299920]: Failed password for invalid user sysadmin from 43.135.155.4 port 47786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 07:37:08,718] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391428.681649, 'message': 'Dec  7 07:37:07 hqnl0246134 sshd[299922]: Invalid user jenkins from 43.153.104.54 port 47190', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 07:37:08,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391428.6821322, 'message': 'Dec  7 07:37:08 hqnl0246134 sshd[299920]: Disconnected from invalid user sysadmin 43.135.155.4 port 47786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 07:37:08,758] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391428.6818457, 'message': 'Dec  7 07:37:08 hqnl0246134 sshd[299922]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.104.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 07:37:08,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391428.6820135, 'message': 'Dec  7 07:37:08 hqnl0246134 sshd[299922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.104.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 07:37:10,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391430.6831667, 'message': 'Dec  7 07:37:10 hqnl0246134 sshd[299922]: Failed password for invalid user jenkins from 43.153.104.54 port 47190 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 07:37:12,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391432.6855597, 'message': 'Dec  7 07:37:11 hqnl0246134 sshd[299922]: Disconnected from invalid user jenkins 43.153.104.54 port 47190 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 07:37:13,420] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:37:13,447] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-07 07:37:17,979] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:37:17,980] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:37:17,991] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:37:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 07:37:18,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391438.6958842, 'message': 'Dec  7 07:37:17 hqnl0246134 sshd[299945]: Invalid user www from 64.135.113.136 port 57462', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 07:37:18,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391438.6960738, 'message': 'Dec  7 07:37:18 hqnl0246134 sshd[299945]: pam_imunify(sshd:auth): [IM360_RBL] The IP 64.135.113.136 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 07:37:18,752] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391438.6962466, 'message': 'Dec  7 07:37:18 hqnl0246134 sshd[299945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.135.113.136 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 07:37:20,796] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:37:20,804] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:37:20,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:37:20,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0727 seconds
INFO    [2022-12-07 07:37:20,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391440.8095963, 'message': 'Dec  7 07:37:19 hqnl0246134 sshd[299945]: Failed password for invalid user www from 64.135.113.136 port 57462 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0689 seconds
INFO    [2022-12-07 07:37:20,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391440.809744, 'message': 'Dec  7 07:37:20 hqnl0246134 sshd[299945]: Disconnected from invalid user www 64.135.113.136 port 57462 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 07:37:38,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391458.7170353, 'message': 'Dec  7 07:37:36 hqnl0246134 sshd[299958]: Invalid user nuxeo from 103.89.85.18 port 60890', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 07:37:38,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391458.7176328, 'message': 'Dec  7 07:37:36 hqnl0246134 sshd[299958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.89.85.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 07:37:38,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391458.7178228, 'message': 'Dec  7 07:37:36 hqnl0246134 sshd[299958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.85.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 07:37:38,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391458.7180135, 'message': 'Dec  7 07:37:38 hqnl0246134 sshd[299958]: Failed password for invalid user nuxeo from 103.89.85.18 port 60890 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:37:40,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.89.85.18', 'timestamp': 1670391460.7179098, 'message': 'Dec  7 07:37:39 hqnl0246134 sshd[299958]: Disconnected from invalid user nuxeo 103.89.85.18 port 60890 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 07:37:46,684] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:37:46,756] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:37:46,756] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:37:46,757] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:37:46,757] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:37:46,757] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:37:46,771] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:37:46,787] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0295 seconds
WARNING [2022-12-07 07:37:46,795] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:37:46,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:37:46,815] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0335 seconds
INFO    [2022-12-07 07:37:46,817] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0313 seconds
WARNING [2022-12-07 07:37:52,271] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:37:52,272] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:38:12,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391492.7546816, 'message': 'Dec  7 07:38:12 hqnl0246134 sshd[299993]: Invalid user test from 190.145.143.242 port 53990', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 07:38:12,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391492.7551088, 'message': 'Dec  7 07:38:12 hqnl0246134 sshd[299993]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.145.143.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:38:12,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391492.7553031, 'message': 'Dec  7 07:38:12 hqnl0246134 sshd[299993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.145.143.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 07:38:13,424] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:38:13,449] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-07 07:38:14,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391494.7545142, 'message': 'Dec  7 07:38:13 hqnl0246134 sshd[299993]: Failed password for invalid user test from 190.145.143.242 port 53990 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 07:38:14,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391494.7547398, 'message': 'Dec  7 07:38:14 hqnl0246134 sshd[299993]: Disconnected from invalid user test 190.145.143.242 port 53990 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:38:16,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:38:16,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:38:16,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:38:16,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 07:38:17,601] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:38:17,602] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:38:17,603] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 07:38:17,911] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:38:17,912] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:38:17,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:38:17,930] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 07:38:22,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:38:22,463] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:38:22,472] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:38:22,486] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0227 seconds
INFO    [2022-12-07 07:38:30,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391510.7731411, 'message': 'Dec  7 07:38:28 hqnl0246134 sshd[300014]: Invalid user testftp from 197.255.216.210 port 34946', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 07:38:30,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391510.7736135, 'message': 'Dec  7 07:38:29 hqnl0246134 sshd[300014]: pam_imunify(sshd:auth): [IM360_RBL] The IP 197.255.216.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:38:30,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391510.7738087, 'message': 'Dec  7 07:38:29 hqnl0246134 sshd[300014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.255.216.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 07:38:32,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391512.7744048, 'message': 'Dec  7 07:38:31 hqnl0246134 sshd[300014]: Failed password for invalid user testftp from 197.255.216.210 port 34946 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:38:32,813] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '197.255.216.210', 'timestamp': 1670391512.7748086, 'message': 'Dec  7 07:38:32 hqnl0246134 sshd[300014]: Disconnected from invalid user testftp 197.255.216.210 port 34946 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 07:38:52,275] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:38:52,276] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 07:39:13,431] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:39:13,457] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-07 07:39:17,827] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:39:17,828] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:39:17,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:39:17,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 07:39:20,412] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:39:20,413] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:39:20,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:39:20,434] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 07:39:28,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391568.8520272, 'message': 'Dec  7 07:39:28 hqnl0246134 sshd[300189]: pam_imunify(sshd:auth): [IM360_RBL] The IP 205.134.184.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 07:39:28,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391568.8525357, 'message': 'Dec  7 07:39:28 hqnl0246134 sshd[300189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.134.184.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 07:39:30,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391570.853316, 'message': 'Dec  7 07:39:29 hqnl0246134 sshd[300189]: Failed password for root from 205.134.184.98 port 33124 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 07:39:32,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391572.8542023, 'message': 'Dec  7 07:39:32 hqnl0246134 sshd[300192]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.155.4 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 07:39:32,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391572.854556, 'message': 'Dec  7 07:39:32 hqnl0246134 sshd[300192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.155.4  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 07:39:34,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391574.8567877, 'message': 'Dec  7 07:39:34 hqnl0246134 sshd[300192]: Failed password for root from 43.135.155.4 port 38150 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 07:39:39,522] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:39:39,522] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:39:39,540] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:39:39,555] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0307 seconds
WARNING [2022-12-07 07:39:52,280] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:39:52,281] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:39:56,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391596.8853648, 'message': 'Dec  7 07:39:55 hqnl0246134 sshd[300215]: Invalid user frank123 from 190.181.25.210 port 57752', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 07:39:56,923] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391596.8863294, 'message': 'Dec  7 07:39:55 hqnl0246134 sshd[300215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.25.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 07:39:56,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391596.8864942, 'message': 'Dec  7 07:39:55 hqnl0246134 sshd[300215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.25.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 07:39:58,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391598.886924, 'message': 'Dec  7 07:39:57 hqnl0246134 sshd[300215]: Failed password for invalid user frank123 from 190.181.25.210 port 57752 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 07:40:00,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391600.8903344, 'message': 'Dec  7 07:39:58 hqnl0246134 sshd[300215]: Disconnected from invalid user frank123 190.181.25.210 port 57752 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 07:40:02,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391602.8913226, 'message': 'Dec  7 07:40:02 hqnl0246134 sshd[300234]: Invalid user sysman from 139.59.189.130 port 36348', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 07:40:02,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391602.8916292, 'message': 'Dec  7 07:40:02 hqnl0246134 sshd[300234]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.189.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 07:40:02,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391602.8918004, 'message': 'Dec  7 07:40:02 hqnl0246134 sshd[300234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.189.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 07:40:04,926] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391604.8927574, 'message': 'Dec  7 07:40:04 hqnl0246134 sshd[300234]: Failed password for invalid user sysman from 139.59.189.130 port 36348 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 07:40:06,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391606.8943794, 'message': 'Dec  7 07:40:05 hqnl0246134 sshd[300234]: Disconnected from invalid user sysman 139.59.189.130 port 36348 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 07:40:13,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:40:13,467] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0366 seconds
INFO    [2022-12-07 07:40:17,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:40:17,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:40:17,837] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:40:17,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-07 07:40:18,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391618.9067106, 'message': 'Dec  7 07:40:17 hqnl0246134 sshd[300262]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.13.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 07:40:18,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391618.9069936, 'message': 'Dec  7 07:40:17 hqnl0246134 sshd[300262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.13.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 07:40:18,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391618.9071558, 'message': 'Dec  7 07:40:18 hqnl0246134 sshd[300262]: Failed password for root from 51.250.13.153 port 33838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 07:40:20,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:40:20,544] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:40:20,553] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:40:20,565] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 07:40:28,939] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391628.9168692, 'message': 'Dec  7 07:40:27 hqnl0246134 sshd[300275]: Invalid user wsj from 60.249.82.125 port 50174', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 07:40:28,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391628.917219, 'message': 'Dec  7 07:40:27 hqnl0246134 sshd[300275]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.249.82.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 07:40:28,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391628.9173515, 'message': 'Dec  7 07:40:27 hqnl0246134 sshd[300275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.82.125 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:40:30,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391630.9190395, 'message': 'Dec  7 07:40:29 hqnl0246134 sshd[300275]: Failed password for invalid user wsj from 60.249.82.125 port 50174 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 07:40:30,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391630.9193487, 'message': 'Dec  7 07:40:30 hqnl0246134 sshd[300275]: Disconnected from invalid user wsj 60.249.82.125 port 50174 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-07 07:40:52,285] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:40:52,286] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:41:08,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391668.953937, 'message': 'Dec  7 07:41:07 hqnl0246134 sshd[300306]: Invalid user ubuntu from 190.145.143.242 port 39884', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 07:41:09,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391668.9546685, 'message': 'Dec  7 07:41:07 hqnl0246134 sshd[300306]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.145.143.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 07:41:09,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391668.954889, 'message': 'Dec  7 07:41:07 hqnl0246134 sshd[300306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.145.143.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 07:41:10,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391670.954343, 'message': 'Dec  7 07:41:09 hqnl0246134 sshd[300306]: Failed password for invalid user ubuntu from 190.145.143.242 port 39884 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 07:41:12,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391672.9542525, 'message': 'Dec  7 07:41:11 hqnl0246134 sshd[300306]: Disconnected from invalid user ubuntu 190.145.143.242 port 39884 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
WARNING [2022-12-07 07:41:13,441] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:41:13,465] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-07 07:41:16,261] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:41:16,262] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:41:16,270] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:41:16,289] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0256 seconds
INFO    [2022-12-07 07:41:18,031] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:41:18,031] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:41:18,040] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:41:18,053] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 07:41:18,985] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391678.9602144, 'message': 'Dec  7 07:41:18 hqnl0246134 sshd[300329]: Invalid user print from 2.228.139.162 port 55272', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 07:41:20,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:41:20,605] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:41:20,617] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:41:20,631] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0259 seconds
INFO    [2022-12-07 07:41:20,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391680.9629483, 'message': 'Dec  7 07:41:19 hqnl0246134 sshd[300329]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.228.139.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:41:21,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391680.9632068, 'message': 'Dec  7 07:41:19 hqnl0246134 sshd[300329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.139.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 07:41:22,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391682.9655085, 'message': 'Dec  7 07:41:21 hqnl0246134 sshd[300329]: Failed password for invalid user print from 2.228.139.162 port 55272 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:41:23,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391682.965881, 'message': 'Dec  7 07:41:22 hqnl0246134 sshd[300329]: Disconnected from invalid user print 2.228.139.162 port 55272 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 07:41:30,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391690.9724503, 'message': 'Dec  7 07:41:30 hqnl0246134 sshd[300340]: Invalid user csgoserver from 200.52.201.26 port 47294', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 07:41:31,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391690.9727235, 'message': 'Dec  7 07:41:30 hqnl0246134 sshd[300340]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.52.201.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:41:31,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391690.9728408, 'message': 'Dec  7 07:41:30 hqnl0246134 sshd[300340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.52.201.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:41:32,994] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391692.974785, 'message': 'Dec  7 07:41:32 hqnl0246134 sshd[300340]: Failed password for invalid user csgoserver from 200.52.201.26 port 47294 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:41:34,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391694.977458, 'message': 'Dec  7 07:41:33 hqnl0246134 sshd[300340]: Disconnected from invalid user csgoserver 200.52.201.26 port 47294 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:41:36,997] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391696.9778616, 'message': 'Dec  7 07:41:36 hqnl0246134 sshd[300343]: Invalid user anita from 151.106.113.60 port 46350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:41:39,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391698.980936, 'message': 'Dec  7 07:41:37 hqnl0246134 sshd[300343]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.106.113.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 07:41:39,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391698.9811902, 'message': 'Dec  7 07:41:37 hqnl0246134 sshd[300343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.106.113.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 07:41:39,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391698.981307, 'message': 'Dec  7 07:41:38 hqnl0246134 sshd[300343]: Failed password for invalid user anita from 151.106.113.60 port 46350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:41:41,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391700.9840908, 'message': 'Dec  7 07:41:40 hqnl0246134 sshd[300343]: Disconnected from invalid user anita 151.106.113.60 port 46350 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 07:41:49,835] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:41:49,901] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:41:49,902] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:41:49,902] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:41:49,902] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:41:49,902] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:41:49,913] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:41:49,929] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0261 seconds
WARNING [2022-12-07 07:41:49,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:41:49,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:41:49,956] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0323 seconds
INFO    [2022-12-07 07:41:49,957] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0304 seconds
INFO    [2022-12-07 07:41:51,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391710.9932227, 'message': 'Dec  7 07:41:50 hqnl0246134 sshd[300354]: Invalid user test from 128.199.90.73 port 39062', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 07:41:51,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391710.9934258, 'message': 'Dec  7 07:41:50 hqnl0246134 sshd[300354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.90.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 07:41:51,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391710.993586, 'message': 'Dec  7 07:41:50 hqnl0246134 sshd[300354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.90.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 07:41:52,288] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:41:52,289] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:41:53,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391712.9941828, 'message': 'Dec  7 07:41:52 hqnl0246134 sshd[300354]: Failed password for invalid user test from 128.199.90.73 port 39062 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
WARNING [2022-12-07 07:41:54,323] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 07:41:55,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391714.9964259, 'message': 'Dec  7 07:41:53 hqnl0246134 sshd[300354]: Disconnected from invalid user test 128.199.90.73 port 39062 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 07:42:03,050] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391723.0063798, 'message': 'Dec  7 07:42:02 hqnl0246134 sshd[300359]: Invalid user oracle from 43.135.155.4 port 48684', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 07:42:03,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391723.0066586, 'message': 'Dec  7 07:42:02 hqnl0246134 sshd[300359]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.135.155.4 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:42:03,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391723.0068402, 'message': 'Dec  7 07:42:02 hqnl0246134 sshd[300359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.155.4 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 07:42:05,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391725.0080402, 'message': 'Dec  7 07:42:04 hqnl0246134 sshd[300359]: Failed password for invalid user oracle from 43.135.155.4 port 48684 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 07:42:07,045] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.135.155.4', 'timestamp': 1670391727.0114174, 'message': 'Dec  7 07:42:05 hqnl0246134 sshd[300359]: Disconnected from invalid user oracle 43.135.155.4 port 48684 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-07 07:42:13,458] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:42:13,509] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0697 seconds
INFO    [2022-12-07 07:42:15,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391735.0207913, 'message': 'Dec  7 07:42:13 hqnl0246134 sshd[300387]: Invalid user user from 205.134.184.98 port 50158', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 07:42:15,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391735.0210404, 'message': 'Dec  7 07:42:13 hqnl0246134 sshd[300387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 205.134.184.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:42:15,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391735.0211942, 'message': 'Dec  7 07:42:13 hqnl0246134 sshd[300387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.134.184.98 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:42:17,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391737.0219543, 'message': 'Dec  7 07:42:15 hqnl0246134 sshd[300387]: Failed password for invalid user user from 205.134.184.98 port 50158 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 07:42:17,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391737.0221927, 'message': 'Dec  7 07:42:15 hqnl0246134 sshd[300387]: Disconnected from invalid user user 205.134.184.98 port 50158 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:42:17,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:42:17,890] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:42:17,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:42:17,909] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 07:42:20,028] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:42:20,029] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:42:20,030] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 07:42:20,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:42:20,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:42:20,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:42:20,639] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 07:42:29,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391749.0341103, 'message': 'Dec  7 07:42:28 hqnl0246134 sshd[300401]: Invalid user ubuntu from 43.153.104.54 port 34082', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 07:42:29,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391749.0344555, 'message': 'Dec  7 07:42:28 hqnl0246134 sshd[300401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.104.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 07:42:29,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391749.0347114, 'message': 'Dec  7 07:42:28 hqnl0246134 sshd[300401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.104.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0161 seconds
INFO    [2022-12-07 07:42:33,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391753.035902, 'message': 'Dec  7 07:42:31 hqnl0246134 sshd[300401]: Failed password for invalid user ubuntu from 43.153.104.54 port 34082 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 07:42:35,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391755.038117, 'message': 'Dec  7 07:42:33 hqnl0246134 sshd[300401]: Disconnected from invalid user ubuntu 43.153.104.54 port 34082 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 07:42:36,519] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:42:36,520] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:42:36,531] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:42:36,543] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 07:42:47,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391767.0592587, 'message': 'Dec  7 07:42:45 hqnl0246134 sshd[300420]: Invalid user lsfadmin from 139.59.189.130 port 53870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 07:42:47,105] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391767.0596313, 'message': 'Dec  7 07:42:45 hqnl0246134 sshd[300420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.189.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 07:42:47,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391767.0597713, 'message': 'Dec  7 07:42:45 hqnl0246134 sshd[300420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.189.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 07:42:49,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391769.0634348, 'message': 'Dec  7 07:42:47 hqnl0246134 sshd[300420]: Failed password for invalid user lsfadmin from 139.59.189.130 port 53870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 07:42:49,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391769.063887, 'message': 'Dec  7 07:42:48 hqnl0246134 sshd[300420]: Disconnected from invalid user lsfadmin 139.59.189.130 port 53870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
WARNING [2022-12-07 07:42:52,291] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:42:52,292] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:43:01,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391781.0815358, 'message': 'Dec  7 07:42:59 hqnl0246134 sshd[300425]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.84.137 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 07:43:01,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391781.081898, 'message': 'Dec  7 07:42:59 hqnl0246134 sshd[300425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.84.137  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 07:43:03,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391783.0840254, 'message': 'Dec  7 07:43:01 hqnl0246134 sshd[300425]: Failed password for root from 51.250.84.137 port 40206 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 07:43:09,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391789.1003327, 'message': 'Dec  7 07:43:07 hqnl0246134 sshd[300433]: Invalid user lab from 64.135.113.136 port 52578', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 07:43:09,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391789.1007905, 'message': 'Dec  7 07:43:07 hqnl0246134 sshd[300433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 64.135.113.136 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:43:09,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391789.1009622, 'message': 'Dec  7 07:43:07 hqnl0246134 sshd[300433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.135.113.136 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:43:11,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391791.1068149, 'message': 'Dec  7 07:43:09 hqnl0246134 sshd[300433]: Failed password for invalid user lab from 64.135.113.136 port 52578 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 07:43:11,155] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391791.1073291, 'message': 'Dec  7 07:43:09 hqnl0246134 sshd[300433]: Disconnected from invalid user lab 64.135.113.136 port 52578 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 07:43:13,459] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:43:13,510] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0663 seconds
INFO    [2022-12-07 07:43:18,258] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:43:18,259] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:43:18,268] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:43:18,280] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 07:43:20,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:43:20,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:43:20,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:43:20,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 07:43:41,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391821.1422138, 'message': 'Dec  7 07:43:40 hqnl0246134 sshd[300463]: Invalid user vladimir from 151.106.113.60 port 35208', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0483 seconds
INFO    [2022-12-07 07:43:41,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391821.1426013, 'message': 'Dec  7 07:43:40 hqnl0246134 sshd[300463]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.106.113.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 07:43:41,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391821.1427982, 'message': 'Dec  7 07:43:40 hqnl0246134 sshd[300463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.106.113.60 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 07:43:43,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391823.1420438, 'message': 'Dec  7 07:43:42 hqnl0246134 sshd[300463]: Failed password for invalid user vladimir from 151.106.113.60 port 35208 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 07:43:43,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391823.14229, 'message': 'Dec  7 07:43:42 hqnl0246134 sshd[300462]: Invalid user student3 from 190.181.25.210 port 51808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 07:43:43,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391823.1424015, 'message': 'Dec  7 07:43:42 hqnl0246134 sshd[300462]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.25.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 07:43:43,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391823.142517, 'message': 'Dec  7 07:43:42 hqnl0246134 sshd[300462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.25.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 07:43:45,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391825.1459699, 'message': 'Dec  7 07:43:43 hqnl0246134 sshd[300463]: Disconnected from invalid user vladimir 151.106.113.60 port 35208 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 07:43:45,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391825.14629, 'message': 'Dec  7 07:43:43 hqnl0246134 sshd[300462]: Failed password for invalid user student3 from 190.181.25.210 port 51808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 07:43:45,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670391825.1465175, 'message': 'Dec  7 07:43:44 hqnl0246134 sshd[300462]: Disconnected from invalid user student3 190.181.25.210 port 51808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
WARNING [2022-12-07 07:43:52,297] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:43:52,298] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:43:55,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391835.1569853, 'message': 'Dec  7 07:43:54 hqnl0246134 sshd[300478]: Invalid user ldap from 190.145.143.242 port 54010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 07:43:55,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391835.1572707, 'message': 'Dec  7 07:43:54 hqnl0246134 sshd[300478]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.145.143.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 07:43:55,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391835.1573942, 'message': 'Dec  7 07:43:54 hqnl0246134 sshd[300478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.145.143.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 07:43:57,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391837.1579502, 'message': 'Dec  7 07:43:55 hqnl0246134 sshd[300478]: Failed password for invalid user ldap from 190.145.143.242 port 54010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 07:43:57,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670391837.1581848, 'message': 'Dec  7 07:43:56 hqnl0246134 sshd[300478]: Disconnected from invalid user ldap 190.145.143.242 port 54010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:43:59,342] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:43:59,342] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:43:59,350] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:43:59,363] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 07:44:03,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391843.1667123, 'message': 'Dec  7 07:44:01 hqnl0246134 sshd[300492]: Invalid user servidor from 2.228.139.162 port 6674', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 07:44:03,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391843.1671026, 'message': 'Dec  7 07:44:01 hqnl0246134 sshd[300492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.228.139.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 07:44:03,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391843.1672602, 'message': 'Dec  7 07:44:01 hqnl0246134 sshd[300492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.139.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:44:05,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391845.1695118, 'message': 'Dec  7 07:44:03 hqnl0246134 sshd[300492]: Failed password for invalid user servidor from 2.228.139.162 port 6674 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 07:44:05,205] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '2.228.139.162', 'timestamp': 1670391845.169753, 'message': 'Dec  7 07:44:03 hqnl0246134 sshd[300492]: Disconnected from invalid user servidor 2.228.139.162 port 6674 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 07:44:13,213] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391853.1825402, 'message': 'Dec  7 07:44:12 hqnl0246134 sshd[300503]: Invalid user ci from 51.250.13.153 port 55506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 07:44:13,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391853.183001, 'message': 'Dec  7 07:44:12 hqnl0246134 sshd[300503]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.13.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:44:13,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391853.1912892, 'message': 'Dec  7 07:44:12 hqnl0246134 sshd[300503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.13.153 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1431 seconds
WARNING [2022-12-07 07:44:13,455] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:44:13,481] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0331 seconds
INFO    [2022-12-07 07:44:15,216] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391855.1924562, 'message': 'Dec  7 07:44:14 hqnl0246134 sshd[300503]: Failed password for invalid user ci from 51.250.13.153 port 55506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 07:44:17,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.13.153', 'timestamp': 1670391857.1949215, 'message': 'Dec  7 07:44:15 hqnl0246134 sshd[300503]: Disconnected from invalid user ci 51.250.13.153 port 55506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 07:44:17,956] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:44:17,956] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:44:17,963] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:44:17,974] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 07:44:20,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:44:20,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:44:20,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:44:20,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 07:44:29,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391869.2105608, 'message': 'Dec  7 07:44:28 hqnl0246134 sshd[300518]: Invalid user admin1 from 200.52.201.26 port 37102', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 07:44:29,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391869.2108638, 'message': 'Dec  7 07:44:28 hqnl0246134 sshd[300518]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.52.201.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 07:44:29,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391869.2111042, 'message': 'Dec  7 07:44:28 hqnl0246134 sshd[300518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.52.201.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 07:44:31,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391871.21194, 'message': 'Dec  7 07:44:30 hqnl0246134 sshd[300518]: Failed password for invalid user admin1 from 200.52.201.26 port 37102 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 07:44:33,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670391873.214663, 'message': 'Dec  7 07:44:31 hqnl0246134 sshd[300518]: Disconnected from invalid user admin1 200.52.201.26 port 37102 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 07:44:41,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391881.223515, 'message': 'Dec  7 07:44:40 hqnl0246134 sshd[300522]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.106.113.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 07:44:41,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391881.2238915, 'message': 'Dec  7 07:44:40 hqnl0246134 sshd[300522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.106.113.60  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 07:44:43,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391883.2276967, 'message': 'Dec  7 07:44:41 hqnl0246134 sshd[300524]: Invalid user haproxy from 60.249.82.125 port 51316', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 07:44:43,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391883.2279084, 'message': 'Dec  7 07:44:41 hqnl0246134 sshd[300524]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.249.82.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 07:44:43,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391883.2280877, 'message': 'Dec  7 07:44:41 hqnl0246134 sshd[300524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.82.125 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 07:44:45,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391885.2302685, 'message': 'Dec  7 07:44:43 hqnl0246134 sshd[300524]: Failed password for invalid user haproxy from 60.249.82.125 port 51316 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 07:44:45,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391885.2304997, 'message': 'Dec  7 07:44:43 hqnl0246134 sshd[300522]: Failed password for root from 151.106.113.60 port 43878 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 07:44:45,276] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670391885.230729, 'message': 'Dec  7 07:44:45 hqnl0246134 sshd[300535]: Accepted password for supportwwwuser from 212.58.119.251 port 10599 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-07 07:44:45,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '60.249.82.125', 'timestamp': 1670391885.2306232, 'message': 'Dec  7 07:44:44 hqnl0246134 sshd[300524]: Disconnected from invalid user haproxy 60.249.82.125 port 51316 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:44:47,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391887.2299228, 'message': 'Dec  7 07:44:47 hqnl0246134 sshd[300574]: Invalid user testftp from 43.153.104.54 port 35380', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:44:47,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391887.2301142, 'message': 'Dec  7 07:44:47 hqnl0246134 sshd[300574]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.104.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 07:44:49,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391889.232868, 'message': 'Dec  7 07:44:47 hqnl0246134 sshd[300574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.104.54 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:44:49,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391889.2331502, 'message': 'Dec  7 07:44:48 hqnl0246134 sshd[300574]: Failed password for invalid user testftp from 43.153.104.54 port 35380 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 07:44:51,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.104.54', 'timestamp': 1670391891.2354164, 'message': 'Dec  7 07:44:50 hqnl0246134 sshd[300574]: Disconnected from invalid user testftp 43.153.104.54 port 35380 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 07:44:52,306] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:44:52,307] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:45:03,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391903.2505906, 'message': 'Dec  7 07:45:02 hqnl0246134 sshd[300579]: Invalid user ldap from 128.199.90.73 port 53268', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 07:45:03,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391903.251067, 'message': 'Dec  7 07:45:02 hqnl0246134 sshd[300579]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.90.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 07:45:03,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391903.2513084, 'message': 'Dec  7 07:45:02 hqnl0246134 sshd[300579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.90.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 07:45:05,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391905.2507813, 'message': 'Dec  7 07:45:04 hqnl0246134 sshd[300579]: Failed password for invalid user ldap from 128.199.90.73 port 53268 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:45:05,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670391905.251048, 'message': 'Dec  7 07:45:05 hqnl0246134 sshd[300579]: Disconnected from invalid user ldap 128.199.90.73 port 53268 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:45:07,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391907.2530732, 'message': 'Dec  7 07:45:06 hqnl0246134 sshd[300580]: pam_imunify(sshd:auth): [IM360_RBL] The IP 205.134.184.98 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 07:45:07,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391907.2533612, 'message': 'Dec  7 07:45:06 hqnl0246134 sshd[300580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.134.184.98  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:45:07,776] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:45:07,777] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:45:07,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:45:07,800] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 07:45:09,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '205.134.184.98', 'timestamp': 1670391909.2554266, 'message': 'Dec  7 07:45:08 hqnl0246134 sshd[300580]: Failed password for root from 205.134.184.98 port 42740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 07:45:13,463] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:45:13,495] defence360agent.internals.the_sink: SensorIncidentList(<20 item(s)>) processed in 0.0421 seconds
INFO    [2022-12-07 07:45:18,242] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:45:18,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:45:18,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:45:18,263] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 07:45:21,113] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:45:21,114] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:45:21,123] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:45:21,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-07 07:45:27,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391927.277226, 'message': 'Dec  7 07:45:25 hqnl0246134 sshd[300647]: pam_imunify(sshd:auth): [IM360_RBL] The IP 139.59.189.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0915 seconds
INFO    [2022-12-07 07:45:27,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391927.2776833, 'message': 'Dec  7 07:45:25 hqnl0246134 sshd[300647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.189.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 07:45:29,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '139.59.189.130', 'timestamp': 1670391929.279221, 'message': 'Dec  7 07:45:28 hqnl0246134 sshd[300647]: Failed password for root from 139.59.189.130 port 43166 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 07:45:52,311] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:45:52,312] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:45:53,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391953.3091266, 'message': 'Dec  7 07:45:52 hqnl0246134 sshd[300660]: pam_imunify(sshd:auth): [IM360_RBL] The IP 64.135.113.136 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 07:45:53,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391953.3095276, 'message': 'Dec  7 07:45:52 hqnl0246134 sshd[300660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.135.113.136  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:45:55,344] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '64.135.113.136', 'timestamp': 1670391955.310269, 'message': 'Dec  7 07:45:54 hqnl0246134 sshd[300660]: Failed password for root from 64.135.113.136 port 41892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 07:45:59,333] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391959.3142095, 'message': 'Dec  7 07:45:57 hqnl0246134 sshd[300663]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.84.137 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:45:59,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391959.3144681, 'message': 'Dec  7 07:45:57 hqnl0246134 sshd[300663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.84.137  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 07:46:01,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.84.137', 'timestamp': 1670391961.31683, 'message': 'Dec  7 07:46:00 hqnl0246134 sshd[300663]: Failed password for root from 51.250.84.137 port 41242 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 07:46:02,971] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:46:03,038] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:46:03,039] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:46:03,039] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:46:03,040] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:46:03,040] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:46:03,051] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:46:03,067] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0264 seconds
WARNING [2022-12-07 07:46:03,074] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:46:03,076] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:46:03,093] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0322 seconds
INFO    [2022-12-07 07:46:03,095] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
WARNING [2022-12-07 07:46:13,473] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:46:13,499] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0353 seconds
INFO    [2022-12-07 07:46:18,096] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:46:18,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:46:18,111] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:46:18,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0336 seconds
INFO    [2022-12-07 07:46:19,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391979.3385859, 'message': 'Dec  7 07:46:17 hqnl0246134 sshd[300690]: Invalid user albert from 159.89.230.196 port 60184', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 07:46:19,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670391979.342157, 'message': 'Dec  7 07:46:18 hqnl0246134 sshd[300687]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 07:46:19,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391979.3388932, 'message': 'Dec  7 07:46:18 hqnl0246134 sshd[300690]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.230.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 07:46:19,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670391979.3423052, 'message': 'Dec  7 07:46:18 hqnl0246134 sshd[300687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0489 seconds
INFO    [2022-12-07 07:46:19,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391979.3390813, 'message': 'Dec  7 07:46:18 hqnl0246134 sshd[300690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.230.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 07:46:20,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:46:20,821] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:46:20,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:46:20,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 07:46:21,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670391981.3409195, 'message': 'Dec  7 07:46:20 hqnl0246134 sshd[300687]: Failed password for root from 165.22.220.5 port 57412 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 07:46:21,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391981.3411417, 'message': 'Dec  7 07:46:20 hqnl0246134 sshd[300690]: Failed password for invalid user albert from 159.89.230.196 port 60184 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 07:46:23,359] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670391983.34199, 'message': 'Dec  7 07:46:21 hqnl0246134 sshd[300690]: Disconnected from invalid user albert 159.89.230.196 port 60184 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 07:46:24,580] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:46:24,580] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:46:24,587] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:46:24,597] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 07:46:33,173] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:46:33,174] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:46:33,175] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 07:46:33,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391993.3544052, 'message': 'Dec  7 07:46:33 hqnl0246134 sshd[300705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 151.106.113.60 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 07:46:33,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391993.3546376, 'message': 'Dec  7 07:46:33 hqnl0246134 sshd[300705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.106.113.60  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 07:46:37,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '151.106.113.60', 'timestamp': 1670391997.3580887, 'message': 'Dec  7 07:46:35 hqnl0246134 sshd[300705]: Failed password for root from 151.106.113.60 port 51652 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:46:45,403] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670392005.37098, 'message': 'Dec  7 07:46:45 hqnl0246134 sshd[300720]: Invalid user 234!@$ from 190.145.143.242 port 39900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 07:46:45,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.145.143.242', 'timestamp': 1670392005.3715289, 'message': 'Dec  7 07:46:45 hqnl0246134 sshd[300720]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.145.143.242 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:46:45,441] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.145.143.242', 'timestamp': 1670392005.3717542, 'message': 'Dec  7 07:46:45 hqnl0246134 sshd[300720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.145.143.242 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 07:46:49,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670392009.374169, 'message': 'Dec  7 07:46:47 hqnl0246134 sshd[300720]: Failed password for invalid user 234!@$ from 190.145.143.242 port 39900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0516 seconds
INFO    [2022-12-07 07:46:49,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392009.3744392, 'message': 'Dec  7 07:46:48 hqnl0246134 sshd[300722]: Invalid user admin from 165.22.220.5 port 51658', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-07 07:46:49,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '2.228.139.162', 'timestamp': 1670392009.374812, 'message': 'Dec  7 07:46:48 hqnl0246134 sshd[300724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 2.228.139.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0540 seconds
INFO    [2022-12-07 07:46:49,461] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392009.3745625, 'message': 'Dec  7 07:46:48 hqnl0246134 sshd[300722]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 07:46:49,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '2.228.139.162', 'timestamp': 1670392009.3749685, 'message': 'Dec  7 07:46:48 hqnl0246134 sshd[300724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.139.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 07:46:49,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392009.3747096, 'message': 'Dec  7 07:46:48 hqnl0246134 sshd[300722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 07:46:51,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.145.143.242', 'timestamp': 1670392011.3770945, 'message': 'Dec  7 07:46:50 hqnl0246134 sshd[300720]: Disconnected from invalid user 234!@$ 190.145.143.242 port 39900 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0694 seconds
INFO    [2022-12-07 07:46:51,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392011.3773663, 'message': 'Dec  7 07:46:50 hqnl0246134 sshd[300722]: Failed password for invalid user admin from 165.22.220.5 port 51658 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0697 seconds
INFO    [2022-12-07 07:46:51,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '2.228.139.162', 'timestamp': 1670392011.3776562, 'message': 'Dec  7 07:46:51 hqnl0246134 sshd[300724]: Failed password for root from 2.228.139.162 port 59835 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0690 seconds
WARNING [2022-12-07 07:46:52,316] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:46:52,317] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:47:07,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.104.54', 'timestamp': 1670392027.395307, 'message': 'Dec  7 07:47:06 hqnl0246134 sshd[300737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.104.54 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 07:47:07,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.104.54', 'timestamp': 1670392027.3957894, 'message': 'Dec  7 07:47:06 hqnl0246134 sshd[300737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.104.54  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:47:09,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.104.54', 'timestamp': 1670392029.396501, 'message': 'Dec  7 07:47:08 hqnl0246134 sshd[300737]: Failed password for root from 43.153.104.54 port 44646 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-07 07:47:13,479] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:47:13,511] defence360agent.internals.the_sink: SensorIncidentList(<19 item(s)>) processed in 0.0421 seconds
INFO    [2022-12-07 07:47:18,054] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:47:18,055] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:47:18,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:47:18,077] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 07:47:19,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392039.4095333, 'message': 'Dec  7 07:47:18 hqnl0246134 sshd[300766]: Invalid user ubuntu from 165.22.220.5 port 45910', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 07:47:19,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392039.4098928, 'message': 'Dec  7 07:47:19 hqnl0246134 sshd[300766]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 07:47:19,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392039.4101138, 'message': 'Dec  7 07:47:19 hqnl0246134 sshd[300766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 07:47:20,678] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:47:20,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:47:20,686] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:47:20,697] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 07:47:21,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392041.4101167, 'message': 'Dec  7 07:47:21 hqnl0246134 sshd[300766]: Failed password for invalid user ubuntu from 165.22.220.5 port 45910 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 07:47:29,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670392049.422867, 'message': 'Dec  7 07:47:27 hqnl0246134 sshd[300772]: Invalid user stefan from 200.52.201.26 port 55118', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 07:47:29,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '200.52.201.26', 'timestamp': 1670392049.4231195, 'message': 'Dec  7 07:47:27 hqnl0246134 sshd[300772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 200.52.201.26 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 07:47:29,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '200.52.201.26', 'timestamp': 1670392049.4232326, 'message': 'Dec  7 07:47:27 hqnl0246134 sshd[300772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.52.201.26 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 07:47:31,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670392051.4262145, 'message': 'Dec  7 07:47:29 hqnl0246134 sshd[300772]: Failed password for invalid user stefan from 200.52.201.26 port 55118 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 07:47:33,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '200.52.201.26', 'timestamp': 1670392053.4308598, 'message': 'Dec  7 07:47:31 hqnl0246134 sshd[300772]: Disconnected from invalid user stefan 200.52.201.26 port 55118 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-07 07:47:33,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392053.4311213, 'message': 'Dec  7 07:47:33 hqnl0246134 sshd[300774]: Invalid user admindb from 190.181.25.210 port 45847', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 07:47:33,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392053.431275, 'message': 'Dec  7 07:47:33 hqnl0246134 sshd[300774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.25.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 07:47:33,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392053.4314475, 'message': 'Dec  7 07:47:33 hqnl0246134 sshd[300774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.25.210 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 07:47:34,397] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:47:34,397] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:47:34,405] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:47:34,417] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 07:47:37,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392057.434301, 'message': 'Dec  7 07:47:35 hqnl0246134 sshd[300774]: Failed password for invalid user admindb from 190.181.25.210 port 45847 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 07:47:37,472] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392057.434526, 'message': 'Dec  7 07:47:36 hqnl0246134 sshd[300774]: Disconnected from invalid user admindb 190.181.25.210 port 45847 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 07:47:43,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392063.4416373, 'message': 'Dec  7 07:47:41 hqnl0246134 sshd[300781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.13.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-07 07:47:43,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392063.4424162, 'message': 'Dec  7 07:47:41 hqnl0246134 sshd[300781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.13.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 07:47:43,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392063.442761, 'message': 'Dec  7 07:47:43 hqnl0246134 sshd[300781]: Failed password for root from 51.250.13.153 port 44962 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 07:47:51,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392071.4494889, 'message': 'Dec  7 07:47:49 hqnl0246134 sshd[300793]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 07:47:51,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392071.4500322, 'message': 'Dec  7 07:47:49 hqnl0246134 sshd[300793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 07:47:51,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392071.450229, 'message': 'Dec  7 07:47:50 hqnl0246134 sshd[300793]: Failed password for root from 165.22.220.5 port 40156 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 07:47:52,327] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:47:52,328] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:47:53,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392073.4508028, 'message': 'Dec  7 07:47:53 hqnl0246134 sshd[300795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.249.82.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 07:47:53,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392073.451239, 'message': 'Dec  7 07:47:53 hqnl0246134 sshd[300795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.82.125  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 07:47:55,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392075.4527752, 'message': 'Dec  7 07:47:54 hqnl0246134 sshd[300795]: Failed password for root from 60.249.82.125 port 41518 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0249 seconds
WARNING [2022-12-07 07:48:13,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:48:13,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670392093.4730473, 'message': 'Dec  7 07:48:12 hqnl0246134 sshd[300811]: Invalid user ubuntu from 128.199.90.73 port 57254', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0926 seconds
INFO    [2022-12-07 07:48:13,569] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0916 seconds
INFO    [2022-12-07 07:48:13,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.90.73', 'timestamp': 1670392093.4735763, 'message': 'Dec  7 07:48:13 hqnl0246134 sshd[300811]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.90.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 07:48:13,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.90.73', 'timestamp': 1670392093.473778, 'message': 'Dec  7 07:48:13 hqnl0246134 sshd[300811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.90.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 07:48:15,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670392095.472167, 'message': 'Dec  7 07:48:14 hqnl0246134 sshd[300811]: Failed password for invalid user ubuntu from 128.199.90.73 port 57254 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 07:48:15,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.90.73', 'timestamp': 1670392095.472418, 'message': 'Dec  7 07:48:15 hqnl0246134 sshd[300811]: Disconnected from invalid user ubuntu 128.199.90.73 port 57254 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 07:48:18,215] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:48:18,217] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:48:18,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:48:18,282] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0540 seconds
INFO    [2022-12-07 07:48:21,363] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:48:21,363] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:48:21,396] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:48:21,419] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0463 seconds
INFO    [2022-12-07 07:48:21,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392101.4772172, 'message': 'Dec  7 07:48:20 hqnl0246134 sshd[300827]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 07:48:21,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392101.4774132, 'message': 'Dec  7 07:48:20 hqnl0246134 sshd[300827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0442 seconds
INFO    [2022-12-07 07:48:23,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392103.4784093, 'message': 'Dec  7 07:48:21 hqnl0246134 sshd[300827]: Failed password for root from 165.22.220.5 port 34396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 07:48:35,512] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '64.135.113.136', 'timestamp': 1670392115.4931343, 'message': 'Dec  7 07:48:35 hqnl0246134 sshd[300835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 64.135.113.136 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 07:48:35,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '64.135.113.136', 'timestamp': 1670392115.4933696, 'message': 'Dec  7 07:48:35 hqnl0246134 sshd[300835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.135.113.136  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 07:48:37,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '64.135.113.136', 'timestamp': 1670392117.4935734, 'message': 'Dec  7 07:48:36 hqnl0246134 sshd[300835]: Failed password for root from 64.135.113.136 port 59436 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 07:48:41,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:48:41,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:48:41,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:48:42,000] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0364 seconds
INFO    [2022-12-07 07:48:51,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392131.5097837, 'message': 'Dec  7 07:48:50 hqnl0246134 sshd[300856]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 07:48:51,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392131.5102944, 'message': 'Dec  7 07:48:50 hqnl0246134 sshd[300856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 07:48:52,332] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:48:52,332] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:48:53,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392133.5115738, 'message': 'Dec  7 07:48:51 hqnl0246134 sshd[300856]: Failed password for root from 165.22.220.5 port 56872 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 07:49:01,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.84.137', 'timestamp': 1670392141.5209177, 'message': 'Dec  7 07:49:00 hqnl0246134 sshd[300860]: Invalid user ci from 51.250.84.137 port 58300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 07:49:01,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.84.137', 'timestamp': 1670392141.5213747, 'message': 'Dec  7 07:49:01 hqnl0246134 sshd[300860]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.84.137 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 07:49:01,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.84.137', 'timestamp': 1670392141.5216577, 'message': 'Dec  7 07:49:01 hqnl0246134 sshd[300860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.84.137 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 07:49:03,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392143.5219035, 'message': 'Dec  7 07:49:01 hqnl0246134 sshd[300871]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.230.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 07:49:03,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.84.137', 'timestamp': 1670392143.5222576, 'message': 'Dec  7 07:49:02 hqnl0246134 sshd[300860]: Failed password for invalid user ci from 51.250.84.137 port 58300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 07:49:03,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392143.5221086, 'message': 'Dec  7 07:49:01 hqnl0246134 sshd[300871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.230.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 07:49:05,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392145.52246, 'message': 'Dec  7 07:49:03 hqnl0246134 sshd[300871]: Failed password for root from 159.89.230.196 port 49916 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0794 seconds
INFO    [2022-12-07 07:49:05,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.84.137', 'timestamp': 1670392145.522727, 'message': 'Dec  7 07:49:03 hqnl0246134 sshd[300860]: Disconnected from invalid user ci 51.250.84.137 port 58300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0828 seconds
WARNING [2022-12-07 07:49:13,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:49:13,659] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.1791 seconds
INFO    [2022-12-07 07:49:19,744] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:49:19,745] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:49:19,790] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:49:19,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0634 seconds
INFO    [2022-12-07 07:49:21,583] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392161.5373476, 'message': 'Dec  7 07:49:20 hqnl0246134 sshd[300902]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 07:49:21,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392161.5376782, 'message': 'Dec  7 07:49:20 hqnl0246134 sshd[300902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:49:23,264] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:49:23,264] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:49:23,278] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:49:23,301] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0354 seconds
INFO    [2022-12-07 07:49:23,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392163.538042, 'message': 'Dec  7 07:49:22 hqnl0246134 sshd[300902]: Failed password for root from 165.22.220.5 port 51112 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0570 seconds
INFO    [2022-12-07 07:49:51,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392191.576931, 'message': 'Dec  7 07:49:51 hqnl0246134 sshd[300925]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 07:49:51,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392191.5776725, 'message': 'Dec  7 07:49:51 hqnl0246134 sshd[300925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 07:49:52,336] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:49:52,336] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:49:53,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392193.5777378, 'message': 'Dec  7 07:49:52 hqnl0246134 sshd[300925]: Failed password for root from 165.22.220.5 port 45352 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 07:49:55,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:49:55,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:49:55,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:49:55,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-07 07:50:13,506] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:50:13,554] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0702 seconds
INFO    [2022-12-07 07:50:19,845] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:50:19,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:50:19,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:50:19,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 07:50:21,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392221.5964131, 'message': 'Dec  7 07:50:21 hqnl0246134 sshd[300984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0726 seconds
INFO    [2022-12-07 07:50:21,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392221.5967565, 'message': 'Dec  7 07:50:21 hqnl0246134 sshd[300984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 07:50:24,126] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:50:24,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:50:24,139] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:50:24,159] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-07 07:50:25,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392225.5983927, 'message': 'Dec  7 07:50:23 hqnl0246134 sshd[300984]: Failed password for root from 165.22.220.5 port 39592 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 07:50:51,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392251.6479788, 'message': 'Dec  7 07:50:51 hqnl0246134 sshd[301001]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 07:50:51,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392251.6486826, 'message': 'Dec  7 07:50:51 hqnl0246134 sshd[301001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 07:50:52,341] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:50:52,342] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:50:53,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392253.6488657, 'message': 'Dec  7 07:50:52 hqnl0246134 sshd[301003]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.13.153 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 07:50:53,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392253.6570845, 'message': 'Dec  7 07:50:53 hqnl0246134 sshd[301001]: Failed password for root from 165.22.220.5 port 33832 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 07:50:53,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392253.6569166, 'message': 'Dec  7 07:50:52 hqnl0246134 sshd[301003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.13.153  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 07:50:55,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.13.153', 'timestamp': 1670392255.6538918, 'message': 'Dec  7 07:50:55 hqnl0246134 sshd[301003]: Failed password for root from 51.250.13.153 port 34422 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:51:05,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392265.6712525, 'message': 'Dec  7 07:51:05 hqnl0246134 sshd[301013]: pam_imunify(sshd:auth): [IM360_RBL] The IP 60.249.82.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 07:51:05,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392265.6726155, 'message': 'Dec  7 07:51:05 hqnl0246134 sshd[301013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.82.125  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 07:51:07,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '60.249.82.125', 'timestamp': 1670392267.6706886, 'message': 'Dec  7 07:51:06 hqnl0246134 sshd[301013]: Failed password for root from 60.249.82.125 port 59960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 07:51:09,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392269.6729774, 'message': 'Dec  7 07:51:08 hqnl0246134 sshd[301015]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.181.25.210 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 07:51:09,716] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392269.676834, 'message': 'Dec  7 07:51:08 hqnl0246134 sshd[301015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.181.25.210  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 07:51:11,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.181.25.210', 'timestamp': 1670392271.674031, 'message': 'Dec  7 07:51:10 hqnl0246134 sshd[301015]: Failed password for root from 190.181.25.210 port 39908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
WARNING [2022-12-07 07:51:13,500] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:51:13,530] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0429 seconds
INFO    [2022-12-07 07:51:18,547] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:51:18,547] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:51:18,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:51:18,567] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 07:51:21,409] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:51:21,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:51:21,416] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:51:21,427] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 07:51:21,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392281.688132, 'message': 'Dec  7 07:51:21 hqnl0246134 sshd[301037]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 07:51:21,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392281.6883805, 'message': 'Dec  7 07:51:21 hqnl0246134 sshd[301037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 07:51:25,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392285.6912978, 'message': 'Dec  7 07:51:24 hqnl0246134 sshd[301037]: Failed password for root from 165.22.220.5 port 56304 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 07:51:28,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:51:28,846] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:51:28,854] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:51:28,865] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 07:51:39,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392299.707343, 'message': 'Dec  7 07:51:39 hqnl0246134 sshd[301052]: Invalid user lh from 159.89.230.196 port 39640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0425 seconds
INFO    [2022-12-07 07:51:39,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392299.7076085, 'message': 'Dec  7 07:51:39 hqnl0246134 sshd[301052]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.89.230.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 07:51:39,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392299.7077637, 'message': 'Dec  7 07:51:39 hqnl0246134 sshd[301052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.230.196 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:51:40,168] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 07:51:40,171] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 07:51:41,051] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 07:51:41,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392301.7071033, 'message': 'Dec  7 07:51:41 hqnl0246134 sshd[301052]: Failed password for invalid user lh from 159.89.230.196 port 39640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:51:43,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.89.230.196', 'timestamp': 1670392303.7096531, 'message': 'Dec  7 07:51:42 hqnl0246134 sshd[301052]: Disconnected from invalid user lh 159.89.230.196 port 39640 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-07 07:51:52,346] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:51:52,348] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:51:53,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392313.7389903, 'message': 'Dec  7 07:51:51 hqnl0246134 sshd[301074]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 07:51:53,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392313.739415, 'message': 'Dec  7 07:51:51 hqnl0246134 sshd[301074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0315 seconds
WARNING [2022-12-07 07:51:54,325] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 07:51:55,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392315.75061, 'message': 'Dec  7 07:51:54 hqnl0246134 sshd[301074]: Failed password for root from 165.22.220.5 port 50544 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
WARNING [2022-12-07 07:52:13,500] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:52:13,525] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-07 07:52:17,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:52:17,820] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:52:17,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:52:17,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 07:52:20,726] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:52:20,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:52:20,733] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:52:20,745] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 07:52:23,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392343.793586, 'message': 'Dec  7 07:52:21 hqnl0246134 sshd[301115]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 07:52:23,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392343.79388, 'message': 'Dec  7 07:52:21 hqnl0246134 sshd[301115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 07:52:25,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392345.7964818, 'message': 'Dec  7 07:52:24 hqnl0246134 sshd[301115]: Failed password for root from 165.22.220.5 port 44784 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 07:52:52,352] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:52:52,355] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:52:53,869] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392373.83211, 'message': 'Dec  7 07:52:51 hqnl0246134 sshd[301130]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 07:52:53,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392373.8332393, 'message': 'Dec  7 07:52:51 hqnl0246134 sshd[301130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:52:55,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392375.8314695, 'message': 'Dec  7 07:52:54 hqnl0246134 sshd[301130]: Failed password for root from 165.22.220.5 port 39024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:52:58,921] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:52:58,921] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:52:58,935] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:52:58,949] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
WARNING [2022-12-07 07:53:13,508] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:53:13,529] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-07 07:53:17,794] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:53:17,795] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:53:17,806] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:53:17,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0272 seconds
INFO    [2022-12-07 07:53:20,341] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:53:20,342] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:53:20,348] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:53:20,360] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 07:53:23,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392403.8638475, 'message': 'Dec  7 07:53:22 hqnl0246134 sshd[301169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 07:53:23,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392403.8641293, 'message': 'Dec  7 07:53:22 hqnl0246134 sshd[301169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:53:25,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392405.865761, 'message': 'Dec  7 07:53:24 hqnl0246134 sshd[301169]: Failed password for root from 165.22.220.5 port 33264 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 07:53:28,741] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:53:28,809] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:53:28,810] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:53:28,810] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:53:28,810] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:53:28,810] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:53:28,826] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:53:28,842] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0304 seconds
WARNING [2022-12-07 07:53:28,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:53:28,850] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:53:28,867] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0307 seconds
INFO    [2022-12-07 07:53:28,868] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0291 seconds
INFO    [2022-12-07 07:53:29,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392409.874956, 'message': 'Dec  7 07:53:28 hqnl0246134 sshd[301171]: Invalid user vladimir from 190.11.80.188 port 58302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 07:53:29,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392409.8751833, 'message': 'Dec  7 07:53:28 hqnl0246134 sshd[301171]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.11.80.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 07:53:29,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392409.8753219, 'message': 'Dec  7 07:53:28 hqnl0246134 sshd[301171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.11.80.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 07:53:31,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392411.8783574, 'message': 'Dec  7 07:53:31 hqnl0246134 sshd[301171]: Failed password for invalid user vladimir from 190.11.80.188 port 58302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 07:53:33,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392413.879146, 'message': 'Dec  7 07:53:32 hqnl0246134 sshd[301171]: Disconnected from invalid user vladimir 190.11.80.188 port 58302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
WARNING [2022-12-07 07:53:52,358] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:53:52,359] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:53:53,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392433.8950844, 'message': 'Dec  7 07:53:52 hqnl0246134 sshd[301185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0493 seconds
INFO    [2022-12-07 07:53:53,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392433.8964112, 'message': 'Dec  7 07:53:52 hqnl0246134 sshd[301185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 07:53:55,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392435.8960536, 'message': 'Dec  7 07:53:54 hqnl0246134 sshd[301185]: Failed password for root from 165.22.220.5 port 55736 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:53:59,442] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:53:59,443] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:53:59,444] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 07:54:13,509] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:54:13,532] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-07 07:54:17,816] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:54:17,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:54:17,824] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:54:17,837] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 07:54:20,566] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:54:20,566] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:54:20,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:54:20,586] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 07:54:23,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392463.927862, 'message': 'Dec  7 07:54:22 hqnl0246134 sshd[301215]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 07:54:23,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392463.928138, 'message': 'Dec  7 07:54:22 hqnl0246134 sshd[301215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 07:54:25,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392465.9300892, 'message': 'Dec  7 07:54:25 hqnl0246134 sshd[301215]: Failed password for root from 165.22.220.5 port 49976 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 07:54:29,736] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:54:29,736] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:54:29,744] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:54:29,756] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
WARNING [2022-12-07 07:54:52,362] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:54:52,363] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:54:53,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392493.9631898, 'message': 'Dec  7 07:54:53 hqnl0246134 sshd[301294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 07:54:54,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392493.963921, 'message': 'Dec  7 07:54:53 hqnl0246134 sshd[301294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 07:54:56,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392495.9654968, 'message': 'Dec  7 07:54:55 hqnl0246134 sshd[301294]: Failed password for root from 165.22.220.5 port 44216 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0347 seconds
WARNING [2022-12-07 07:55:13,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:55:13,532] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0291 seconds
INFO    [2022-12-07 07:55:18,239] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:55:18,239] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:55:18,247] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:55:18,258] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 07:55:20,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:55:20,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:55:20,935] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:55:20,946] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 07:55:24,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392524.006368, 'message': 'Dec  7 07:55:23 hqnl0246134 sshd[301346]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 07:55:24,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392524.0067651, 'message': 'Dec  7 07:55:23 hqnl0246134 sshd[301346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 07:55:26,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392526.0063844, 'message': 'Dec  7 07:55:25 hqnl0246134 sshd[301346]: Failed password for root from 165.22.220.5 port 38456 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
WARNING [2022-12-07 07:55:52,366] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:55:52,367] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:55:54,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392554.043329, 'message': 'Dec  7 07:55:53 hqnl0246134 sshd[301363]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 07:55:54,092] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392554.043902, 'message': 'Dec  7 07:55:53 hqnl0246134 sshd[301363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 07:55:56,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392556.0445693, 'message': 'Dec  7 07:55:55 hqnl0246134 sshd[301363]: Failed password for root from 165.22.220.5 port 60928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 07:56:13,515] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:56:13,537] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0314 seconds
INFO    [2022-12-07 07:56:18,015] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:56:18,015] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:56:18,023] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:56:18,034] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 07:56:18,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392578.060313, 'message': 'Dec  7 07:56:16 hqnl0246134 sshd[301387]: Invalid user applmgr from 201.116.12.217 port 53538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:56:18,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392578.0605342, 'message': 'Dec  7 07:56:17 hqnl0246134 sshd[301387]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.116.12.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 07:56:18,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392578.0606728, 'message': 'Dec  7 07:56:17 hqnl0246134 sshd[301387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.116.12.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 07:56:20,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392580.0618656, 'message': 'Dec  7 07:56:19 hqnl0246134 sshd[301387]: Failed password for invalid user applmgr from 201.116.12.217 port 53538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 07:56:20,625] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:56:20,626] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:56:20,633] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:56:20,645] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 07:56:22,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392582.0622551, 'message': 'Dec  7 07:56:21 hqnl0246134 sshd[301387]: Disconnected from invalid user applmgr 201.116.12.217 port 53538 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 07:56:24,049] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:56:24,049] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:56:24,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:56:24,076] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0263 seconds
INFO    [2022-12-07 07:56:24,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392584.0634067, 'message': 'Dec  7 07:56:23 hqnl0246134 sshd[301400]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 07:56:24,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392584.0635808, 'message': 'Dec  7 07:56:23 hqnl0246134 sshd[301400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 07:56:26,087] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392586.0662258, 'message': 'Dec  7 07:56:25 hqnl0246134 sshd[301400]: Failed password for root from 165.22.220.5 port 55168 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 07:56:52,374] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:56:52,376] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:56:54,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392614.0908248, 'message': 'Dec  7 07:56:53 hqnl0246134 sshd[301427]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 07:56:54,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392614.0912783, 'message': 'Dec  7 07:56:53 hqnl0246134 sshd[301427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 07:56:56,113] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392616.0917633, 'message': 'Dec  7 07:56:56 hqnl0246134 sshd[301427]: Failed password for root from 165.22.220.5 port 49408 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 07:57:13,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:57:13,614] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0794 seconds
INFO    [2022-12-07 07:57:18,111] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:57:18,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:57:18,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:57:18,139] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 07:57:20,844] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:57:20,845] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:57:20,853] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:57:20,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 07:57:24,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392644.134466, 'message': 'Dec  7 07:57:24 hqnl0246134 sshd[301471]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 07:57:24,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392644.135152, 'message': 'Dec  7 07:57:24 hqnl0246134 sshd[301471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 07:57:26,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392646.1354747, 'message': 'Dec  7 07:57:25 hqnl0246134 sshd[301471]: Failed password for root from 165.22.220.5 port 43648 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 07:57:34,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392654.1462066, 'message': 'Dec  7 07:57:32 hqnl0246134 sshd[301477]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.11.80.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 07:57:34,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392654.1465602, 'message': 'Dec  7 07:57:32 hqnl0246134 sshd[301477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.11.80.188  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 07:57:36,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392656.1476016, 'message': 'Dec  7 07:57:34 hqnl0246134 sshd[301477]: Failed password for root from 190.11.80.188 port 51554 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:57:39,360] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:57:39,361] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:57:39,371] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:57:39,386] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-07 07:57:48,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.23.172.93', 'timestamp': 1670392668.1626947, 'message': 'Dec  7 07:57:48 hqnl0246134 sshd[301493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.23.172.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 07:57:48,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.23.172.93', 'timestamp': 1670392668.1632416, 'message': 'Dec  7 07:57:48 hqnl0246134 sshd[301493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.172.93  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 07:57:52,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.23.172.93', 'timestamp': 1670392672.166443, 'message': 'Dec  7 07:57:50 hqnl0246134 sshd[301493]: Failed password for root from 198.23.172.93 port 37164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 07:57:52,378] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:57:52,379] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:57:58,196] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392678.1775694, 'message': 'Dec  7 07:57:56 hqnl0246134 sshd[301495]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 07:57:58,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392678.1778066, 'message': 'Dec  7 07:57:56 hqnl0246134 sshd[301495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 07:58:00,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392680.1801775, 'message': 'Dec  7 07:57:59 hqnl0246134 sshd[301495]: Failed password for root from 165.22.220.5 port 37888 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 07:58:13,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:58:13,574] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 07:58:17,945] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:58:17,946] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:58:17,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:58:17,968] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 07:58:20,709] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:58:20,710] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:58:20,716] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:58:20,729] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 07:58:24,166] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 07:58:24,233] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 07:58:24,234] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 07:58:24,234] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 07:58:24,234] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 07:58:24,234] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 07:58:24,245] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 07:58:24,261] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0258 seconds
WARNING [2022-12-07 07:58:24,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 07:58:24,269] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:58:24,286] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0315 seconds
INFO    [2022-12-07 07:58:24,288] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0292 seconds
INFO    [2022-12-07 07:58:30,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392710.2107959, 'message': 'Dec  7 07:58:28 hqnl0246134 sshd[301533]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 07:58:30,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392710.2110856, 'message': 'Dec  7 07:58:28 hqnl0246134 sshd[301533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 07:58:32,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392712.2125998, 'message': 'Dec  7 07:58:31 hqnl0246134 sshd[301533]: Failed password for root from 165.22.220.5 port 60360 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 07:58:52,383] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:58:52,384] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 07:58:54,361] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 07:58:54,362] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 07:58:54,363] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-07 07:59:00,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392740.2509937, 'message': 'Dec  7 07:58:58 hqnl0246134 sshd[301546]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 07:59:00,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392740.251882, 'message': 'Dec  7 07:58:58 hqnl0246134 sshd[301546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 07:59:02,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392742.2519572, 'message': 'Dec  7 07:59:00 hqnl0246134 sshd[301546]: Failed password for root from 165.22.220.5 port 54600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 07:59:05,763] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:59:05,764] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:59:05,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:59:05,784] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
WARNING [2022-12-07 07:59:13,553] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:59:13,574] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0297 seconds
INFO    [2022-12-07 07:59:17,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:59:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:59:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:59:17,937] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 07:59:20,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 07:59:20,831] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 07:59:20,838] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 07:59:20,849] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 07:59:30,320] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392770.2832313, 'message': 'Dec  7 07:59:29 hqnl0246134 sshd[301582]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 07:59:30,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392770.283612, 'message': 'Dec  7 07:59:29 hqnl0246134 sshd[301582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 07:59:32,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392772.2849672, 'message': 'Dec  7 07:59:31 hqnl0246134 sshd[301582]: Failed password for root from 165.22.220.5 port 48840 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0354 seconds
WARNING [2022-12-07 07:59:52,388] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 07:59:52,389] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:00:00,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392800.3138196, 'message': 'Dec  7 07:59:59 hqnl0246134 sshd[301595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 08:00:00,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392800.3144536, 'message': 'Dec  7 07:59:59 hqnl0246134 sshd[301595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:00:02,357] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392802.3262107, 'message': 'Dec  7 08:00:01 hqnl0246134 sshd[301595]: Failed password for root from 165.22.220.5 port 43080 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
WARNING [2022-12-07 08:00:13,558] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:00:13,578] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0283 seconds
INFO    [2022-12-07 08:00:19,903] defence360agent.files: Updating all files
INFO    [2022-12-07 08:00:20,145] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:00:20,145] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:00:20,155] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:00:20,169] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 08:00:20,248] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:20,249] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 08:00:22,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:00:22,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:00:22,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:00:22,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0344 seconds
INFO    [2022-12-07 08:00:25,545] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:25,545] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 08:00:25,869] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:25,869] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 08:00:26,207] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:26,208] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 08:00:26,208] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 08:00:26,524] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 06:00:26 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E6D6CF26AF5B2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 08:00:26,526] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 08:00:26,526] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 08:00:27,083] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:27,084] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 08:00:27,349] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:27,349] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 08:00:27,615] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:27,616] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 08:00:27,963] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:27,964] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 08:00:28,361] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 08:00:28,363] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 08:00:32,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392832.357479, 'message': 'Dec  7 08:00:30 hqnl0246134 sshd[301667]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 08:00:32,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392832.3580275, 'message': 'Dec  7 08:00:30 hqnl0246134 sshd[301666]: Invalid user anita from 190.11.80.188 port 34882', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 08:00:32,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392832.3578312, 'message': 'Dec  7 08:00:30 hqnl0246134 sshd[301667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:00:32,426] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392832.358206, 'message': 'Dec  7 08:00:30 hqnl0246134 sshd[301666]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.11.80.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:00:32,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392832.3585265, 'message': 'Dec  7 08:00:31 hqnl0246134 sshd[301667]: Failed password for root from 165.22.220.5 port 37320 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 08:00:32,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392832.3583663, 'message': 'Dec  7 08:00:30 hqnl0246134 sshd[301666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.11.80.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 08:00:32,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392832.3587286, 'message': 'Dec  7 08:00:32 hqnl0246134 sshd[301666]: Failed password for invalid user anita from 190.11.80.188 port 34882 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:00:34,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.11.80.188', 'timestamp': 1670392834.3583984, 'message': 'Dec  7 08:00:32 hqnl0246134 sshd[301666]: Disconnected from invalid user anita 190.11.80.188 port 34882 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 08:00:36,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:00:36,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:00:36,921] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:00:36,932] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-07 08:00:52,398] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:00:52,399] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:01:02,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392862.390515, 'message': 'Dec  7 08:01:00 hqnl0246134 sshd[301684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 08:01:02,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392862.3912938, 'message': 'Dec  7 08:01:00 hqnl0246134 sshd[301684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 08:01:04,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392864.391434, 'message': 'Dec  7 08:01:02 hqnl0246134 sshd[301684]: Failed password for root from 165.22.220.5 port 59792 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 08:01:13,562] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:01:13,584] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-07 08:01:18,005] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:01:18,006] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:01:18,019] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:01:18,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0298 seconds
INFO    [2022-12-07 08:01:20,735] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:01:20,736] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:01:20,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:01:20,765] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0283 seconds
INFO    [2022-12-07 08:01:25,928] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:01:25,997] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:01:25,998] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:01:25,998] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:01:25,998] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:01:25,998] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:01:26,009] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:01:26,027] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0283 seconds
WARNING [2022-12-07 08:01:26,036] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:01:26,039] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:01:26,062] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0412 seconds
INFO    [2022-12-07 08:01:26,064] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0389 seconds
INFO    [2022-12-07 08:01:32,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392892.4260008, 'message': 'Dec  7 08:01:31 hqnl0246134 sshd[301714]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 08:01:32,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392892.4262938, 'message': 'Dec  7 08:01:31 hqnl0246134 sshd[301714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 08:01:34,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392894.4285314, 'message': 'Dec  7 08:01:32 hqnl0246134 sshd[301714]: Failed password for root from 165.22.220.5 port 54032 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0616 seconds
INFO    [2022-12-07 08:01:37,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:01:37,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:01:37,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:01:37,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0540 seconds
WARNING [2022-12-07 08:01:52,401] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:01:52,402] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:01:54,331] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 08:01:56,126] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:01:56,127] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:01:56,128] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 08:02:02,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392922.4571698, 'message': 'Dec  7 08:02:01 hqnl0246134 sshd[301739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 08:02:02,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392922.458006, 'message': 'Dec  7 08:02:01 hqnl0246134 sshd[301739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:02:04,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392924.4582813, 'message': 'Dec  7 08:02:03 hqnl0246134 sshd[301739]: Failed password for root from 165.22.220.5 port 48272 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
WARNING [2022-12-07 08:02:13,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:02:13,595] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-07 08:02:17,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:02:17,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:02:17,862] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:02:17,875] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 08:02:20,421] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:02:20,421] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:02:20,428] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:02:20,440] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 08:02:32,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392952.5300682, 'message': 'Dec  7 08:02:32 hqnl0246134 sshd[301776]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 08:02:32,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670392952.5304606, 'message': 'Dec  7 08:02:32 hqnl0246134 sshd[301778]: Invalid user dario from 107.180.88.176 port 55124', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 08:02:32,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392952.5303109, 'message': 'Dec  7 08:02:32 hqnl0246134 sshd[301776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:02:34,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.180.88.176', 'timestamp': 1670392954.4929776, 'message': 'Dec  7 08:02:32 hqnl0246134 sshd[301778]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.180.88.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 08:02:34,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392954.4933164, 'message': 'Dec  7 08:02:34 hqnl0246134 sshd[301776]: Failed password for root from 165.22.220.5 port 42512 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 08:02:34,540] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.180.88.176', 'timestamp': 1670392954.493202, 'message': 'Dec  7 08:02:32 hqnl0246134 sshd[301778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.180.88.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:02:36,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670392956.4954345, 'message': 'Dec  7 08:02:34 hqnl0246134 sshd[301778]: Failed password for invalid user dario from 107.180.88.176 port 55124 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:02:36,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670392956.4956336, 'message': 'Dec  7 08:02:35 hqnl0246134 sshd[301778]: Disconnected from invalid user dario 107.180.88.176 port 55124 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:02:40,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670392960.4988043, 'message': 'Dec  7 08:02:40 hqnl0246134 sshd[301781]: Invalid user traffic from 5.157.115.52 port 34434', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 08:02:40,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.157.115.52', 'timestamp': 1670392960.4990897, 'message': 'Dec  7 08:02:40 hqnl0246134 sshd[301781]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.157.115.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 08:02:40,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.157.115.52', 'timestamp': 1670392960.4992282, 'message': 'Dec  7 08:02:40 hqnl0246134 sshd[301781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.157.115.52 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:02:42,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670392962.500476, 'message': 'Dec  7 08:02:42 hqnl0246134 sshd[301781]: Failed password for invalid user traffic from 5.157.115.52 port 34434 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 08:02:44,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670392964.502752, 'message': 'Dec  7 08:02:42 hqnl0246134 sshd[301781]: Disconnected from invalid user traffic 5.157.115.52 port 34434 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
WARNING [2022-12-07 08:02:52,406] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:02:52,408] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:02:52,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392972.5129216, 'message': 'Dec  7 08:02:51 hqnl0246134 sshd[301795]: Invalid user cloud from 201.116.12.217 port 33290', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 08:02:52,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392972.5134792, 'message': 'Dec  7 08:02:51 hqnl0246134 sshd[301795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.116.12.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:02:52,574] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392972.5136423, 'message': 'Dec  7 08:02:51 hqnl0246134 sshd[301795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.116.12.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:02:54,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392974.5223577, 'message': 'Dec  7 08:02:53 hqnl0246134 sshd[301795]: Failed password for invalid user cloud from 201.116.12.217 port 33290 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:02:54,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670392974.522663, 'message': 'Dec  7 08:02:53 hqnl0246134 sshd[301795]: Disconnected from invalid user cloud 201.116.12.217 port 33290 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:03:02,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392982.6528175, 'message': 'Dec  7 08:03:02 hqnl0246134 sshd[301798]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:03:02,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392982.6531165, 'message': 'Dec  7 08:03:02 hqnl0246134 sshd[301798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:03:06,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670392986.53497, 'message': 'Dec  7 08:03:04 hqnl0246134 sshd[301798]: Failed password for root from 165.22.220.5 port 36752 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:03:09,195] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:03:09,196] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:03:09,204] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:03:09,215] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
WARNING [2022-12-07 08:03:13,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:03:13,602] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0420 seconds
INFO    [2022-12-07 08:03:17,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:03:17,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:03:17,827] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:03:17,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 08:03:20,623] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:03:20,623] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:03:20,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:03:20,642] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:03:22,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.11.80.188', 'timestamp': 1670393002.554905, 'message': 'Dec  7 08:03:22 hqnl0246134 sshd[301830]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.11.80.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 08:03:22,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.11.80.188', 'timestamp': 1670393002.5552042, 'message': 'Dec  7 08:03:22 hqnl0246134 sshd[301830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.11.80.188  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:03:24,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.11.80.188', 'timestamp': 1670393004.5565798, 'message': 'Dec  7 08:03:23 hqnl0246134 sshd[301830]: Failed password for root from 190.11.80.188 port 46452 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 08:03:34,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393014.5662258, 'message': 'Dec  7 08:03:32 hqnl0246134 sshd[301835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:03:34,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393014.566491, 'message': 'Dec  7 08:03:32 hqnl0246134 sshd[301835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:03:36,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393016.5691059, 'message': 'Dec  7 08:03:34 hqnl0246134 sshd[301835]: Failed password for root from 165.22.220.5 port 59224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
WARNING [2022-12-07 08:03:52,411] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:03:52,413] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:04:04,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393044.6031678, 'message': 'Dec  7 08:04:02 hqnl0246134 sshd[301854]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0707 seconds
INFO    [2022-12-07 08:04:04,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393044.6040168, 'message': 'Dec  7 08:04:02 hqnl0246134 sshd[301854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:04:06,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393046.6047664, 'message': 'Dec  7 08:04:05 hqnl0246134 sshd[301854]: Failed password for root from 165.22.220.5 port 53464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 08:04:13,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:04:13,592] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0287 seconds
INFO    [2022-12-07 08:04:17,823] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:04:17,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:04:17,839] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:04:17,855] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 08:04:20,491] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:04:20,492] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:04:20,499] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:04:20,511] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:04:32,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393072.643252, 'message': 'Dec  7 08:04:30 hqnl0246134 sshd[301879]: Invalid user minecraft from 190.128.169.130 port 49198', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:04:32,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393072.6435513, 'message': 'Dec  7 08:04:31 hqnl0246134 sshd[301879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:04:34,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393074.6459765, 'message': 'Dec  7 08:04:32 hqnl0246134 sshd[301881]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:04:34,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393074.6463234, 'message': 'Dec  7 08:04:33 hqnl0246134 sshd[301879]: Failed password for invalid user minecraft from 190.128.169.130 port 49198 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:04:34,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393074.6462064, 'message': 'Dec  7 08:04:32 hqnl0246134 sshd[301881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:04:36,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393076.651431, 'message': 'Dec  7 08:04:34 hqnl0246134 sshd[301879]: Disconnected from invalid user minecraft 190.128.169.130 port 49198 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0494 seconds
INFO    [2022-12-07 08:04:36,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393076.651741, 'message': 'Dec  7 08:04:35 hqnl0246134 sshd[301881]: Failed password for root from 165.22.220.5 port 47704 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-07 08:04:37,499] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:04:37,499] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:04:37,507] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:04:37,518] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 08:04:52,416] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:04:52,417] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:05:04,707] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393104.6806579, 'message': 'Dec  7 08:05:02 hqnl0246134 sshd[301916]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 08:05:04,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393104.6829846, 'message': 'Dec  7 08:05:02 hqnl0246134 sshd[301916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 08:05:06,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393106.6817994, 'message': 'Dec  7 08:05:05 hqnl0246134 sshd[301916]: Failed password for root from 165.22.220.5 port 41944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0304 seconds
WARNING [2022-12-07 08:05:13,573] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:05:13,595] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0286 seconds
INFO    [2022-12-07 08:05:17,790] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:05:17,791] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:05:17,799] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:05:17,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 08:05:20,429] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:05:20,430] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:05:20,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:05:20,449] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 08:05:34,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393134.7255344, 'message': 'Dec  7 08:05:32 hqnl0246134 sshd[301955]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 08:05:34,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393134.7258332, 'message': 'Dec  7 08:05:32 hqnl0246134 sshd[301955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:05:36,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393136.7278817, 'message': 'Dec  7 08:05:35 hqnl0246134 sshd[301955]: Failed password for root from 165.22.220.5 port 36184 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 08:05:52,420] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:05:52,422] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:06:04,788] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393164.762581, 'message': 'Dec  7 08:06:02 hqnl0246134 sshd[301975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 08:06:04,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393164.7631876, 'message': 'Dec  7 08:06:02 hqnl0246134 sshd[301975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 08:06:06,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393166.765205, 'message': 'Dec  7 08:06:05 hqnl0246134 sshd[301975]: Failed password for root from 165.22.220.5 port 58656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:06:09,755] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:06:09,755] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:06:09,763] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:06:09,774] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
WARNING [2022-12-07 08:06:13,576] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:06:13,601] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0318 seconds
INFO    [2022-12-07 08:06:18,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:06:18,054] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:06:18,065] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:06:18,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 08:06:20,733] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:06:20,733] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:06:20,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:06:20,755] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 08:06:27,145] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:06:27,210] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:06:27,211] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:06:27,211] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:06:27,211] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:06:27,212] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:06:27,222] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:06:27,239] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0269 seconds
WARNING [2022-12-07 08:06:27,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:06:27,248] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:06:27,266] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0332 seconds
INFO    [2022-12-07 08:06:27,268] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0308 seconds
INFO    [2022-12-07 08:06:34,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393194.8013325, 'message': 'Dec  7 08:06:32 hqnl0246134 sshd[302004]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 08:06:34,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393194.808892, 'message': 'Dec  7 08:06:34 hqnl0246134 sshd[302006]: Invalid user pedro from 144.34.171.163 port 57882', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 08:06:34,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393194.8016, 'message': 'Dec  7 08:06:32 hqnl0246134 sshd[302004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 08:06:34,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393194.8090599, 'message': 'Dec  7 08:06:34 hqnl0246134 sshd[302006]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.171.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:06:34,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393194.8091886, 'message': 'Dec  7 08:06:34 hqnl0246134 sshd[302006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.171.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 08:06:36,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393196.8037276, 'message': 'Dec  7 08:06:35 hqnl0246134 sshd[302004]: Failed password for root from 165.22.220.5 port 52896 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 08:06:36,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393196.8039582, 'message': 'Dec  7 08:06:36 hqnl0246134 sshd[302006]: Failed password for invalid user pedro from 144.34.171.163 port 57882 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:06:38,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393198.805402, 'message': 'Dec  7 08:06:37 hqnl0246134 sshd[302006]: Disconnected from invalid user pedro 144.34.171.163 port 57882 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 08:06:52,425] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:06:52,427] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:06:57,341] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:06:57,342] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:06:57,343] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 08:07:02,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393222.83783, 'message': 'Dec  7 08:07:02 hqnl0246134 sshd[302025]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:07:02,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393222.838589, 'message': 'Dec  7 08:07:02 hqnl0246134 sshd[302025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:07:06,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393226.8411105, 'message': 'Dec  7 08:07:04 hqnl0246134 sshd[302025]: Failed password for root from 165.22.220.5 port 47136 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 08:07:13,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:07:13,609] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-07 08:07:18,120] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:07:18,121] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:07:18,137] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:07:18,152] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 08:07:20,962] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:07:20,962] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:07:20,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:07:20,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0317 seconds
INFO    [2022-12-07 08:07:32,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393252.8736112, 'message': 'Dec  7 08:07:32 hqnl0246134 sshd[302057]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:07:32,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393252.8739245, 'message': 'Dec  7 08:07:32 hqnl0246134 sshd[302057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:07:34,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393254.8735657, 'message': 'Dec  7 08:07:34 hqnl0246134 sshd[302057]: Failed password for root from 165.22.220.5 port 41376 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:07:46,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393266.8907728, 'message': 'Dec  7 08:07:46 hqnl0246134 sshd[302062]: Invalid user database from 201.116.12.217 port 46050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:07:46,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393266.891488, 'message': 'Dec  7 08:07:46 hqnl0246134 sshd[302062]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.116.12.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:07:46,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393266.8917198, 'message': 'Dec  7 08:07:46 hqnl0246134 sshd[302062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.116.12.217 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:07:48,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393268.8928256, 'message': 'Dec  7 08:07:48 hqnl0246134 sshd[302062]: Failed password for invalid user database from 201.116.12.217 port 46050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:07:50,916] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393270.89616, 'message': 'Dec  7 08:07:49 hqnl0246134 sshd[302062]: Disconnected from invalid user database 201.116.12.217 port 46050 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:07:51,625] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:07:51,625] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:07:51,632] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:07:51,644] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
WARNING [2022-12-07 08:07:52,429] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:07:52,430] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:08:04,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393284.9228473, 'message': 'Dec  7 08:08:03 hqnl0246134 sshd[302087]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:08:04,981] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393284.92324, 'message': 'Dec  7 08:08:03 hqnl0246134 sshd[302087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 08:08:06,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393286.926921, 'message': 'Dec  7 08:08:05 hqnl0246134 sshd[302087]: Failed password for root from 165.22.220.5 port 35616 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 08:08:13,598] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:08:13,640] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0570 seconds
INFO    [2022-12-07 08:08:17,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:08:17,880] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:08:17,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:08:17,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0224 seconds
INFO    [2022-12-07 08:08:20,574] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:08:20,575] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:08:20,582] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:08:20,594] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 08:08:28,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393308.9630587, 'message': 'Dec  7 08:08:27 hqnl0246134 sshd[302110]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.218.23.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:08:29,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393308.9636476, 'message': 'Dec  7 08:08:27 hqnl0246134 sshd[302110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.218.23.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 08:08:30,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393310.9647179, 'message': 'Dec  7 08:08:30 hqnl0246134 sshd[302110]: Failed password for root from 187.218.23.85 port 59812 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 08:08:30,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670393310.9649959, 'message': 'Dec  7 08:08:30 hqnl0246134 sshd[302112]: Invalid user nodeproxy from 51.250.65.57 port 37818', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 08:08:31,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.65.57', 'timestamp': 1670393310.9652233, 'message': 'Dec  7 08:08:30 hqnl0246134 sshd[302112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.65.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 08:08:31,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.65.57', 'timestamp': 1670393310.9653478, 'message': 'Dec  7 08:08:30 hqnl0246134 sshd[302112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.65.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:08:32,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670393312.9688463, 'message': 'Dec  7 08:08:32 hqnl0246134 sshd[302112]: Failed password for invalid user nodeproxy from 51.250.65.57 port 37818 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:08:35,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393314.969826, 'message': 'Dec  7 08:08:33 hqnl0246134 sshd[302114]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 08:08:35,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670393314.9701252, 'message': 'Dec  7 08:08:33 hqnl0246134 sshd[302112]: Disconnected from invalid user nodeproxy 51.250.65.57 port 37818 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:08:35,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393314.9700115, 'message': 'Dec  7 08:08:33 hqnl0246134 sshd[302114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:08:36,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393316.9746675, 'message': 'Dec  7 08:08:35 hqnl0246134 sshd[302114]: Failed password for root from 165.22.220.5 port 58086 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0206 seconds
WARNING [2022-12-07 08:08:52,436] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:08:52,438] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:08:53,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393332.9927711, 'message': 'Dec  7 08:08:51 hqnl0246134 sshd[302128]: Invalid user hadoop from 178.128.187.192 port 37328', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:08:53,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393332.99335, 'message': 'Dec  7 08:08:51 hqnl0246134 sshd[302128]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.187.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:08:53,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393332.9935563, 'message': 'Dec  7 08:08:51 hqnl0246134 sshd[302128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.187.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:08:55,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393334.9939628, 'message': 'Dec  7 08:08:54 hqnl0246134 sshd[302128]: Failed password for invalid user hadoop from 178.128.187.192 port 37328 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:08:57,022] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393336.9963336, 'message': 'Dec  7 08:08:55 hqnl0246134 sshd[302128]: Disconnected from invalid user hadoop 178.128.187.192 port 37328 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 08:09:03,028] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393342.9994738, 'message': 'Dec  7 08:09:01 hqnl0246134 sshd[302131]: Invalid user jeus from 14.63.203.207 port 58714', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 08:09:03,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393342.99983, 'message': 'Dec  7 08:09:01 hqnl0246134 sshd[302131]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.63.203.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:09:03,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393343.0013459, 'message': 'Dec  7 08:09:01 hqnl0246134 sshd[302131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:09:05,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393345.0006971, 'message': 'Dec  7 08:09:03 hqnl0246134 sshd[302131]: Failed password for invalid user jeus from 14.63.203.207 port 58714 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0560 seconds
INFO    [2022-12-07 08:09:05,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393345.0012398, 'message': 'Dec  7 08:09:03 hqnl0246134 sshd[302267]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 08:09:05,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393345.0010514, 'message': 'Dec  7 08:09:03 hqnl0246134 sshd[302131]: Disconnected from invalid user jeus 14.63.203.207 port 58714 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:09:05,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393345.0015166, 'message': 'Dec  7 08:09:03 hqnl0246134 sshd[302267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:09:07,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393347.0021508, 'message': 'Dec  7 08:09:06 hqnl0246134 sshd[302267]: Failed password for root from 165.22.220.5 port 52324 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 08:09:10,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:09:10,867] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:09:10,876] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:09:10,887] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-07 08:09:13,597] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:09:13,623] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0365 seconds
INFO    [2022-12-07 08:09:17,866] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:09:17,866] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:09:17,875] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:09:17,889] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 08:09:20,515] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:09:20,516] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:09:20,524] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:09:20,537] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 08:09:35,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393375.054798, 'message': 'Dec  7 08:09:33 hqnl0246134 sshd[302294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:09:35,094] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393375.055211, 'message': 'Dec  7 08:09:33 hqnl0246134 sshd[302294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:09:37,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393377.0571737, 'message': 'Dec  7 08:09:36 hqnl0246134 sshd[302294]: Failed password for root from 165.22.220.5 port 46562 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 08:09:52,443] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:09:52,445] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:10:05,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393405.1164875, 'message': 'Dec  7 08:10:04 hqnl0246134 sshd[302326]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 08:10:05,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393405.1170115, 'message': 'Dec  7 08:10:04 hqnl0246134 sshd[302326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:10:07,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393407.120594, 'message': 'Dec  7 08:10:06 hqnl0246134 sshd[302326]: Failed password for root from 165.22.220.5 port 40802 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:10:09,153] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393409.1233819, 'message': 'Dec  7 08:10:08 hqnl0246134 sshd[302332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.157.115.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:10:09,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393409.1235843, 'message': 'Dec  7 08:10:08 hqnl0246134 sshd[302332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.157.115.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 08:10:11,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393411.1261854, 'message': 'Dec  7 08:10:10 hqnl0246134 sshd[302332]: Failed password for root from 5.157.115.52 port 48407 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 08:10:13,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:10:13,619] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0299 seconds
INFO    [2022-12-07 08:10:17,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:10:17,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:10:17,906] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:10:17,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 08:10:22,668] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:10:22,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:10:22,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:10:22,687] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 08:10:27,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393427.1451473, 'message': 'Dec  7 08:10:26 hqnl0246134 sshd[302362]: Invalid user ubuntu from 107.180.88.176 port 45522', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:10:27,184] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393427.1455035, 'message': 'Dec  7 08:10:26 hqnl0246134 sshd[302362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.180.88.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:10:27,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393427.1457329, 'message': 'Dec  7 08:10:26 hqnl0246134 sshd[302362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.180.88.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:10:29,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393429.14614, 'message': 'Dec  7 08:10:28 hqnl0246134 sshd[302362]: Failed password for invalid user ubuntu from 107.180.88.176 port 45522 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0715 seconds
INFO    [2022-12-07 08:10:29,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393429.147146, 'message': 'Dec  7 08:10:28 hqnl0246134 sshd[302362]: Disconnected from invalid user ubuntu 107.180.88.176 port 45522 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0687 seconds
INFO    [2022-12-07 08:10:35,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393435.1543684, 'message': 'Dec  7 08:10:35 hqnl0246134 sshd[302367]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:10:35,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393435.1547213, 'message': 'Dec  7 08:10:35 hqnl0246134 sshd[302367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:10:39,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393439.1589062, 'message': 'Dec  7 08:10:37 hqnl0246134 sshd[302367]: Failed password for root from 165.22.220.5 port 35040 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 08:10:41,858] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:10:41,858] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:10:41,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:10:41,879] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
WARNING [2022-12-07 08:10:52,448] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:10:52,450] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:11:03,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393463.201296, 'message': 'Dec  7 08:11:02 hqnl0246134 sshd[302385]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.149.20.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 08:11:03,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393463.2018788, 'message': 'Dec  7 08:11:02 hqnl0246134 sshd[302385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:11:05,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393465.2014139, 'message': 'Dec  7 08:11:04 hqnl0246134 sshd[302385]: Failed password for root from 201.149.20.162 port 48316 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:11:07,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393467.2050788, 'message': 'Dec  7 08:11:05 hqnl0246134 sshd[302395]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:11:07,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393467.2052963, 'message': 'Dec  7 08:11:05 hqnl0246134 sshd[302395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 08:11:09,244] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393469.2069504, 'message': 'Dec  7 08:11:07 hqnl0246134 sshd[302395]: Failed password for root from 165.22.220.5 port 57510 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 08:11:09,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393469.2072282, 'message': 'Dec  7 08:11:09 hqnl0246134 sshd[302397]: Invalid user jc from 198.23.172.93 port 34886', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 08:11:11,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393471.2088404, 'message': 'Dec  7 08:11:09 hqnl0246134 sshd[302397]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.23.172.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 08:11:11,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393471.2091832, 'message': 'Dec  7 08:11:09 hqnl0246134 sshd[302397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.172.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:11:13,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393473.2105384, 'message': 'Dec  7 08:11:11 hqnl0246134 sshd[302397]: Failed password for invalid user jc from 198.23.172.93 port 34886 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 08:11:13,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393473.2108486, 'message': 'Dec  7 08:11:13 hqnl0246134 sshd[302397]: Disconnected from invalid user jc 198.23.172.93 port 34886 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-07 08:11:13,602] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:11:13,628] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-07 08:11:18,098] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:11:18,099] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:11:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:11:18,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 08:11:19,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393479.218149, 'message': 'Dec  7 08:11:17 hqnl0246134 sshd[302402]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.5.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0383 seconds
INFO    [2022-12-07 08:11:19,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393479.218569, 'message': 'Dec  7 08:11:17 hqnl0246134 sshd[302402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.5.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 08:11:20,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:11:20,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:11:20,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:11:20,999] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 08:11:21,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393481.2203026, 'message': 'Dec  7 08:11:19 hqnl0246134 sshd[302402]: Failed password for root from 159.65.5.73 port 49442 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 08:11:37,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393497.232955, 'message': 'Dec  7 08:11:36 hqnl0246134 sshd[302423]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 08:11:37,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393497.233418, 'message': 'Dec  7 08:11:36 hqnl0246134 sshd[302423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:11:39,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393499.2332516, 'message': 'Dec  7 08:11:38 hqnl0246134 sshd[302423]: Failed password for root from 165.22.220.5 port 51748 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 08:11:52,453] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:11:52,454] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:11:54,334] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 08:12:07,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393527.2760196, 'message': 'Dec  7 08:12:06 hqnl0246134 sshd[302448]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 08:12:07,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393527.2769392, 'message': 'Dec  7 08:12:07 hqnl0246134 sshd[302446]: Invalid user fs from 112.213.124.175 port 35012', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 08:12:07,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393527.2766604, 'message': 'Dec  7 08:12:06 hqnl0246134 sshd[302448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:12:09,300] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393529.276299, 'message': 'Dec  7 08:12:07 hqnl0246134 sshd[302446]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.213.124.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 08:12:09,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393529.2766907, 'message': 'Dec  7 08:12:07 hqnl0246134 sshd[302446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.124.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:12:11,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393531.2783434, 'message': 'Dec  7 08:12:09 hqnl0246134 sshd[302448]: Failed password for root from 165.22.220.5 port 45986 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0737 seconds
INFO    [2022-12-07 08:12:11,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393531.2787988, 'message': 'Dec  7 08:12:09 hqnl0246134 sshd[302446]: Failed password for invalid user fs from 112.213.124.175 port 35012 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0738 seconds
INFO    [2022-12-07 08:12:13,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393533.2809567, 'message': 'Dec  7 08:12:11 hqnl0246134 sshd[302446]: Disconnected from invalid user fs 112.213.124.175 port 35012 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0612 seconds
WARNING [2022-12-07 08:12:13,608] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:12:13,660] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0650 seconds
INFO    [2022-12-07 08:12:14,834] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:12:14,834] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:12:14,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:12:14,867] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-07 08:12:17,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:12:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:12:17,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:12:17,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0270 seconds
INFO    [2022-12-07 08:12:20,703] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:12:20,704] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:12:20,711] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:12:20,722] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 08:12:27,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393547.2956996, 'message': 'Dec  7 08:12:26 hqnl0246134 sshd[302487]: Invalid user leandro from 118.194.235.143 port 32956', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 08:12:27,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393547.296336, 'message': 'Dec  7 08:12:27 hqnl0246134 sshd[302487]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.194.235.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:12:27,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393547.2965636, 'message': 'Dec  7 08:12:27 hqnl0246134 sshd[302487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.194.235.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:12:29,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393549.2945812, 'message': 'Dec  7 08:12:29 hqnl0246134 sshd[302487]: Failed password for invalid user leandro from 118.194.235.143 port 32956 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:12:33,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393553.298577, 'message': 'Dec  7 08:12:31 hqnl0246134 sshd[302487]: Disconnected from invalid user leandro 118.194.235.143 port 32956 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 08:12:35,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393555.3010576, 'message': 'Dec  7 08:12:35 hqnl0246134 sshd[302489]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.116.12.217 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 08:12:35,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393555.3015141, 'message': 'Dec  7 08:12:35 hqnl0246134 sshd[302489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.116.12.217  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 08:12:37,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.116.12.217', 'timestamp': 1670393557.3029828, 'message': 'Dec  7 08:12:36 hqnl0246134 sshd[302489]: Failed password for root from 201.116.12.217 port 58408 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0504 seconds
INFO    [2022-12-07 08:12:37,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393557.3032389, 'message': 'Dec  7 08:12:37 hqnl0246134 sshd[302491]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0509 seconds
INFO    [2022-12-07 08:12:37,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393557.303391, 'message': 'Dec  7 08:12:37 hqnl0246134 sshd[302491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:12:39,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393559.305548, 'message': 'Dec  7 08:12:39 hqnl0246134 sshd[302491]: Failed password for root from 165.22.220.5 port 40224 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:12:43,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393563.3075762, 'message': 'Dec  7 08:12:42 hqnl0246134 sshd[302496]: Invalid user user1 from 5.157.115.52 port 39942', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 08:12:43,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393563.3079293, 'message': 'Dec  7 08:12:43 hqnl0246134 sshd[302496]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.157.115.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 08:12:43,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393563.3083403, 'message': 'Dec  7 08:12:43 hqnl0246134 sshd[302496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.157.115.52 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:12:47,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393567.3345323, 'message': 'Dec  7 08:12:45 hqnl0246134 sshd[302496]: Failed password for invalid user user1 from 5.157.115.52 port 39942 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 08:12:47,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393567.3350177, 'message': 'Dec  7 08:12:47 hqnl0246134 sshd[302496]: Disconnected from invalid user user1 5.157.115.52 port 39942 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 08:12:52,461] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:12:52,462] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:13:01,460] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:13:01,526] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:13:01,527] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:13:01,527] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:13:01,527] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:13:01,528] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:13:01,539] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:13:01,559] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0310 seconds
WARNING [2022-12-07 08:13:01,571] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:13:01,575] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:01,595] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0450 seconds
INFO    [2022-12-07 08:13:01,596] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0408 seconds
INFO    [2022-12-07 08:13:02,617] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 08:13:02,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:02,637] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0184 seconds
INFO    [2022-12-07 08:13:09,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393589.3364315, 'message': 'Dec  7 08:13:07 hqnl0246134 sshd[302526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 08:13:09,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393589.3367958, 'message': 'Dec  7 08:13:07 hqnl0246134 sshd[302526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:13:11,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393591.3390188, 'message': 'Dec  7 08:13:09 hqnl0246134 sshd[302526]: Failed password for root from 165.22.220.5 port 34464 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 08:13:13,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670393593.341157, 'message': 'Dec  7 08:13:12 hqnl0246134 sshd[302535]: Invalid user email from 82.66.187.39 port 45300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0538 seconds
INFO    [2022-12-07 08:13:13,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670393593.3464546, 'message': 'Dec  7 08:13:12 hqnl0246134 sshd[302535]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0907 seconds
INFO    [2022-12-07 08:13:13,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670393593.346595, 'message': 'Dec  7 08:13:12 hqnl0246134 sshd[302535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0472 seconds
WARNING [2022-12-07 08:13:13,613] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:13,693] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0948 seconds
INFO    [2022-12-07 08:13:15,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670393595.343562, 'message': 'Dec  7 08:13:14 hqnl0246134 sshd[302535]: Failed password for invalid user email from 82.66.187.39 port 45300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 08:13:15,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670393595.343789, 'message': 'Dec  7 08:13:15 hqnl0246134 sshd[302535]: Disconnected from invalid user email 82.66.187.39 port 45300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:13:16,853] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:13:16,854] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:13:16,867] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:16,899] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0443 seconds
INFO    [2022-12-07 08:13:20,231] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:13:20,232] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:13:20,241] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:20,254] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 08:13:23,210] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:13:23,211] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:13:23,218] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:13:23,229] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 08:13:27,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393607.354442, 'message': 'Dec  7 08:13:26 hqnl0246134 sshd[302563]: Invalid user pawel from 14.63.203.207 port 59400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:13:27,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393607.3547714, 'message': 'Dec  7 08:13:26 hqnl0246134 sshd[302563]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.63.203.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:13:27,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393607.354989, 'message': 'Dec  7 08:13:26 hqnl0246134 sshd[302563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:13:29,381] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393609.3565161, 'message': 'Dec  7 08:13:28 hqnl0246134 sshd[302563]: Failed password for invalid user pawel from 14.63.203.207 port 59400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 08:13:29,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393609.356858, 'message': 'Dec  7 08:13:29 hqnl0246134 sshd[302563]: Disconnected from invalid user pawel 14.63.203.207 port 59400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:13:31,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393611.3581808, 'message': 'Dec  7 08:13:30 hqnl0246134 sshd[302565]: Invalid user rhino from 178.128.187.192 port 33640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:13:31,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393611.3583906, 'message': 'Dec  7 08:13:30 hqnl0246134 sshd[302565]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.187.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:13:31,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393611.3585443, 'message': 'Dec  7 08:13:30 hqnl0246134 sshd[302565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.187.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:13:33,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393613.3607402, 'message': 'Dec  7 08:13:32 hqnl0246134 sshd[302565]: Failed password for invalid user rhino from 178.128.187.192 port 33640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 08:13:34,866] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:13:34,867] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:13:34,868] im360.plugins.client360: Waiting 2 minutes before retry...
INFO    [2022-12-07 08:13:35,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393615.3618252, 'message': 'Dec  7 08:13:33 hqnl0246134 sshd[302565]: Disconnected from invalid user rhino 178.128.187.192 port 33640 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 08:13:39,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393619.368237, 'message': 'Dec  7 08:13:38 hqnl0246134 sshd[302567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:13:39,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393619.368514, 'message': 'Dec  7 08:13:38 hqnl0246134 sshd[302567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:13:41,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393621.3701007, 'message': 'Dec  7 08:13:41 hqnl0246134 sshd[302567]: Failed password for root from 165.22.220.5 port 56936 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 08:13:52,464] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:13:52,465] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:13:59,409] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393639.3863764, 'message': 'Dec  7 08:13:57 hqnl0246134 sshd[302586]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.180.88.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 08:13:59,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393639.3868213, 'message': 'Dec  7 08:13:57 hqnl0246134 sshd[302586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.180.88.176  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:14:01,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393641.3903456, 'message': 'Dec  7 08:14:00 hqnl0246134 sshd[302586]: Failed password for root from 107.180.88.176 port 35766 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:14:05,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670393645.397863, 'message': 'Dec  7 08:14:03 hqnl0246134 sshd[302595]: Invalid user ventas from 155.93.209.66 port 59030', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:14:05,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '155.93.209.66', 'timestamp': 1670393645.398061, 'message': 'Dec  7 08:14:04 hqnl0246134 sshd[302595]: pam_imunify(sshd:auth): [IM360_RBL] The IP 155.93.209.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:14:05,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '155.93.209.66', 'timestamp': 1670393645.3982267, 'message': 'Dec  7 08:14:04 hqnl0246134 sshd[302595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.93.209.66 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:14:07,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670393647.4002683, 'message': 'Dec  7 08:14:06 hqnl0246134 sshd[302595]: Failed password for invalid user ventas from 155.93.209.66 port 59030 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 08:14:07,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670393647.4005172, 'message': 'Dec  7 08:14:06 hqnl0246134 sshd[302595]: Disconnected from invalid user ventas 155.93.209.66 port 59030 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:14:09,422] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393649.402157, 'message': 'Dec  7 08:14:09 hqnl0246134 sshd[302599]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:14:09,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393649.4023728, 'message': 'Dec  7 08:14:09 hqnl0246134 sshd[302599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:14:13,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393653.407728, 'message': 'Dec  7 08:14:11 hqnl0246134 sshd[302599]: Failed password for root from 165.22.220.5 port 51176 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 08:14:13,616] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:14:13,663] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0602 seconds
INFO    [2022-12-07 08:14:18,075] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:14:18,076] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:14:18,085] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:14:18,099] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 08:14:20,653] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:14:20,654] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:14:20,661] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:14:20,673] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 08:14:41,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670393681.4477232, 'message': 'Dec  7 08:14:40 hqnl0246134 sshd[302623]: Invalid user john from 163.44.252.65 port 45846', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 08:14:41,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393681.4486127, 'message': 'Dec  7 08:14:40 hqnl0246134 sshd[302626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 08:14:41,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.252.65', 'timestamp': 1670393681.4482732, 'message': 'Dec  7 08:14:40 hqnl0246134 sshd[302623]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.252.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:14:41,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393681.4487388, 'message': 'Dec  7 08:14:40 hqnl0246134 sshd[302626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 08:14:41,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.252.65', 'timestamp': 1670393681.448486, 'message': 'Dec  7 08:14:40 hqnl0246134 sshd[302623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.252.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:14:43,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670393683.4494221, 'message': 'Dec  7 08:14:42 hqnl0246134 sshd[302623]: Failed password for invalid user john from 163.44.252.65 port 45846 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 08:14:43,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393683.4496334, 'message': 'Dec  7 08:14:42 hqnl0246134 sshd[302626]: Failed password for root from 165.22.220.5 port 45414 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 08:14:45,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670393685.4520378, 'message': 'Dec  7 08:14:44 hqnl0246134 sshd[302623]: Disconnected from invalid user john 163.44.252.65 port 45846 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:14:45,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:14:45,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:14:45,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:14:45,759] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
WARNING [2022-12-07 08:14:52,472] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:14:52,474] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:15:13,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393713.4855423, 'message': 'Dec  7 08:15:12 hqnl0246134 sshd[302669]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0577 seconds
INFO    [2022-12-07 08:15:13,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393713.4870193, 'message': 'Dec  7 08:15:12 hqnl0246134 sshd[302671]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.187.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0562 seconds
INFO    [2022-12-07 08:15:13,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393713.4867811, 'message': 'Dec  7 08:15:12 hqnl0246134 sshd[302669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 08:15:13,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393713.4872584, 'message': 'Dec  7 08:15:12 hqnl0246134 sshd[302671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.187.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0394 seconds
WARNING [2022-12-07 08:15:13,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:15:13,675] defence360agent.internals.the_sink: SensorIncidentList(<8 item(s)>) processed in 0.0697 seconds
INFO    [2022-12-07 08:15:15,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393715.4841554, 'message': 'Dec  7 08:15:13 hqnl0246134 sshd[302678]: pam_imunify(sshd:auth): [IM360_RBL] The IP 5.157.115.52 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 08:15:15,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393715.4848368, 'message': 'Dec  7 08:15:14 hqnl0246134 sshd[302669]: Failed password for root from 165.22.220.5 port 39654 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0575 seconds
INFO    [2022-12-07 08:15:15,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393715.4849858, 'message': 'Dec  7 08:15:14 hqnl0246134 sshd[302671]: Failed password for root from 178.128.187.192 port 34914 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-07 08:15:15,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393715.4847014, 'message': 'Dec  7 08:15:13 hqnl0246134 sshd[302678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.157.115.52  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:15:17,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '5.157.115.52', 'timestamp': 1670393717.4863465, 'message': 'Dec  7 08:15:15 hqnl0246134 sshd[302678]: Failed password for root from 5.157.115.52 port 59696 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:15:17,995] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:15:17,995] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:15:18,060] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:15:18,145] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1488 seconds
INFO    [2022-12-07 08:15:20,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:15:20,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:15:20,914] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:15:20,926] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0232 seconds
INFO    [2022-12-07 08:15:21,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393721.4913483, 'message': 'Dec  7 08:15:20 hqnl0246134 sshd[302682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.23.172.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:15:21,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393721.4915965, 'message': 'Dec  7 08:15:20 hqnl0246134 sshd[302682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.172.93  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:15:23,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393723.4928563, 'message': 'Dec  7 08:15:22 hqnl0246134 sshd[302682]: Failed password for root from 198.23.172.93 port 53084 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 08:15:25,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393725.4978185, 'message': 'Dec  7 08:15:24 hqnl0246134 sshd[302704]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:15:25,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393725.4980671, 'message': 'Dec  7 08:15:24 hqnl0246134 sshd[302704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:15:27,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393727.5016878, 'message': 'Dec  7 08:15:26 hqnl0246134 sshd[302704]: Failed password for root from 41.73.252.229 port 56482 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 08:15:43,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393743.524151, 'message': 'Dec  7 08:15:42 hqnl0246134 sshd[302711]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:15:43,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393743.5246696, 'message': 'Dec  7 08:15:42 hqnl0246134 sshd[302711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:15:45,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393745.529164, 'message': 'Dec  7 08:15:44 hqnl0246134 sshd[302711]: Failed password for root from 165.22.220.5 port 33892 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:15:47,599] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:15:47,600] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:15:47,608] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:15:47,620] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
WARNING [2022-12-07 08:15:52,478] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:15:52,481] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:15:57,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670393757.5414636, 'message': 'Dec  7 08:15:57 hqnl0246134 sshd[302730]: Invalid user sysadmin from 167.71.235.104 port 59490', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 08:15:57,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.235.104', 'timestamp': 1670393757.5420609, 'message': 'Dec  7 08:15:57 hqnl0246134 sshd[302730]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.235.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:15:57,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.235.104', 'timestamp': 1670393757.5422306, 'message': 'Dec  7 08:15:57 hqnl0246134 sshd[302730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.235.104 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:16:01,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670393761.5472295, 'message': 'Dec  7 08:15:59 hqnl0246134 sshd[302730]: Failed password for invalid user sysadmin from 167.71.235.104 port 59490 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:16:01,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670393761.5476613, 'message': 'Dec  7 08:16:01 hqnl0246134 sshd[302730]: Disconnected from invalid user sysadmin 167.71.235.104 port 59490 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:16:09,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393769.5577116, 'message': 'Dec  7 08:16:09 hqnl0246134 sshd[302740]: Invalid user amssys from 144.34.171.163 port 34786', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 08:16:09,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393769.5581195, 'message': 'Dec  7 08:16:09 hqnl0246134 sshd[302740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.171.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:16:09,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393769.5582643, 'message': 'Dec  7 08:16:09 hqnl0246134 sshd[302740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.171.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:16:11,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393771.5583355, 'message': 'Dec  7 08:16:10 hqnl0246134 sshd[302745]: Invalid user tomcat from 187.218.23.85 port 35562', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 08:16:11,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393771.5588977, 'message': 'Dec  7 08:16:11 hqnl0246134 sshd[302742]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.213.124.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:16:11,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393771.558523, 'message': 'Dec  7 08:16:10 hqnl0246134 sshd[302745]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.218.23.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 08:16:11,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393771.559195, 'message': 'Dec  7 08:16:11 hqnl0246134 sshd[302740]: Failed password for invalid user amssys from 144.34.171.163 port 34786 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 08:16:11,635] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393771.5590782, 'message': 'Dec  7 08:16:11 hqnl0246134 sshd[302742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.124.175  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0427 seconds
INFO    [2022-12-07 08:16:11,652] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393771.5586576, 'message': 'Dec  7 08:16:10 hqnl0246134 sshd[302745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.218.23.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:16:13,644] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393773.5622551, 'message': 'Dec  7 08:16:11 hqnl0246134 sshd[302745]: Failed password for invalid user tomcat from 187.218.23.85 port 35562 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0797 seconds
INFO    [2022-12-07 08:16:13,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393773.5630631, 'message': 'Dec  7 08:16:12 hqnl0246134 sshd[302742]: Failed password for root from 112.213.124.175 port 59490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0798 seconds
INFO    [2022-12-07 08:16:13,646] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393773.563349, 'message': 'Dec  7 08:16:13 hqnl0246134 sshd[302747]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0793 seconds
WARNING [2022-12-07 08:16:13,668] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:16:13,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393773.5627942, 'message': 'Dec  7 08:16:12 hqnl0246134 sshd[302745]: Disconnected from invalid user tomcat 187.218.23.85 port 35562 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0820 seconds
INFO    [2022-12-07 08:16:13,727] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670393773.563792, 'message': 'Dec  7 08:16:13 hqnl0246134 sshd[302740]: Disconnected from invalid user amssys 144.34.171.163 port 34786 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0822 seconds
INFO    [2022-12-07 08:16:13,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393773.5635855, 'message': 'Dec  7 08:16:13 hqnl0246134 sshd[302747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0814 seconds
INFO    [2022-12-07 08:16:13,729] defence360agent.internals.the_sink: SensorIncidentList(<25 item(s)>) processed in 0.0816 seconds
INFO    [2022-12-07 08:16:15,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393775.5618927, 'message': 'Dec  7 08:16:15 hqnl0246134 sshd[302747]: Failed password for root from 165.22.220.5 port 56362 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 08:16:18,244] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:16:18,245] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:16:18,316] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:16:18,378] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1291 seconds
INFO    [2022-12-07 08:16:19,594] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393779.5671654, 'message': 'Dec  7 08:16:18 hqnl0246134 sshd[302751]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.149.20.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 08:16:19,612] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393779.5677507, 'message': 'Dec  7 08:16:18 hqnl0246134 sshd[302751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:16:21,238] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:16:21,238] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:16:21,250] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:16:21,274] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0342 seconds
INFO    [2022-12-07 08:16:21,357] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:16:21,424] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:16:21,425] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:16:21,425] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:16:21,425] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:16:21,425] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:16:21,434] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:16:21,453] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0274 seconds
WARNING [2022-12-07 08:16:21,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:16:21,464] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:16:21,485] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0389 seconds
INFO    [2022-12-07 08:16:21,487] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0369 seconds
INFO    [2022-12-07 08:16:21,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393781.5698552, 'message': 'Dec  7 08:16:20 hqnl0246134 sshd[302751]: Failed password for root from 201.149.20.162 port 50992 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 08:16:43,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393803.6012332, 'message': 'Dec  7 08:16:43 hqnl0246134 sshd[302775]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 08:16:43,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393803.6015263, 'message': 'Dec  7 08:16:43 hqnl0246134 sshd[302775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:16:45,641] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393805.6056716, 'message': 'Dec  7 08:16:43 hqnl0246134 sshd[302774]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.63.203.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 08:16:45,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393805.6061819, 'message': 'Dec  7 08:16:45 hqnl0246134 sshd[302775]: Failed password for root from 165.22.220.5 port 50600 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 08:16:45,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393805.6059904, 'message': 'Dec  7 08:16:43 hqnl0246134 sshd[302774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:16:45,679] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '14.63.203.207', 'timestamp': 1670393805.6069934, 'message': 'Dec  7 08:16:45 hqnl0246134 sshd[302774]: Failed password for root from 14.63.203.207 port 49064 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:16:51,573] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:16:51,574] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:16:51,575] im360.plugins.client360: Waiting 7 minutes before retry...
WARNING [2022-12-07 08:16:52,487] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:16:52,488] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:16:55,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393815.6152704, 'message': 'Dec  7 08:16:53 hqnl0246134 sshd[302788]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.187.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 08:16:55,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393815.61603, 'message': 'Dec  7 08:16:53 hqnl0246134 sshd[302788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.187.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 08:16:57,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '178.128.187.192', 'timestamp': 1670393817.6142986, 'message': 'Dec  7 08:16:55 hqnl0246134 sshd[302788]: Failed password for root from 178.128.187.192 port 36192 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:17:09,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393829.6294792, 'message': 'Dec  7 08:17:09 hqnl0246134 sshd[302812]: pam_imunify(sshd:auth): [IM360_RBL] The IP 107.180.88.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:17:09,678] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393829.6300952, 'message': 'Dec  7 08:17:09 hqnl0246134 sshd[302812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.180.88.176  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:17:11,656] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '107.180.88.176', 'timestamp': 1670393831.6297543, 'message': 'Dec  7 08:17:11 hqnl0246134 sshd[302812]: Failed password for root from 107.180.88.176 port 54236 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0263 seconds
WARNING [2022-12-07 08:17:13,620] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:17:13,661] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0484 seconds
INFO    [2022-12-07 08:17:13,670] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393833.6442761, 'message': 'Dec  7 08:17:12 hqnl0246134 sshd[302816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 08:17:13,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393833.6444852, 'message': 'Dec  7 08:17:12 hqnl0246134 sshd[302816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:17:14,406] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:17:14,407] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:17:14,415] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:17:14,426] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 08:17:15,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.105.70.20', 'timestamp': 1670393835.6351042, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302818]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.105.70.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 08:17:15,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393835.6354055, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302820]: Invalid user deployop from 118.194.235.143 port 32808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 08:17:15,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.105.70.20', 'timestamp': 1670393835.6352928, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.105.70.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 08:17:15,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393835.6358032, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302816]: Failed password for root from 165.22.220.5 port 44838 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-07 08:17:15,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393835.63551, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.194.235.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 08:17:15,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393835.6356251, 'message': 'Dec  7 08:17:14 hqnl0246134 sshd[302820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.194.235.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:17:17,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '179.105.70.20', 'timestamp': 1670393837.6379824, 'message': 'Dec  7 08:17:16 hqnl0246134 sshd[302818]: Failed password for root from 179.105.70.20 port 19188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 08:17:17,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393837.6382747, 'message': 'Dec  7 08:17:17 hqnl0246134 sshd[302820]: Failed password for invalid user deployop from 118.194.235.143 port 32808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
INFO    [2022-12-07 08:17:18,014] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:17:18,014] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:17:18,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:17:18,058] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0417 seconds
INFO    [2022-12-07 08:17:19,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393839.6415434, 'message': 'Dec  7 08:17:18 hqnl0246134 sshd[302820]: Disconnected from invalid user deployop 118.194.235.143 port 32808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0452 seconds
INFO    [2022-12-07 08:17:22,727] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:17:22,728] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:17:22,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:17:22,746] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 08:17:23,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393843.6471267, 'message': 'Dec  7 08:17:22 hqnl0246134 sshd[302843]: Invalid user mongod from 190.128.169.130 port 47310', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:17:23,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393843.6473272, 'message': 'Dec  7 08:17:22 hqnl0246134 sshd[302843]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:17:23,703] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393843.6474898, 'message': 'Dec  7 08:17:22 hqnl0246134 sshd[302843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:17:25,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393845.6507068, 'message': 'Dec  7 08:17:24 hqnl0246134 sshd[302843]: Failed password for invalid user mongod from 190.128.169.130 port 47310 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:17:27,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670393847.655575, 'message': 'Dec  7 08:17:25 hqnl0246134 sshd[302843]: Disconnected from invalid user mongod 190.128.169.130 port 47310 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:17:33,696] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670393853.6746206, 'message': 'Dec  7 08:17:33 hqnl0246134 sshd[302849]: Invalid user postgres from 157.230.250.192 port 33824', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 08:17:33,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.250.192', 'timestamp': 1670393853.6752045, 'message': 'Dec  7 08:17:33 hqnl0246134 sshd[302849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.250.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:17:33,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.250.192', 'timestamp': 1670393853.6754155, 'message': 'Dec  7 08:17:33 hqnl0246134 sshd[302849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.250.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:17:37,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670393857.6660254, 'message': 'Dec  7 08:17:36 hqnl0246134 sshd[302849]: Failed password for invalid user postgres from 157.230.250.192 port 33824 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:17:39,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670393859.668875, 'message': 'Dec  7 08:17:37 hqnl0246134 sshd[302849]: Disconnected from invalid user postgres 157.230.250.192 port 33824 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:17:43,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393863.673486, 'message': 'Dec  7 08:17:42 hqnl0246134 sshd[302852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:17:43,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393863.6737425, 'message': 'Dec  7 08:17:42 hqnl0246134 sshd[302852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:17:45,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393865.6764846, 'message': 'Dec  7 08:17:44 hqnl0246134 sshd[302852]: Failed password for root from 165.22.220.5 port 39076 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 08:17:52,490] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:17:52,491] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:18:13,630] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:18:13,667] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0489 seconds
INFO    [2022-12-07 08:18:13,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393893.7108917, 'message': 'Dec  7 08:18:12 hqnl0246134 sshd[302876]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:18:13,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393893.7111561, 'message': 'Dec  7 08:18:12 hqnl0246134 sshd[302876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:18:15,746] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393895.7125466, 'message': 'Dec  7 08:18:14 hqnl0246134 sshd[302874]: Invalid user nmrsu from 112.213.124.175 port 53520', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 08:18:15,747] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393895.712999, 'message': 'Dec  7 08:18:14 hqnl0246134 sshd[302876]: Failed password for root from 165.22.220.5 port 33314 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 08:18:15,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393895.7127385, 'message': 'Dec  7 08:18:14 hqnl0246134 sshd[302874]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.213.124.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:18:15,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393895.7128868, 'message': 'Dec  7 08:18:14 hqnl0246134 sshd[302874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.124.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:18:17,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393897.713859, 'message': 'Dec  7 08:18:16 hqnl0246134 sshd[302874]: Failed password for invalid user nmrsu from 112.213.124.175 port 53520 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:18:17,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670393897.7140305, 'message': 'Dec  7 08:18:16 hqnl0246134 sshd[302874]: Disconnected from invalid user nmrsu 112.213.124.175 port 53520 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:18:18,079] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:18:18,079] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:18:18,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:18:18,100] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 08:18:20,670] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:18:20,671] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:18:20,679] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:18:20,692] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 08:18:39,762] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393919.739969, 'message': 'Dec  7 08:18:38 hqnl0246134 sshd[302899]: Invalid user rhino from 159.65.5.73 port 40826', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:18:39,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393919.7403367, 'message': 'Dec  7 08:18:38 hqnl0246134 sshd[302899]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.5.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:18:39,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393919.740479, 'message': 'Dec  7 08:18:38 hqnl0246134 sshd[302899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.5.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:18:41,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393921.7395828, 'message': 'Dec  7 08:18:40 hqnl0246134 sshd[302899]: Failed password for invalid user rhino from 159.65.5.73 port 40826 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 08:18:41,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670393921.739794, 'message': 'Dec  7 08:18:41 hqnl0246134 sshd[302899]: Disconnected from invalid user rhino 159.65.5.73 port 40826 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:18:43,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393923.7420144, 'message': 'Dec  7 08:18:42 hqnl0246134 sshd[302905]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0631 seconds
INFO    [2022-12-07 08:18:43,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393923.7423375, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302907]: Invalid user webadmin from 187.218.23.85 port 46812', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0639 seconds
INFO    [2022-12-07 08:18:43,894] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:18:43,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 08:18:43,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393923.7422073, 'message': 'Dec  7 08:18:42 hqnl0246134 sshd[302905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1549 seconds
INFO    [2022-12-07 08:18:43,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393923.7426903, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302909]: Invalid user webadmin from 201.149.20.162 port 26888', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1560 seconds
INFO    [2022-12-07 08:18:43,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393923.7424436, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302907]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.218.23.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1478 seconds
WARNING [2022-12-07 08:18:43,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:18:44,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393923.742876, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302909]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.149.20.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0777 seconds
INFO    [2022-12-07 08:18:44,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393923.7425845, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.218.23.85 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0780 seconds
INFO    [2022-12-07 08:18:44,044] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0778 seconds
INFO    [2022-12-07 08:18:44,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393923.7430139, 'message': 'Dec  7 08:18:43 hqnl0246134 sshd[302909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:18:45,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393925.7444015, 'message': 'Dec  7 08:18:44 hqnl0246134 sshd[302905]: Failed password for root from 165.22.220.5 port 55784 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:18:47,778] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393927.7494626, 'message': 'Dec  7 08:18:45 hqnl0246134 sshd[302907]: Failed password for invalid user webadmin from 187.218.23.85 port 46812 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:18:47,779] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393927.7497716, 'message': 'Dec  7 08:18:46 hqnl0246134 sshd[302909]: Failed password for invalid user webadmin from 201.149.20.162 port 26888 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 08:18:49,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.218.23.85', 'timestamp': 1670393929.750584, 'message': 'Dec  7 08:18:47 hqnl0246134 sshd[302907]: Disconnected from invalid user webadmin 187.218.23.85 port 46812 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:18:49,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670393929.751071, 'message': 'Dec  7 08:18:48 hqnl0246134 sshd[302909]: Disconnected from invalid user webadmin 201.149.20.162 port 26888 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
WARNING [2022-12-07 08:18:52,494] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:18:52,495] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:19:13,634] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:19:13,665] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0400 seconds
INFO    [2022-12-07 08:19:13,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393953.7813923, 'message': 'Dec  7 08:19:12 hqnl0246134 sshd[302940]: Invalid user awsgui from 165.22.220.5 port 50022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:19:13,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393953.7816029, 'message': 'Dec  7 08:19:12 hqnl0246134 sshd[302940]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 08:19:13,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393953.7817264, 'message': 'Dec  7 08:19:12 hqnl0246134 sshd[302940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:19:15,800] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393955.7819111, 'message': 'Dec  7 08:19:14 hqnl0246134 sshd[302940]: Failed password for invalid user awsgui from 165.22.220.5 port 50022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:19:18,148] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:19:18,152] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:19:18,171] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:19:18,193] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0368 seconds
INFO    [2022-12-07 08:19:21,177] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:19:21,177] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:19:21,186] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:19:21,199] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 08:19:23,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393963.7930183, 'message': 'Dec  7 08:19:22 hqnl0246134 sshd[302962]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.194.235.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:19:23,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393963.793252, 'message': 'Dec  7 08:19:22 hqnl0246134 sshd[302962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.194.235.143  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:19:25,815] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '118.194.235.143', 'timestamp': 1670393965.7961006, 'message': 'Dec  7 08:19:25 hqnl0246134 sshd[302962]: Failed password for root from 118.194.235.143 port 32924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:19:27,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670393967.7998374, 'message': 'Dec  7 08:19:26 hqnl0246134 sshd[302966]: Invalid user system from 182.253.115.155 port 38254', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 08:19:27,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.115.155', 'timestamp': 1670393967.8001127, 'message': 'Dec  7 08:19:27 hqnl0246134 sshd[302966]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.115.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:19:27,859] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.115.155', 'timestamp': 1670393967.8002975, 'message': 'Dec  7 08:19:27 hqnl0246134 sshd[302966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:19:29,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670393969.8053806, 'message': 'Dec  7 08:19:28 hqnl0246134 sshd[302966]: Failed password for invalid user system from 182.253.115.155 port 38254 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 08:19:31,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670393971.8087478, 'message': 'Dec  7 08:19:29 hqnl0246134 sshd[302966]: Disconnected from invalid user system 182.253.115.155 port 38254 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 08:19:31,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393971.8089533, 'message': 'Dec  7 08:19:30 hqnl0246134 sshd[302968]: Invalid user pedro from 198.23.172.93 port 43040', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 08:19:31,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393971.8091176, 'message': 'Dec  7 08:19:30 hqnl0246134 sshd[302968]: pam_imunify(sshd:auth): [IM360_RBL] The IP 198.23.172.93 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:19:31,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393971.8092217, 'message': 'Dec  7 08:19:30 hqnl0246134 sshd[302968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.172.93 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 08:19:33,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393973.8136733, 'message': 'Dec  7 08:19:32 hqnl0246134 sshd[302968]: Failed password for invalid user pedro from 198.23.172.93 port 43040 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:19:35,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '198.23.172.93', 'timestamp': 1670393975.8166604, 'message': 'Dec  7 08:19:34 hqnl0246134 sshd[302968]: Disconnected from invalid user pedro 198.23.172.93 port 43040 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:19:43,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393983.8265295, 'message': 'Dec  7 08:19:42 hqnl0246134 sshd[302973]: Invalid user ark from 165.22.220.5 port 44264', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 08:19:43,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393983.8269627, 'message': 'Dec  7 08:19:42 hqnl0246134 sshd[302973]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 08:19:43,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393983.8271067, 'message': 'Dec  7 08:19:42 hqnl0246134 sshd[302973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:19:45,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670393985.826208, 'message': 'Dec  7 08:19:45 hqnl0246134 sshd[302973]: Failed password for invalid user ark from 165.22.220.5 port 44264 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 08:19:47,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670393987.8286018, 'message': 'Dec  7 08:19:46 hqnl0246134 sshd[302976]: Invalid user ubuntu from 202.165.246.58 port 53614', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 08:19:47,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670393987.828886, 'message': 'Dec  7 08:19:46 hqnl0246134 sshd[302976]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:19:47,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670393987.8290133, 'message': 'Dec  7 08:19:46 hqnl0246134 sshd[302976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:19:49,728] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:19:49,729] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:19:49,737] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:19:49,749] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 08:19:49,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670393989.8299377, 'message': 'Dec  7 08:19:48 hqnl0246134 sshd[302976]: Failed password for invalid user ubuntu from 202.165.246.58 port 53614 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 08:19:49,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670393989.8301523, 'message': 'Dec  7 08:19:48 hqnl0246134 sshd[302976]: Disconnected from invalid user ubuntu 202.165.246.58 port 53614 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 08:19:52,501] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:19:52,502] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:19:59,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393999.841117, 'message': 'Dec  7 08:19:58 hqnl0246134 sshd[302997]: Invalid user lisa from 41.73.252.229 port 55606', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 08:19:59,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393999.8414152, 'message': 'Dec  7 08:19:58 hqnl0246134 sshd[302997]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:19:59,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670393999.841544, 'message': 'Dec  7 08:19:58 hqnl0246134 sshd[302997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 08:20:01,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394001.8463337, 'message': 'Dec  7 08:20:00 hqnl0246134 sshd[302997]: Failed password for invalid user lisa from 41.73.252.229 port 55606 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0776 seconds
INFO    [2022-12-07 08:20:01,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394001.8466601, 'message': 'Dec  7 08:20:00 hqnl0246134 sshd[302997]: Disconnected from invalid user lisa 41.73.252.229 port 55606 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 08:20:09,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670394009.8542347, 'message': 'Dec  7 08:20:08 hqnl0246134 sshd[303019]: Invalid user pentaho from 112.213.124.175 port 46490', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:20:09,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '112.213.124.175', 'timestamp': 1670394009.8544414, 'message': 'Dec  7 08:20:08 hqnl0246134 sshd[303019]: pam_imunify(sshd:auth): [IM360_RBL] The IP 112.213.124.175 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:20:09,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '112.213.124.175', 'timestamp': 1670394009.854561, 'message': 'Dec  7 08:20:08 hqnl0246134 sshd[303019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.124.175 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 08:20:11,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670394011.8574288, 'message': 'Dec  7 08:20:10 hqnl0246134 sshd[303019]: Failed password for invalid user pentaho from 112.213.124.175 port 46490 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 08:20:13,639] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:20:13,670] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0390 seconds
INFO    [2022-12-07 08:20:13,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '112.213.124.175', 'timestamp': 1670394013.8632367, 'message': 'Dec  7 08:20:12 hqnl0246134 sshd[303019]: Disconnected from invalid user pentaho 112.213.124.175 port 46490 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:20:13,893] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394013.8634555, 'message': 'Dec  7 08:20:13 hqnl0246134 sshd[303029]: Invalid user ark from 165.22.220.5 port 38506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 08:20:13,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394013.863587, 'message': 'Dec  7 08:20:13 hqnl0246134 sshd[303029]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:20:13,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394013.8637362, 'message': 'Dec  7 08:20:13 hqnl0246134 sshd[303029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 08:20:15,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394015.8669739, 'message': 'Dec  7 08:20:14 hqnl0246134 sshd[303029]: Failed password for invalid user ark from 165.22.220.5 port 38506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:20:17,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670394017.8702655, 'message': 'Dec  7 08:20:16 hqnl0246134 sshd[303032]: Invalid user testdev from 14.63.203.207 port 38722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 08:20:17,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.63.203.207', 'timestamp': 1670394017.8704743, 'message': 'Dec  7 08:20:16 hqnl0246134 sshd[303032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.63.203.207 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:20:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:20:17,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:20:17,994] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:20:18,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.63.203.207', 'timestamp': 1670394017.8706067, 'message': 'Dec  7 08:20:16 hqnl0246134 sshd[303032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1005 seconds
INFO    [2022-12-07 08:20:18,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0300 seconds
INFO    [2022-12-07 08:20:19,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670394019.8710394, 'message': 'Dec  7 08:20:19 hqnl0246134 sshd[303032]: Failed password for invalid user testdev from 14.63.203.207 port 38722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 08:20:20,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:20:20,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:20:20,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:20:20,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 08:20:21,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.63.203.207', 'timestamp': 1670394021.873863, 'message': 'Dec  7 08:20:20 hqnl0246134 sshd[303032]: Disconnected from invalid user testdev 14.63.203.207 port 38722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:20:39,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394039.9008346, 'message': 'Dec  7 08:20:39 hqnl0246134 sshd[303060]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.96.227.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 08:20:39,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394039.9012117, 'message': 'Dec  7 08:20:39 hqnl0246134 sshd[303060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.227.178  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 08:20:41,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394041.902101, 'message': 'Dec  7 08:20:40 hqnl0246134 sshd[303063]: Invalid user admin from 43.163.207.202 port 54704', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 08:20:41,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394041.9025545, 'message': 'Dec  7 08:20:41 hqnl0246134 sshd[303060]: Failed password for root from 172.96.227.178 port 33544 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 08:20:41,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394041.9022846, 'message': 'Dec  7 08:20:41 hqnl0246134 sshd[303063]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.163.207.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:20:41,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394041.902446, 'message': 'Dec  7 08:20:41 hqnl0246134 sshd[303063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.163.207.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:20:43,942] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394043.9053295, 'message': 'Dec  7 08:20:42 hqnl0246134 sshd[303065]: Invalid user ark from 165.22.220.5 port 60980', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:20:43,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394043.905931, 'message': 'Dec  7 08:20:43 hqnl0246134 sshd[303063]: Failed password for invalid user admin from 43.163.207.202 port 54704 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:20:43,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394043.905632, 'message': 'Dec  7 08:20:43 hqnl0246134 sshd[303065]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:20:43,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394043.9057946, 'message': 'Dec  7 08:20:43 hqnl0246134 sshd[303065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0162 seconds
INFO    [2022-12-07 08:20:45,936] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394045.9066439, 'message': 'Dec  7 08:20:44 hqnl0246134 sshd[303065]: Failed password for invalid user ark from 165.22.220.5 port 60980 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 08:20:45,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394045.9069676, 'message': 'Dec  7 08:20:45 hqnl0246134 sshd[303063]: Disconnected from invalid user admin 43.163.207.202 port 54704 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:20:49,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394049.912621, 'message': 'Dec  7 08:20:48 hqnl0246134 sshd[303067]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.171.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 08:20:49,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394049.913099, 'message': 'Dec  7 08:20:48 hqnl0246134 sshd[303067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.171.163  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:20:49,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394049.9132845, 'message': 'Dec  7 08:20:49 hqnl0246134 sshd[303067]: Failed password for root from 144.34.171.163 port 36154 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 08:20:52,505] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:20:52,507] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:20:53,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:20:53,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:20:53,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:20:53,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:20:59,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394059.9251604, 'message': 'Dec  7 08:20:59 hqnl0246134 sshd[303086]: Invalid user db2inst1 from 190.128.169.130 port 36572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:20:59,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394059.925429, 'message': 'Dec  7 08:20:59 hqnl0246134 sshd[303086]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:20:59,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394059.9255517, 'message': 'Dec  7 08:20:59 hqnl0246134 sshd[303086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 08:21:01,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394061.9263093, 'message': 'Dec  7 08:21:00 hqnl0246134 sshd[303086]: Failed password for invalid user db2inst1 from 190.128.169.130 port 36572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:21:01,965] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394061.9265485, 'message': 'Dec  7 08:21:01 hqnl0246134 sshd[303086]: Disconnected from invalid user db2inst1 190.128.169.130 port 36572 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:21:09,971] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394069.941374, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303100]: Invalid user postgres from 51.250.65.57 port 60814', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 08:21:09,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670394069.9415698, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303096]: Invalid user tomcat from 201.149.20.162 port 59296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 08:21:10,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394069.942055, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303100]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.65.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 08:21:10,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '201.149.20.162', 'timestamp': 1670394069.9427118, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303096]: pam_imunify(sshd:auth): [IM360_RBL] The IP 201.149.20.162 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 08:21:10,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.218.23.85', 'timestamp': 1670394069.9429452, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303098]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.218.23.85 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0432 seconds
INFO    [2022-12-07 08:21:10,056] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394069.9426079, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.65.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0412 seconds
INFO    [2022-12-07 08:21:10,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '201.149.20.162', 'timestamp': 1670394069.9428346, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0411 seconds
INFO    [2022-12-07 08:21:10,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.218.23.85', 'timestamp': 1670394069.9430466, 'message': 'Dec  7 08:21:08 hqnl0246134 sshd[303098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.218.23.85  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0407 seconds
INFO    [2022-12-07 08:21:12,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394071.9434774, 'message': 'Dec  7 08:21:10 hqnl0246134 sshd[303100]: Failed password for invalid user postgres from 51.250.65.57 port 60814 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0560 seconds
INFO    [2022-12-07 08:21:12,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670394071.9437184, 'message': 'Dec  7 08:21:10 hqnl0246134 sshd[303096]: Failed password for invalid user tomcat from 201.149.20.162 port 59296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0563 seconds
INFO    [2022-12-07 08:21:12,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.218.23.85', 'timestamp': 1670394071.9438584, 'message': 'Dec  7 08:21:10 hqnl0246134 sshd[303098]: Failed password for root from 187.218.23.85 port 58050 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0564 seconds
INFO    [2022-12-07 08:21:12,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '201.149.20.162', 'timestamp': 1670394071.9439673, 'message': 'Dec  7 08:21:11 hqnl0246134 sshd[303096]: Disconnected from invalid user tomcat 201.149.20.162 port 59296 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 08:21:13,643] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:21:13,685] defence360agent.internals.the_sink: SensorIncidentList(<28 item(s)>) processed in 0.0494 seconds
INFO    [2022-12-07 08:21:13,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394073.951309, 'message': 'Dec  7 08:21:12 hqnl0246134 sshd[303100]: Disconnected from invalid user postgres 51.250.65.57 port 60814 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 08:21:13,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394073.9514945, 'message': 'Dec  7 08:21:13 hqnl0246134 sshd[303102]: Invalid user arkserver from 165.22.220.5 port 55222', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 08:21:13,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394073.9516044, 'message': 'Dec  7 08:21:13 hqnl0246134 sshd[303102]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:21:14,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394073.951707, 'message': 'Dec  7 08:21:13 hqnl0246134 sshd[303102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:21:15,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394075.953237, 'message': 'Dec  7 08:21:15 hqnl0246134 sshd[303102]: Failed password for invalid user arkserver from 165.22.220.5 port 55222 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:21:17,915] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:21:17,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:21:17,924] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:21:17,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 08:21:22,677] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:21:22,678] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:21:22,689] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:21:22,702] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-07 08:21:23,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670394083.9668436, 'message': 'Dec  7 08:21:22 hqnl0246134 sshd[303122]: Invalid user jimmy from 118.194.235.143 port 33042', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 08:21:24,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '118.194.235.143', 'timestamp': 1670394083.9670959, 'message': 'Dec  7 08:21:22 hqnl0246134 sshd[303122]: pam_imunify(sshd:auth): [IM360_RBL] The IP 118.194.235.143 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:21:24,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '118.194.235.143', 'timestamp': 1670394083.9672494, 'message': 'Dec  7 08:21:22 hqnl0246134 sshd[303122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.194.235.143 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 08:21:25,990] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670394085.9686863, 'message': 'Dec  7 08:21:25 hqnl0246134 sshd[303122]: Failed password for invalid user jimmy from 118.194.235.143 port 33042 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:21:27,999] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '118.194.235.143', 'timestamp': 1670394087.971464, 'message': 'Dec  7 08:21:27 hqnl0246134 sshd[303122]: Disconnected from invalid user jimmy 118.194.235.143 port 33042 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:21:44,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394104.0124607, 'message': 'Dec  7 08:21:43 hqnl0246134 sshd[303132]: Invalid user arkserver from 165.22.220.5 port 49464', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:21:44,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394104.0130386, 'message': 'Dec  7 08:21:43 hqnl0246134 sshd[303132]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:21:44,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394104.0131724, 'message': 'Dec  7 08:21:43 hqnl0246134 sshd[303132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:21:46,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394106.0135758, 'message': 'Dec  7 08:21:45 hqnl0246134 sshd[303132]: Failed password for invalid user arkserver from 165.22.220.5 port 49464 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
WARNING [2022-12-07 08:21:52,515] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:21:52,517] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:21:54,340] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 08:21:58,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394118.0366237, 'message': 'Dec  7 08:21:57 hqnl0246134 sshd[303143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.5.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0413 seconds
INFO    [2022-12-07 08:21:58,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394118.03748, 'message': 'Dec  7 08:21:57 hqnl0246134 sshd[303143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.5.73  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:22:00,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394120.040591, 'message': 'Dec  7 08:21:59 hqnl0246134 sshd[303143]: Failed password for root from 159.65.5.73 port 44828 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:22:04,765] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:22:04,765] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:22:04,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:22:04,786] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-07 08:22:13,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:22:13,687] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0412 seconds
INFO    [2022-12-07 08:22:16,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394136.0639873, 'message': 'Dec  7 08:22:14 hqnl0246134 sshd[303168]: Invalid user arkserver from 165.22.220.5 port 43706', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0792 seconds
INFO    [2022-12-07 08:22:16,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394136.064378, 'message': 'Dec  7 08:22:14 hqnl0246134 sshd[303168]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 08:22:16,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394136.0645893, 'message': 'Dec  7 08:22:14 hqnl0246134 sshd[303168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 08:22:18,082] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394138.0649357, 'message': 'Dec  7 08:22:16 hqnl0246134 sshd[303168]: Failed password for invalid user arkserver from 165.22.220.5 port 43706 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:22:20,023] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:22:20,024] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:22:20,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:22:20,062] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
INFO    [2022-12-07 08:22:22,895] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:22:22,895] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:22:22,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:22:22,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 08:22:36,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394156.0953956, 'message': 'Dec  7 08:22:35 hqnl0246134 sshd[303194]: Invalid user sa from 179.105.70.20 port 34156', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 08:22:36,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394156.0959098, 'message': 'Dec  7 08:22:35 hqnl0246134 sshd[303194]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.105.70.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 08:22:36,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394156.0960603, 'message': 'Dec  7 08:22:35 hqnl0246134 sshd[303194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.105.70.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:22:38,126] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394158.0977426, 'message': 'Dec  7 08:22:37 hqnl0246134 sshd[303194]: Failed password for invalid user sa from 179.105.70.20 port 34156 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
INFO    [2022-12-07 08:22:40,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394160.0984328, 'message': 'Dec  7 08:22:38 hqnl0246134 sshd[303194]: Disconnected from invalid user sa 179.105.70.20 port 34156 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 08:22:46,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394166.1138635, 'message': 'Dec  7 08:22:44 hqnl0246134 sshd[303199]: Invalid user admin from 165.22.220.5 port 37948', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 08:22:46,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394166.1141605, 'message': 'Dec  7 08:22:44 hqnl0246134 sshd[303199]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:22:46,188] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394166.1143124, 'message': 'Dec  7 08:22:44 hqnl0246134 sshd[303199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:22:48,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394168.1153915, 'message': 'Dec  7 08:22:46 hqnl0246134 sshd[303199]: Failed password for invalid user admin from 165.22.220.5 port 37948 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:22:52,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394172.122093, 'message': 'Dec  7 08:22:51 hqnl0246134 sshd[303210]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.235.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 08:22:52,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394172.1224625, 'message': 'Dec  7 08:22:51 hqnl0246134 sshd[303210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.235.104  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 08:22:52,521] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:22:52,522] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:22:54,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394174.1263297, 'message': 'Dec  7 08:22:53 hqnl0246134 sshd[303210]: Failed password for root from 167.71.235.104 port 33096 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 08:23:13,656] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:23:13,686] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0373 seconds
INFO    [2022-12-07 08:23:16,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394196.1488924, 'message': 'Dec  7 08:23:14 hqnl0246134 sshd[303226]: Invalid user admin from 165.22.220.5 port 60422', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 08:23:16,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394196.1491063, 'message': 'Dec  7 08:23:14 hqnl0246134 sshd[303226]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 08:23:16,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394196.149228, 'message': 'Dec  7 08:23:14 hqnl0246134 sshd[303226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:23:18,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394198.1503305, 'message': 'Dec  7 08:23:16 hqnl0246134 sshd[303226]: Failed password for invalid user admin from 165.22.220.5 port 60422 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0565 seconds
INFO    [2022-12-07 08:23:18,652] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:23:18,652] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:23:18,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:23:18,752] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0908 seconds
INFO    [2022-12-07 08:23:21,837] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:23:21,838] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:23:21,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:23:21,859] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 08:23:34,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394214.1679542, 'message': 'Dec  7 08:23:34 hqnl0246134 sshd[303250]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 08:23:34,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394214.1690998, 'message': 'Dec  7 08:23:34 hqnl0246134 sshd[303250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:23:38,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394218.1695063, 'message': 'Dec  7 08:23:36 hqnl0246134 sshd[303250]: Failed password for root from 41.73.252.229 port 45904 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 08:23:40,821] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:23:40,822] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:23:40,829] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:23:40,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 08:23:46,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394226.1865385, 'message': 'Dec  7 08:23:44 hqnl0246134 sshd[303257]: Invalid user admin from 165.22.220.5 port 54668', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 08:23:46,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394226.1868286, 'message': 'Dec  7 08:23:44 hqnl0246134 sshd[303257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:23:46,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394226.186983, 'message': 'Dec  7 08:23:44 hqnl0246134 sshd[303257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:23:48,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394228.1887317, 'message': 'Dec  7 08:23:46 hqnl0246134 sshd[303257]: Failed password for invalid user admin from 165.22.220.5 port 54668 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
WARNING [2022-12-07 08:23:52,527] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:23:52,528] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:24:00,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394240.2065215, 'message': 'Dec  7 08:23:59 hqnl0246134 sshd[303272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.65.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 08:24:00,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394240.2069657, 'message': 'Dec  7 08:23:59 hqnl0246134 sshd[303272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.65.57  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:24:02,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394242.2087114, 'message': 'Dec  7 08:24:01 hqnl0246134 sshd[303272]: Failed password for root from 51.250.65.57 port 50234 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:24:06,232] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394246.212532, 'message': 'Dec  7 08:24:04 hqnl0246134 sshd[303281]: Invalid user leandro from 159.223.47.173 port 54346', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:24:06,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394246.212757, 'message': 'Dec  7 08:24:04 hqnl0246134 sshd[303281]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.47.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:24:06,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394246.2128909, 'message': 'Dec  7 08:24:04 hqnl0246134 sshd[303281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.47.173 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:24:08,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394248.2175121, 'message': 'Dec  7 08:24:07 hqnl0246134 sshd[303281]: Failed password for invalid user leandro from 159.223.47.173 port 54346 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:24:10,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394250.220846, 'message': 'Dec  7 08:24:09 hqnl0246134 sshd[303281]: Disconnected from invalid user leandro 159.223.47.173 port 54346 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 08:24:13,668] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:24:13,703] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0513 seconds
INFO    [2022-12-07 08:24:16,251] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394256.2306144, 'message': 'Dec  7 08:24:14 hqnl0246134 sshd[303285]: Invalid user admin from 165.22.220.5 port 48912', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:24:16,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394256.2308395, 'message': 'Dec  7 08:24:14 hqnl0246134 sshd[303285]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:24:16,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394256.2309954, 'message': 'Dec  7 08:24:14 hqnl0246134 sshd[303285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:24:18,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:24:18,012] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:24:18,022] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:24:18,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 08:24:18,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394258.2322764, 'message': 'Dec  7 08:24:17 hqnl0246134 sshd[303285]: Failed password for invalid user admin from 165.22.220.5 port 48912 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 08:24:20,211] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:24:20,293] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:24:20,294] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:24:20,294] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:24:20,294] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:24:20,295] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:24:20,307] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:24:20,326] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0308 seconds
WARNING [2022-12-07 08:24:20,333] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:24:20,336] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:24:20,361] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0406 seconds
INFO    [2022-12-07 08:24:20,362] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0384 seconds
INFO    [2022-12-07 08:24:20,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:24:20,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:24:20,858] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:24:20,869] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 08:24:32,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394272.2537491, 'message': 'Dec  7 08:24:31 hqnl0246134 sshd[303308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.128.169.130 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 08:24:32,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394272.254289, 'message': 'Dec  7 08:24:31 hqnl0246134 sshd[303308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.169.130  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:24:34,272] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.128.169.130', 'timestamp': 1670394274.254008, 'message': 'Dec  7 08:24:32 hqnl0246134 sshd[303308]: Failed password for root from 190.128.169.130 port 54048 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:24:38,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394278.2600315, 'message': 'Dec  7 08:24:38 hqnl0246134 sshd[303311]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 08:24:38,303] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394278.2604578, 'message': 'Dec  7 08:24:38 hqnl0246134 sshd[303311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:24:40,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394280.2618492, 'message': 'Dec  7 08:24:40 hqnl0246134 sshd[303311]: Failed password for root from 82.66.187.39 port 59612 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:24:44,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394284.266576, 'message': 'Dec  7 08:24:43 hqnl0246134 sshd[303313]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.105.70.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:24:44,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394284.2669113, 'message': 'Dec  7 08:24:43 hqnl0246134 sshd[303313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.105.70.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:24:46,328] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394286.2698522, 'message': 'Dec  7 08:24:44 hqnl0246134 sshd[303315]: Invalid user admin from 165.22.220.5 port 43156', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0571 seconds
INFO    [2022-12-07 08:24:46,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394286.2706363, 'message': 'Dec  7 08:24:44 hqnl0246134 sshd[303313]: Failed password for root from 179.105.70.20 port 46454 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0573 seconds
INFO    [2022-12-07 08:24:46,360] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394286.270213, 'message': 'Dec  7 08:24:44 hqnl0246134 sshd[303315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 08:24:46,393] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394286.2704444, 'message': 'Dec  7 08:24:44 hqnl0246134 sshd[303315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 08:24:48,308] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394288.2715216, 'message': 'Dec  7 08:24:46 hqnl0246134 sshd[303315]: Failed password for invalid user admin from 165.22.220.5 port 43156 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:24:50,424] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:24:50,425] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:24:50,426] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 08:24:52,531] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:24:52,532] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:25:13,667] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:25:13,696] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0401 seconds
INFO    [2022-12-07 08:25:16,364] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394316.3228645, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303369]: Invalid user admin from 165.22.220.5 port 37400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0406 seconds
INFO    [2022-12-07 08:25:16,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394316.3249586, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303362]: Invalid user oficina from 144.34.171.163 port 37528', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 08:25:16,402] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394316.3233814, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 08:25:16,404] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394316.3251173, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303362]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.34.171.163 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 08:25:16,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394316.3247662, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 08:25:16,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394316.325345, 'message': 'Dec  7 08:25:15 hqnl0246134 sshd[303362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.171.163 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 08:25:18,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394318.3244662, 'message': 'Dec  7 08:25:17 hqnl0246134 sshd[303369]: Failed password for invalid user admin from 165.22.220.5 port 37400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0979 seconds
INFO    [2022-12-07 08:25:18,424] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394318.3247514, 'message': 'Dec  7 08:25:17 hqnl0246134 sshd[303362]: Failed password for invalid user oficina from 144.34.171.163 port 37528 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0978 seconds
INFO    [2022-12-07 08:25:20,112] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:25:20,113] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:25:20,120] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:25:20,136] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 08:25:20,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.34.171.163', 'timestamp': 1670394320.3299034, 'message': 'Dec  7 08:25:19 hqnl0246134 sshd[303362]: Disconnected from invalid user oficina 144.34.171.163 port 37528 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 08:25:20,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394320.3300743, 'message': 'Dec  7 08:25:19 hqnl0246134 sshd[303378]: Invalid user hadoop from 159.65.5.73 port 35858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 08:25:20,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394320.3301997, 'message': 'Dec  7 08:25:19 hqnl0246134 sshd[303378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.65.5.73 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0765 seconds
INFO    [2022-12-07 08:25:20,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394320.3303063, 'message': 'Dec  7 08:25:19 hqnl0246134 sshd[303378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.5.73 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0829 seconds
INFO    [2022-12-07 08:25:22,238] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:25:22,238] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:25:22,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:25:22,260] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 08:25:22,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394322.330189, 'message': 'Dec  7 08:25:21 hqnl0246134 sshd[303378]: Failed password for invalid user hadoop from 159.65.5.73 port 35858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 08:25:22,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.65.5.73', 'timestamp': 1670394322.330396, 'message': 'Dec  7 08:25:21 hqnl0246134 sshd[303378]: Disconnected from invalid user hadoop 159.65.5.73 port 35858 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:25:23,332] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:25:23,333] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:25:23,355] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:25:23,380] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0376 seconds
INFO    [2022-12-07 08:25:40,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394340.373641, 'message': 'Dec  7 08:25:39 hqnl0246134 sshd[303403]: Invalid user xiao from 43.163.207.202 port 33374', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 08:25:40,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394340.3741014, 'message': 'Dec  7 08:25:39 hqnl0246134 sshd[303403]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.163.207.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:25:40,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394340.3742452, 'message': 'Dec  7 08:25:39 hqnl0246134 sshd[303403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.163.207.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:25:42,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394342.3782928, 'message': 'Dec  7 08:25:41 hqnl0246134 sshd[303403]: Failed password for invalid user xiao from 43.163.207.202 port 33374 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:25:44,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394344.380406, 'message': 'Dec  7 08:25:43 hqnl0246134 sshd[303403]: Disconnected from invalid user xiao 43.163.207.202 port 33374 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 08:25:46,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394346.382172, 'message': 'Dec  7 08:25:44 hqnl0246134 sshd[303406]: Invalid user admin from 165.22.220.5 port 59876', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:25:46,459] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394346.382406, 'message': 'Dec  7 08:25:44 hqnl0246134 sshd[303406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 08:25:46,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394346.3825533, 'message': 'Dec  7 08:25:44 hqnl0246134 sshd[303406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0434 seconds
INFO    [2022-12-07 08:25:48,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394348.384085, 'message': 'Dec  7 08:25:47 hqnl0246134 sshd[303406]: Failed password for invalid user admin from 165.22.220.5 port 59876 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
WARNING [2022-12-07 08:25:52,536] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:25:52,537] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:25:54,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394354.3942618, 'message': 'Dec  7 08:25:52 hqnl0246134 sshd[303422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 08:25:54,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394354.3949249, 'message': 'Dec  7 08:25:52 hqnl0246134 sshd[303422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 08:25:54,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394354.3951933, 'message': 'Dec  7 08:25:54 hqnl0246134 sshd[303422]: Failed password for root from 202.165.246.58 port 48346 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:26:08,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394368.4139667, 'message': 'Dec  7 08:26:06 hqnl0246134 sshd[303433]: Invalid user victoria from 157.230.250.192 port 34110', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:26:08,454] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394368.414281, 'message': 'Dec  7 08:26:06 hqnl0246134 sshd[303433]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.250.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:26:08,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394368.414701, 'message': 'Dec  7 08:26:06 hqnl0246134 sshd[303433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.250.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:26:08,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394368.4148443, 'message': 'Dec  7 08:26:07 hqnl0246134 sshd[303433]: Failed password for invalid user victoria from 157.230.250.192 port 34110 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:26:10,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394370.4173605, 'message': 'Dec  7 08:26:09 hqnl0246134 sshd[303433]: Disconnected from invalid user victoria 157.230.250.192 port 34110 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 08:26:13,672] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:26:13,704] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0406 seconds
INFO    [2022-12-07 08:26:16,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394376.4259276, 'message': 'Dec  7 08:26:14 hqnl0246134 sshd[303436]: Invalid user admin from 165.22.220.5 port 54120', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:26:16,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394376.4329946, 'message': 'Dec  7 08:26:14 hqnl0246134 sshd[303436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 08:26:16,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394376.4331708, 'message': 'Dec  7 08:26:14 hqnl0246134 sshd[303436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:26:18,448] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394378.4268618, 'message': 'Dec  7 08:26:16 hqnl0246134 sshd[303436]: Failed password for invalid user admin from 165.22.220.5 port 54120 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 08:26:18,542] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:26:18,542] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:26:18,549] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:26:18,560] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 08:26:21,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:26:21,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:26:21,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:26:21,330] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0315 seconds
INFO    [2022-12-07 08:26:30,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394390.4437187, 'message': 'Dec  7 08:26:30 hqnl0246134 sshd[303460]: Invalid user user1 from 163.44.252.65 port 39182', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 08:26:32,475] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394392.4460208, 'message': 'Dec  7 08:26:30 hqnl0246134 sshd[303460]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.252.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 08:26:32,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394392.4462104, 'message': 'Dec  7 08:26:30 hqnl0246134 sshd[303460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.252.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 08:26:32,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394392.4463646, 'message': 'Dec  7 08:26:31 hqnl0246134 sshd[303460]: Failed password for invalid user user1 from 163.44.252.65 port 39182 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 08:26:34,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394394.4488437, 'message': 'Dec  7 08:26:32 hqnl0246134 sshd[303460]: Disconnected from invalid user user1 163.44.252.65 port 39182 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 08:26:35,333] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:26:35,334] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:26:35,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:26:35,354] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 08:26:46,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394406.4664493, 'message': 'Dec  7 08:26:44 hqnl0246134 sshd[303469]: Invalid user admin from 165.22.220.5 port 48364', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 08:26:46,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394406.4667506, 'message': 'Dec  7 08:26:44 hqnl0246134 sshd[303469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:26:46,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394406.4669008, 'message': 'Dec  7 08:26:44 hqnl0246134 sshd[303469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 08:26:48,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394408.4696014, 'message': 'Dec  7 08:26:46 hqnl0246134 sshd[303469]: Failed password for invalid user admin from 165.22.220.5 port 48364 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 08:26:48,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394408.4698148, 'message': 'Dec  7 08:26:47 hqnl0246134 sshd[303472]: Invalid user arkserver from 172.96.227.178 port 38692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0461 seconds
INFO    [2022-12-07 08:26:48,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394408.4701993, 'message': 'Dec  7 08:26:48 hqnl0246134 sshd[303474]: Invalid user oracle from 167.71.235.104 port 45058', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0454 seconds
INFO    [2022-12-07 08:26:48,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394408.4699779, 'message': 'Dec  7 08:26:47 hqnl0246134 sshd[303472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.96.227.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:26:48,570] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394408.4700835, 'message': 'Dec  7 08:26:47 hqnl0246134 sshd[303472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.227.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 08:26:50,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394410.4711254, 'message': 'Dec  7 08:26:48 hqnl0246134 sshd[303474]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.235.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 08:26:50,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394410.4714417, 'message': 'Dec  7 08:26:49 hqnl0246134 sshd[303472]: Failed password for invalid user arkserver from 172.96.227.178 port 38692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 08:26:50,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394410.4713268, 'message': 'Dec  7 08:26:48 hqnl0246134 sshd[303474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.235.104 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 08:26:50,537] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394410.4718208, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303476]: Invalid user mongo from 51.250.65.57 port 39680', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 08:26:50,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394410.4715598, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303474]: Failed password for invalid user oracle from 167.71.235.104 port 45058 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0416 seconds
INFO    [2022-12-07 08:26:50,580] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394410.4719408, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303476]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.65.57 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 08:26:50,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394410.472197, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303472]: Disconnected from invalid user arkserver 172.96.227.178 port 38692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 08:26:50,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394410.4717052, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303474]: Disconnected from invalid user oracle 167.71.235.104 port 45058 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 08:26:50,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394410.4720824, 'message': 'Dec  7 08:26:50 hqnl0246134 sshd[303476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.65.57 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 08:26:52,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394412.4731615, 'message': 'Dec  7 08:26:52 hqnl0246134 sshd[303486]: Invalid user demo from 179.105.70.20 port 30208', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:26:52,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394412.4738414, 'message': 'Dec  7 08:26:52 hqnl0246134 sshd[303476]: Failed password for invalid user mongo from 51.250.65.57 port 39680 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 08:26:52,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394412.4735408, 'message': 'Dec  7 08:26:52 hqnl0246134 sshd[303486]: pam_imunify(sshd:auth): [IM360_RBL] The IP 179.105.70.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 08:26:52,538] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:26:52,539] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:26:52,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394412.473678, 'message': 'Dec  7 08:26:52 hqnl0246134 sshd[303486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.105.70.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:26:54,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.65.57', 'timestamp': 1670394414.4753509, 'message': 'Dec  7 08:26:54 hqnl0246134 sshd[303476]: Disconnected from invalid user mongo 51.250.65.57 port 39680 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 08:26:54,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394414.4755383, 'message': 'Dec  7 08:26:54 hqnl0246134 sshd[303486]: Failed password for invalid user demo from 179.105.70.20 port 30208 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 08:26:58,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '179.105.70.20', 'timestamp': 1670394418.4809356, 'message': 'Dec  7 08:26:56 hqnl0246134 sshd[303486]: Disconnected from invalid user demo 179.105.70.20 port 30208 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:27:06,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394426.48899, 'message': 'Dec  7 08:27:05 hqnl0246134 sshd[303497]: Invalid user ircd from 41.73.252.229 port 36196', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:27:06,528] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394426.4892044, 'message': 'Dec  7 08:27:05 hqnl0246134 sshd[303497]: pam_imunify(sshd:auth): [IM360_RBL] The IP 41.73.252.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:27:06,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394426.4894047, 'message': 'Dec  7 08:27:05 hqnl0246134 sshd[303497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.73.252.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 08:27:08,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394428.4900908, 'message': 'Dec  7 08:27:06 hqnl0246134 sshd[303497]: Failed password for invalid user ircd from 41.73.252.229 port 36196 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:27:08,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '41.73.252.229', 'timestamp': 1670394428.4903176, 'message': 'Dec  7 08:27:08 hqnl0246134 sshd[303497]: Disconnected from invalid user ircd 41.73.252.229 port 36196 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:27:10,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394430.5044653, 'message': 'Dec  7 08:27:09 hqnl0246134 sshd[303511]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 08:27:10,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394430.5049205, 'message': 'Dec  7 08:27:09 hqnl0246134 sshd[303511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:27:12,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394432.4986613, 'message': 'Dec  7 08:27:11 hqnl0246134 sshd[303511]: Failed password for root from 45.93.201.82 port 39486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
WARNING [2022-12-07 08:27:13,685] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:27:13,717] defence360agent.internals.the_sink: SensorIncidentList(<24 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-07 08:27:14,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394434.501101, 'message': 'Dec  7 08:27:13 hqnl0246134 sshd[303513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:27:14,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394434.5012746, 'message': 'Dec  7 08:27:13 hqnl0246134 sshd[303513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 08:27:16,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394436.5015335, 'message': 'Dec  7 08:27:14 hqnl0246134 sshd[303511]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1148 seconds
INFO    [2022-12-07 08:27:16,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394436.5017338, 'message': 'Dec  7 08:27:14 hqnl0246134 sshd[303515]: Invalid user admin from 165.22.220.5 port 42608', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1150 seconds
INFO    [2022-12-07 08:27:16,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394436.5027332, 'message': 'Dec  7 08:27:15 hqnl0246134 sshd[303513]: Failed password for root from 82.66.187.39 port 42908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1146 seconds
INFO    [2022-12-07 08:27:16,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394436.5024817, 'message': 'Dec  7 08:27:14 hqnl0246134 sshd[303515]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 08:27:16,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394436.502615, 'message': 'Dec  7 08:27:14 hqnl0246134 sshd[303515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 08:27:18,283] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:27:18,284] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:27:18,292] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:27:18,304] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 08:27:18,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394438.5045118, 'message': 'Dec  7 08:27:16 hqnl0246134 sshd[303511]: Failed password for root from 45.93.201.82 port 39486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:27:18,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394438.50472, 'message': 'Dec  7 08:27:16 hqnl0246134 sshd[303515]: Failed password for invalid user admin from 165.22.220.5 port 42608 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 08:27:22,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394442.5110488, 'message': 'Dec  7 08:27:21 hqnl0246134 sshd[303511]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 08:27:22,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:27:22,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:27:22,886] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:27:22,898] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 08:27:24,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394444.5174773, 'message': 'Dec  7 08:27:24 hqnl0246134 sshd[303511]: Failed password for root from 45.93.201.82 port 39486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:27:32,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394452.5347397, 'message': 'Dec  7 08:27:32 hqnl0246134 sshd[303540]: Invalid user prueba from 45.93.201.82 port 32904', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 08:27:32,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394452.5350873, 'message': 'Dec  7 08:27:32 hqnl0246134 sshd[303540]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.93.201.82 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:27:32,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394452.5352592, 'message': 'Dec  7 08:27:32 hqnl0246134 sshd[303540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.93.201.82 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 08:27:36,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.93.201.82', 'timestamp': 1670394456.5396993, 'message': 'Dec  7 08:27:34 hqnl0246134 sshd[303540]: Failed password for invalid user prueba from 45.93.201.82 port 32904 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:27:44,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394464.5459437, 'message': 'Dec  7 08:27:44 hqnl0246134 sshd[303545]: Invalid user admin from 165.22.220.5 port 36852', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:27:46,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394466.549667, 'message': 'Dec  7 08:27:44 hqnl0246134 sshd[303545]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:27:46,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394466.5499077, 'message': 'Dec  7 08:27:44 hqnl0246134 sshd[303545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:27:48,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394468.5518177, 'message': 'Dec  7 08:27:46 hqnl0246134 sshd[303545]: Failed password for invalid user admin from 165.22.220.5 port 36852 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
WARNING [2022-12-07 08:27:52,541] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:27:52,542] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:28:14,482] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:28:14,514] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.8312 seconds
INFO    [2022-12-07 08:28:14,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394494.6052134, 'message': 'Dec  7 08:28:13 hqnl0246134 sshd[303567]: Invalid user jimmy from 159.223.47.173 port 58126', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 08:28:14,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394494.6055083, 'message': 'Dec  7 08:28:13 hqnl0246134 sshd[303567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.47.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 08:28:14,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394494.60571, 'message': 'Dec  7 08:28:13 hqnl0246134 sshd[303567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.47.173 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:28:16,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394496.6063054, 'message': 'Dec  7 08:28:15 hqnl0246134 sshd[303567]: Failed password for invalid user jimmy from 159.223.47.173 port 58126 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 08:28:16,655] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394496.606533, 'message': 'Dec  7 08:28:15 hqnl0246134 sshd[303570]: Invalid user apache from 165.22.220.5 port 59328', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-07 08:28:16,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394496.6068969, 'message': 'Dec  7 08:28:15 hqnl0246134 sshd[303567]: Disconnected from invalid user jimmy 159.223.47.173 port 58126 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 08:28:16,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394496.606645, 'message': 'Dec  7 08:28:15 hqnl0246134 sshd[303570]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0463 seconds
INFO    [2022-12-07 08:28:16,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394496.60675, 'message': 'Dec  7 08:28:15 hqnl0246134 sshd[303570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 08:28:18,432] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:28:18,433] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:28:18,447] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:28:18,467] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0317 seconds
INFO    [2022-12-07 08:28:18,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394498.605642, 'message': 'Dec  7 08:28:18 hqnl0246134 sshd[303570]: Failed password for invalid user apache from 165.22.220.5 port 59328 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:28:19,019] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:28:19,019] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:28:19,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:28:19,055] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0343 seconds
INFO    [2022-12-07 08:28:21,213] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:28:21,213] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:28:21,222] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:28:21,234] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 08:28:26,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394506.6298342, 'message': 'Dec  7 08:28:26 hqnl0246134 sshd[303598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.163.207.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:28:26,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394506.6304934, 'message': 'Dec  7 08:28:26 hqnl0246134 sshd[303598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.163.207.202  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:28:30,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394510.6392968, 'message': 'Dec  7 08:28:28 hqnl0246134 sshd[303598]: Failed password for root from 43.163.207.202 port 48066 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 08:28:48,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394528.6660094, 'message': 'Dec  7 08:28:46 hqnl0246134 sshd[303602]: Invalid user apache from 165.22.220.5 port 53572', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0771 seconds
INFO    [2022-12-07 08:28:48,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394528.6664371, 'message': 'Dec  7 08:28:46 hqnl0246134 sshd[303602]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0584 seconds
INFO    [2022-12-07 08:28:48,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394528.6666453, 'message': 'Dec  7 08:28:46 hqnl0246134 sshd[303602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 08:28:50,688] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394530.66758, 'message': 'Dec  7 08:28:49 hqnl0246134 sshd[303602]: Failed password for invalid user apache from 165.22.220.5 port 53572 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 08:28:52,547] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:28:52,548] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:28:56,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394536.6748643, 'message': 'Dec  7 08:28:55 hqnl0246134 sshd[303616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0587 seconds
INFO    [2022-12-07 08:28:56,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670394536.67566, 'message': 'Dec  7 08:28:56 hqnl0246134 sshd[303619]: Invalid user admin from 89.189.188.33 port 52312', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0589 seconds
INFO    [2022-12-07 08:28:56,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394536.6754053, 'message': 'Dec  7 08:28:55 hqnl0246134 sshd[303616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:28:56,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '89.189.188.33', 'timestamp': 1670394536.6758974, 'message': 'Dec  7 08:28:56 hqnl0246134 sshd[303619]: pam_imunify(sshd:auth): [IM360_RBL] The IP 89.189.188.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:28:56,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '89.189.188.33', 'timestamp': 1670394536.6760986, 'message': 'Dec  7 08:28:56 hqnl0246134 sshd[303619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.189.188.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:28:58,705] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394538.6771061, 'message': 'Dec  7 08:28:57 hqnl0246134 sshd[303616]: Failed password for root from 202.165.246.58 port 43054 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:28:58,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670394538.677311, 'message': 'Dec  7 08:28:58 hqnl0246134 sshd[303619]: Failed password for invalid user admin from 89.189.188.33 port 52312 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 08:29:00,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670394540.6788573, 'message': 'Dec  7 08:29:00 hqnl0246134 sshd[303619]: Disconnected from invalid user admin 89.189.188.33 port 52312 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 08:29:12,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394552.7002711, 'message': 'Dec  7 08:29:11 hqnl0246134 sshd[303629]: Invalid user test from 157.230.250.192 port 50562', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:29:12,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394552.7007918, 'message': 'Dec  7 08:29:11 hqnl0246134 sshd[303629]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.250.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:29:12,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394552.7010188, 'message': 'Dec  7 08:29:11 hqnl0246134 sshd[303629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.250.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 08:29:13,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:29:13,721] defence360agent.internals.the_sink: SensorIncidentList(<18 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-07 08:29:14,723] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394554.70281, 'message': 'Dec  7 08:29:13 hqnl0246134 sshd[303629]: Failed password for invalid user test from 157.230.250.192 port 50562 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:29:14,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394554.7030761, 'message': 'Dec  7 08:29:13 hqnl0246134 sshd[303629]: Disconnected from invalid user test 157.230.250.192 port 50562 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:29:18,464] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:29:18,464] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:29:18,473] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:29:18,485] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 08:29:18,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394558.7080648, 'message': 'Dec  7 08:29:17 hqnl0246134 sshd[303634]: Invalid user app from 165.22.220.5 port 47814', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 08:29:18,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394558.7083106, 'message': 'Dec  7 08:29:18 hqnl0246134 sshd[303634]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:29:18,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394558.7084773, 'message': 'Dec  7 08:29:18 hqnl0246134 sshd[303634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 08:29:20,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394560.7097147, 'message': 'Dec  7 08:29:19 hqnl0246134 sshd[303634]: Failed password for invalid user app from 165.22.220.5 port 47814 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:29:21,217] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:29:21,217] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:29:21,226] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:29:21,237] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 08:29:24,088] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:29:24,089] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:29:24,103] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:29:24,118] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
INFO    [2022-12-07 08:29:30,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394570.7245033, 'message': 'Dec  7 08:29:29 hqnl0246134 sshd[303657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.252.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0721 seconds
INFO    [2022-12-07 08:29:30,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394570.724878, 'message': 'Dec  7 08:29:29 hqnl0246134 sshd[303657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.252.65  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0598 seconds
INFO    [2022-12-07 08:29:32,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394572.7258353, 'message': 'Dec  7 08:29:30 hqnl0246134 sshd[303657]: Failed password for root from 163.44.252.65 port 56022 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0530 seconds
INFO    [2022-12-07 08:29:32,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394572.7261772, 'message': 'Dec  7 08:29:31 hqnl0246134 sshd[303662]: Invalid user daniel from 167.71.235.104 port 57016', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-07 08:29:32,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394572.7269056, 'message': 'Dec  7 08:29:31 hqnl0246134 sshd[303662]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.71.235.104 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:29:32,831] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394572.7270641, 'message': 'Dec  7 08:29:31 hqnl0246134 sshd[303662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.235.104 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 08:29:34,751] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394574.7318895, 'message': 'Dec  7 08:29:33 hqnl0246134 sshd[303662]: Failed password for invalid user daniel from 167.71.235.104 port 57016 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:29:36,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670394576.737842, 'message': 'Dec  7 08:29:35 hqnl0246134 sshd[303665]: Invalid user chrome from 43.153.32.173 port 36898', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:29:36,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.71.235.104', 'timestamp': 1670394576.740255, 'message': 'Dec  7 08:29:35 hqnl0246134 sshd[303662]: Disconnected from invalid user daniel 167.71.235.104 port 57016 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:29:36,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.32.173', 'timestamp': 1670394576.739953, 'message': 'Dec  7 08:29:35 hqnl0246134 sshd[303665]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.32.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:29:36,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.32.173', 'timestamp': 1670394576.740121, 'message': 'Dec  7 08:29:35 hqnl0246134 sshd[303665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.32.173 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:29:38,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670394578.741412, 'message': 'Dec  7 08:29:37 hqnl0246134 sshd[303665]: Failed password for invalid user chrome from 43.153.32.173 port 36898 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 08:29:38,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670394578.741671, 'message': 'Dec  7 08:29:37 hqnl0246134 sshd[303665]: Disconnected from invalid user chrome 43.153.32.173 port 36898 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:29:48,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394588.756895, 'message': 'Dec  7 08:29:47 hqnl0246134 sshd[303667]: Invalid user app from 165.22.220.5 port 42056', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 08:29:48,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394588.7572865, 'message': 'Dec  7 08:29:47 hqnl0246134 sshd[303667]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:29:48,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394588.757473, 'message': 'Dec  7 08:29:47 hqnl0246134 sshd[303667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:29:50,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394590.7584987, 'message': 'Dec  7 08:29:49 hqnl0246134 sshd[303667]: Failed password for invalid user app from 165.22.220.5 port 42056 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 08:29:50,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394590.7588396, 'message': 'Dec  7 08:29:49 hqnl0246134 sshd[303670]: Invalid user ann from 82.66.187.39 port 45762', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0417 seconds
INFO    [2022-12-07 08:29:50,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394590.7595692, 'message': 'Dec  7 08:29:49 hqnl0246134 sshd[303670]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 08:29:50,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394590.7597513, 'message': 'Dec  7 08:29:49 hqnl0246134 sshd[303670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-07 08:29:52,553] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:29:52,555] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:29:52,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394592.7613773, 'message': 'Dec  7 08:29:51 hqnl0246134 sshd[303670]: Failed password for invalid user ann from 82.66.187.39 port 45762 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 08:29:54,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670394594.7624419, 'message': 'Dec  7 08:29:52 hqnl0246134 sshd[303670]: Disconnected from invalid user ann 82.66.187.39 port 45762 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-07 08:30:13,706] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:30:13,749] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0550 seconds
INFO    [2022-12-07 08:30:17,977] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:30:17,978] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:30:17,988] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:30:18,001] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0223 seconds
INFO    [2022-12-07 08:30:18,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394618.7924452, 'message': 'Dec  7 08:30:17 hqnl0246134 sshd[303715]: Invalid user app from 165.22.220.5 port 36298', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:30:18,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394618.7926564, 'message': 'Dec  7 08:30:17 hqnl0246134 sshd[303715]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 08:30:18,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394618.7928302, 'message': 'Dec  7 08:30:17 hqnl0246134 sshd[303715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:30:20,687] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:30:20,687] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:30:20,694] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:30:20,707] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 08:30:20,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394620.7962615, 'message': 'Dec  7 08:30:20 hqnl0246134 sshd[303715]: Failed password for invalid user app from 165.22.220.5 port 36298 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 08:30:24,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394624.801816, 'message': 'Dec  7 08:30:23 hqnl0246134 sshd[303724]: Invalid user oracle from 172.96.227.178 port 51022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 08:30:24,868] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394624.8023438, 'message': 'Dec  7 08:30:23 hqnl0246134 sshd[303724]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.96.227.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 08:30:24,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394624.8108563, 'message': 'Dec  7 08:30:23 hqnl0246134 sshd[303724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.227.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:30:26,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394626.8048952, 'message': 'Dec  7 08:30:25 hqnl0246134 sshd[303724]: Failed password for invalid user oracle from 172.96.227.178 port 51022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 08:30:26,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394626.805122, 'message': 'Dec  7 08:30:25 hqnl0246134 sshd[303724]: Disconnected from invalid user oracle 172.96.227.178 port 51022 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 08:30:28,367] defence360agent.files: Updating all files
INFO    [2022-12-07 08:30:28,650] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:28,651] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 08:30:28,996] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:28,997] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 08:30:29,315] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:29,315] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 08:30:29,752] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:29,752] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 08:30:29,752] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 08:30:30,123] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 06:30:30 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E6F10E1548274'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 08:30:30,125] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 08:30:30,126] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 08:30:30,677] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:30,678] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 08:30:30,997] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:30,997] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 08:30:31,311] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:31,312] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 08:30:31,653] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:31,654] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 08:30:32,113] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 08:30:32,114] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 08:30:48,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394648.8399382, 'message': 'Dec  7 08:30:47 hqnl0246134 sshd[303740]: Invalid user app from 165.22.220.5 port 58772', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 08:30:48,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394648.841254, 'message': 'Dec  7 08:30:47 hqnl0246134 sshd[303740]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:30:48,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394648.8413734, 'message': 'Dec  7 08:30:47 hqnl0246134 sshd[303740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 08:30:50,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394650.8427145, 'message': 'Dec  7 08:30:48 hqnl0246134 sshd[303740]: Failed password for invalid user app from 165.22.220.5 port 58772 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0556 seconds
WARNING [2022-12-07 08:30:52,557] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:30:52,558] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:30:55,093] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:30:55,093] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:30:55,104] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:30:55,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0254 seconds
WARNING [2022-12-07 08:31:13,709] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:31:13,734] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-07 08:31:18,134] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:31:18,135] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:31:18,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:31:18,172] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0364 seconds
INFO    [2022-12-07 08:31:18,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394678.8849034, 'message': 'Dec  7 08:31:17 hqnl0246134 sshd[303771]: Invalid user appuser from 165.22.220.5 port 53014', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 08:31:18,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394678.8852234, 'message': 'Dec  7 08:31:17 hqnl0246134 sshd[303771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 08:31:18,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394678.8854487, 'message': 'Dec  7 08:31:17 hqnl0246134 sshd[303771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 08:31:20,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394680.8883564, 'message': 'Dec  7 08:31:19 hqnl0246134 sshd[303771]: Failed password for invalid user appuser from 165.22.220.5 port 53014 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:31:23,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:31:23,013] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:31:23,027] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:31:23,047] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0332 seconds
INFO    [2022-12-07 08:31:28,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394688.8983095, 'message': 'Dec  7 08:31:28 hqnl0246134 sshd[303791]: Invalid user znc-admin from 43.163.207.202 port 34524', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 08:31:28,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394688.898551, 'message': 'Dec  7 08:31:28 hqnl0246134 sshd[303791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.163.207.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 08:31:29,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394688.8986924, 'message': 'Dec  7 08:31:28 hqnl0246134 sshd[303791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.163.207.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:31:29,575] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:31:29,648] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:31:29,649] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:31:29,649] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:31:29,650] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:31:29,650] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:31:29,694] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:31:29,745] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0942 seconds
WARNING [2022-12-07 08:31:29,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:31:29,761] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:31:29,794] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0613 seconds
INFO    [2022-12-07 08:31:29,797] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0590 seconds
INFO    [2022-12-07 08:31:32,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394692.9020367, 'message': 'Dec  7 08:31:31 hqnl0246134 sshd[303791]: Failed password for invalid user znc-admin from 43.163.207.202 port 34524 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:31:34,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.163.207.202', 'timestamp': 1670394694.9044197, 'message': 'Dec  7 08:31:33 hqnl0246134 sshd[303791]: Disconnected from invalid user znc-admin 43.163.207.202 port 34524 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 08:31:46,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394706.9266186, 'message': 'Dec  7 08:31:46 hqnl0246134 sshd[303799]: Invalid user bigdata from 165.22.220.5 port 47256', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:31:46,964] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394706.9269423, 'message': 'Dec  7 08:31:46 hqnl0246134 sshd[303799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:31:46,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394706.9270825, 'message': 'Dec  7 08:31:46 hqnl0246134 sshd[303799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:31:50,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394710.935946, 'message': 'Dec  7 08:31:48 hqnl0246134 sshd[303799]: Failed password for invalid user bigdata from 165.22.220.5 port 47256 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 08:31:52,563] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:31:52,564] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:31:54,342] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 08:31:59,777] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:31:59,777] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:31:59,778] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 08:32:13,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:32:13,759] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0517 seconds
INFO    [2022-12-07 08:32:16,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394736.9777884, 'message': 'Dec  7 08:32:16 hqnl0246134 sshd[303841]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:32:17,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394736.9781175, 'message': 'Dec  7 08:32:16 hqnl0246134 sshd[303841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
INFO    [2022-12-07 08:32:17,968] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:32:17,969] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:32:17,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:32:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0257 seconds
INFO    [2022-12-07 08:32:19,001] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394738.9827561, 'message': 'Dec  7 08:32:18 hqnl0246134 sshd[303841]: Failed password for bin from 165.22.220.5 port 41498 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:32:20,637] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:32:20,638] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:32:20,645] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:32:20,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 08:32:25,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394744.9992087, 'message': 'Dec  7 08:32:23 hqnl0246134 sshd[303852]: pam_imunify(sshd:auth): [IM360_RBL] The IP 157.230.250.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:32:25,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394744.9997046, 'message': 'Dec  7 08:32:23 hqnl0246134 sshd[303852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.250.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 08:32:27,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '157.230.250.192', 'timestamp': 1670394747.0009437, 'message': 'Dec  7 08:32:25 hqnl0246134 sshd[303852]: Failed password for root from 157.230.250.192 port 38776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:32:29,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394749.0026286, 'message': 'Dec  7 08:32:27 hqnl0246134 sshd[303862]: Invalid user tony from 202.165.246.58 port 55602', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:32:29,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394749.0032067, 'message': 'Dec  7 08:32:28 hqnl0246134 sshd[303863]: Invalid user student6 from 163.44.252.65 port 44624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 08:32:29,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394749.0029025, 'message': 'Dec  7 08:32:27 hqnl0246134 sshd[303862]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.165.246.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:32:29,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394749.0033271, 'message': 'Dec  7 08:32:28 hqnl0246134 sshd[303863]: pam_imunify(sshd:auth): [IM360_RBL] The IP 163.44.252.65 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:32:29,098] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394749.0030692, 'message': 'Dec  7 08:32:27 hqnl0246134 sshd[303862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.246.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 08:32:29,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394749.003437, 'message': 'Dec  7 08:32:28 hqnl0246134 sshd[303863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.44.252.65 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:32:30,492] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:32:30,493] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:32:30,505] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:32:30,529] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0351 seconds
INFO    [2022-12-07 08:32:31,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394751.004802, 'message': 'Dec  7 08:32:29 hqnl0246134 sshd[303862]: Failed password for invalid user tony from 202.165.246.58 port 55602 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 08:32:31,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394751.005172, 'message': 'Dec  7 08:32:29 hqnl0246134 sshd[303863]: Failed password for invalid user student6 from 163.44.252.65 port 44624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 08:32:31,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '202.165.246.58', 'timestamp': 1670394751.0050232, 'message': 'Dec  7 08:32:29 hqnl0246134 sshd[303862]: Disconnected from invalid user tony 202.165.246.58 port 55602 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:32:33,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '163.44.252.65', 'timestamp': 1670394753.005696, 'message': 'Dec  7 08:32:31 hqnl0246134 sshd[303863]: Disconnected from invalid user student6 163.44.252.65 port 44624 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0576 seconds
INFO    [2022-12-07 08:32:47,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394767.02343, 'message': 'Dec  7 08:32:45 hqnl0246134 sshd[303885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 08:32:47,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394767.0237412, 'message': 'Dec  7 08:32:45 hqnl0246134 sshd[303885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:32:49,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394769.0275915, 'message': 'Dec  7 08:32:48 hqnl0246134 sshd[303885]: Failed password for bin from 165.22.220.5 port 35740 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 08:32:52,567] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:32:52,569] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:32:57,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670394777.0372963, 'message': 'Dec  7 08:32:55 hqnl0246134 sshd[303897]: Invalid user test from 141.145.198.28 port 49574', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 08:32:57,086] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.145.198.28', 'timestamp': 1670394777.0378466, 'message': 'Dec  7 08:32:56 hqnl0246134 sshd[303897]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.145.198.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:32:57,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.145.198.28', 'timestamp': 1670394777.0380094, 'message': 'Dec  7 08:32:56 hqnl0246134 sshd[303897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.198.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:32:59,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670394779.0405889, 'message': 'Dec  7 08:32:58 hqnl0246134 sshd[303897]: Failed password for invalid user test from 141.145.198.28 port 49574 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:32:59,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670394779.0408728, 'message': 'Dec  7 08:32:58 hqnl0246134 sshd[303897]: Disconnected from invalid user test 141.145.198.28 port 49574 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-07 08:33:13,723] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:33:13,748] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0333 seconds
INFO    [2022-12-07 08:33:17,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394797.0664365, 'message': 'Dec  7 08:33:15 hqnl0246134 sshd[303909]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:33:17,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394797.066753, 'message': 'Dec  7 08:33:15 hqnl0246134 sshd[303909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:33:17,882] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:33:17,882] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:33:17,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:33:17,901] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 08:33:19,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394799.068683, 'message': 'Dec  7 08:33:17 hqnl0246134 sshd[303909]: Failed password for bin from 165.22.220.5 port 58214 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:33:20,706] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:33:20,707] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:33:20,714] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:33:20,727] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 08:33:45,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394825.1103334, 'message': 'Dec  7 08:33:44 hqnl0246134 sshd[303930]: Invalid user bot from 165.22.220.5 port 52456', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 08:33:45,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394825.111753, 'message': 'Dec  7 08:33:44 hqnl0246134 sshd[303930]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:33:45,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394825.1120634, 'message': 'Dec  7 08:33:44 hqnl0246134 sshd[303930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:33:47,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394827.1104152, 'message': 'Dec  7 08:33:46 hqnl0246134 sshd[303930]: Failed password for invalid user bot from 165.22.220.5 port 52456 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 08:33:49,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394829.110331, 'message': 'Dec  7 08:33:47 hqnl0246134 sshd[303933]: Invalid user maxime from 172.96.227.178 port 35122', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:33:49,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394829.1105962, 'message': 'Dec  7 08:33:47 hqnl0246134 sshd[303933]: pam_imunify(sshd:auth): [IM360_RBL] The IP 172.96.227.178 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:33:49,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394829.1107218, 'message': 'Dec  7 08:33:47 hqnl0246134 sshd[303933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.227.178 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 08:33:49,877] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:33:49,878] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:33:49,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:33:49,902] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 08:33:51,134] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394831.1127627, 'message': 'Dec  7 08:33:49 hqnl0246134 sshd[303933]: Failed password for invalid user maxime from 172.96.227.178 port 35122 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 08:33:52,572] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:33:52,573] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:33:53,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '172.96.227.178', 'timestamp': 1670394833.116028, 'message': 'Dec  7 08:33:51 hqnl0246134 sshd[303933]: Disconnected from invalid user maxime 172.96.227.178 port 35122 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 08:34:07,159] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.90.77', 'timestamp': 1670394847.1341276, 'message': 'Dec  7 08:34:05 hqnl0246134 sshd[303957]: Invalid user carla from 161.35.90.77 port 33628', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 08:34:07,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.90.77', 'timestamp': 1670394847.1346502, 'message': 'Dec  7 08:34:05 hqnl0246134 sshd[303957]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.90.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:34:07,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.90.77', 'timestamp': 1670394847.1349266, 'message': 'Dec  7 08:34:05 hqnl0246134 sshd[303957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.90.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:34:09,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.90.77', 'timestamp': 1670394849.1337388, 'message': 'Dec  7 08:34:07 hqnl0246134 sshd[303957]: Failed password for invalid user carla from 161.35.90.77 port 33628 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 08:34:09,180] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '161.35.90.77', 'timestamp': 1670394849.134058, 'message': 'Dec  7 08:34:08 hqnl0246134 sshd[303957]: Disconnected from invalid user carla 161.35.90.77 port 33628 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-07 08:34:13,726] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:34:13,750] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0310 seconds
INFO    [2022-12-07 08:34:15,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394855.1428854, 'message': 'Dec  7 08:34:14 hqnl0246134 sshd[303960]: Invalid user centos from 165.22.220.5 port 46698', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 08:34:15,191] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394855.1431696, 'message': 'Dec  7 08:34:14 hqnl0246134 sshd[303960]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:34:15,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394855.1433487, 'message': 'Dec  7 08:34:14 hqnl0246134 sshd[303960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:34:17,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394857.1442137, 'message': 'Dec  7 08:34:15 hqnl0246134 sshd[303960]: Failed password for invalid user centos from 165.22.220.5 port 46698 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 08:34:18,001] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:34:18,002] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:34:18,008] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:34:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0167 seconds
INFO    [2022-12-07 08:34:19,166] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670394859.1477466, 'message': 'Dec  7 08:34:18 hqnl0246134 sshd[303964]: Invalid user marta from 155.93.209.66 port 38044', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:34:19,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '155.93.209.66', 'timestamp': 1670394859.147957, 'message': 'Dec  7 08:34:18 hqnl0246134 sshd[303964]: pam_imunify(sshd:auth): [IM360_RBL] The IP 155.93.209.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 08:34:19,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '155.93.209.66', 'timestamp': 1670394859.1480706, 'message': 'Dec  7 08:34:18 hqnl0246134 sshd[303964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.93.209.66 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:34:20,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:34:20,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:34:20,814] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:34:20,827] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 08:34:21,170] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670394861.150298, 'message': 'Dec  7 08:34:20 hqnl0246134 sshd[303964]: Failed password for invalid user marta from 155.93.209.66 port 38044 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:34:23,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670394863.1536171, 'message': 'Dec  7 08:34:21 hqnl0246134 sshd[303964]: Disconnected from invalid user marta 155.93.209.66 port 38044 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 08:34:45,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394885.1893113, 'message': 'Dec  7 08:34:43 hqnl0246134 sshd[303989]: Invalid user centos from 165.22.220.5 port 40940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 08:34:45,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394885.1898713, 'message': 'Dec  7 08:34:43 hqnl0246134 sshd[303989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:34:45,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394885.1901712, 'message': 'Dec  7 08:34:43 hqnl0246134 sshd[303989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 08:34:47,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394887.1899102, 'message': 'Dec  7 08:34:45 hqnl0246134 sshd[303989]: Failed password for invalid user centos from 165.22.220.5 port 40940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0403 seconds
INFO    [2022-12-07 08:34:49,041] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:34:49,041] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:34:49,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:34:49,065] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
WARNING [2022-12-07 08:34:52,575] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:34:52,576] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:35:07,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394907.219356, 'message': 'Dec  7 08:35:05 hqnl0246134 sshd[304059]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.223.47.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 08:35:07,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394907.2200782, 'message': 'Dec  7 08:35:05 hqnl0246134 sshd[304059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.47.173  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:35:09,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.223.47.173', 'timestamp': 1670394909.2207546, 'message': 'Dec  7 08:35:07 hqnl0246134 sshd[304059]: Failed password for root from 159.223.47.173 port 33188 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 08:35:13,014] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:35:13,014] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:35:13,023] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:35:13,036] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
WARNING [2022-12-07 08:35:13,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:35:13,796] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0752 seconds
INFO    [2022-12-07 08:35:15,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394915.2261858, 'message': 'Dec  7 08:35:13 hqnl0246134 sshd[304077]: Invalid user centos from 165.22.220.5 port 35182', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:35:15,269] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394915.2263956, 'message': 'Dec  7 08:35:13 hqnl0246134 sshd[304077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:35:15,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394915.2265122, 'message': 'Dec  7 08:35:13 hqnl0246134 sshd[304077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:35:17,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394917.22845, 'message': 'Dec  7 08:35:15 hqnl0246134 sshd[304077]: Failed password for invalid user centos from 165.22.220.5 port 35182 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:35:17,973] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:35:17,973] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:35:17,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:35:17,992] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:35:22,612] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:35:22,612] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:35:22,624] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:35:22,643] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 08:35:45,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394945.2648964, 'message': 'Dec  7 08:35:43 hqnl0246134 sshd[304102]: Invalid user centos from 165.22.220.5 port 57656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 08:35:45,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394945.2661486, 'message': 'Dec  7 08:35:43 hqnl0246134 sshd[304102]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:35:45,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394945.2664351, 'message': 'Dec  7 08:35:43 hqnl0246134 sshd[304102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 08:35:45,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394945.2666588, 'message': 'Dec  7 08:35:45 hqnl0246134 sshd[304102]: Failed password for invalid user centos from 165.22.220.5 port 57656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0168 seconds
WARNING [2022-12-07 08:35:52,579] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:35:52,580] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:36:13,746] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:36:13,769] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0443 seconds
INFO    [2022-12-07 08:36:15,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394975.3149753, 'message': 'Dec  7 08:36:13 hqnl0246134 sshd[304143]: Invalid user centos from 165.22.220.5 port 51898', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0682 seconds
INFO    [2022-12-07 08:36:15,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394975.3153155, 'message': 'Dec  7 08:36:13 hqnl0246134 sshd[304143]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 08:36:15,480] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394975.3155563, 'message': 'Dec  7 08:36:13 hqnl0246134 sshd[304143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0529 seconds
INFO    [2022-12-07 08:36:17,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670394977.31611, 'message': 'Dec  7 08:36:15 hqnl0246134 sshd[304143]: Failed password for invalid user centos from 165.22.220.5 port 51898 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 08:36:20,194] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:36:20,194] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:36:20,203] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:36:20,217] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0219 seconds
INFO    [2022-12-07 08:36:20,543] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:36:20,543] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:36:20,551] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:36:20,562] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 08:36:22,968] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:36:22,968] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:36:22,980] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:36:22,999] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
INFO    [2022-12-07 08:36:43,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395003.3480327, 'message': 'Dec  7 08:36:43 hqnl0246134 sshd[304178]: Invalid user data from 165.22.220.5 port 46140', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 08:36:45,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395005.348205, 'message': 'Dec  7 08:36:43 hqnl0246134 sshd[304178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 08:36:45,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395005.3483856, 'message': 'Dec  7 08:36:43 hqnl0246134 sshd[304178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:36:47,375] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395007.35243, 'message': 'Dec  7 08:36:45 hqnl0246134 sshd[304178]: Failed password for invalid user data from 165.22.220.5 port 46140 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
WARNING [2022-12-07 08:36:52,583] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:36:52,584] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:36:55,593] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:36:55,659] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:36:55,659] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:36:55,660] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:36:55,660] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:36:55,660] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:36:55,672] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:36:55,690] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0291 seconds
WARNING [2022-12-07 08:36:55,699] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:36:55,701] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:36:55,717] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0332 seconds
INFO    [2022-12-07 08:36:55,718] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0314 seconds
INFO    [2022-12-07 08:37:13,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395033.3947396, 'message': 'Dec  7 08:37:13 hqnl0246134 sshd[304214]: Invalid user demo from 165.22.220.5 port 40382', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
WARNING [2022-12-07 08:37:13,740] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:37:13,771] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-07 08:37:15,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395035.3971667, 'message': 'Dec  7 08:37:13 hqnl0246134 sshd[304214]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0479 seconds
INFO    [2022-12-07 08:37:15,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395035.3973637, 'message': 'Dec  7 08:37:13 hqnl0246134 sshd[304214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0652 seconds
INFO    [2022-12-07 08:37:15,548] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395035.3975136, 'message': 'Dec  7 08:37:15 hqnl0246134 sshd[304214]: Failed password for invalid user demo from 165.22.220.5 port 40382 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:37:18,033] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:37:18,033] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:37:18,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:37:18,055] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 08:37:20,738] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:37:20,739] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:37:20,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:37:20,771] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0316 seconds
INFO    [2022-12-07 08:37:25,789] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:37:25,791] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:37:25,792] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 08:37:27,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395047.4192863, 'message': 'Dec  7 08:37:26 hqnl0246134 sshd[304238]: Invalid user upload from 155.93.209.66 port 59914', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0832 seconds
INFO    [2022-12-07 08:37:27,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395047.4205477, 'message': 'Dec  7 08:37:27 hqnl0246134 sshd[304240]: Invalid user tester from 43.131.43.132 port 43554', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0684 seconds
INFO    [2022-12-07 08:37:27,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395047.420086, 'message': 'Dec  7 08:37:26 hqnl0246134 sshd[304238]: pam_imunify(sshd:auth): [IM360_RBL] The IP 155.93.209.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:37:27,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395047.4203427, 'message': 'Dec  7 08:37:26 hqnl0246134 sshd[304238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.93.209.66 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 08:37:29,458] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395049.423937, 'message': 'Dec  7 08:37:27 hqnl0246134 sshd[304240]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.43.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 08:37:29,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395049.4243224, 'message': 'Dec  7 08:37:29 hqnl0246134 sshd[304238]: Failed password for invalid user upload from 155.93.209.66 port 59914 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 08:37:29,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395049.4241753, 'message': 'Dec  7 08:37:27 hqnl0246134 sshd[304240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.43.132 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:37:31,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395051.4273782, 'message': 'Dec  7 08:37:29 hqnl0246134 sshd[304240]: Failed password for invalid user tester from 43.131.43.132 port 43554 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0496 seconds
INFO    [2022-12-07 08:37:31,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395051.4277678, 'message': 'Dec  7 08:37:31 hqnl0246134 sshd[304238]: Disconnected from invalid user upload 155.93.209.66 port 59914 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0506 seconds
INFO    [2022-12-07 08:37:31,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395051.4276173, 'message': 'Dec  7 08:37:30 hqnl0246134 sshd[304240]: Disconnected from invalid user tester 43.131.43.132 port 43554 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 08:37:43,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395063.4439332, 'message': 'Dec  7 08:37:43 hqnl0246134 sshd[304244]: Invalid user demo from 165.22.220.5 port 34624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 08:37:43,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395063.4446285, 'message': 'Dec  7 08:37:43 hqnl0246134 sshd[304244]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 08:37:43,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395063.4448347, 'message': 'Dec  7 08:37:43 hqnl0246134 sshd[304244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 08:37:45,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395065.445844, 'message': 'Dec  7 08:37:44 hqnl0246134 sshd[304244]: Failed password for invalid user demo from 165.22.220.5 port 34624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0311 seconds
WARNING [2022-12-07 08:37:52,587] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:37:52,588] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:38:05,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395085.4687579, 'message': 'Dec  7 08:38:04 hqnl0246134 sshd[304266]: Invalid user long from 43.153.32.173 port 46862', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 08:38:05,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395085.4692578, 'message': 'Dec  7 08:38:04 hqnl0246134 sshd[304266]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.32.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:38:05,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395085.4694364, 'message': 'Dec  7 08:38:04 hqnl0246134 sshd[304266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.32.173 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 08:38:07,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395087.4693322, 'message': 'Dec  7 08:38:07 hqnl0246134 sshd[304266]: Failed password for invalid user long from 43.153.32.173 port 46862 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:38:09,530] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395089.472668, 'message': 'Dec  7 08:38:08 hqnl0246134 sshd[304266]: Disconnected from invalid user long 43.153.32.173 port 46862 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0568 seconds
INFO    [2022-12-07 08:38:09,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395089.4733276, 'message': 'Dec  7 08:38:09 hqnl0246134 sshd[304268]: Invalid user vd from 103.62.233.45 port 46918', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0578 seconds
INFO    [2022-12-07 08:38:11,475] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:38:11,476] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:38:11,490] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:38:11,510] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
INFO    [2022-12-07 08:38:11,510] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395091.4778345, 'message': 'Dec  7 08:38:09 hqnl0246134 sshd[304268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.62.233.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 08:38:11,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395091.4779706, 'message': 'Dec  7 08:38:09 hqnl0246134 sshd[304268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.62.233.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:38:11,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395091.4780905, 'message': 'Dec  7 08:38:11 hqnl0246134 sshd[304268]: Failed password for invalid user vd from 103.62.233.45 port 46918 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:38:13,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395093.4779937, 'message': 'Dec  7 08:38:12 hqnl0246134 sshd[304279]: Invalid user demo from 165.22.220.5 port 57098', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 08:38:13,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395093.4782603, 'message': 'Dec  7 08:38:12 hqnl0246134 sshd[304268]: Disconnected from invalid user vd 103.62.233.45 port 46918 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 08:38:13,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395093.478379, 'message': 'Dec  7 08:38:12 hqnl0246134 sshd[304279]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:38:13,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395093.4784887, 'message': 'Dec  7 08:38:12 hqnl0246134 sshd[304279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
WARNING [2022-12-07 08:38:13,742] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:38:13,771] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0404 seconds
INFO    [2022-12-07 08:38:15,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395095.4783576, 'message': 'Dec  7 08:38:14 hqnl0246134 sshd[304279]: Failed password for invalid user demo from 165.22.220.5 port 57098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0919 seconds
INFO    [2022-12-07 08:38:19,198] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:38:19,199] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:38:19,208] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:38:19,220] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 08:38:21,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:38:21,812] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:38:21,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:38:21,832] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 08:38:43,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395123.5342786, 'message': 'Dec  7 08:38:42 hqnl0246134 sshd[304308]: Invalid user demo from 165.22.220.5 port 51340', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 08:38:43,585] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395123.5350113, 'message': 'Dec  7 08:38:42 hqnl0246134 sshd[304308]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 08:38:43,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395123.5352051, 'message': 'Dec  7 08:38:42 hqnl0246134 sshd[304308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:38:45,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395125.5370672, 'message': 'Dec  7 08:38:44 hqnl0246134 sshd[304308]: Failed password for invalid user demo from 165.22.220.5 port 51340 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 08:38:52,593] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:38:52,594] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:39:13,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395153.5908198, 'message': 'Dec  7 08:39:12 hqnl0246134 sshd[304456]: Invalid user deploy from 165.22.220.5 port 45582', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 08:39:13,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395153.5912585, 'message': 'Dec  7 08:39:12 hqnl0246134 sshd[304456]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 08:39:13,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395153.5914145, 'message': 'Dec  7 08:39:12 hqnl0246134 sshd[304456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 08:39:13,741] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:39:13,762] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-07 08:39:15,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395155.5925438, 'message': 'Dec  7 08:39:15 hqnl0246134 sshd[304456]: Failed password for invalid user deploy from 165.22.220.5 port 45582 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 08:39:20,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:39:20,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 08:39:20,189] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:39:20,190] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:39:20,200] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:39:20,201] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:39:20,219] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0910 seconds
INFO    [2022-12-07 08:39:20,221] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0302 seconds
INFO    [2022-12-07 08:39:23,858] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:39:23,858] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:39:23,866] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:39:23,878] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 08:39:43,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395183.6322982, 'message': 'Dec  7 08:39:42 hqnl0246134 sshd[304494]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.141.139.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 08:39:43,677] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395183.6332626, 'message': 'Dec  7 08:39:42 hqnl0246134 sshd[304497]: Invalid user deploy from 165.22.220.5 port 39824', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-07 08:39:43,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395183.6330643, 'message': 'Dec  7 08:39:42 hqnl0246134 sshd[304494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.141.139.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:39:43,712] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395183.6334183, 'message': 'Dec  7 08:39:42 hqnl0246134 sshd[304497]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 08:39:43,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395183.6335592, 'message': 'Dec  7 08:39:42 hqnl0246134 sshd[304497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:39:45,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395185.639091, 'message': 'Dec  7 08:39:43 hqnl0246134 sshd[304494]: Failed password for root from 125.141.139.29 port 52280 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:39:45,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395185.639373, 'message': 'Dec  7 08:39:44 hqnl0246134 sshd[304497]: Failed password for invalid user deploy from 165.22.220.5 port 39824 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
WARNING [2022-12-07 08:39:52,597] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:39:52,598] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:40:13,714] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395213.6875525, 'message': 'Dec  7 08:40:12 hqnl0246134 sshd[304547]: Invalid user deploy from 165.22.220.5 port 34066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 08:40:13,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395213.68815, 'message': 'Dec  7 08:40:12 hqnl0246134 sshd[304547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 08:40:13,747] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:40:13,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395213.6883047, 'message': 'Dec  7 08:40:12 hqnl0246134 sshd[304547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 08:40:13,778] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0425 seconds
INFO    [2022-12-07 08:40:15,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395215.6907208, 'message': 'Dec  7 08:40:14 hqnl0246134 sshd[304547]: Failed password for invalid user deploy from 165.22.220.5 port 34066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0534 seconds
INFO    [2022-12-07 08:40:17,974] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:40:17,974] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:40:17,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:40:17,995] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 08:40:20,752] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:40:20,753] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:40:20,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:40:20,777] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0238 seconds
INFO    [2022-12-07 08:40:29,738] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395229.7084367, 'message': 'Dec  7 08:40:27 hqnl0246134 sshd[304571]: pam_imunify(sshd:auth): [IM360_RBL] The IP 155.93.209.66 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 08:40:29,759] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395229.7089102, 'message': 'Dec  7 08:40:27 hqnl0246134 sshd[304571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.93.209.66  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:40:31,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '155.93.209.66', 'timestamp': 1670395231.7100701, 'message': 'Dec  7 08:40:29 hqnl0246134 sshd[304571]: Failed password for root from 155.93.209.66 port 43246 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 08:40:31,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395231.7102628, 'message': 'Dec  7 08:40:31 hqnl0246134 sshd[304573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.32.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 08:40:31,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395231.7103753, 'message': 'Dec  7 08:40:31 hqnl0246134 sshd[304573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.32.173  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 08:40:33,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395233.7127614, 'message': 'Dec  7 08:40:33 hqnl0246134 sshd[304573]: Failed password for root from 43.153.32.173 port 54774 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:40:43,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395243.7342892, 'message': 'Dec  7 08:40:41 hqnl0246134 sshd[304578]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.145.198.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 08:40:43,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395243.7350595, 'message': 'Dec  7 08:40:42 hqnl0246134 sshd[304580]: Invalid user dev from 165.22.220.5 port 56540', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 08:40:43,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395243.7347984, 'message': 'Dec  7 08:40:41 hqnl0246134 sshd[304578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.198.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 08:40:43,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395243.7352552, 'message': 'Dec  7 08:40:42 hqnl0246134 sshd[304580]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 08:40:43,825] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395243.735506, 'message': 'Dec  7 08:40:42 hqnl0246134 sshd[304580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:40:45,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395245.735852, 'message': 'Dec  7 08:40:44 hqnl0246134 sshd[304578]: Failed password for root from 141.145.198.28 port 49152 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 08:40:45,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395245.736059, 'message': 'Dec  7 08:40:44 hqnl0246134 sshd[304580]: Failed password for invalid user dev from 165.22.220.5 port 56540 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:40:48,365] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:40:48,365] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:40:48,375] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:40:48,388] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 08:40:49,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395249.742707, 'message': 'Dec  7 08:40:49 hqnl0246134 sshd[304583]: Invalid user admin from 89.189.188.33 port 45332', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:40:51,771] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395251.749867, 'message': 'Dec  7 08:40:49 hqnl0246134 sshd[304583]: pam_imunify(sshd:auth): [IM360_RBL] The IP 89.189.188.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 08:40:51,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395251.7501037, 'message': 'Dec  7 08:40:49 hqnl0246134 sshd[304583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.189.188.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 08:40:52,601] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:40:52,602] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:40:53,784] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395253.7535942, 'message': 'Dec  7 08:40:51 hqnl0246134 sshd[304583]: Failed password for invalid user admin from 89.189.188.33 port 45332 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 08:40:53,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395253.753834, 'message': 'Dec  7 08:40:53 hqnl0246134 sshd[304583]: Disconnected from invalid user admin 89.189.188.33 port 45332 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 08:41:13,748] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:41:13,777] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0382 seconds
INFO    [2022-12-07 08:41:13,808] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395273.7894442, 'message': 'Dec  7 08:41:12 hqnl0246134 sshd[304609]: Invalid user dev from 165.22.220.5 port 50782', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:41:13,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395273.7896802, 'message': 'Dec  7 08:41:12 hqnl0246134 sshd[304609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:41:13,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395273.7898324, 'message': 'Dec  7 08:41:12 hqnl0246134 sshd[304609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:41:15,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395275.7899632, 'message': 'Dec  7 08:41:14 hqnl0246134 sshd[304609]: Failed password for invalid user dev from 165.22.220.5 port 50782 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 08:41:17,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:41:17,875] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:41:17,882] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:41:17,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 08:41:20,718] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:41:20,719] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:41:20,727] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:41:20,738] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 08:41:27,830] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.90.179.116', 'timestamp': 1670395287.8065941, 'message': 'Dec  7 08:41:27 hqnl0246134 sshd[304635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.90.179.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 08:41:27,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.90.179.116', 'timestamp': 1670395287.8070292, 'message': 'Dec  7 08:41:27 hqnl0246134 sshd[304635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.90.179.116  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:41:29,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.90.179.116', 'timestamp': 1670395289.8085155, 'message': 'Dec  7 08:41:29 hqnl0246134 sshd[304635]: Failed password for bin from 210.90.179.116 port 10796 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:41:43,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395303.8221824, 'message': 'Dec  7 08:41:42 hqnl0246134 sshd[304646]: Invalid user dev from 165.22.220.5 port 45024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:41:43,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395303.822618, 'message': 'Dec  7 08:41:42 hqnl0246134 sshd[304646]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:41:43,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395303.824897, 'message': 'Dec  7 08:41:42 hqnl0246134 sshd[304646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:41:45,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395305.824234, 'message': 'Dec  7 08:41:44 hqnl0246134 sshd[304646]: Failed password for invalid user dev from 165.22.220.5 port 45024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 08:41:52,607] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:41:52,608] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:41:54,346] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 08:42:13,758] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:42:13,789] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0459 seconds
INFO    [2022-12-07 08:42:13,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395333.86403, 'message': 'Dec  7 08:42:12 hqnl0246134 sshd[304677]: Invalid user developer from 165.22.220.5 port 39266', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:42:13,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395333.8650455, 'message': 'Dec  7 08:42:12 hqnl0246134 sshd[304677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:42:13,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395333.865182, 'message': 'Dec  7 08:42:12 hqnl0246134 sshd[304677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:42:15,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395335.8661373, 'message': 'Dec  7 08:42:14 hqnl0246134 sshd[304677]: Failed password for invalid user developer from 165.22.220.5 port 39266 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:42:17,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:42:17,806] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:42:17,818] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:42:17,840] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0331 seconds
INFO    [2022-12-07 08:42:18,290] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:42:18,291] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:42:18,298] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:42:18,309] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 08:42:19,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '161.35.90.77', 'timestamp': 1670395339.8708503, 'message': 'Dec  7 08:42:19 hqnl0246134 sshd[304691]: pam_imunify(sshd:auth): [IM360_RBL] The IP 161.35.90.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:42:19,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '161.35.90.77', 'timestamp': 1670395339.8711724, 'message': 'Dec  7 08:42:19 hqnl0246134 sshd[304691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.90.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:42:21,196] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:42:21,197] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:42:21,205] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:42:21,217] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 08:42:21,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395341.8734221, 'message': 'Dec  7 08:42:19 hqnl0246134 sshd[304693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.5.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0462 seconds
INFO    [2022-12-07 08:42:21,927] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '161.35.90.77', 'timestamp': 1670395341.8817573, 'message': 'Dec  7 08:42:21 hqnl0246134 sshd[304691]: Failed password for root from 161.35.90.77 port 58490 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0445 seconds
INFO    [2022-12-07 08:42:21,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395341.8737144, 'message': 'Dec  7 08:42:19 hqnl0246134 sshd[304693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 08:42:21,959] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395341.8820193, 'message': 'Dec  7 08:42:21 hqnl0246134 sshd[304693]: Failed password for root from 188.166.5.84 port 57972 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:42:25,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395345.8768642, 'message': 'Dec  7 08:42:25 hqnl0246134 sshd[304709]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.43.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 08:42:25,921] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395345.8772743, 'message': 'Dec  7 08:42:25 hqnl0246134 sshd[304709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.43.132  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:42:29,908] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395349.8808985, 'message': 'Dec  7 08:42:28 hqnl0246134 sshd[304709]: Failed password for root from 43.131.43.132 port 35484 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 08:42:43,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395363.898571, 'message': 'Dec  7 08:42:43 hqnl0246134 sshd[304716]: Invalid user developer from 165.22.220.5 port 33508', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 08:42:43,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395363.8989394, 'message': 'Dec  7 08:42:43 hqnl0246134 sshd[304716]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:42:43,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395363.8990686, 'message': 'Dec  7 08:42:43 hqnl0246134 sshd[304716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:42:45,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395365.8999293, 'message': 'Dec  7 08:42:45 hqnl0246134 sshd[304716]: Failed password for invalid user developer from 165.22.220.5 port 33508 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 08:42:52,612] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:42:52,612] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:43:05,944] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395385.9155924, 'message': 'Dec  7 08:43:04 hqnl0246134 sshd[304737]: Invalid user query from 43.153.32.173 port 50332', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 08:43:05,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395385.9160445, 'message': 'Dec  7 08:43:04 hqnl0246134 sshd[304737]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.153.32.173 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 08:43:05,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395385.9161997, 'message': 'Dec  7 08:43:04 hqnl0246134 sshd[304737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.32.173 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:43:07,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395387.9178553, 'message': 'Dec  7 08:43:06 hqnl0246134 sshd[304737]: Failed password for invalid user query from 43.153.32.173 port 50332 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 08:43:07,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.153.32.173', 'timestamp': 1670395387.9181783, 'message': 'Dec  7 08:43:07 hqnl0246134 sshd[304737]: Disconnected from invalid user query 43.153.32.173 port 50332 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
WARNING [2022-12-07 08:43:13,755] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:43:13,781] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-07 08:43:13,958] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395393.9225986, 'message': 'Dec  7 08:43:13 hqnl0246134 sshd[304743]: Invalid user deepspeed from 165.22.220.5 port 55982', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 08:43:13,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395393.922925, 'message': 'Dec  7 08:43:13 hqnl0246134 sshd[304743]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 08:43:14,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395393.9230654, 'message': 'Dec  7 08:43:13 hqnl0246134 sshd[304743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 08:43:15,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395395.9277563, 'message': 'Dec  7 08:43:15 hqnl0246134 sshd[304743]: Failed password for invalid user deepspeed from 165.22.220.5 port 55982 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:43:17,964] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:43:17,965] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:43:17,975] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:43:17,987] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 08:43:20,675] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:43:20,676] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:43:20,683] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:43:20,694] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 08:43:26,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395405.9351184, 'message': 'Dec  7 08:43:25 hqnl0246134 sshd[304761]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.145.198.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0816 seconds
INFO    [2022-12-07 08:43:26,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395405.9363022, 'message': 'Dec  7 08:43:25 hqnl0246134 sshd[304761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.198.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0580 seconds
INFO    [2022-12-07 08:43:27,961] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395407.9365377, 'message': 'Dec  7 08:43:27 hqnl0246134 sshd[304761]: Failed password for root from 141.145.198.28 port 37406 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 08:43:29,442] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:43:29,515] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:43:29,516] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:43:29,517] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:43:29,517] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:43:29,517] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:43:29,529] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:43:29,546] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0280 seconds
WARNING [2022-12-07 08:43:29,554] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:43:29,556] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:43:29,574] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0333 seconds
INFO    [2022-12-07 08:43:29,575] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0313 seconds
INFO    [2022-12-07 08:43:31,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:43:31,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:43:31,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:43:31,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 08:43:37,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395417.946575, 'message': 'Dec  7 08:43:36 hqnl0246134 sshd[304776]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.62.233.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:43:37,988] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395417.946867, 'message': 'Dec  7 08:43:36 hqnl0246134 sshd[304776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.62.233.45  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:43:39,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395419.9484203, 'message': 'Dec  7 08:43:38 hqnl0246134 sshd[304776]: Failed password for root from 103.62.233.45 port 53020 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:43:43,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395423.950196, 'message': 'Dec  7 08:43:43 hqnl0246134 sshd[304780]: Invalid user dolphinscheduler from 165.22.220.5 port 50224', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:43:45,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395425.9526227, 'message': 'Dec  7 08:43:44 hqnl0246134 sshd[304780]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:43:45,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395425.952918, 'message': 'Dec  7 08:43:44 hqnl0246134 sshd[304780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:43:47,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395427.9547045, 'message': 'Dec  7 08:43:46 hqnl0246134 sshd[304780]: Failed password for invalid user dolphinscheduler from 165.22.220.5 port 50224 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 08:43:52,619] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:43:52,620] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:44:04,073] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:44:04,074] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:44:04,076] im360.plugins.client360: Waiting 4 minutes before retry...
WARNING [2022-12-07 08:44:13,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:44:13,807] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0555 seconds
INFO    [2022-12-07 08:44:14,018] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395453.9959466, 'message': 'Dec  7 08:44:13 hqnl0246134 sshd[304804]: Invalid user dolphinscheduler from 165.22.220.5 port 44466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 08:44:14,047] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395453.996209, 'message': 'Dec  7 08:44:13 hqnl0246134 sshd[304804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 08:44:14,069] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395453.996435, 'message': 'Dec  7 08:44:13 hqnl0246134 sshd[304804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:44:16,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395455.997925, 'message': 'Dec  7 08:44:15 hqnl0246134 sshd[304804]: Failed password for invalid user dolphinscheduler from 165.22.220.5 port 44466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0372 seconds
INFO    [2022-12-07 08:44:17,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:44:17,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:44:17,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:44:17,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 08:44:20,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '121.166.152.68', 'timestamp': 1670395460.0005596, 'message': 'Dec  7 08:44:19 hqnl0246134 sshd[304809]: pam_imunify(sshd:auth): [IM360_RBL] The IP 121.166.152.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 08:44:20,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '121.166.152.68', 'timestamp': 1670395460.0008395, 'message': 'Dec  7 08:44:19 hqnl0246134 sshd[304809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.166.152.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 08:44:20,659] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:44:20,659] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:44:20,666] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:44:20,677] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 08:44:22,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '121.166.152.68', 'timestamp': 1670395462.002441, 'message': 'Dec  7 08:44:21 hqnl0246134 sshd[304809]: Failed password for root from 121.166.152.68 port 46580 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 08:44:24,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395464.0055544, 'message': 'Dec  7 08:44:22 hqnl0246134 sshd[304820]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.113.133.177 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:44:24,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395464.0059123, 'message': 'Dec  7 08:44:22 hqnl0246134 sshd[304820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.113.133.177  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 08:44:26,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395466.0086887, 'message': 'Dec  7 08:44:24 hqnl0246134 sshd[304820]: Failed password for root from 148.113.133.177 port 55846 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 08:44:44,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395484.0327094, 'message': 'Dec  7 08:44:43 hqnl0246134 sshd[304832]: Invalid user dolphinscheduler from 165.22.220.5 port 38708', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:44:44,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395484.0330174, 'message': 'Dec  7 08:44:43 hqnl0246134 sshd[304832]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:44:44,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395484.0331707, 'message': 'Dec  7 08:44:43 hqnl0246134 sshd[304832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:44:46,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395486.0337262, 'message': 'Dec  7 08:44:45 hqnl0246134 sshd[304832]: Failed password for invalid user dolphinscheduler from 165.22.220.5 port 38708 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:44:51,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:44:51,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:44:51,627] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:44:51,639] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
WARNING [2022-12-07 08:44:52,623] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:44:52,624] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:45:02,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670395502.0518742, 'message': 'Dec  7 08:45:00 hqnl0246134 sshd[304847]: Invalid user programacion from 130.61.126.10 port 36370', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 08:45:02,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.126.10', 'timestamp': 1670395502.0583482, 'message': 'Dec  7 08:45:00 hqnl0246134 sshd[304847]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.126.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 08:45:02,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.126.10', 'timestamp': 1670395502.0585957, 'message': 'Dec  7 08:45:00 hqnl0246134 sshd[304847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.126.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0429 seconds
INFO    [2022-12-07 08:45:04,081] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670395504.0525854, 'message': 'Dec  7 08:45:02 hqnl0246134 sshd[304847]: Failed password for invalid user programacion from 130.61.126.10 port 36370 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:45:04,100] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670395504.0529027, 'message': 'Dec  7 08:45:02 hqnl0246134 sshd[304847]: Disconnected from invalid user programacion 130.61.126.10 port 36370 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:45:08,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395508.0602205, 'message': 'Dec  7 08:45:07 hqnl0246134 sshd[304869]: Invalid user alicia from 43.131.43.132 port 56010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 08:45:08,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395508.060437, 'message': 'Dec  7 08:45:07 hqnl0246134 sshd[304869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.43.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 08:45:08,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395508.0605478, 'message': 'Dec  7 08:45:07 hqnl0246134 sshd[304869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.43.132 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 08:45:10,079] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395510.062028, 'message': 'Dec  7 08:45:09 hqnl0246134 sshd[304869]: Failed password for invalid user alicia from 43.131.43.132 port 56010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:45:10,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395510.062211, 'message': 'Dec  7 08:45:09 hqnl0246134 sshd[304869]: Disconnected from invalid user alicia 43.131.43.132 port 56010 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0166 seconds
WARNING [2022-12-07 08:45:13,762] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:45:13,788] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0339 seconds
INFO    [2022-12-07 08:45:14,104] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395514.070164, 'message': 'Dec  7 08:45:13 hqnl0246134 sshd[304880]: Invalid user docker from 165.22.220.5 port 32950', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:45:14,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395514.0704548, 'message': 'Dec  7 08:45:13 hqnl0246134 sshd[304880]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 08:45:14,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395514.0706544, 'message': 'Dec  7 08:45:13 hqnl0246134 sshd[304880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 08:45:16,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395516.0731938, 'message': 'Dec  7 08:45:15 hqnl0246134 sshd[304880]: Failed password for invalid user docker from 165.22.220.5 port 32950 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:45:17,864] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:45:17,865] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:45:17,872] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:45:17,885] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 08:45:20,099] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670395520.07629, 'message': 'Dec  7 08:45:19 hqnl0246134 sshd[304894]: Invalid user public from 167.172.187.120 port 33148', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 08:45:20,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670395520.0764868, 'message': 'Dec  7 08:45:20 hqnl0246134 sshd[304894]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:45:20,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670395520.0766168, 'message': 'Dec  7 08:45:20 hqnl0246134 sshd[304894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:45:20,591] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:45:20,592] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:45:20,599] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:45:20,611] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 08:45:24,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670395524.0811527, 'message': 'Dec  7 08:45:22 hqnl0246134 sshd[304894]: Failed password for invalid user public from 167.172.187.120 port 33148 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:45:24,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670395524.0814803, 'message': 'Dec  7 08:45:22 hqnl0246134 sshd[304894]: Disconnected from invalid user public 167.172.187.120 port 33148 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:45:42,131] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395542.1008277, 'message': 'Dec  7 08:45:41 hqnl0246134 sshd[304911]: Invalid user ali from 89.189.188.33 port 55272', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 08:45:42,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395542.1017494, 'message': 'Dec  7 08:45:41 hqnl0246134 sshd[304911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 89.189.188.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:45:42,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395542.1020525, 'message': 'Dec  7 08:45:41 hqnl0246134 sshd[304911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.189.188.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:45:44,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395544.0984988, 'message': 'Dec  7 08:45:43 hqnl0246134 sshd[304911]: Failed password for invalid user ali from 89.189.188.33 port 55272 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 08:45:44,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395544.0988295, 'message': 'Dec  7 08:45:43 hqnl0246134 sshd[304914]: Invalid user docker from 165.22.220.5 port 55424', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 08:45:44,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395544.0994012, 'message': 'Dec  7 08:45:44 hqnl0246134 sshd[304911]: Disconnected from invalid user ali 89.189.188.33 port 55272 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 08:45:44,168] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395544.0990438, 'message': 'Dec  7 08:45:43 hqnl0246134 sshd[304914]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:45:44,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395544.0992045, 'message': 'Dec  7 08:45:43 hqnl0246134 sshd[304914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 08:45:46,129] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395546.1008132, 'message': 'Dec  7 08:45:45 hqnl0246134 sshd[304914]: Failed password for invalid user docker from 165.22.220.5 port 55424 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
WARNING [2022-12-07 08:45:52,627] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:45:52,629] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:46:00,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395560.117404, 'message': 'Dec  7 08:45:58 hqnl0246134 sshd[304925]: Invalid user base from 13.233.116.32 port 56400', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 08:46:00,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395560.1180098, 'message': 'Dec  7 08:45:58 hqnl0246134 sshd[304925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.233.116.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 08:46:00,190] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395560.1181648, 'message': 'Dec  7 08:45:59 hqnl0246134 sshd[304925]: Failed password for invalid user base from 13.233.116.32 port 56400 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:46:02,156] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395562.1181154, 'message': 'Dec  7 08:46:00 hqnl0246134 sshd[304925]: Disconnected from invalid user base 13.233.116.32 port 56400 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 08:46:02,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670395562.1184015, 'message': 'Dec  7 08:46:01 hqnl0246134 sshd[304928]: Invalid user admin from 144.22.55.7 port 38354', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0371 seconds
INFO    [2022-12-07 08:46:02,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.22.55.7', 'timestamp': 1670395562.1186404, 'message': 'Dec  7 08:46:01 hqnl0246134 sshd[304928]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.22.55.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:46:02,200] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.55.7', 'timestamp': 1670395562.119253, 'message': 'Dec  7 08:46:01 hqnl0246134 sshd[304928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.55.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 08:46:06,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670395566.122006, 'message': 'Dec  7 08:46:04 hqnl0246134 sshd[304928]: Failed password for invalid user admin from 144.22.55.7 port 38354 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:46:06,160] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670395566.1224313, 'message': 'Dec  7 08:46:05 hqnl0246134 sshd[304928]: Disconnected from invalid user admin 144.22.55.7 port 38354 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:46:08,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395568.1243067, 'message': 'Dec  7 08:46:06 hqnl0246134 sshd[304940]: Invalid user kfserver from 141.145.198.28 port 58962', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:46:08,236] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:46:08,237] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 08:46:08,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395568.1245265, 'message': 'Dec  7 08:46:06 hqnl0246134 sshd[304940]: pam_imunify(sshd:auth): [IM360_RBL] The IP 141.145.198.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1016 seconds
WARNING [2022-12-07 08:46:08,249] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:46:08,271] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
INFO    [2022-12-07 08:46:08,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395568.1246824, 'message': 'Dec  7 08:46:06 hqnl0246134 sshd[304940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.198.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 08:46:10,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395570.1267712, 'message': 'Dec  7 08:46:08 hqnl0246134 sshd[304940]: Failed password for invalid user kfserver from 141.145.198.28 port 58962 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 08:46:10,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '141.145.198.28', 'timestamp': 1670395570.1269934, 'message': 'Dec  7 08:46:08 hqnl0246134 sshd[304940]: Disconnected from invalid user kfserver 141.145.198.28 port 58962 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 08:46:13,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:46:13,799] defence360agent.internals.the_sink: SensorIncidentList(<17 item(s)>) processed in 0.0416 seconds
INFO    [2022-12-07 08:46:14,151] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670395574.1327991, 'message': 'Dec  7 08:46:13 hqnl0246134 sshd[304946]: Invalid user usuario from 210.105.99.34 port 50760', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:46:14,173] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.105.99.34', 'timestamp': 1670395574.1329932, 'message': 'Dec  7 08:46:13 hqnl0246134 sshd[304946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.105.99.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 08:46:14,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.105.99.34', 'timestamp': 1670395574.133376, 'message': 'Dec  7 08:46:13 hqnl0246134 sshd[304946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.99.34 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:46:16,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395576.1338034, 'message': 'Dec  7 08:46:14 hqnl0246134 sshd[304948]: Invalid user docker from 165.22.220.5 port 49666', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0624 seconds
INFO    [2022-12-07 08:46:16,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670395576.1344395, 'message': 'Dec  7 08:46:16 hqnl0246134 sshd[304946]: Failed password for invalid user usuario from 210.105.99.34 port 50760 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0621 seconds
INFO    [2022-12-07 08:46:16,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395576.1340768, 'message': 'Dec  7 08:46:14 hqnl0246134 sshd[304948]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:46:16,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395576.1342547, 'message': 'Dec  7 08:46:14 hqnl0246134 sshd[304948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 08:46:17,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:46:17,829] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:46:17,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:46:17,852] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
INFO    [2022-12-07 08:46:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395578.136308, 'message': 'Dec  7 08:46:16 hqnl0246134 sshd[304948]: Failed password for invalid user docker from 165.22.220.5 port 49666 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 08:46:18,165] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670395578.1364982, 'message': 'Dec  7 08:46:17 hqnl0246134 sshd[304946]: Disconnected from invalid user usuario 210.105.99.34 port 50760 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 08:46:20,472] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:46:20,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:46:20,480] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:46:20,493] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 08:46:40,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.234.237.234', 'timestamp': 1670395600.1598618, 'message': 'Dec  7 08:46:38 hqnl0246134 sshd[304975]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.234.237.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 08:46:40,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.234.237.234', 'timestamp': 1670395600.1605911, 'message': 'Dec  7 08:46:38 hqnl0246134 sshd[304975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.234.237.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:46:42,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.234.237.234', 'timestamp': 1670395602.161176, 'message': 'Dec  7 08:46:40 hqnl0246134 sshd[304975]: Failed password for root from 177.234.237.234 port 55400 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:46:46,193] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395606.1671395, 'message': 'Dec  7 08:46:44 hqnl0246134 sshd[304978]: Invalid user elastic from 165.22.220.5 port 43908', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 08:46:46,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395606.1674516, 'message': 'Dec  7 08:46:44 hqnl0246134 sshd[304978]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:46:46,231] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395606.1676373, 'message': 'Dec  7 08:46:44 hqnl0246134 sshd[304978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:46:48,189] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395608.1694748, 'message': 'Dec  7 08:46:46 hqnl0246134 sshd[304978]: Failed password for invalid user elastic from 165.22.220.5 port 43908 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 08:46:52,632] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:46:52,633] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:47:13,778] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:47:13,809] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-07 08:47:16,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395636.2066078, 'message': 'Dec  7 08:47:15 hqnl0246134 sshd[305010]: Invalid user elastic from 165.22.220.5 port 38150', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 08:47:16,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395636.2069135, 'message': 'Dec  7 08:47:15 hqnl0246134 sshd[305010]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:47:16,268] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395636.207054, 'message': 'Dec  7 08:47:15 hqnl0246134 sshd[305010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:47:17,850] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:47:17,850] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:47:17,859] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:47:17,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
INFO    [2022-12-07 08:47:18,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395638.2081785, 'message': 'Dec  7 08:47:17 hqnl0246134 sshd[305010]: Failed password for invalid user elastic from 165.22.220.5 port 38150 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 08:47:20,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:47:20,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:47:20,781] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:47:20,793] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 08:47:21,068] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:47:21,069] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:47:21,078] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:47:21,089] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 08:47:26,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395646.2220883, 'message': 'Dec  7 08:47:24 hqnl0246134 sshd[305030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.62.233.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0256 seconds
INFO    [2022-12-07 08:47:26,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395646.2224576, 'message': 'Dec  7 08:47:24 hqnl0246134 sshd[305030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.62.233.45  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 08:47:28,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395648.2222028, 'message': 'Dec  7 08:47:26 hqnl0246134 sshd[305030]: Failed password for root from 103.62.233.45 port 41730 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 08:47:42,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395662.2414613, 'message': 'Dec  7 08:47:41 hqnl0246134 sshd[305047]: Invalid user ubuntu from 43.131.43.132 port 56294', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 08:47:42,304] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395662.241864, 'message': 'Dec  7 08:47:41 hqnl0246134 sshd[305047]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.131.43.132 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 08:47:42,335] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395662.2420447, 'message': 'Dec  7 08:47:41 hqnl0246134 sshd[305047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.43.132 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 08:47:44,263] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395664.2448485, 'message': 'Dec  7 08:47:43 hqnl0246134 sshd[305047]: Failed password for invalid user ubuntu from 43.131.43.132 port 56294 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:47:46,281] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395666.2493892, 'message': 'Dec  7 08:47:45 hqnl0246134 sshd[305049]: Invalid user elastic from 165.22.220.5 port 60624', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:47:46,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.131.43.132', 'timestamp': 1670395666.250177, 'message': 'Dec  7 08:47:45 hqnl0246134 sshd[305047]: Disconnected from invalid user ubuntu 43.131.43.132 port 56294 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 08:47:46,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395666.2496872, 'message': 'Dec  7 08:47:45 hqnl0246134 sshd[305049]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 08:47:46,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395666.2498899, 'message': 'Dec  7 08:47:45 hqnl0246134 sshd[305049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:47:48,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395668.2518222, 'message': 'Dec  7 08:47:47 hqnl0246134 sshd[305049]: Failed password for invalid user elastic from 165.22.220.5 port 60624 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 08:47:52,638] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:47:52,639] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:48:00,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395680.273399, 'message': 'Dec  7 08:47:59 hqnl0246134 sshd[305063]: Invalid user mongodb from 190.129.60.125 port 33158', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:48:00,317] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395680.2739813, 'message': 'Dec  7 08:47:59 hqnl0246134 sshd[305063]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.129.60.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:48:00,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395680.274154, 'message': 'Dec  7 08:47:59 hqnl0246134 sshd[305063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:48:02,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395682.272799, 'message': 'Dec  7 08:48:01 hqnl0246134 sshd[305063]: Failed password for invalid user mongodb from 190.129.60.125 port 33158 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 08:48:04,315] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395684.2807596, 'message': 'Dec  7 08:48:02 hqnl0246134 sshd[305063]: Disconnected from invalid user mongodb 190.129.60.125 port 33158 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
WARNING [2022-12-07 08:48:13,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:48:13,816] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0446 seconds
INFO    [2022-12-07 08:48:16,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395696.3099103, 'message': 'Dec  7 08:48:15 hqnl0246134 sshd[305079]: Invalid user elasticsearch from 165.22.220.5 port 54866', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:48:16,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395696.3101144, 'message': 'Dec  7 08:48:16 hqnl0246134 sshd[305079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 08:48:16,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395696.3102393, 'message': 'Dec  7 08:48:16 hqnl0246134 sshd[305079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 08:48:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:48:17,963] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:48:17,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:48:17,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 08:48:18,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395698.3123257, 'message': 'Dec  7 08:48:18 hqnl0246134 sshd[305079]: Failed password for invalid user elasticsearch from 165.22.220.5 port 54866 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:48:21,198] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:48:21,198] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:48:21,207] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:48:21,218] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 08:48:46,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395726.3596883, 'message': 'Dec  7 08:48:45 hqnl0246134 sshd[305105]: Invalid user elasticsearch from 165.22.220.5 port 49108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 08:48:46,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395726.3605795, 'message': 'Dec  7 08:48:45 hqnl0246134 sshd[305105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 08:48:46,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395726.3609602, 'message': 'Dec  7 08:48:45 hqnl0246134 sshd[305105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 08:48:48,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395728.3579779, 'message': 'Dec  7 08:48:47 hqnl0246134 sshd[305105]: Failed password for invalid user elasticsearch from 165.22.220.5 port 49108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:48:50,620] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:48:50,622] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:48:50,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:48:50,648] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0247 seconds
WARNING [2022-12-07 08:48:52,642] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:48:52,643] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:48:54,393] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:48:54,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.115.155', 'timestamp': 1670395734.3745432, 'message': 'Dec  7 08:48:54 hqnl0246134 sshd[305114]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.115.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 08:48:54,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.115.155', 'timestamp': 1670395734.3749607, 'message': 'Dec  7 08:48:54 hqnl0246134 sshd[305114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 08:48:54,479] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:48:54,480] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:48:54,480] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:48:54,480] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:48:54,480] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:48:54,489] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:48:54,505] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0242 seconds
WARNING [2022-12-07 08:48:54,513] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:48:54,515] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:48:54,532] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0327 seconds
INFO    [2022-12-07 08:48:54,534] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0309 seconds
INFO    [2022-12-07 08:48:56,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.253.115.155', 'timestamp': 1670395736.3921652, 'message': 'Dec  7 08:48:56 hqnl0246134 sshd[305114]: Failed password for root from 182.253.115.155 port 37270 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1269 seconds
INFO    [2022-12-07 08:49:08,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.210.124.47', 'timestamp': 1670395748.394198, 'message': 'Dec  7 08:49:07 hqnl0246134 sshd[305133]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.210.124.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 08:49:08,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.210.124.47', 'timestamp': 1670395748.3950984, 'message': 'Dec  7 08:49:07 hqnl0246134 sshd[305133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.210.124.47  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:49:10,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '79.210.124.47', 'timestamp': 1670395750.3953345, 'message': 'Dec  7 08:49:09 hqnl0246134 sshd[305133]: Failed password for root from 79.210.124.47 port 52708 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 08:49:13,787] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:49:13,812] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-07 08:49:16,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395756.4027677, 'message': 'Dec  7 08:49:15 hqnl0246134 sshd[305139]: Invalid user elsearch from 165.22.220.5 port 43350', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 08:49:16,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395756.4031913, 'message': 'Dec  7 08:49:15 hqnl0246134 sshd[305139]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 08:49:16,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395756.40347, 'message': 'Dec  7 08:49:15 hqnl0246134 sshd[305139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 08:49:17,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:49:17,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:49:17,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:49:17,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 08:49:18,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395758.4047525, 'message': 'Dec  7 08:49:17 hqnl0246134 sshd[305139]: Failed password for invalid user elsearch from 165.22.220.5 port 43350 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:49:20,377] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:49:20,378] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:49:20,385] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:49:20,397] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 08:49:24,604] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:49:24,605] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:49:24,606] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 08:49:46,465] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395786.4386184, 'message': 'Dec  7 08:49:45 hqnl0246134 sshd[305167]: Invalid user elsearch from 165.22.220.5 port 37592', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 08:49:46,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395786.4391575, 'message': 'Dec  7 08:49:45 hqnl0246134 sshd[305167]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:49:46,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395786.4393773, 'message': 'Dec  7 08:49:45 hqnl0246134 sshd[305167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:49:48,474] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670395788.4404376, 'message': 'Dec  7 08:49:46 hqnl0246134 sshd[305169]: Invalid user prueba1 from 51.250.1.20 port 34532', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 08:49:48,476] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395788.4409502, 'message': 'Dec  7 08:49:48 hqnl0246134 sshd[305167]: Failed password for invalid user elsearch from 165.22.220.5 port 37592 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 08:49:48,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.1.20', 'timestamp': 1670395788.4406443, 'message': 'Dec  7 08:49:46 hqnl0246134 sshd[305169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.1.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 08:49:48,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.1.20', 'timestamp': 1670395788.44083, 'message': 'Dec  7 08:49:46 hqnl0246134 sshd[305169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:49:48,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670395788.4410896, 'message': 'Dec  7 08:49:48 hqnl0246134 sshd[305169]: Failed password for invalid user prueba1 from 51.250.1.20 port 34532 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:49:50,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670395790.4418845, 'message': 'Dec  7 08:49:49 hqnl0246134 sshd[305169]: Disconnected from invalid user prueba1 51.250.1.20 port 34532 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0277 seconds
WARNING [2022-12-07 08:49:52,645] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:49:52,646] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:50:04,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670395804.4575818, 'message': 'Dec  7 08:50:03 hqnl0246134 sshd[305203]: Invalid user sentry from 165.22.217.96 port 57994', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 08:50:04,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.217.96', 'timestamp': 1670395804.4580328, 'message': 'Dec  7 08:50:04 hqnl0246134 sshd[305203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.217.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:50:04,518] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.217.96', 'timestamp': 1670395804.4582229, 'message': 'Dec  7 08:50:04 hqnl0246134 sshd[305203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.217.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:50:06,479] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670395806.4571908, 'message': 'Dec  7 08:50:06 hqnl0246134 sshd[305203]: Failed password for invalid user sentry from 165.22.217.96 port 57994 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:50:08,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670395808.458448, 'message': 'Dec  7 08:50:07 hqnl0246134 sshd[305203]: Disconnected from invalid user sentry 165.22.217.96 port 57994 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 08:50:09,929] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:50:09,929] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:50:09,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:50:09,948] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 08:50:12,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395812.4624343, 'message': 'Dec  7 08:50:12 hqnl0246134 sshd[305213]: Invalid user stream from 89.189.188.33 port 35670', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:50:12,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395812.4626696, 'message': 'Dec  7 08:50:12 hqnl0246134 sshd[305213]: pam_imunify(sshd:auth): [IM360_RBL] The IP 89.189.188.33 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 08:50:12,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395812.462867, 'message': 'Dec  7 08:50:12 hqnl0246134 sshd[305213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.189.188.33 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 08:50:13,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:50:13,812] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0323 seconds
INFO    [2022-12-07 08:50:14,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395814.4643655, 'message': 'Dec  7 08:50:14 hqnl0246134 sshd[305213]: Failed password for invalid user stream from 89.189.188.33 port 35670 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:50:16,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '89.189.188.33', 'timestamp': 1670395816.4663043, 'message': 'Dec  7 08:50:15 hqnl0246134 sshd[305213]: Disconnected from invalid user stream 89.189.188.33 port 35670 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 08:50:16,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395816.4664981, 'message': 'Dec  7 08:50:15 hqnl0246134 sshd[305222]: Invalid user elk from 165.22.220.5 port 60066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 08:50:16,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395816.4666343, 'message': 'Dec  7 08:50:16 hqnl0246134 sshd[305222]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 08:50:16,542] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395816.4667456, 'message': 'Dec  7 08:50:16 hqnl0246134 sshd[305222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:50:17,934] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:50:17,935] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:50:17,942] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:50:17,954] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 08:50:18,513] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395818.4687362, 'message': 'Dec  7 08:50:17 hqnl0246134 sshd[305222]: Failed password for invalid user elk from 165.22.220.5 port 60066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0437 seconds
INFO    [2022-12-07 08:50:18,514] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395818.4690301, 'message': 'Dec  7 08:50:17 hqnl0246134 sshd[305227]: Invalid user nagios from 14.97.173.182 port 34702', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0439 seconds
INFO    [2022-12-07 08:50:18,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395818.4692328, 'message': 'Dec  7 08:50:17 hqnl0246134 sshd[305227]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.97.173.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 08:50:18,581] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395818.4694705, 'message': 'Dec  7 08:50:17 hqnl0246134 sshd[305227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.173.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 08:50:20,501] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395820.4724638, 'message': 'Dec  7 08:50:19 hqnl0246134 sshd[305227]: Failed password for invalid user nagios from 14.97.173.182 port 34702 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:50:20,522] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395820.472744, 'message': 'Dec  7 08:50:20 hqnl0246134 sshd[305227]: Disconnected from invalid user nagios 14.97.173.182 port 34702 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:50:20,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:50:20,769] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:50:20,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:50:20,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0403 seconds
INFO    [2022-12-07 08:50:42,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395842.496546, 'message': 'Dec  7 08:50:40 hqnl0246134 sshd[305258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.141.139.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 08:50:42,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395842.497208, 'message': 'Dec  7 08:50:40 hqnl0246134 sshd[305258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.141.139.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:50:42,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '125.141.139.29', 'timestamp': 1670395842.4973652, 'message': 'Dec  7 08:50:41 hqnl0246134 sshd[305258]: Failed password for root from 125.141.139.29 port 38780 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:50:46,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395846.5017114, 'message': 'Dec  7 08:50:45 hqnl0246134 sshd[305263]: Invalid user elk from 165.22.220.5 port 54308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 08:50:46,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395846.5020099, 'message': 'Dec  7 08:50:45 hqnl0246134 sshd[305263]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 08:50:46,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395846.502126, 'message': 'Dec  7 08:50:45 hqnl0246134 sshd[305263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:50:50,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395850.5050824, 'message': 'Dec  7 08:50:48 hqnl0246134 sshd[305263]: Failed password for invalid user elk from 165.22.220.5 port 54308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 08:50:52,648] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:50:52,649] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:51:13,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:51:13,836] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0499 seconds
INFO    [2022-12-07 08:51:14,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395874.5307279, 'message': 'Dec  7 08:51:13 hqnl0246134 sshd[305287]: Invalid user apple from 103.62.233.45 port 58670', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:51:14,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395874.5310104, 'message': 'Dec  7 08:51:13 hqnl0246134 sshd[305287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.62.233.45 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:51:14,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395874.5311584, 'message': 'Dec  7 08:51:13 hqnl0246134 sshd[305287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.62.233.45 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:51:16,564] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395876.5327017, 'message': 'Dec  7 08:51:15 hqnl0246134 sshd[305287]: Failed password for invalid user apple from 103.62.233.45 port 58670 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 08:51:16,565] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395876.5329645, 'message': 'Dec  7 08:51:16 hqnl0246134 sshd[305290]: Invalid user es from 165.22.220.5 port 48550', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 08:51:16,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395876.5330825, 'message': 'Dec  7 08:51:16 hqnl0246134 sshd[305290]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:51:16,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395876.5332198, 'message': 'Dec  7 08:51:16 hqnl0246134 sshd[305290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:51:18,562] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.62.233.45', 'timestamp': 1670395878.5340202, 'message': 'Dec  7 08:51:17 hqnl0246134 sshd[305287]: Disconnected from invalid user apple 103.62.233.45 port 58670 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 08:51:18,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395878.53425, 'message': 'Dec  7 08:51:17 hqnl0246134 sshd[305290]: Failed password for invalid user es from 165.22.220.5 port 48550 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:51:19,993] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:51:19,994] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:51:20,002] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:51:20,013] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 08:51:22,323] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:51:22,325] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:51:22,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:51:22,369] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0426 seconds
INFO    [2022-12-07 08:51:25,819] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:51:25,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:51:25,828] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:51:25,839] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 08:51:40,174] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 08:51:40,179] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 08:51:41,184] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 08:51:44,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670395904.5622108, 'message': 'Dec  7 08:51:43 hqnl0246134 sshd[305334]: Invalid user postgres from 81.19.216.126 port 52102', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 08:51:44,630] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.19.216.126', 'timestamp': 1670395904.5627084, 'message': 'Dec  7 08:51:44 hqnl0246134 sshd[305334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.19.216.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 08:51:44,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.19.216.126', 'timestamp': 1670395904.5657048, 'message': 'Dec  7 08:51:44 hqnl0246134 sshd[305334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.216.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 08:51:46,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395906.5650177, 'message': 'Dec  7 08:51:45 hqnl0246134 sshd[305336]: Invalid user es from 165.22.220.5 port 42792', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:51:46,603] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395906.5729253, 'message': 'Dec  7 08:51:45 hqnl0246134 sshd[305336]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:51:46,621] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395906.5730796, 'message': 'Dec  7 08:51:45 hqnl0246134 sshd[305336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:51:48,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670395908.5687032, 'message': 'Dec  7 08:51:46 hqnl0246134 sshd[305334]: Failed password for invalid user postgres from 81.19.216.126 port 52102 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 08:51:48,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395908.5701303, 'message': 'Dec  7 08:51:48 hqnl0246134 sshd[305336]: Failed password for invalid user es from 165.22.220.5 port 42792 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 08:51:48,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670395908.5699177, 'message': 'Dec  7 08:51:48 hqnl0246134 sshd[305334]: Disconnected from invalid user postgres 81.19.216.126 port 52102 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 08:51:52,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670395912.5733492, 'message': 'Dec  7 08:51:52 hqnl0246134 sshd[305341]: Invalid user #1234 from 105.174.43.194 port 22021', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 08:51:52,652] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:51:52,653] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:51:54,348] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 08:51:54,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '105.174.43.194', 'timestamp': 1670395914.5740814, 'message': 'Dec  7 08:51:52 hqnl0246134 sshd[305341]: pam_imunify(sshd:auth): [IM360_RBL] The IP 105.174.43.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:51:54,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '105.174.43.194', 'timestamp': 1670395914.574284, 'message': 'Dec  7 08:51:52 hqnl0246134 sshd[305341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.174.43.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:51:56,601] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670395916.5760376, 'message': 'Dec  7 08:51:54 hqnl0246134 sshd[305341]: Failed password for invalid user #1234 from 105.174.43.194 port 22021 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 08:51:58,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670395918.580517, 'message': 'Dec  7 08:51:56 hqnl0246134 sshd[305341]: Disconnected from invalid user #1234 105.174.43.194 port 22021 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 08:52:02,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395922.5878649, 'message': 'Dec  7 08:52:00 hqnl0246134 sshd[305353]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.113.133.177 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 08:52:02,631] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395922.5887568, 'message': 'Dec  7 08:52:00 hqnl0246134 sshd[305353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.113.133.177  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:52:02,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '148.113.133.177', 'timestamp': 1670395922.5891604, 'message': 'Dec  7 08:52:02 hqnl0246134 sshd[305353]: Failed password for root from 148.113.133.177 port 50732 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 08:52:13,828] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:52:13,858] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0385 seconds
INFO    [2022-12-07 08:52:16,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395936.601789, 'message': 'Dec  7 08:52:15 hqnl0246134 sshd[305373]: Invalid user es from 165.22.220.5 port 37034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0777 seconds
INFO    [2022-12-07 08:52:16,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395936.6022387, 'message': 'Dec  7 08:52:15 hqnl0246134 sshd[305373]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0444 seconds
INFO    [2022-12-07 08:52:16,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395936.6024892, 'message': 'Dec  7 08:52:15 hqnl0246134 sshd[305373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 08:52:18,730] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:52:18,730] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:52:18,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:52:18,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395938.603331, 'message': 'Dec  7 08:52:18 hqnl0246134 sshd[305373]: Failed password for invalid user es from 165.22.220.5 port 37034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1751 seconds
INFO    [2022-12-07 08:52:18,782] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0503 seconds
INFO    [2022-12-07 08:52:22,171] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:52:22,171] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:52:22,181] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:52:22,194] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 08:52:23,604] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:52:23,608] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:52:23,621] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:52:23,680] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0707 seconds
INFO    [2022-12-07 08:52:36,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395956.623929, 'message': 'Dec  7 08:52:35 hqnl0246134 sshd[305404]: Invalid user tmp from 14.97.173.182 port 40144', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 08:52:36,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395956.6243908, 'message': 'Dec  7 08:52:35 hqnl0246134 sshd[305404]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.97.173.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 08:52:36,687] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395956.6245613, 'message': 'Dec  7 08:52:35 hqnl0246134 sshd[305404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.173.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 08:52:38,660] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395958.6265135, 'message': 'Dec  7 08:52:37 hqnl0246134 sshd[305404]: Failed password for invalid user tmp from 14.97.173.182 port 40144 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 08:52:38,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395958.6268854, 'message': 'Dec  7 08:52:37 hqnl0246134 sshd[305406]: Invalid user cert from 188.166.5.84 port 32854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:52:38,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670395958.6267147, 'message': 'Dec  7 08:52:37 hqnl0246134 sshd[305404]: Disconnected from invalid user tmp 14.97.173.182 port 40144 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 08:52:38,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395958.6270056, 'message': 'Dec  7 08:52:37 hqnl0246134 sshd[305406]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.5.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 08:52:38,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395958.627133, 'message': 'Dec  7 08:52:37 hqnl0246134 sshd[305406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:52:40,651] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395960.6316905, 'message': 'Dec  7 08:52:39 hqnl0246134 sshd[305406]: Failed password for invalid user cert from 188.166.5.84 port 32854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:52:40,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670395960.6318877, 'message': 'Dec  7 08:52:40 hqnl0246134 sshd[305406]: Disconnected from invalid user cert 188.166.5.84 port 32854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:52:46,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395966.64565, 'message': 'Dec  7 08:52:45 hqnl0246134 sshd[305408]: Invalid user es from 165.22.220.5 port 59508', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:52:46,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395966.6459045, 'message': 'Dec  7 08:52:45 hqnl0246134 sshd[305408]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:52:46,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395966.646056, 'message': 'Dec  7 08:52:45 hqnl0246134 sshd[305408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:52:48,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395968.6484656, 'message': 'Dec  7 08:52:47 hqnl0246134 sshd[305408]: Failed password for invalid user es from 165.22.220.5 port 59508 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-07 08:52:52,657] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:52:52,658] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:53:04,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395984.6748478, 'message': 'Dec  7 08:53:04 hqnl0246134 sshd[305428]: Invalid user oracle from 13.233.116.32 port 48098', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0257 seconds
INFO    [2022-12-07 08:53:06,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395986.6769197, 'message': 'Dec  7 08:53:04 hqnl0246134 sshd[305428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.233.116.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-07 08:53:06,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395986.6773348, 'message': 'Dec  7 08:53:06 hqnl0246134 sshd[305430]: Invalid user tania from 190.129.60.125 port 36338', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0508 seconds
INFO    [2022-12-07 08:53:06,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395986.6780026, 'message': 'Dec  7 08:53:06 hqnl0246134 sshd[305428]: Failed password for invalid user oracle from 13.233.116.32 port 48098 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 08:53:06,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395986.6775942, 'message': 'Dec  7 08:53:06 hqnl0246134 sshd[305430]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.129.60.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 08:53:06,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670395986.678237, 'message': 'Dec  7 08:53:06 hqnl0246134 sshd[305428]: Disconnected from invalid user oracle 13.233.116.32 port 48098 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 08:53:06,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395986.677785, 'message': 'Dec  7 08:53:06 hqnl0246134 sshd[305430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 08:53:08,713] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395988.6787083, 'message': 'Dec  7 08:53:07 hqnl0246134 sshd[305430]: Failed password for invalid user tania from 190.129.60.125 port 36338 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 08:53:08,731] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670395988.679105, 'message': 'Dec  7 08:53:07 hqnl0246134 sshd[305430]: Disconnected from invalid user tania 190.129.60.125 port 36338 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 08:53:13,832] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:53:13,859] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0354 seconds
INFO    [2022-12-07 08:53:16,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395996.6866798, 'message': 'Dec  7 08:53:15 hqnl0246134 sshd[305436]: Invalid user es from 165.22.220.5 port 53750', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 08:53:16,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395996.6869836, 'message': 'Dec  7 08:53:15 hqnl0246134 sshd[305436]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 08:53:16,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395996.6871479, 'message': 'Dec  7 08:53:15 hqnl0246134 sshd[305436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 08:53:18,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670395998.6886158, 'message': 'Dec  7 08:53:17 hqnl0246134 sshd[305436]: Failed password for invalid user es from 165.22.220.5 port 53750 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 08:53:20,087] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:53:20,088] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:53:20,100] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:53:20,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0311 seconds
INFO    [2022-12-07 08:53:22,922] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:53:22,923] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:53:22,934] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:53:22,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0329 seconds
INFO    [2022-12-07 08:53:24,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396004.6961367, 'message': 'Dec  7 08:53:23 hqnl0246134 sshd[305450]: Invalid user programacion from 167.172.187.120 port 46870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:53:24,732] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396004.6963694, 'message': 'Dec  7 08:53:23 hqnl0246134 sshd[305450]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:53:24,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396004.696485, 'message': 'Dec  7 08:53:23 hqnl0246134 sshd[305450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:53:26,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396006.7003083, 'message': 'Dec  7 08:53:25 hqnl0246134 sshd[305450]: Failed password for invalid user programacion from 167.172.187.120 port 46870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 08:53:26,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396006.7006593, 'message': 'Dec  7 08:53:25 hqnl0246134 sshd[305450]: Disconnected from invalid user programacion 167.172.187.120 port 46870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:53:31,217] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 08:53:31,279] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 08:53:31,280] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 08:53:31,280] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 08:53:31,280] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 08:53:31,281] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 08:53:31,291] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 08:53:31,309] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0279 seconds
WARNING [2022-12-07 08:53:31,317] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 08:53:31,319] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:53:31,337] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0339 seconds
INFO    [2022-12-07 08:53:31,338] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0316 seconds
INFO    [2022-12-07 08:53:34,726] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396014.7053928, 'message': 'Dec  7 08:53:34 hqnl0246134 sshd[305461]: Invalid user shop from 121.166.152.68 port 43226', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 08:53:34,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396014.705777, 'message': 'Dec  7 08:53:34 hqnl0246134 sshd[305461]: pam_imunify(sshd:auth): [IM360_RBL] The IP 121.166.152.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:53:34,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396014.706007, 'message': 'Dec  7 08:53:34 hqnl0246134 sshd[305461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.166.152.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:53:36,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396016.7058308, 'message': 'Dec  7 08:53:36 hqnl0246134 sshd[305461]: Failed password for invalid user shop from 121.166.152.68 port 43226 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:53:38,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396018.7091177, 'message': 'Dec  7 08:53:37 hqnl0246134 sshd[305461]: Disconnected from invalid user shop 121.166.152.68 port 43226 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:53:46,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396026.7173727, 'message': 'Dec  7 08:53:44 hqnl0246134 sshd[305464]: Invalid user esadmin from 165.22.220.5 port 47992', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:53:46,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396026.717591, 'message': 'Dec  7 08:53:45 hqnl0246134 sshd[305464]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:53:46,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396026.7177556, 'message': 'Dec  7 08:53:45 hqnl0246134 sshd[305464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 08:53:48,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396028.719837, 'message': 'Dec  7 08:53:47 hqnl0246134 sshd[305464]: Failed password for invalid user esadmin from 165.22.220.5 port 47992 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:53:50,521] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:53:50,522] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:53:50,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:53:50,557] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
WARNING [2022-12-07 08:53:52,662] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:53:52,663] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:53:54,760] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396034.7273877, 'message': 'Dec  7 08:53:53 hqnl0246134 sshd[305472]: Invalid user ftp_user from 130.61.126.10 port 38200', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 08:53:54,780] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396034.727784, 'message': 'Dec  7 08:53:53 hqnl0246134 sshd[305472]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.126.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:53:54,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396034.7279634, 'message': 'Dec  7 08:53:53 hqnl0246134 sshd[305472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.126.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:53:56,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396036.728652, 'message': 'Dec  7 08:53:55 hqnl0246134 sshd[305472]: Failed password for invalid user ftp_user from 130.61.126.10 port 38200 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:53:56,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396036.7288425, 'message': 'Dec  7 08:53:56 hqnl0246134 sshd[305472]: Disconnected from invalid user ftp_user 130.61.126.10 port 38200 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:54:01,409] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 08:54:01,410] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 08:54:01,411] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 08:54:10,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396050.748569, 'message': 'Dec  7 08:54:08 hqnl0246134 sshd[305490]: Invalid user guojinshan from 125.141.139.29 port 44320', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 08:54:10,792] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396050.7489645, 'message': 'Dec  7 08:54:08 hqnl0246134 sshd[305490]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.141.139.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:54:10,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396050.7491095, 'message': 'Dec  7 08:54:08 hqnl0246134 sshd[305490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.141.139.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 08:54:12,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396052.7497253, 'message': 'Dec  7 08:54:10 hqnl0246134 sshd[305490]: Failed password for invalid user guojinshan from 125.141.139.29 port 44320 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 08:54:13,835] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:54:13,860] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-07 08:54:14,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396054.7526984, 'message': 'Dec  7 08:54:14 hqnl0246134 sshd[305490]: Disconnected from invalid user guojinshan 125.141.139.29 port 44320 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-07 08:54:14,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396054.752994, 'message': 'Dec  7 08:54:14 hqnl0246134 sshd[305492]: Invalid user esroot from 165.22.220.5 port 42234', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0524 seconds
INFO    [2022-12-07 08:54:16,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396056.753831, 'message': 'Dec  7 08:54:14 hqnl0246134 sshd[305492]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:54:16,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396056.7540839, 'message': 'Dec  7 08:54:14 hqnl0246134 sshd[305492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:54:16,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396056.7541993, 'message': 'Dec  7 08:54:16 hqnl0246134 sshd[305492]: Failed password for invalid user esroot from 165.22.220.5 port 42234 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 08:54:17,779] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:54:17,779] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:54:17,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:54:17,813] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0327 seconds
INFO    [2022-12-07 08:54:20,297] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:54:20,298] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:54:20,305] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:54:20,316] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 08:54:34,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670396074.7736616, 'message': 'Dec  7 08:54:33 hqnl0246134 sshd[305519]: Invalid user andrew from 14.97.173.182 port 65207', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 08:54:34,823] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '14.97.173.182', 'timestamp': 1670396074.774092, 'message': 'Dec  7 08:54:33 hqnl0246134 sshd[305519]: pam_imunify(sshd:auth): [IM360_RBL] The IP 14.97.173.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 08:54:34,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '14.97.173.182', 'timestamp': 1670396074.7742696, 'message': 'Dec  7 08:54:33 hqnl0246134 sshd[305519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.173.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 08:54:36,796] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670396076.7738862, 'message': 'Dec  7 08:54:35 hqnl0246134 sshd[305519]: Failed password for invalid user andrew from 14.97.173.182 port 65207 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 08:54:36,814] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '14.97.173.182', 'timestamp': 1670396076.7741423, 'message': 'Dec  7 08:54:36 hqnl0246134 sshd[305519]: Disconnected from invalid user andrew 14.97.173.182 port 65207 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:54:44,811] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396084.7822855, 'message': 'Dec  7 08:54:44 hqnl0246134 sshd[305526]: Invalid user esuser from 165.22.220.5 port 36476', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 08:54:46,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396086.785432, 'message': 'Dec  7 08:54:44 hqnl0246134 sshd[305526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 08:54:46,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396086.785746, 'message': 'Dec  7 08:54:44 hqnl0246134 sshd[305526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 08:54:48,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396088.7866817, 'message': 'Dec  7 08:54:47 hqnl0246134 sshd[305526]: Failed password for invalid user esuser from 165.22.220.5 port 36476 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 08:54:48,817] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396088.7869484, 'message': 'Dec  7 08:54:47 hqnl0246134 sshd[305528]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.113.133.177 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 08:54:48,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396088.7871392, 'message': 'Dec  7 08:54:47 hqnl0246134 sshd[305528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.113.133.177  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:54:50,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396090.789077, 'message': 'Dec  7 08:54:49 hqnl0246134 sshd[305528]: Failed password for root from 148.113.133.177 port 47564 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0199 seconds
WARNING [2022-12-07 08:54:52,666] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:54:52,667] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:55:10,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396110.8100817, 'message': 'Dec  7 08:55:09 hqnl0246134 sshd[305568]: Invalid user coder from 165.22.217.96 port 35560', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 08:55:10,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396110.8110785, 'message': 'Dec  7 08:55:09 hqnl0246134 sshd[305567]: Invalid user vp from 181.236.225.147 port 47816', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0457 seconds
INFO    [2022-12-07 08:55:10,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396110.8107913, 'message': 'Dec  7 08:55:09 hqnl0246134 sshd[305568]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.217.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0340 seconds
INFO    [2022-12-07 08:55:10,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396110.811205, 'message': 'Dec  7 08:55:10 hqnl0246134 sshd[305567]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.236.225.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 08:55:10,928] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396110.8109422, 'message': 'Dec  7 08:55:09 hqnl0246134 sshd[305568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.217.96 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 08:55:10,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396110.8113132, 'message': 'Dec  7 08:55:10 hqnl0246134 sshd[305567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.236.225.147 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 08:55:12,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396112.809883, 'message': 'Dec  7 08:55:11 hqnl0246134 sshd[305568]: Failed password for invalid user coder from 165.22.217.96 port 35560 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-07 08:55:12,865] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396112.8101015, 'message': 'Dec  7 08:55:12 hqnl0246134 sshd[305567]: Failed password for invalid user vp from 181.236.225.147 port 47816 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0539 seconds
INFO    [2022-12-07 08:55:12,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396112.8102598, 'message': 'Dec  7 08:55:12 hqnl0246134 sshd[305568]: Disconnected from invalid user coder 165.22.217.96 port 35560 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0363 seconds
WARNING [2022-12-07 08:55:13,849] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:55:13,898] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0661 seconds
INFO    [2022-12-07 08:55:14,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396114.8128924, 'message': 'Dec  7 08:55:13 hqnl0246134 sshd[305567]: Disconnected from invalid user vp 181.236.225.147 port 47816 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 08:55:15,327] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:55:15,327] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:55:15,337] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:55:15,349] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 08:55:16,856] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396116.813651, 'message': 'Dec  7 08:55:14 hqnl0246134 sshd[305577]: Invalid user esuser from 165.22.220.5 port 58950', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0423 seconds
INFO    [2022-12-07 08:55:16,898] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396116.813855, 'message': 'Dec  7 08:55:15 hqnl0246134 sshd[305577]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 08:55:16,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396116.8140075, 'message': 'Dec  7 08:55:15 hqnl0246134 sshd[305577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 08:55:18,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:55:18,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:55:18,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:55:18,798] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0341 seconds
INFO    [2022-12-07 08:55:18,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396118.814932, 'message': 'Dec  7 08:55:17 hqnl0246134 sshd[305577]: Failed password for invalid user esuser from 165.22.220.5 port 58950 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 08:55:22,307] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:55:22,308] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:55:22,315] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:55:22,342] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0338 seconds
INFO    [2022-12-07 08:55:38,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396138.8319273, 'message': 'Dec  7 08:55:36 hqnl0246134 sshd[305607]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.5.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 08:55:38,876] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396138.8324912, 'message': 'Dec  7 08:55:36 hqnl0246134 sshd[305607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:55:40,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396140.8343582, 'message': 'Dec  7 08:55:39 hqnl0246134 sshd[305607]: Failed password for root from 188.166.5.84 port 50760 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:55:44,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396144.8381689, 'message': 'Dec  7 08:55:44 hqnl0246134 sshd[305610]: Invalid user esuser from 165.22.220.5 port 53192', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 08:55:44,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396144.8384235, 'message': 'Dec  7 08:55:44 hqnl0246134 sshd[305610]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 08:55:44,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396144.838564, 'message': 'Dec  7 08:55:44 hqnl0246134 sshd[305610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 08:55:48,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396148.838695, 'message': 'Dec  7 08:55:47 hqnl0246134 sshd[305610]: Failed password for invalid user esuser from 165.22.220.5 port 53192 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 08:55:52,670] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:55:52,671] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:55:58,894] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396158.8452432, 'message': 'Dec  7 08:55:57 hqnl0246134 sshd[305616]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.129.60.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 08:55:58,929] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396158.8464808, 'message': 'Dec  7 08:55:57 hqnl0246134 sshd[305616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0334 seconds
INFO    [2022-12-07 08:56:00,885] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396160.844845, 'message': 'Dec  7 08:55:59 hqnl0246134 sshd[305626]: Invalid user cedric from 167.172.187.120 port 35334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 08:56:00,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396160.8453858, 'message': 'Dec  7 08:55:59 hqnl0246134 sshd[305616]: Failed password for root from 190.129.60.125 port 47170 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 08:56:00,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396160.845105, 'message': 'Dec  7 08:55:59 hqnl0246134 sshd[305626]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0387 seconds
INFO    [2022-12-07 08:56:00,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396160.8452384, 'message': 'Dec  7 08:55:59 hqnl0246134 sshd[305626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 08:56:02,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396162.8483515, 'message': 'Dec  7 08:56:01 hqnl0246134 sshd[305626]: Failed password for invalid user cedric from 167.172.187.120 port 35334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:56:02,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396162.8485518, 'message': 'Dec  7 08:56:02 hqnl0246134 sshd[305626]: Disconnected from invalid user cedric 167.172.187.120 port 35334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 08:56:10,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396170.8568485, 'message': 'Dec  7 08:56:09 hqnl0246134 sshd[305638]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.154.253.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 08:56:10,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396170.8570912, 'message': 'Dec  7 08:56:09 hqnl0246134 sshd[305638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5  user=games', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:56:12,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396172.8580587, 'message': 'Dec  7 08:56:10 hqnl0246134 sshd[305638]: Failed password for games from 122.154.253.5 port 55472 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 08:56:13,848] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:56:13,877] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0370 seconds
INFO    [2022-12-07 08:56:14,909] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396174.861272, 'message': 'Dec  7 08:56:13 hqnl0246134 sshd[305640]: Invalid user dasusr1 from 144.22.55.7 port 46062', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0460 seconds
INFO    [2022-12-07 08:56:14,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396174.8618736, 'message': 'Dec  7 08:56:14 hqnl0246134 sshd[305642]: Invalid user esuser from 165.22.220.5 port 47434', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0453 seconds
INFO    [2022-12-07 08:56:14,951] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396174.861616, 'message': 'Dec  7 08:56:14 hqnl0246134 sshd[305640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.55.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0415 seconds
INFO    [2022-12-07 08:56:14,952] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396174.8621206, 'message': 'Dec  7 08:56:14 hqnl0246134 sshd[305642]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0414 seconds
INFO    [2022-12-07 08:56:14,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396174.8623285, 'message': 'Dec  7 08:56:14 hqnl0246134 sshd[305642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:56:16,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396176.8617232, 'message': 'Dec  7 08:56:16 hqnl0246134 sshd[305640]: Failed password for invalid user dasusr1 from 144.22.55.7 port 46062 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 08:56:16,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396176.861994, 'message': 'Dec  7 08:56:16 hqnl0246134 sshd[305640]: Disconnected from invalid user dasusr1 144.22.55.7 port 46062 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 08:56:18,281] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:56:18,282] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:56:18,291] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:56:18,303] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 08:56:18,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396178.8642185, 'message': 'Dec  7 08:56:17 hqnl0246134 sshd[305642]: Failed password for invalid user esuser from 165.22.220.5 port 47434 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 08:56:19,763] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:56:19,763] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:56:19,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:56:19,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 08:56:21,118] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:56:21,119] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:56:21,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:56:21,139] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 08:56:22,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396182.8689165, 'message': 'Dec  7 08:56:21 hqnl0246134 sshd[305661]: Invalid user readonly from 13.233.116.32 port 38776', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:56:22,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396182.8691382, 'message': 'Dec  7 08:56:21 hqnl0246134 sshd[305661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.233.116.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 08:56:24,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396184.8723736, 'message': 'Dec  7 08:56:23 hqnl0246134 sshd[305661]: Failed password for invalid user readonly from 13.233.116.32 port 38776 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 08:56:26,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396186.8739638, 'message': 'Dec  7 08:56:26 hqnl0246134 sshd[305661]: Disconnected from invalid user readonly 13.233.116.32 port 38776 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 08:56:32,904] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396192.880953, 'message': 'Dec  7 08:56:32 hqnl0246134 sshd[305672]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.105.99.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 08:56:32,924] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396192.8813412, 'message': 'Dec  7 08:56:32 hqnl0246134 sshd[305672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.99.34  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:56:34,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396194.882393, 'message': 'Dec  7 08:56:34 hqnl0246134 sshd[305672]: Failed password for root from 210.105.99.34 port 40958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0488 seconds
INFO    [2022-12-07 08:56:34,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396194.8827724, 'message': 'Dec  7 08:56:34 hqnl0246134 sshd[305675]: Invalid user cedric from 130.61.126.10 port 52596', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 08:56:34,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396194.8829637, 'message': 'Dec  7 08:56:34 hqnl0246134 sshd[305675]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.126.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 08:56:34,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396194.8831758, 'message': 'Dec  7 08:56:34 hqnl0246134 sshd[305675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.126.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:56:36,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396196.885894, 'message': 'Dec  7 08:56:36 hqnl0246134 sshd[305675]: Failed password for invalid user cedric from 130.61.126.10 port 52596 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:56:38,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396198.8883321, 'message': 'Dec  7 08:56:37 hqnl0246134 sshd[305675]: Disconnected from invalid user cedric 130.61.126.10 port 52596 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 08:56:40,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396200.8915732, 'message': 'Dec  7 08:56:39 hqnl0246134 sshd[305677]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.5.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 08:56:40,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396200.891857, 'message': 'Dec  7 08:56:39 hqnl0246134 sshd[305677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.5.55  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 08:56:42,931] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396202.8960156, 'message': 'Dec  7 08:56:42 hqnl0246134 sshd[305677]: Failed password for root from 134.17.5.55 port 38568 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 08:56:44,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396204.898347, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305680]: Invalid user backups from 121.166.152.68 port 60058', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 08:56:44,934] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.88.76.206', 'timestamp': 1670396204.8988652, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305682]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.88.76.206 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0331 seconds
INFO    [2022-12-07 08:56:44,974] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396204.8985906, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305680]: pam_imunify(sshd:auth): [IM360_RBL] The IP 121.166.152.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 08:56:44,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396204.8991284, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305684]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 08:56:44,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.88.76.206', 'timestamp': 1670396204.898985, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.88.76.206  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 08:56:45,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396204.8987174, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.166.152.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 08:56:45,007] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396204.8992624, 'message': 'Dec  7 08:56:44 hqnl0246134 sshd[305684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=ftp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 08:56:48,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396208.9022925, 'message': 'Dec  7 08:56:46 hqnl0246134 sshd[305680]: Failed password for invalid user backups from 121.166.152.68 port 60058 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0647 seconds
INFO    [2022-12-07 08:56:48,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.88.76.206', 'timestamp': 1670396208.9026284, 'message': 'Dec  7 08:56:46 hqnl0246134 sshd[305682]: Failed password for root from 103.88.76.206 port 51945 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0654 seconds
INFO    [2022-12-07 08:56:48,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396208.902843, 'message': 'Dec  7 08:56:47 hqnl0246134 sshd[305684]: Failed password for ftp from 165.22.220.5 port 41676 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0656 seconds
INFO    [2022-12-07 08:56:49,008] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396208.9030097, 'message': 'Dec  7 08:56:47 hqnl0246134 sshd[305680]: Disconnected from invalid user backups 121.166.152.68 port 60058 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0399 seconds
WARNING [2022-12-07 08:56:52,674] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:56:52,675] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 08:57:13,867] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:57:13,910] defence360agent.internals.the_sink: SensorIncidentList(<23 item(s)>) processed in 0.0620 seconds
INFO    [2022-12-07 08:57:16,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396236.9451253, 'message': 'Dec  7 08:57:15 hqnl0246134 sshd[305718]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 08:57:16,992] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396236.9453797, 'message': 'Dec  7 08:57:15 hqnl0246134 sshd[305718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=ftp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 08:57:18,143] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:57:18,144] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:57:18,152] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:57:18,164] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 08:57:18,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396238.9462886, 'message': 'Dec  7 08:57:17 hqnl0246134 sshd[305718]: Failed password for ftp from 165.22.220.5 port 35920 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 08:57:22,409] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:57:22,409] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:57:22,423] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:57:22,437] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0267 seconds
INFO    [2022-12-07 08:57:23,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:57:23,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:57:23,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:57:23,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 08:57:28,991] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396248.9694376, 'message': 'Dec  7 08:57:28 hqnl0246134 sshd[305739]: Invalid user admin from 125.141.139.29 port 49854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:57:29,012] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396248.9698634, 'message': 'Dec  7 08:57:28 hqnl0246134 sshd[305739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 125.141.139.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 08:57:29,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396248.9700224, 'message': 'Dec  7 08:57:28 hqnl0246134 sshd[305739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.141.139.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:57:30,993] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396250.97138, 'message': 'Dec  7 08:57:29 hqnl0246134 sshd[305739]: Failed password for invalid user admin from 125.141.139.29 port 49854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 08:57:31,011] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '125.141.139.29', 'timestamp': 1670396250.9716175, 'message': 'Dec  7 08:57:30 hqnl0246134 sshd[305739]: Disconnected from invalid user admin 125.141.139.29 port 49854 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 08:57:34,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396254.9777527, 'message': 'Dec  7 08:57:34 hqnl0246134 sshd[305751]: Invalid user test from 148.113.133.177 port 42336', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:57:35,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396254.9779963, 'message': 'Dec  7 08:57:34 hqnl0246134 sshd[305751]: pam_imunify(sshd:auth): [IM360_RBL] The IP 148.113.133.177 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 08:57:35,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396254.9781108, 'message': 'Dec  7 08:57:34 hqnl0246134 sshd[305751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.113.133.177 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:57:37,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396256.980934, 'message': 'Dec  7 08:57:35 hqnl0246134 sshd[305752]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.236.225.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0535 seconds
INFO    [2022-12-07 08:57:37,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396256.9813888, 'message': 'Dec  7 08:57:36 hqnl0246134 sshd[305751]: Failed password for invalid user test from 148.113.133.177 port 42336 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-07 08:57:37,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396256.9812381, 'message': 'Dec  7 08:57:35 hqnl0246134 sshd[305752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.236.225.147  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 08:57:39,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '148.113.133.177', 'timestamp': 1670396258.9929538, 'message': 'Dec  7 08:57:37 hqnl0246134 sshd[305751]: Disconnected from invalid user test 148.113.133.177 port 42336 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 08:57:39,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396258.9931746, 'message': 'Dec  7 08:57:37 hqnl0246134 sshd[305752]: Failed password for root from 181.236.225.147 port 46478 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 08:57:47,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396267.0211103, 'message': 'Dec  7 08:57:46 hqnl0246134 sshd[305755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 08:57:47,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396267.021625, 'message': 'Dec  7 08:57:46 hqnl0246134 sshd[305755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=ftp', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 08:57:49,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396269.026951, 'message': 'Dec  7 08:57:48 hqnl0246134 sshd[305755]: Failed password for ftp from 165.22.220.5 port 58396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 08:57:52,680] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:57:52,681] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:57:55,071] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396275.0345545, 'message': 'Dec  7 08:57:54 hqnl0246134 sshd[305758]: pam_imunify(sshd:auth): [IM360_RBL] The IP 105.174.43.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 08:57:55,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396275.0348582, 'message': 'Dec  7 08:57:54 hqnl0246134 sshd[305758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.174.43.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 08:57:57,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396277.0376348, 'message': 'Dec  7 08:57:55 hqnl0246134 sshd[305758]: Failed password for root from 105.174.43.194 port 36627 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0234 seconds
WARNING [2022-12-07 08:58:13,865] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:58:13,903] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.0500 seconds
INFO    [2022-12-07 08:58:18,243] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:58:18,243] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:58:18,252] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:58:18,264] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 08:58:21,010] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:58:21,011] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:58:21,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:58:21,030] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 08:58:21,119] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396301.086832, 'message': 'Dec  7 08:58:20 hqnl0246134 sshd[305790]: Invalid user ftpuser from 165.22.220.5 port 52640', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 08:58:21,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396301.0871172, 'message': 'Dec  7 08:58:20 hqnl0246134 sshd[305790]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 08:58:21,171] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396301.0873399, 'message': 'Dec  7 08:58:20 hqnl0246134 sshd[305790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 08:58:23,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396303.089155, 'message': 'Dec  7 08:58:22 hqnl0246134 sshd[305790]: Failed password for invalid user ftpuser from 165.22.220.5 port 52640 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:58:27,122] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396307.09684, 'message': 'Dec  7 08:58:27 hqnl0246134 sshd[305795]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.217.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 08:58:27,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396307.0971847, 'message': 'Dec  7 08:58:27 hqnl0246134 sshd[305795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.217.96  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 08:58:29,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396309.098397, 'message': 'Dec  7 08:58:28 hqnl0246134 sshd[305795]: Failed password for root from 165.22.217.96 port 52908 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 08:58:31,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396311.1018176, 'message': 'Dec  7 08:58:29 hqnl0246134 sshd[305805]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.199.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 08:58:31,147] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396311.1025195, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305807]: Invalid user 0 from 188.166.5.84 port 40432', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0426 seconds
INFO    [2022-12-07 08:58:31,197] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396311.1022587, 'message': 'Dec  7 08:58:29 hqnl0246134 sshd[305805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.199.254  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0511 seconds
INFO    [2022-12-07 08:58:31,198] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396311.1102686, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305809]: Invalid user ftp_user from 167.172.187.120 port 52034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0515 seconds
INFO    [2022-12-07 08:58:31,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396311.1027193, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305807]: pam_imunify(sshd:auth): [IM360_RBL] The IP 188.166.5.84 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 08:58:31,247] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396311.1104922, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305809]: pam_imunify(sshd:auth): [IM360_RBL] The IP 167.172.187.120 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0481 seconds
INFO    [2022-12-07 08:58:31,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396311.102903, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 08:58:31,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396311.1108956, 'message': 'Dec  7 08:58:31 hqnl0246134 sshd[305805]: Failed password for root from 146.59.199.254 port 57038 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0485 seconds
INFO    [2022-12-07 08:58:31,265] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396311.1107147, 'message': 'Dec  7 08:58:30 hqnl0246134 sshd[305809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.120 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 08:58:33,125] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396313.1020439, 'message': 'Dec  7 08:58:32 hqnl0246134 sshd[305807]: Failed password for invalid user 0 from 188.166.5.84 port 40432 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 08:58:33,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '188.166.5.84', 'timestamp': 1670396313.1023154, 'message': 'Dec  7 08:58:32 hqnl0246134 sshd[305807]: Disconnected from invalid user 0 188.166.5.84 port 40432 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 08:58:34,391] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:58:34,391] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:58:34,399] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:58:34,410] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 08:58:35,136] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396315.1050382, 'message': 'Dec  7 08:58:33 hqnl0246134 sshd[305809]: Failed password for invalid user ftp_user from 167.172.187.120 port 52034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 08:58:37,130] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '167.172.187.120', 'timestamp': 1670396317.1089299, 'message': 'Dec  7 08:58:35 hqnl0246134 sshd[305809]: Disconnected from invalid user ftp_user 167.172.187.120 port 52034 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 08:58:43,143] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396323.1233768, 'message': 'Dec  7 08:58:42 hqnl0246134 sshd[305816]: Invalid user pavel from 190.129.60.125 port 57998', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:58:43,161] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396323.1237411, 'message': 'Dec  7 08:58:42 hqnl0246134 sshd[305816]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.129.60.125 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 08:58:43,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396323.1238782, 'message': 'Dec  7 08:58:42 hqnl0246134 sshd[305816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:58:47,149] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396327.1306581, 'message': 'Dec  7 08:58:45 hqnl0246134 sshd[305816]: Failed password for invalid user pavel from 190.129.60.125 port 57998 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:58:47,169] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.129.60.125', 'timestamp': 1670396327.130916, 'message': 'Dec  7 08:58:46 hqnl0246134 sshd[305816]: Disconnected from invalid user pavel 190.129.60.125 port 57998 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
WARNING [2022-12-07 08:58:52,687] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:58:52,687] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:58:53,163] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396333.1429644, 'message': 'Dec  7 08:58:52 hqnl0246134 sshd[305821]: Invalid user ftpuser from 165.22.220.5 port 46882', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:58:53,182] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396333.143213, 'message': 'Dec  7 08:58:53 hqnl0246134 sshd[305821]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 08:58:53,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396333.1434014, 'message': 'Dec  7 08:58:53 hqnl0246134 sshd[305821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:58:57,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396337.1481, 'message': 'Dec  7 08:58:55 hqnl0246134 sshd[305821]: Failed password for invalid user ftpuser from 165.22.220.5 port 46882 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 08:58:57,187] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.210.124.47', 'timestamp': 1670396337.148434, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305826]: Invalid user sftp from 79.210.124.47 port 37848', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 08:58:57,209] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '79.210.124.47', 'timestamp': 1670396337.148548, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305826]: pam_imunify(sshd:auth): [IM360_RBL] The IP 79.210.124.47 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:58:57,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '79.210.124.47', 'timestamp': 1670396337.14868, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.210.124.47 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0266 seconds
INFO    [2022-12-07 08:58:59,178] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396339.1499016, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305823]: Invalid user project from 181.236.225.147 port 59136', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 08:58:59,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396339.1502397, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.236.225.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:58:59,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396339.150377, 'message': 'Dec  7 08:58:57 hqnl0246134 sshd[305823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.236.225.147 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 08:59:01,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.210.124.47', 'timestamp': 1670396341.1562097, 'message': 'Dec  7 08:58:59 hqnl0246134 sshd[305826]: Failed password for invalid user sftp from 79.210.124.47 port 37848 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 08:59:01,195] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396341.1565182, 'message': 'Dec  7 08:58:59 hqnl0246134 sshd[305823]: Failed password for invalid user project from 181.236.225.147 port 59136 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0373 seconds
INFO    [2022-12-07 08:59:01,214] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396341.156742, 'message': 'Dec  7 08:59:00 hqnl0246134 sshd[305823]: Disconnected from invalid user project 181.236.225.147 port 59136 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 08:59:03,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '79.210.124.47', 'timestamp': 1670396343.1620612, 'message': 'Dec  7 08:59:01 hqnl0246134 sshd[305826]: Disconnected from invalid user sftp 79.210.124.47 port 37848 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 08:59:11,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396351.176047, 'message': 'Dec  7 08:59:10 hqnl0246134 sshd[305844]: Invalid user public from 130.61.126.10 port 52410', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 08:59:11,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396351.177641, 'message': 'Dec  7 08:59:10 hqnl0246134 sshd[305844]: pam_imunify(sshd:auth): [IM360_RBL] The IP 130.61.126.10 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 08:59:11,241] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396351.177845, 'message': 'Dec  7 08:59:10 hqnl0246134 sshd[305844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.126.10 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 08:59:13,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396353.1785924, 'message': 'Dec  7 08:59:12 hqnl0246134 sshd[305844]: Failed password for invalid user public from 130.61.126.10 port 52410 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 08:59:13,207] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396353.1788187, 'message': 'Dec  7 08:59:13 hqnl0246134 sshd[305846]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.105.99.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 08:59:13,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396353.1809237, 'message': 'Dec  7 08:59:13 hqnl0246134 sshd[305846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.99.34  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-07 08:59:13,867] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:59:13,909] defence360agent.internals.the_sink: SensorIncidentList(<29 item(s)>) processed in 0.0507 seconds
INFO    [2022-12-07 08:59:15,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '130.61.126.10', 'timestamp': 1670396355.1829588, 'message': 'Dec  7 08:59:13 hqnl0246134 sshd[305844]: Disconnected from invalid user public 130.61.126.10 port 52410 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 08:59:15,212] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396355.1831663, 'message': 'Dec  7 08:59:14 hqnl0246134 sshd[305846]: Failed password for bin from 210.105.99.34 port 51528 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 08:59:17,901] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:59:17,902] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:59:17,910] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:59:17,921] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:59:20,560] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:59:20,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:59:20,567] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:59:20,579] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 08:59:25,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396365.196835, 'message': 'Dec  7 08:59:25 hqnl0246134 sshd[305860]: Invalid user ftpuser from 165.22.220.5 port 41124', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 08:59:27,218] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396367.1994646, 'message': 'Dec  7 08:59:25 hqnl0246134 sshd[305860]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 08:59:27,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396367.199734, 'message': 'Dec  7 08:59:25 hqnl0246134 sshd[305860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:59:27,259] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396367.199847, 'message': 'Dec  7 08:59:26 hqnl0246134 sshd[305860]: Failed password for invalid user ftpuser from 165.22.220.5 port 41124 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 08:59:35,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396375.2153387, 'message': 'Dec  7 08:59:34 hqnl0246134 sshd[305872]: Invalid user sample from 13.233.116.32 port 40926', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 08:59:35,257] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396375.2158825, 'message': 'Dec  7 08:59:34 hqnl0246134 sshd[305872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.233.116.32 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 08:59:37,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396377.2174578, 'message': 'Dec  7 08:59:36 hqnl0246134 sshd[305872]: Failed password for invalid user sample from 13.233.116.32 port 40926 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 08:59:39,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '13.233.116.32', 'timestamp': 1670396379.220053, 'message': 'Dec  7 08:59:37 hqnl0246134 sshd[305872]: Disconnected from invalid user sample 13.233.116.32 port 40926 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 08:59:39,824] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 08:59:39,824] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 08:59:39,831] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 08:59:39,843] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 08:59:49,253] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396389.233009, 'message': 'Dec  7 08:59:49 hqnl0246134 sshd[305881]: pam_imunify(sshd:auth): [IM360_RBL] The IP 121.166.152.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 08:59:49,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396389.24108, 'message': 'Dec  7 08:59:49 hqnl0246134 sshd[305881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.166.152.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 08:59:51,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396391.2336962, 'message': 'Dec  7 08:59:50 hqnl0246134 sshd[305885]: Invalid user shubham from 51.250.1.20 port 34154', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 08:59:51,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '121.166.152.68', 'timestamp': 1670396391.2409194, 'message': 'Dec  7 08:59:51 hqnl0246134 sshd[305881]: Failed password for root from 121.166.152.68 port 48656 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 08:59:51,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396391.2411106, 'message': 'Dec  7 08:59:51 hqnl0246134 sshd[305885]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.1.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 08:59:51,307] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396391.2412536, 'message': 'Dec  7 08:59:51 hqnl0246134 sshd[305885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.20 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 08:59:52,689] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 08:59:52,690] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 08:59:55,260] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396395.2389843, 'message': 'Dec  7 08:59:53 hqnl0246134 sshd[305885]: Failed password for invalid user shubham from 51.250.1.20 port 34154 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 08:59:57,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396397.2428443, 'message': 'Dec  7 08:59:55 hqnl0246134 sshd[305885]: Disconnected from invalid user shubham 51.250.1.20 port 34154 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 08:59:57,274] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396397.2430885, 'message': 'Dec  7 08:59:55 hqnl0246134 sshd[305888]: Invalid user cluster from 105.174.43.194 port 13288', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 08:59:57,291] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396397.2432384, 'message': 'Dec  7 08:59:55 hqnl0246134 sshd[305888]: pam_imunify(sshd:auth): [IM360_RBL] The IP 105.174.43.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 08:59:57,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396397.2433805, 'message': 'Dec  7 08:59:55 hqnl0246134 sshd[305888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.174.43.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 08:59:59,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396399.24608, 'message': 'Dec  7 08:59:57 hqnl0246134 sshd[305892]: Invalid user ftpuser from 165.22.220.5 port 35368', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0937 seconds
INFO    [2022-12-07 08:59:59,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396399.247444, 'message': 'Dec  7 08:59:57 hqnl0246134 sshd[305888]: Failed password for invalid user cluster from 105.174.43.194 port 13288 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0944 seconds
INFO    [2022-12-07 08:59:59,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396399.2477171, 'message': 'Dec  7 08:59:58 hqnl0246134 sshd[305890]: pam_imunify(sshd:auth): [IM360_RBL] The IP 181.236.225.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0940 seconds
INFO    [2022-12-07 08:59:59,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396399.2468126, 'message': 'Dec  7 08:59:57 hqnl0246134 sshd[305892]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 08:59:59,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396399.2480567, 'message': 'Dec  7 08:59:58 hqnl0246134 sshd[305890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.236.225.147  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0431 seconds
INFO    [2022-12-07 08:59:59,391] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396399.2484748, 'message': 'Dec  7 08:59:58 hqnl0246134 sshd[305888]: Disconnected from invalid user cluster 105.174.43.194 port 13288 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0433 seconds
INFO    [2022-12-07 08:59:59,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396399.2471747, 'message': 'Dec  7 08:59:57 hqnl0246134 sshd[305892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 09:00:01,301] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396401.2500677, 'message': 'Dec  7 08:59:59 hqnl0246134 sshd[305892]: Failed password for invalid user ftpuser from 165.22.220.5 port 35368 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-07 09:00:01,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '181.236.225.147', 'timestamp': 1670396401.2508583, 'message': 'Dec  7 09:00:00 hqnl0246134 sshd[305890]: Failed password for root from 181.236.225.147 port 43532 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0503 seconds
INFO    [2022-12-07 09:00:07,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396407.2615972, 'message': 'Dec  7 09:00:06 hqnl0246134 sshd[305936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.5.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 09:00:07,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396407.2618914, 'message': 'Dec  7 09:00:06 hqnl0246134 sshd[305936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.5.55  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:00:09,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396409.262552, 'message': 'Dec  7 09:00:08 hqnl0246134 sshd[305936]: Failed password for root from 134.17.5.55 port 34180 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0205 seconds
WARNING [2022-12-07 09:00:13,878] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:00:13,960] defence360agent.internals.the_sink: SensorIncidentList(<22 item(s)>) processed in 0.0985 seconds
INFO    [2022-12-07 09:00:16,453] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:00:16,521] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:00:16,522] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:00:16,522] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:00:16,522] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:00:16,523] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:00:16,532] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:00:16,548] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0247 seconds
WARNING [2022-12-07 09:00:16,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:00:16,557] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:00:16,574] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0318 seconds
INFO    [2022-12-07 09:00:16,575] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0297 seconds
INFO    [2022-12-07 09:00:18,076] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:00:18,077] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:00:18,084] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:00:18,096] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 09:00:20,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:00:20,776] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:00:20,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:00:20,794] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0173 seconds
INFO    [2022-12-07 09:00:29,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396429.3037806, 'message': 'Dec  7 09:00:29 hqnl0246134 sshd[305961]: Invalid user gitlab from 165.22.220.5 port 57842', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0557 seconds
INFO    [2022-12-07 09:00:29,379] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396429.304329, 'message': 'Dec  7 09:00:29 hqnl0246134 sshd[305961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:00:29,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396429.3046138, 'message': 'Dec  7 09:00:29 hqnl0246134 sshd[305961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 09:00:31,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396431.299152, 'message': 'Dec  7 09:00:31 hqnl0246134 sshd[305961]: Failed password for invalid user gitlab from 165.22.220.5 port 57842 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:00:32,116] defence360agent.files: Updating all files
INFO    [2022-12-07 09:00:32,403] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:32,404] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 09:00:32,754] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:32,754] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 09:00:33,074] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:33,075] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 09:00:33,350] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:33,351] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 09:00:33,351] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 09:00:33,611] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 07:00:33 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E70B4C9A278A2'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 09:00:33,613] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 09:00:33,614] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 09:00:34,206] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:34,206] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 09:00:34,522] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:34,523] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 09:00:34,845] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:34,846] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 09:00:35,204] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:35,205] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 09:00:35,641] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 09:00:35,643] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 09:00:37,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396437.3089232, 'message': 'Dec  7 09:00:36 hqnl0246134 sshd[305972]: Invalid user android from 43.156.93.193 port 43462', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0310 seconds
INFO    [2022-12-07 09:00:37,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396437.3092024, 'message': 'Dec  7 09:00:36 hqnl0246134 sshd[305972]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.93.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 09:00:37,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396437.309373, 'message': 'Dec  7 09:00:36 hqnl0246134 sshd[305972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.93.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 09:00:39,329] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396439.3097563, 'message': 'Dec  7 09:00:38 hqnl0246134 sshd[305972]: Failed password for invalid user android from 43.156.93.193 port 43462 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:00:41,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396441.312424, 'message': 'Dec  7 09:00:39 hqnl0246134 sshd[305972]: Disconnected from invalid user android 43.156.93.193 port 43462 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 09:00:46,715] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:00:46,716] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:00:46,716] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 09:00:52,695] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:00:52,695] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:01:01,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396461.3382864, 'message': 'Dec  7 09:01:00 hqnl0246134 sshd[305984]: Invalid user gitlab from 165.22.220.5 port 52084', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 09:01:01,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396461.338758, 'message': 'Dec  7 09:01:00 hqnl0246134 sshd[305984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 09:01:01,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396461.3389628, 'message': 'Dec  7 09:01:00 hqnl0246134 sshd[305984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0350 seconds
INFO    [2022-12-07 09:01:03,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396463.3393238, 'message': 'Dec  7 09:01:02 hqnl0246134 sshd[305984]: Failed password for invalid user gitlab from 165.22.220.5 port 52084 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 09:01:07,262] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:01:07,262] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:01:07,272] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:01:07,286] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
WARNING [2022-12-07 09:01:13,879] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:01:13,907] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0383 seconds
INFO    [2022-12-07 09:01:20,037] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:01:20,038] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:01:20,046] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:01:20,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 09:01:24,559] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:01:24,560] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:01:24,569] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:01:24,581] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 09:01:33,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396493.3863223, 'message': 'Dec  7 09:01:32 hqnl0246134 sshd[306030]: Invalid user gitlab from 165.22.220.5 port 46326', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 09:01:33,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396493.3870533, 'message': 'Dec  7 09:01:32 hqnl0246134 sshd[306030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:01:33,457] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396493.3872504, 'message': 'Dec  7 09:01:32 hqnl0246134 sshd[306030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:01:35,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396495.386919, 'message': 'Dec  7 09:01:34 hqnl0246134 sshd[306030]: Failed password for invalid user gitlab from 165.22.220.5 port 46326 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 09:01:43,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396503.402253, 'message': 'Dec  7 09:01:42 hqnl0246134 sshd[306032]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.22.55.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:01:43,439] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396503.4025345, 'message': 'Dec  7 09:01:42 hqnl0246134 sshd[306032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.55.7  user=bin', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:01:45,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396505.402331, 'message': 'Dec  7 09:01:43 hqnl0246134 sshd[306037]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.217.96 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 09:01:45,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396505.4032927, 'message': 'Dec  7 09:01:44 hqnl0246134 sshd[306032]: Failed password for bin from 144.22.55.7 port 47428 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0443 seconds
INFO    [2022-12-07 09:01:45,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396505.4026513, 'message': 'Dec  7 09:01:43 hqnl0246134 sshd[306037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.217.96  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 09:01:47,425] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.217.96', 'timestamp': 1670396507.4072254, 'message': 'Dec  7 09:01:46 hqnl0246134 sshd[306037]: Failed password for root from 165.22.217.96 port 42008 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 09:01:52,701] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:01:52,702] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:01:54,351] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 09:01:59,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396519.426202, 'message': 'Dec  7 09:01:57 hqnl0246134 sshd[306044]: pam_imunify(sshd:auth): [IM360_RBL] The IP 105.174.43.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 09:01:59,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396519.4292247, 'message': 'Dec  7 09:01:57 hqnl0246134 sshd[306044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.174.43.194  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:02:01,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396521.4288576, 'message': 'Dec  7 09:02:00 hqnl0246134 sshd[306046]: Invalid user ninja from 210.105.99.34 port 33858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 09:02:01,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396521.429548, 'message': 'Dec  7 09:02:00 hqnl0246134 sshd[306044]: Failed password for root from 105.174.43.194 port 22033 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 09:02:01,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396521.4292223, 'message': 'Dec  7 09:02:00 hqnl0246134 sshd[306046]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.105.99.34 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:02:01,511] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396521.4293962, 'message': 'Dec  7 09:02:00 hqnl0246134 sshd[306046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.99.34 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 09:02:03,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396523.4316971, 'message': 'Dec  7 09:02:02 hqnl0246134 sshd[306046]: Failed password for invalid user ninja from 210.105.99.34 port 33858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 09:02:03,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.19.216.126', 'timestamp': 1670396523.4319398, 'message': 'Dec  7 09:02:03 hqnl0246134 sshd[306064]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.19.216.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 09:02:03,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.19.216.126', 'timestamp': 1670396523.4320705, 'message': 'Dec  7 09:02:03 hqnl0246134 sshd[306064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.216.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:02:05,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.105.99.34', 'timestamp': 1670396525.437272, 'message': 'Dec  7 09:02:04 hqnl0246134 sshd[306046]: Disconnected from invalid user ninja 210.105.99.34 port 33858 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 09:02:05,471] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396525.4376287, 'message': 'Dec  7 09:02:04 hqnl0246134 sshd[306066]: Invalid user gitlab-runner from 165.22.220.5 port 40568', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 09:02:05,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396525.437786, 'message': 'Dec  7 09:02:04 hqnl0246134 sshd[306066]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:02:05,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396525.4379182, 'message': 'Dec  7 09:02:04 hqnl0246134 sshd[306066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:02:07,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '81.19.216.126', 'timestamp': 1670396527.4472256, 'message': 'Dec  7 09:02:05 hqnl0246134 sshd[306064]: Failed password for root from 81.19.216.126 port 41286 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 09:02:07,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396527.447485, 'message': 'Dec  7 09:02:07 hqnl0246134 sshd[306066]: Failed password for invalid user gitlab-runner from 165.22.220.5 port 40568 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 09:02:11,470] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396531.4464684, 'message': 'Dec  7 09:02:10 hqnl0246134 sshd[306069]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.115.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 09:02:11,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396531.4470322, 'message': 'Dec  7 09:02:10 hqnl0246134 sshd[306069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:02:13,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396533.4481237, 'message': 'Dec  7 09:02:12 hqnl0246134 sshd[306069]: Failed password for root from 182.253.115.155 port 42924 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 09:02:13,883] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:02:13,912] defence360agent.internals.the_sink: SensorIncidentList(<21 item(s)>) processed in 0.0392 seconds
INFO    [2022-12-07 09:02:20,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:02:20,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:02:20,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:02:20,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:02:22,640] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:02:22,640] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:02:22,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:02:22,658] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0169 seconds
INFO    [2022-12-07 09:02:37,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396557.4826603, 'message': 'Dec  7 09:02:36 hqnl0246134 sshd[306105]: Invalid user git from 165.22.220.5 port 34810', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 09:02:37,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396557.48315, 'message': 'Dec  7 09:02:36 hqnl0246134 sshd[306105]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:02:37,550] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396557.4833202, 'message': 'Dec  7 09:02:36 hqnl0246134 sshd[306105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:02:39,516] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396559.4967966, 'message': 'Dec  7 09:02:39 hqnl0246134 sshd[306105]: Failed password for invalid user git from 165.22.220.5 port 34810 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:02:43,811] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:02:43,811] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:02:43,820] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:02:43,831] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
WARNING [2022-12-07 09:02:52,706] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:02:52,707] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:02:55,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396575.502478, 'message': 'Dec  7 09:02:55 hqnl0246134 sshd[306120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.1.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:02:55,551] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396575.5050828, 'message': 'Dec  7 09:02:55 hqnl0246134 sshd[306120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:02:57,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396577.5063474, 'message': 'Dec  7 09:02:57 hqnl0246134 sshd[306120]: Failed password for root from 51.250.1.20 port 52142 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0396 seconds
INFO    [2022-12-07 09:03:09,573] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396589.5210938, 'message': 'Dec  7 09:03:08 hqnl0246134 sshd[306141]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.5.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0507 seconds
INFO    [2022-12-07 09:03:09,577] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396589.5219839, 'message': 'Dec  7 09:03:08 hqnl0246134 sshd[306142]: Invalid user git from 165.22.220.5 port 57284', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0513 seconds
INFO    [2022-12-07 09:03:09,614] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396589.5217187, 'message': 'Dec  7 09:03:08 hqnl0246134 sshd[306141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.5.55  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0393 seconds
INFO    [2022-12-07 09:03:09,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396589.5221329, 'message': 'Dec  7 09:03:08 hqnl0246134 sshd[306142]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0375 seconds
INFO    [2022-12-07 09:03:09,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396589.5223, 'message': 'Dec  7 09:03:08 hqnl0246134 sshd[306142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 09:03:11,553] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396591.5218825, 'message': 'Dec  7 09:03:10 hqnl0246134 sshd[306141]: Failed password for root from 134.17.5.55 port 52472 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 09:03:11,554] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396591.5221174, 'message': 'Dec  7 09:03:10 hqnl0246134 sshd[306142]: Failed password for invalid user git from 165.22.220.5 port 57284 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
WARNING [2022-12-07 09:03:13,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:03:13,916] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0389 seconds
INFO    [2022-12-07 09:03:20,105] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:03:20,105] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:03:20,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:03:20,124] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 09:03:22,954] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:03:22,955] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:03:22,967] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:03:22,990] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0343 seconds
INFO    [2022-12-07 09:03:37,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396617.5744846, 'message': 'Dec  7 09:03:35 hqnl0246134 sshd[306170]: Invalid user john from 146.59.199.254 port 33320', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 09:03:37,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396617.5749352, 'message': 'Dec  7 09:03:35 hqnl0246134 sshd[306170]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.199.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:03:37,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396617.575106, 'message': 'Dec  7 09:03:35 hqnl0246134 sshd[306170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.199.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:03:39,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396619.5770414, 'message': 'Dec  7 09:03:37 hqnl0246134 sshd[306170]: Failed password for invalid user john from 146.59.199.254 port 33320 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 09:03:39,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396619.5772748, 'message': 'Dec  7 09:03:37 hqnl0246134 sshd[306170]: Disconnected from invalid user john 146.59.199.254 port 33320 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:03:41,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396621.5873196, 'message': 'Dec  7 09:03:40 hqnl0246134 sshd[306174]: Invalid user git from 165.22.220.5 port 51526', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:03:41,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396621.58755, 'message': 'Dec  7 09:03:40 hqnl0246134 sshd[306174]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 09:03:41,648] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396621.5876627, 'message': 'Dec  7 09:03:40 hqnl0246134 sshd[306174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 09:03:43,613] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396623.5903676, 'message': 'Dec  7 09:03:42 hqnl0246134 sshd[306174]: Failed password for invalid user git from 165.22.220.5 port 51526 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-07 09:03:52,710] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:03:52,711] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:03:55,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396635.6030943, 'message': 'Dec  7 09:03:55 hqnl0246134 sshd[306177]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.90.179.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 09:03:55,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396635.6035507, 'message': 'Dec  7 09:03:55 hqnl0246134 sshd[306179]: Invalid user admin from 105.174.43.194 port 12971', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 09:03:55,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396635.6034038, 'message': 'Dec  7 09:03:55 hqnl0246134 sshd[306177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.90.179.116  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 09:03:55,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396635.6036696, 'message': 'Dec  7 09:03:55 hqnl0246134 sshd[306179]: pam_imunify(sshd:auth): [IM360_RBL] The IP 105.174.43.194 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0354 seconds
INFO    [2022-12-07 09:03:55,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396635.6038063, 'message': 'Dec  7 09:03:55 hqnl0246134 sshd[306179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.174.43.194 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:03:57,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396637.6049979, 'message': 'Dec  7 09:03:56 hqnl0246134 sshd[306177]: Failed password for root from 210.90.179.116 port 12374 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 09:03:57,639] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396637.605223, 'message': 'Dec  7 09:03:56 hqnl0246134 sshd[306179]: Failed password for invalid user admin from 105.174.43.194 port 12971 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 09:03:57,658] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '105.174.43.194', 'timestamp': 1670396637.605383, 'message': 'Dec  7 09:03:57 hqnl0246134 sshd[306179]: Disconnected from invalid user admin 105.174.43.194 port 12971 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:04:13,690] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396653.6395948, 'message': 'Dec  7 09:04:12 hqnl0246134 sshd[306203]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.234.237.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0478 seconds
INFO    [2022-12-07 09:04:13,694] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396653.6409488, 'message': 'Dec  7 09:04:12 hqnl0246134 sshd[306206]: Invalid user git from 165.22.220.5 port 45768', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0484 seconds
INFO    [2022-12-07 09:04:13,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396653.640622, 'message': 'Dec  7 09:04:12 hqnl0246134 sshd[306203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.234.237.234  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0502 seconds
INFO    [2022-12-07 09:04:13,744] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396653.6411898, 'message': 'Dec  7 09:04:13 hqnl0246134 sshd[306206]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0499 seconds
INFO    [2022-12-07 09:04:13,761] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396653.6414514, 'message': 'Dec  7 09:04:13 hqnl0246134 sshd[306206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0163 seconds
WARNING [2022-12-07 09:04:13,889] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:04:13,912] defence360agent.internals.the_sink: SensorIncidentList(<14 item(s)>) processed in 0.0312 seconds
INFO    [2022-12-07 09:04:15,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396655.6403105, 'message': 'Dec  7 09:04:14 hqnl0246134 sshd[306203]: Failed password for root from 177.234.237.234 port 37756 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 09:04:15,673] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396655.6405716, 'message': 'Dec  7 09:04:14 hqnl0246134 sshd[306206]: Failed password for invalid user git from 165.22.220.5 port 45768 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 09:04:17,990] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:04:17,991] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
INFO    [2022-12-07 09:04:18,064] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:04:18,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:04:18,082] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:04:18,083] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:04:18,102] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1107 seconds
INFO    [2022-12-07 09:04:18,103] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0368 seconds
INFO    [2022-12-07 09:04:20,784] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:04:20,784] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:04:20,792] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:04:20,805] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:04:45,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396685.687786, 'message': 'Dec  7 09:04:45 hqnl0246134 sshd[306246]: Invalid user guest from 165.22.220.5 port 40010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 09:04:45,763] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396685.6885571, 'message': 'Dec  7 09:04:45 hqnl0246134 sshd[306246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 09:04:45,797] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396685.6888165, 'message': 'Dec  7 09:04:45 hqnl0246134 sshd[306246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 09:04:49,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396689.690327, 'message': 'Dec  7 09:04:48 hqnl0246134 sshd[306246]: Failed password for invalid user guest from 165.22.220.5 port 40010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 09:04:51,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396691.697861, 'message': 'Dec  7 09:04:51 hqnl0246134 sshd[306250]: Invalid user usuario from 210.90.179.116 port 2349', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 09:04:51,737] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396691.6981359, 'message': 'Dec  7 09:04:51 hqnl0246134 sshd[306250]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.90.179.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:04:51,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396691.698286, 'message': 'Dec  7 09:04:51 hqnl0246134 sshd[306250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.90.179.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
WARNING [2022-12-07 09:04:52,714] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:04:52,715] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:04:53,722] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396693.701406, 'message': 'Dec  7 09:04:52 hqnl0246134 sshd[306250]: Failed password for invalid user usuario from 210.90.179.116 port 2349 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:04:53,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396693.7017057, 'message': 'Dec  7 09:04:53 hqnl0246134 sshd[306250]: Disconnected from invalid user usuario 210.90.179.116 port 2349 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
WARNING [2022-12-07 09:05:13,897] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:05:13,922] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0367 seconds
INFO    [2022-12-07 09:05:17,770] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396717.75157, 'message': 'Dec  7 09:05:17 hqnl0246134 sshd[306302]: Invalid user guest from 165.22.220.5 port 34252', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:05:17,983] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:05:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:05:17,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:05:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:05:19,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396719.7537591, 'message': 'Dec  7 09:05:17 hqnl0246134 sshd[306302]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:05:19,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396719.7541306, 'message': 'Dec  7 09:05:17 hqnl0246134 sshd[306302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 09:05:19,810] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396719.7544205, 'message': 'Dec  7 09:05:19 hqnl0246134 sshd[306302]: Failed password for invalid user guest from 165.22.220.5 port 34252 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:05:20,712] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:05:20,713] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:05:20,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:05:20,733] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 09:05:23,478] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:05:23,479] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:05:23,486] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:05:23,498] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:05:47,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396747.791585, 'message': 'Dec  7 09:05:46 hqnl0246134 sshd[306330]: Invalid user ninja from 210.90.179.116 port 58066', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 09:05:47,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396747.7921247, 'message': 'Dec  7 09:05:46 hqnl0246134 sshd[306330]: pam_imunify(sshd:auth): [IM360_RBL] The IP 210.90.179.116 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:05:47,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396747.7922719, 'message': 'Dec  7 09:05:46 hqnl0246134 sshd[306330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.90.179.116 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:05:49,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396749.7971356, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306330]: Failed password for invalid user ninja from 210.90.179.116 port 58066 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0468 seconds
INFO    [2022-12-07 09:05:49,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396749.7973988, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306332]: Invalid user guest from 165.22.220.5 port 56728', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0472 seconds
INFO    [2022-12-07 09:05:49,847] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396749.7978508, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306334]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.250.1.20 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0466 seconds
INFO    [2022-12-07 09:05:49,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396749.7975597, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306332]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0404 seconds
INFO    [2022-12-07 09:05:49,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396749.797992, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.20  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0418 seconds
INFO    [2022-12-07 09:05:49,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396749.7977118, 'message': 'Dec  7 09:05:48 hqnl0246134 sshd[306332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 09:05:51,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '210.90.179.116', 'timestamp': 1670396751.8009598, 'message': 'Dec  7 09:05:50 hqnl0246134 sshd[306330]: Disconnected from invalid user ninja 210.90.179.116 port 58066 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0709 seconds
INFO    [2022-12-07 09:05:51,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396751.8013327, 'message': 'Dec  7 09:05:50 hqnl0246134 sshd[306332]: Failed password for invalid user guest from 165.22.220.5 port 56728 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0711 seconds
INFO    [2022-12-07 09:05:51,874] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.250.1.20', 'timestamp': 1670396751.801608, 'message': 'Dec  7 09:05:50 hqnl0246134 sshd[306334]: Failed password for root from 51.250.1.20 port 41928 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0706 seconds
WARNING [2022-12-07 09:05:52,719] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:05:52,719] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:06:05,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396765.819751, 'message': 'Dec  7 09:06:04 hqnl0246134 sshd[306354]: Invalid user vbox from 134.17.5.55 port 42544', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:06:05,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396765.820173, 'message': 'Dec  7 09:06:04 hqnl0246134 sshd[306354]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.5.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:06:05,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396765.8203423, 'message': 'Dec  7 09:06:04 hqnl0246134 sshd[306354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.5.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 09:06:07,842] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396767.8215756, 'message': 'Dec  7 09:06:06 hqnl0246134 sshd[306354]: Failed password for invalid user vbox from 134.17.5.55 port 42544 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 09:06:09,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.5.55', 'timestamp': 1670396769.8247924, 'message': 'Dec  7 09:06:08 hqnl0246134 sshd[306354]: Disconnected from invalid user vbox 134.17.5.55 port 42544 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-07 09:06:13,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:06:13,940] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0492 seconds
INFO    [2022-12-07 09:06:18,166] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:06:18,167] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:06:18,175] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:06:18,189] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 09:06:19,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396779.8349826, 'message': 'Dec  7 09:06:19 hqnl0246134 sshd[306369]: Invalid user gpadmin from 165.22.220.5 port 50970', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:06:19,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396779.8352377, 'message': 'Dec  7 09:06:19 hqnl0246134 sshd[306369]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:06:19,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396779.835351, 'message': 'Dec  7 09:06:19 hqnl0246134 sshd[306369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:06:21,117] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:06:21,118] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:06:21,125] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:06:21,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:06:21,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396781.836596, 'message': 'Dec  7 09:06:21 hqnl0246134 sshd[306369]: Failed password for invalid user gpadmin from 165.22.220.5 port 50970 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:06:29,870] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396789.8472385, 'message': 'Dec  7 09:06:28 hqnl0246134 sshd[306376]: Invalid user user03 from 144.22.55.7 port 57516', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 09:06:29,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396789.8475323, 'message': 'Dec  7 09:06:28 hqnl0246134 sshd[306376]: pam_imunify(sshd:auth): [IM360_RBL] The IP 144.22.55.7 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 09:06:29,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396789.847673, 'message': 'Dec  7 09:06:28 hqnl0246134 sshd[306376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.55.7 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 09:06:31,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396791.850689, 'message': 'Dec  7 09:06:30 hqnl0246134 sshd[306378]: Invalid user gast from 146.59.199.254 port 32832', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0617 seconds
INFO    [2022-12-07 09:06:31,917] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396791.8518581, 'message': 'Dec  7 09:06:30 hqnl0246134 sshd[306376]: Failed password for invalid user user03 from 144.22.55.7 port 57516 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0619 seconds
INFO    [2022-12-07 09:06:31,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396791.8512928, 'message': 'Dec  7 09:06:30 hqnl0246134 sshd[306378]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.199.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 09:06:31,976] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396791.8516383, 'message': 'Dec  7 09:06:30 hqnl0246134 sshd[306378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.199.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 09:06:33,903] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396793.8507502, 'message': 'Dec  7 09:06:32 hqnl0246134 sshd[306378]: Failed password for invalid user gast from 146.59.199.254 port 32832 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0519 seconds
INFO    [2022-12-07 09:06:33,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '144.22.55.7', 'timestamp': 1670396793.8510985, 'message': 'Dec  7 09:06:32 hqnl0246134 sshd[306376]: Disconnected from invalid user user03 144.22.55.7 port 57516 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0520 seconds
INFO    [2022-12-07 09:06:33,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396793.851374, 'message': 'Dec  7 09:06:33 hqnl0246134 sshd[306378]: Disconnected from invalid user gast 146.59.199.254 port 32832 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0332 seconds
INFO    [2022-12-07 09:06:41,890] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396801.8656344, 'message': 'Dec  7 09:06:41 hqnl0246134 sshd[306391]: Invalid user thor from 182.253.115.155 port 49334', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 09:06:41,911] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396801.8660235, 'message': 'Dec  7 09:06:41 hqnl0246134 sshd[306391]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.115.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:06:41,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396801.8661487, 'message': 'Dec  7 09:06:41 hqnl0246134 sshd[306391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:06:43,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396803.8682775, 'message': 'Dec  7 09:06:43 hqnl0246134 sshd[306391]: Failed password for invalid user thor from 182.253.115.155 port 49334 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:06:45,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670396805.8717797, 'message': 'Dec  7 09:06:44 hqnl0246134 sshd[306391]: Disconnected from invalid user thor 182.253.115.155 port 49334 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:06:49,897] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396809.8773263, 'message': 'Dec  7 09:06:49 hqnl0246134 sshd[306393]: Invalid user gmod from 165.22.220.5 port 45212', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:06:49,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396809.877616, 'message': 'Dec  7 09:06:49 hqnl0246134 sshd[306393]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:06:49,935] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396809.878808, 'message': 'Dec  7 09:06:49 hqnl0246134 sshd[306393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:06:51,918] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.20.188.28', 'timestamp': 1670396811.8802388, 'message': 'Dec  7 09:06:51 hqnl0246134 sshd[306397]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.20.188.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0374 seconds
INFO    [2022-12-07 09:06:51,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396811.881673, 'message': 'Dec  7 09:06:51 hqnl0246134 sshd[306393]: Failed password for invalid user gmod from 165.22.220.5 port 45212 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0377 seconds
INFO    [2022-12-07 09:06:51,941] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.20.188.28', 'timestamp': 1670396811.8806286, 'message': 'Dec  7 09:06:51 hqnl0246134 sshd[306397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.188.28  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-07 09:06:52,722] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:06:52,722] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:06:53,915] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '103.20.188.28', 'timestamp': 1670396813.8890092, 'message': 'Dec  7 09:06:53 hqnl0246134 sshd[306397]: Failed password for root from 103.20.188.28 port 45486 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 09:06:54,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:06:54,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:06:54,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:06:54,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 09:07:11,933] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396831.9096847, 'message': 'Dec  7 09:07:11 hqnl0246134 sshd[306432]: Invalid user virtual from 122.154.253.5 port 38852', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
WARNING [2022-12-07 09:07:13,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:07:13,951] defence360agent.internals.the_sink: SensorIncidentList(<16 item(s)>) processed in 0.0535 seconds
INFO    [2022-12-07 09:07:13,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396833.9104445, 'message': 'Dec  7 09:07:11 hqnl0246134 sshd[306432]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.154.253.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0450 seconds
INFO    [2022-12-07 09:07:13,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396833.910712, 'message': 'Dec  7 09:07:11 hqnl0246134 sshd[306432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:07:15,930] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396835.9123747, 'message': 'Dec  7 09:07:14 hqnl0246134 sshd[306432]: Failed password for invalid user virtual from 122.154.253.5 port 38852 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:07:17,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:07:17,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:07:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:07:17,929] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0276 seconds
INFO    [2022-12-07 09:07:17,940] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670396837.914362, 'message': 'Dec  7 09:07:16 hqnl0246134 sshd[306432]: Disconnected from invalid user virtual 122.154.253.5 port 38852 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 09:07:19,948] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396839.927573, 'message': 'Dec  7 09:07:19 hqnl0246134 sshd[306443]: Invalid user gmod from 165.22.220.5 port 39454', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:07:19,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396839.9278011, 'message': 'Dec  7 09:07:19 hqnl0246134 sshd[306443]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:07:19,987] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396839.9279385, 'message': 'Dec  7 09:07:19 hqnl0246134 sshd[306443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:07:20,762] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:07:20,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:07:20,770] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:07:20,781] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:07:21,956] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:07:21,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396841.9403632, 'message': 'Dec  7 09:07:21 hqnl0246134 sshd[306443]: Failed password for invalid user gmod from 165.22.220.5 port 39454 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:07:22,022] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:07:22,022] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:07:22,022] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:07:22,023] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:07:22,023] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:07:22,033] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:07:22,049] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0247 seconds
WARNING [2022-12-07 09:07:22,055] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:07:22,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:07:22,076] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0335 seconds
INFO    [2022-12-07 09:07:22,077] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0312 seconds
INFO    [2022-12-07 09:07:36,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396855.9908533, 'message': 'Dec  7 09:07:34 hqnl0246134 sshd[306458]: Invalid user git from 43.156.93.193 port 46036', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 09:07:36,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396855.9916968, 'message': 'Dec  7 09:07:34 hqnl0246134 sshd[306458]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.93.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:07:36,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396855.9942157, 'message': 'Dec  7 09:07:34 hqnl0246134 sshd[306458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.93.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 09:07:38,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396857.9901521, 'message': 'Dec  7 09:07:37 hqnl0246134 sshd[306458]: Failed password for invalid user git from 43.156.93.193 port 46036 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0438 seconds
INFO    [2022-12-07 09:07:40,016] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670396859.9977667, 'message': 'Dec  7 09:07:39 hqnl0246134 sshd[306458]: Disconnected from invalid user git 43.156.93.193 port 46036 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:07:50,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396870.018196, 'message': 'Dec  7 09:07:49 hqnl0246134 sshd[306468]: Invalid user gbase from 165.22.220.5 port 33696', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 09:07:52,038] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396872.0184882, 'message': 'Dec  7 09:07:50 hqnl0246134 sshd[306468]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:07:52,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396872.018806, 'message': 'Dec  7 09:07:50 hqnl0246134 sshd[306468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:07:52,167] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:07:52,167] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:07:52,169] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 09:07:52,725] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:07:52,726] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:07:54,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396874.0254347, 'message': 'Dec  7 09:07:52 hqnl0246134 sshd[306468]: Failed password for invalid user gbase from 165.22.220.5 port 33696 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
WARNING [2022-12-07 09:08:13,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:08:13,936] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0321 seconds
INFO    [2022-12-07 09:08:17,947] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:08:17,948] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:08:17,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:08:17,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 09:08:20,553] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:08:20,553] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:08:20,562] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:08:20,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 09:08:22,103] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396902.0824122, 'message': 'Dec  7 09:08:20 hqnl0246134 sshd[306500]: Invalid user hadoop from 165.22.220.5 port 56170', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 09:08:22,123] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396902.0826626, 'message': 'Dec  7 09:08:20 hqnl0246134 sshd[306500]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:08:22,141] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396902.0828037, 'message': 'Dec  7 09:08:20 hqnl0246134 sshd[306500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:08:24,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396904.0824218, 'message': 'Dec  7 09:08:22 hqnl0246134 sshd[306500]: Failed password for invalid user hadoop from 165.22.220.5 port 56170 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:08:26,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:08:26,712] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:08:26,720] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:08:26,731] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 09:08:50,144] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396930.1184638, 'message': 'Dec  7 09:08:49 hqnl0246134 sshd[306526]: Invalid user hadoop from 165.22.220.5 port 50412', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 09:08:50,164] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396930.119248, 'message': 'Dec  7 09:08:50 hqnl0246134 sshd[306526]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:08:50,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396930.119659, 'message': 'Dec  7 09:08:50 hqnl0246134 sshd[306526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 09:08:52,729] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:08:52,730] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:08:54,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396934.1245205, 'message': 'Dec  7 09:08:52 hqnl0246134 sshd[306526]: Failed password for invalid user hadoop from 165.22.220.5 port 50412 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0322 seconds
WARNING [2022-12-07 09:09:13,919] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:09:13,940] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0327 seconds
INFO    [2022-12-07 09:09:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:09:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:09:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:09:17,985] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0266 seconds
INFO    [2022-12-07 09:09:20,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396960.1746724, 'message': 'Dec  7 09:09:19 hqnl0246134 sshd[306686]: Invalid user hadoop from 165.22.220.5 port 44654', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:09:20,211] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396960.174944, 'message': 'Dec  7 09:09:19 hqnl0246134 sshd[306686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:09:20,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396960.1750822, 'message': 'Dec  7 09:09:19 hqnl0246134 sshd[306686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:09:20,759] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:09:20,760] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:09:20,778] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:09:20,789] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-07 09:09:22,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396962.1737802, 'message': 'Dec  7 09:09:22 hqnl0246134 sshd[306686]: Failed password for invalid user hadoop from 165.22.220.5 port 44654 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:09:26,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396966.1841545, 'message': 'Dec  7 09:09:25 hqnl0246134 sshd[306693]: Invalid user alpha from 146.59.199.254 port 42218', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 09:09:26,246] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396966.1846497, 'message': 'Dec  7 09:09:25 hqnl0246134 sshd[306693]: pam_imunify(sshd:auth): [IM360_RBL] The IP 146.59.199.254 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 09:09:26,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396966.1849174, 'message': 'Dec  7 09:09:25 hqnl0246134 sshd[306693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.199.254 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:09:28,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396968.1860533, 'message': 'Dec  7 09:09:27 hqnl0246134 sshd[306693]: Failed password for invalid user alpha from 146.59.199.254 port 42218 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:09:30,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '146.59.199.254', 'timestamp': 1670396970.1888485, 'message': 'Dec  7 09:09:28 hqnl0246134 sshd[306693]: Disconnected from invalid user alpha 146.59.199.254 port 42218 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 09:09:32,217] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396972.1938956, 'message': 'Dec  7 09:09:31 hqnl0246134 sshd[306695]: Invalid user hero from 177.234.237.234 port 23570', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 09:09:32,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396972.1942954, 'message': 'Dec  7 09:09:31 hqnl0246134 sshd[306695]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.234.237.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:09:32,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396972.194587, 'message': 'Dec  7 09:09:31 hqnl0246134 sshd[306695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.234.237.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:09:34,215] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396974.1956916, 'message': 'Dec  7 09:09:33 hqnl0246134 sshd[306695]: Failed password for invalid user hero from 177.234.237.234 port 23570 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:09:36,221] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670396976.197734, 'message': 'Dec  7 09:09:35 hqnl0246134 sshd[306695]: Disconnected from invalid user hero 177.234.237.234 port 23570 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 09:09:50,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396990.2140157, 'message': 'Dec  7 09:09:49 hqnl0246134 sshd[306710]: Invalid user hadoop from 165.22.220.5 port 38896', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 09:09:50,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396990.2143571, 'message': 'Dec  7 09:09:49 hqnl0246134 sshd[306710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 09:09:50,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396990.214504, 'message': 'Dec  7 09:09:49 hqnl0246134 sshd[306710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 09:09:52,239] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670396992.2139273, 'message': 'Dec  7 09:09:52 hqnl0246134 sshd[306710]: Failed password for invalid user hadoop from 165.22.220.5 port 38896 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0249 seconds
WARNING [2022-12-07 09:09:52,733] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:09:52,734] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:10:13,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:10:13,963] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0485 seconds
INFO    [2022-12-07 09:10:14,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397014.2446175, 'message': 'Dec  7 09:10:13 hqnl0246134 sshd[306748]: Invalid user view from 103.20.188.28 port 35508', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 09:10:14,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397014.244966, 'message': 'Dec  7 09:10:13 hqnl0246134 sshd[306748]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.20.188.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 09:10:14,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397014.245243, 'message': 'Dec  7 09:10:13 hqnl0246134 sshd[306748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.188.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:10:16,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397016.2450562, 'message': 'Dec  7 09:10:15 hqnl0246134 sshd[306748]: Failed password for invalid user view from 103.20.188.28 port 35508 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 09:10:18,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397018.2479315, 'message': 'Dec  7 09:10:16 hqnl0246134 sshd[306748]: Disconnected from invalid user view 103.20.188.28 port 35508 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:10:18,393] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:10:18,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:10:18,403] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:10:18,414] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 09:10:20,509] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:10:20,510] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:10:20,543] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:10:20,568] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397020.2488494, 'message': 'Dec  7 09:10:19 hqnl0246134 sshd[306772]: Invalid user hive from 165.22.220.5 port 33138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.3180 seconds
INFO    [2022-12-07 09:10:20,669] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1581 seconds
INFO    [2022-12-07 09:10:20,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397020.2492256, 'message': 'Dec  7 09:10:20 hqnl0246134 sshd[306772]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1131 seconds
INFO    [2022-12-07 09:10:20,774] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397020.2494082, 'message': 'Dec  7 09:10:20 hqnl0246134 sshd[306772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0713 seconds
INFO    [2022-12-07 09:10:22,280] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397022.2516084, 'message': 'Dec  7 09:10:21 hqnl0246134 sshd[306772]: Failed password for invalid user hive from 165.22.220.5 port 33138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 09:10:23,048] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:10:23,048] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:10:23,058] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:10:23,073] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-07 09:10:32,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397032.3108282, 'message': 'Dec  7 09:10:31 hqnl0246134 sshd[306778]: Invalid user ehsan from 122.154.253.5 port 56724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-07 09:10:32,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397032.3117194, 'message': 'Dec  7 09:10:31 hqnl0246134 sshd[306778]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.154.253.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:10:32,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397032.3120282, 'message': 'Dec  7 09:10:31 hqnl0246134 sshd[306778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:10:34,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397034.2669542, 'message': 'Dec  7 09:10:33 hqnl0246134 sshd[306778]: Failed password for invalid user ehsan from 122.154.253.5 port 56724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 09:10:36,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397036.2701228, 'message': 'Dec  7 09:10:35 hqnl0246134 sshd[306778]: Disconnected from invalid user ehsan 122.154.253.5 port 56724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:10:50,324] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397050.2890928, 'message': 'Dec  7 09:10:50 hqnl0246134 sshd[306791]: Invalid user jenkins from 165.22.220.5 port 55612', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0347 seconds
INFO    [2022-12-07 09:10:52,312] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397052.290282, 'message': 'Dec  7 09:10:50 hqnl0246134 sshd[306791]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:10:52,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397052.2904904, 'message': 'Dec  7 09:10:50 hqnl0246134 sshd[306791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 09:10:52,736] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:10:52,737] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:10:54,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397054.2929356, 'message': 'Dec  7 09:10:52 hqnl0246134 sshd[306791]: Failed password for invalid user jenkins from 165.22.220.5 port 55612 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:11:06,350] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397066.3175652, 'message': 'Dec  7 09:11:05 hqnl0246134 sshd[306809]: Invalid user cassandra from 43.156.93.193 port 37232', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 09:11:06,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397066.3181224, 'message': 'Dec  7 09:11:05 hqnl0246134 sshd[306809]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.93.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:11:06,387] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397066.318419, 'message': 'Dec  7 09:11:05 hqnl0246134 sshd[306809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.93.193 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:11:08,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397068.3178685, 'message': 'Dec  7 09:11:07 hqnl0246134 sshd[306809]: Failed password for invalid user cassandra from 43.156.93.193 port 37232 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 09:11:10,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397070.3205721, 'message': 'Dec  7 09:11:09 hqnl0246134 sshd[306809]: Disconnected from invalid user cassandra 43.156.93.193 port 37232 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 09:11:13,926] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:11:13,952] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 09:11:14,349] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670397074.3294964, 'message': 'Dec  7 09:11:14 hqnl0246134 sshd[306814]: Invalid user developer from 182.253.115.155 port 48322', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:11:14,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '182.253.115.155', 'timestamp': 1670397074.3297327, 'message': 'Dec  7 09:11:14 hqnl0246134 sshd[306814]: pam_imunify(sshd:auth): [IM360_RBL] The IP 182.253.115.155 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:11:14,384] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '182.253.115.155', 'timestamp': 1670397074.3299031, 'message': 'Dec  7 09:11:14 hqnl0246134 sshd[306814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:11:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:11:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:11:17,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:11:17,906] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 09:11:18,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670397078.3588579, 'message': 'Dec  7 09:11:16 hqnl0246134 sshd[306814]: Failed password for invalid user developer from 182.253.115.155 port 48322 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:11:20,372] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '182.253.115.155', 'timestamp': 1670397080.3373778, 'message': 'Dec  7 09:11:18 hqnl0246134 sshd[306814]: Disconnected from invalid user developer 182.253.115.155 port 48322 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0345 seconds
INFO    [2022-12-07 09:11:20,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397080.3376071, 'message': 'Dec  7 09:11:20 hqnl0246134 sshd[306824]: Invalid user kubernetes from 165.22.220.5 port 49854', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 09:11:22,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397082.3384426, 'message': 'Dec  7 09:11:20 hqnl0246134 sshd[306824]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 09:11:22,385] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397082.3413572, 'message': 'Dec  7 09:11:20 hqnl0246134 sshd[306824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:11:22,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397082.3415613, 'message': 'Dec  7 09:11:22 hqnl0246134 sshd[306824]: Failed password for invalid user kubernetes from 165.22.220.5 port 49854 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:11:22,768] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:11:22,769] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:11:22,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:11:22,791] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 09:11:50,419] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397110.3782668, 'message': 'Dec  7 09:11:49 hqnl0246134 sshd[306842]: Invalid user lighthouse from 165.22.220.5 port 44096', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0384 seconds
INFO    [2022-12-07 09:11:50,440] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397110.3795412, 'message': 'Dec  7 09:11:50 hqnl0246134 sshd[306842]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:11:50,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397110.3799038, 'message': 'Dec  7 09:11:50 hqnl0246134 sshd[306842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 09:11:52,399] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397112.379224, 'message': 'Dec  7 09:11:51 hqnl0246134 sshd[306842]: Failed password for invalid user lighthouse from 165.22.220.5 port 44096 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 09:11:52,740] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:11:52,740] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:11:54,354] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 09:11:56,503] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:11:56,504] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:11:56,512] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:11:56,526] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 09:12:10,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397130.403869, 'message': 'Dec  7 09:12:09 hqnl0246134 sshd[306869]: Invalid user monica from 81.19.216.126 port 53238', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:12:10,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397130.4043834, 'message': 'Dec  7 09:12:09 hqnl0246134 sshd[306869]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.19.216.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 09:12:10,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397130.4055042, 'message': 'Dec  7 09:12:09 hqnl0246134 sshd[306869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.216.126 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:12:12,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397132.409029, 'message': 'Dec  7 09:12:11 hqnl0246134 sshd[306869]: Failed password for invalid user monica from 81.19.216.126 port 53238 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 09:12:13,933] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:12:13,965] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0437 seconds
INFO    [2022-12-07 09:12:14,437] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397134.4144516, 'message': 'Dec  7 09:12:13 hqnl0246134 sshd[306869]: Disconnected from invalid user monica 81.19.216.126 port 53238 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 09:12:17,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:12:17,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:12:17,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:12:17,963] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0336 seconds
INFO    [2022-12-07 09:12:20,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397140.4204457, 'message': 'Dec  7 09:12:19 hqnl0246134 sshd[306887]: Invalid user lighthouse from 165.22.220.5 port 38338', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 09:12:20,469] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397140.4262748, 'message': 'Dec  7 09:12:19 hqnl0246134 sshd[306887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 09:12:20,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:12:20,555] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:12:20,566] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:12:20,584] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397140.4265335, 'message': 'Dec  7 09:12:19 hqnl0246134 sshd[306887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.1138 seconds
INFO    [2022-12-07 09:12:20,587] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0311 seconds
INFO    [2022-12-07 09:12:22,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397142.4255834, 'message': 'Dec  7 09:12:21 hqnl0246134 sshd[306887]: Failed password for invalid user lighthouse from 165.22.220.5 port 38338 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 09:12:50,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397170.4790776, 'message': 'Dec  7 09:12:49 hqnl0246134 sshd[306906]: Invalid user lighthouse from 165.22.220.5 port 60812', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0822 seconds
INFO    [2022-12-07 09:12:50,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397170.4799452, 'message': 'Dec  7 09:12:49 hqnl0246134 sshd[306906]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0646 seconds
INFO    [2022-12-07 09:12:50,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397170.480191, 'message': 'Dec  7 09:12:49 hqnl0246134 sshd[306906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0545 seconds
INFO    [2022-12-07 09:12:52,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397172.481617, 'message': 'Dec  7 09:12:51 hqnl0246134 sshd[306906]: Failed password for invalid user lighthouse from 165.22.220.5 port 60812 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 09:12:52,743] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:12:52,743] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:13:02,739] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 09:13:02,751] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:02,857] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.1162 seconds
INFO    [2022-12-07 09:13:12,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397192.515271, 'message': 'Dec  7 09:13:12 hqnl0246134 sshd[306943]: Invalid user ricardo from 103.20.188.28 port 52300', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 09:13:12,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397192.5165732, 'message': 'Dec  7 09:13:12 hqnl0246134 sshd[306943]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.20.188.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:13:12,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397192.516749, 'message': 'Dec  7 09:13:12 hqnl0246134 sshd[306943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.188.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
WARNING [2022-12-07 09:13:13,936] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:13,959] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0335 seconds
INFO    [2022-12-07 09:13:14,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397194.516757, 'message': 'Dec  7 09:13:13 hqnl0246134 sshd[306943]: Failed password for invalid user ricardo from 103.20.188.28 port 52300 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:13:14,552] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397194.5169249, 'message': 'Dec  7 09:13:14 hqnl0246134 sshd[306943]: Disconnected from invalid user ricardo 103.20.188.28 port 52300 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:13:18,180] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:13:18,180] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:13:18,188] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:18,200] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 09:13:18,296] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:13:18,365] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:13:18,365] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:13:18,366] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:13:18,366] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:13:18,366] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:13:18,392] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:13:18,422] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0553 seconds
WARNING [2022-12-07 09:13:18,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:13:18,465] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:18,516] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.1002 seconds
INFO    [2022-12-07 09:13:18,520] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.1000 seconds
INFO    [2022-12-07 09:13:19,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:13:19,079] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:13:19,087] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:19,099] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 09:13:20,674] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397200.52258, 'message': 'Dec  7 09:13:18 hqnl0246134 sshd[306961]: Invalid user jumpserver from 165.22.220.5 port 55054', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1513 seconds
INFO    [2022-12-07 09:13:20,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397200.5227973, 'message': 'Dec  7 09:13:18 hqnl0246134 sshd[306961]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:13:20,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397200.5229113, 'message': 'Dec  7 09:13:18 hqnl0246134 sshd[306961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:13:22,546] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397202.5260608, 'message': 'Dec  7 09:13:20 hqnl0246134 sshd[306961]: Failed password for invalid user jumpserver from 165.22.220.5 port 55054 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:13:23,816] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:13:23,816] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:13:23,823] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:13:23,838] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0217 seconds
INFO    [2022-12-07 09:13:46,589] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397226.5574136, 'message': 'Dec  7 09:13:46 hqnl0246134 sshd[306984]: Invalid user zk from 122.154.253.5 port 46346', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 09:13:46,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397226.5583677, 'message': 'Dec  7 09:13:46 hqnl0246134 sshd[306984]: pam_imunify(sshd:auth): [IM360_RBL] The IP 122.154.253.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:13:46,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397226.5585823, 'message': 'Dec  7 09:13:46 hqnl0246134 sshd[306984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:13:48,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397228.556989, 'message': 'Dec  7 09:13:48 hqnl0246134 sshd[306984]: Failed password for invalid user zk from 122.154.253.5 port 46346 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 09:13:48,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397228.557175, 'message': 'Dec  7 09:13:48 hqnl0246134 sshd[306986]: Invalid user jupyter from 165.22.220.5 port 49296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0289 seconds
INFO    [2022-12-07 09:13:48,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397228.557299, 'message': 'Dec  7 09:13:48 hqnl0246134 sshd[306986]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 09:13:48,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397228.5650272, 'message': 'Dec  7 09:13:48 hqnl0246134 sshd[306986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:13:50,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '122.154.253.5', 'timestamp': 1670397230.557615, 'message': 'Dec  7 09:13:49 hqnl0246134 sshd[306984]: Disconnected from invalid user zk 122.154.253.5 port 46346 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0398 seconds
INFO    [2022-12-07 09:13:50,598] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397230.5578737, 'message': 'Dec  7 09:13:50 hqnl0246134 sshd[306986]: Failed password for invalid user jupyter from 165.22.220.5 port 49296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0397 seconds
INFO    [2022-12-07 09:13:51,905] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:13:51,906] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:13:51,907] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 09:13:52,745] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:13:52,746] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:14:13,940] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:14:13,978] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0472 seconds
INFO    [2022-12-07 09:14:18,010] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:14:18,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:14:18,022] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:14:18,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 09:14:18,632] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397258.6124613, 'message': 'Dec  7 09:14:17 hqnl0246134 sshd[307011]: Invalid user mapr from 165.22.220.5 port 43538', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:14:18,650] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397258.6133356, 'message': 'Dec  7 09:14:17 hqnl0246134 sshd[307011]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:14:18,668] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397258.6134808, 'message': 'Dec  7 09:14:17 hqnl0246134 sshd[307011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:14:20,645] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:14:20,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:14:20,657] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:14:20,675] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0287 seconds
INFO    [2022-12-07 09:14:20,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397260.6471152, 'message': 'Dec  7 09:14:20 hqnl0246134 sshd[307011]: Failed password for invalid user mapr from 165.22.220.5 port 43538 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 09:14:23,587] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:14:23,588] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:14:23,600] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:14:23,620] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-07 09:14:32,667] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397272.6372683, 'message': 'Dec  7 09:14:32 hqnl0246134 sshd[307030]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.156.93.193 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 09:14:32,689] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397272.6376505, 'message': 'Dec  7 09:14:32 hqnl0246134 sshd[307030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.93.193  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 09:14:34,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.156.93.193', 'timestamp': 1670397274.639146, 'message': 'Dec  7 09:14:34 hqnl0246134 sshd[307030]: Failed password for root from 43.156.93.193 port 56660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 09:14:48,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397288.6615033, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307046]: Invalid user mongodb from 165.22.220.5 port 37780', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0389 seconds
INFO    [2022-12-07 09:14:48,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670397288.6622586, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307042]: Invalid user lulu from 177.234.237.234 port 59390', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 09:14:48,735] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397288.6618378, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307046]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 09:14:48,736] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '177.234.237.234', 'timestamp': 1670397288.6623857, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307042]: pam_imunify(sshd:auth): [IM360_RBL] The IP 177.234.237.234 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 09:14:48,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397288.6621256, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 09:14:48,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '177.234.237.234', 'timestamp': 1670397288.6629279, 'message': 'Dec  7 09:14:47 hqnl0246134 sshd[307042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.234.237.234 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 09:14:50,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397290.6623995, 'message': 'Dec  7 09:14:49 hqnl0246134 sshd[307046]: Failed password for invalid user mongodb from 165.22.220.5 port 37780 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 09:14:50,693] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670397290.6625996, 'message': 'Dec  7 09:14:50 hqnl0246134 sshd[307042]: Failed password for invalid user lulu from 177.234.237.234 port 59390 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:14:52,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '177.234.237.234', 'timestamp': 1670397292.665937, 'message': 'Dec  7 09:14:52 hqnl0246134 sshd[307042]: Disconnected from invalid user lulu 177.234.237.234 port 59390 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 09:14:52,748] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:14:52,749] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:15:00,702] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397300.676928, 'message': 'Dec  7 09:14:58 hqnl0246134 sshd[307051]: pam_imunify(sshd:auth): [IM360_RBL] The IP 81.19.216.126 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 09:15:00,720] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397300.6773252, 'message': 'Dec  7 09:14:58 hqnl0246134 sshd[307051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.216.126  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:15:02,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '81.19.216.126', 'timestamp': 1670397302.679366, 'message': 'Dec  7 09:15:01 hqnl0246134 sshd[307051]: Failed password for root from 81.19.216.126 port 42682 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0266 seconds
WARNING [2022-12-07 09:15:13,963] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:15:14,001] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0643 seconds
INFO    [2022-12-07 09:15:18,133] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:15:18,134] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:15:18,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:15:18,155] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:15:18,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397318.705389, 'message': 'Dec  7 09:15:17 hqnl0246134 sshd[307097]: Invalid user mongodb from 165.22.220.5 port 60254', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0361 seconds
INFO    [2022-12-07 09:15:18,772] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397318.709691, 'message': 'Dec  7 09:15:17 hqnl0246134 sshd[307097]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 09:15:18,791] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397318.7099156, 'message': 'Dec  7 09:15:17 hqnl0246134 sshd[307097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:15:20,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397320.7058866, 'message': 'Dec  7 09:15:20 hqnl0246134 sshd[307097]: Failed password for invalid user mongodb from 165.22.220.5 port 60254 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:15:20,896] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:15:20,897] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:15:20,904] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:15:20,915] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 09:15:48,782] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397348.7582362, 'message': 'Dec  7 09:15:46 hqnl0246134 sshd[307124]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:15:48,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397348.758769, 'message': 'Dec  7 09:15:46 hqnl0246134 sshd[307124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 09:15:50,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397350.7575636, 'message': 'Dec  7 09:15:49 hqnl0246134 sshd[307124]: Failed password for mysql from 165.22.220.5 port 54496 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 09:15:52,752] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:15:52,753] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:15:53,132] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:15:53,132] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:15:53,144] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:15:53,161] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
WARNING [2022-12-07 09:16:13,962] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:16:13,989] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0458 seconds
INFO    [2022-12-07 09:16:16,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397376.788558, 'message': 'Dec  7 09:16:16 hqnl0246134 sshd[307158]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 09:16:16,838] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397376.788957, 'message': 'Dec  7 09:16:16 hqnl0246134 sshd[307158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 09:16:18,539] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:16:18,540] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:16:18,550] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:16:18,562] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 09:16:18,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397378.790775, 'message': 'Dec  7 09:16:18 hqnl0246134 sshd[307158]: Failed password for mysql from 165.22.220.5 port 48738 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 09:16:21,214] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:16:21,215] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:16:21,232] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:16:21,261] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0455 seconds
INFO    [2022-12-07 09:16:22,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397382.7921972, 'message': 'Dec  7 09:16:21 hqnl0246134 sshd[307171]: Invalid user luis from 103.20.188.28 port 40872', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0300 seconds
INFO    [2022-12-07 09:16:22,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397382.7924762, 'message': 'Dec  7 09:16:22 hqnl0246134 sshd[307171]: pam_imunify(sshd:auth): [IM360_RBL] The IP 103.20.188.28 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0297 seconds
INFO    [2022-12-07 09:16:22,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397382.7926025, 'message': 'Dec  7 09:16:22 hqnl0246134 sshd[307171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.188.28 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 09:16:24,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397384.7944443, 'message': 'Dec  7 09:16:24 hqnl0246134 sshd[307171]: Failed password for invalid user luis from 103.20.188.28 port 40872 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 09:16:26,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '103.20.188.28', 'timestamp': 1670397386.7972145, 'message': 'Dec  7 09:16:24 hqnl0246134 sshd[307171]: Disconnected from invalid user luis 103.20.188.28 port 40872 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 09:16:46,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397406.8152592, 'message': 'Dec  7 09:16:45 hqnl0246134 sshd[307188]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0368 seconds
INFO    [2022-12-07 09:16:46,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397406.8160923, 'message': 'Dec  7 09:16:45 hqnl0246134 sshd[307188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5  user=mysql', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:16:48,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397408.8169553, 'message': 'Dec  7 09:16:47 hqnl0246134 sshd[307188]: Failed password for mysql from 165.22.220.5 port 42980 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0267 seconds
WARNING [2022-12-07 09:16:52,756] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:16:52,756] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:17:13,971] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:17:14,004] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0553 seconds
INFO    [2022-12-07 09:17:14,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397434.8641171, 'message': 'Dec  7 09:17:14 hqnl0246134 sshd[307231]: Invalid user minecraft from 165.22.220.5 port 37222', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:17:16,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397436.86774, 'message': 'Dec  7 09:17:14 hqnl0246134 sshd[307231]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 09:17:16,910] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397436.8680315, 'message': 'Dec  7 09:17:14 hqnl0246134 sshd[307231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:17:17,905] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:17:17,905] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:17:17,913] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:17:17,924] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 09:17:18,888] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397438.8692405, 'message': 'Dec  7 09:17:17 hqnl0246134 sshd[307231]: Failed password for invalid user minecraft from 165.22.220.5 port 37222 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:17:20,494] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:17:20,494] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:17:20,502] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:17:20,514] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 09:17:44,980] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397464.9405677, 'message': 'Dec  7 09:17:44 hqnl0246134 sshd[307257]: Invalid user nexus from 165.22.220.5 port 59696', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0376 seconds
INFO    [2022-12-07 09:17:45,005] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397464.941234, 'message': 'Dec  7 09:17:44 hqnl0246134 sshd[307257]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 09:17:45,024] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397464.9415054, 'message': 'Dec  7 09:17:44 hqnl0246134 sshd[307257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:17:46,975] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397466.9429698, 'message': 'Dec  7 09:17:46 hqnl0246134 sshd[307257]: Failed password for invalid user nexus from 165.22.220.5 port 59696 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 09:17:49,554] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:17:49,555] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:17:49,563] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:17:49,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
WARNING [2022-12-07 09:17:52,760] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:17:52,761] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:18:13,964] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:18:13,988] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-07 09:18:15,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397494.9961371, 'message': 'Dec  7 09:18:14 hqnl0246134 sshd[307287]: Invalid user nginx from 165.22.220.5 port 53938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 09:18:15,035] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397494.9964092, 'message': 'Dec  7 09:18:14 hqnl0246134 sshd[307287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:18:15,054] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397494.996577, 'message': 'Dec  7 09:18:14 hqnl0246134 sshd[307287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:18:17,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397496.9975955, 'message': 'Dec  7 09:18:16 hqnl0246134 sshd[307287]: Failed password for invalid user nginx from 165.22.220.5 port 53938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 09:18:17,958] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:18:17,958] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:18:17,968] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:18:17,980] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 09:18:20,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:18:20,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:18:20,765] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:18:20,778] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 09:18:45,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397525.063276, 'message': 'Dec  7 09:18:43 hqnl0246134 sshd[307315]: Invalid user nginx from 165.22.220.5 port 48180', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 09:18:45,109] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397525.063747, 'message': 'Dec  7 09:18:44 hqnl0246134 sshd[307315]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:18:45,128] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397525.0639174, 'message': 'Dec  7 09:18:44 hqnl0246134 sshd[307315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:18:47,084] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397527.064448, 'message': 'Dec  7 09:18:46 hqnl0246134 sshd[307315]: Failed password for invalid user nginx from 165.22.220.5 port 48180 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 09:18:52,765] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:18:52,766] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:19:13,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:19:14,011] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0526 seconds
INFO    [2022-12-07 09:19:15,138] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397555.1153433, 'message': 'Dec  7 09:19:13 hqnl0246134 sshd[307341]: Invalid user nginx from 165.22.220.5 port 42422', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 09:19:15,157] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397555.115761, 'message': 'Dec  7 09:19:13 hqnl0246134 sshd[307341]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:19:15,175] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397555.1160328, 'message': 'Dec  7 09:19:13 hqnl0246134 sshd[307341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:19:17,135] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397557.1159396, 'message': 'Dec  7 09:19:15 hqnl0246134 sshd[307341]: Failed password for invalid user nginx from 165.22.220.5 port 42422 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:19:17,992] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:19:17,993] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:19:18,000] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:19:18,018] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-07 09:19:20,783] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:19:20,783] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:19:20,791] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:19:20,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 09:19:43,177] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397583.151177, 'message': 'Dec  7 09:19:42 hqnl0246134 sshd[307368]: Invalid user nvidia from 165.22.220.5 port 36664', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
INFO    [2022-12-07 09:19:43,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397583.1516695, 'message': 'Dec  7 09:19:43 hqnl0246134 sshd[307368]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 09:19:43,225] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397583.1518397, 'message': 'Dec  7 09:19:43 hqnl0246134 sshd[307368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:19:45,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397585.1520472, 'message': 'Dec  7 09:19:45 hqnl0246134 sshd[307368]: Failed password for invalid user nvidia from 165.22.220.5 port 36664 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 09:19:48,766] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:19:48,767] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:19:48,776] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:19:48,787] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 09:19:52,769] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:19:52,770] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:20:13,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397613.195317, 'message': 'Dec  7 09:20:12 hqnl0246134 sshd[307420]: Invalid user odoo from 165.22.220.5 port 59138', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 09:20:13,237] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397613.19585, 'message': 'Dec  7 09:20:12 hqnl0246134 sshd[307420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:20:13,255] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397613.1960077, 'message': 'Dec  7 09:20:12 hqnl0246134 sshd[307420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-07 09:20:13,979] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:20:14,009] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0450 seconds
INFO    [2022-12-07 09:20:15,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397615.2000632, 'message': 'Dec  7 09:20:14 hqnl0246134 sshd[307420]: Failed password for invalid user odoo from 165.22.220.5 port 59138 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 09:20:18,034] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:20:18,034] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:20:18,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:20:18,067] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0318 seconds
INFO    [2022-12-07 09:20:21,045] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:20:21,045] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:20:21,057] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:20:21,078] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0323 seconds
INFO    [2022-12-07 09:20:37,046] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:20:37,133] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:20:37,134] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:20:37,135] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:20:37,135] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:20:37,136] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:20:37,156] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:20:37,183] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0456 seconds
WARNING [2022-12-07 09:20:37,191] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:20:37,193] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:20:37,211] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0358 seconds
INFO    [2022-12-07 09:20:37,212] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0320 seconds
INFO    [2022-12-07 09:20:43,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397643.2380328, 'message': 'Dec  7 09:20:42 hqnl0246134 sshd[307449]: Invalid user odoo from 165.22.220.5 port 53380', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:20:43,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397643.238547, 'message': 'Dec  7 09:20:42 hqnl0246134 sshd[307449]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:20:43,293] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397643.238704, 'message': 'Dec  7 09:20:42 hqnl0246134 sshd[307449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 09:20:45,258] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397645.239924, 'message': 'Dec  7 09:20:44 hqnl0246134 sshd[307449]: Failed password for invalid user odoo from 165.22.220.5 port 53380 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 09:20:52,772] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:20:52,773] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:21:07,267] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:21:07,268] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:21:07,270] im360.plugins.client360: Waiting 3 minutes before retry...
INFO    [2022-12-07 09:21:13,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397673.283037, 'message': 'Dec  7 09:21:12 hqnl0246134 sshd[307484]: Invalid user oracle from 165.22.220.5 port 47622', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 09:21:13,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397673.2835777, 'message': 'Dec  7 09:21:12 hqnl0246134 sshd[307484]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 09:21:13,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397673.2837708, 'message': 'Dec  7 09:21:12 hqnl0246134 sshd[307484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-07 09:21:13,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:21:14,010] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0398 seconds
INFO    [2022-12-07 09:21:15,311] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397675.2914963, 'message': 'Dec  7 09:21:14 hqnl0246134 sshd[307484]: Failed password for invalid user oracle from 165.22.220.5 port 47622 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:21:19,789] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:21:19,789] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:21:19,797] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:21:19,809] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 09:21:20,220] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:21:20,221] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:21:20,230] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:21:20,242] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0212 seconds
INFO    [2022-12-07 09:21:23,050] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:21:23,051] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:21:23,063] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:21:23,086] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0335 seconds
INFO    [2022-12-07 09:21:43,361] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397703.333176, 'message': 'Dec  7 09:21:41 hqnl0246134 sshd[307513]: Invalid user oracle from 165.22.220.5 port 41864', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 09:21:43,383] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397703.333864, 'message': 'Dec  7 09:21:41 hqnl0246134 sshd[307513]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:21:43,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397703.3340583, 'message': 'Dec  7 09:21:41 hqnl0246134 sshd[307513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:21:45,355] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397705.334853, 'message': 'Dec  7 09:21:44 hqnl0246134 sshd[307513]: Failed password for invalid user oracle from 165.22.220.5 port 41864 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 09:21:52,777] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:21:52,778] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:21:54,358] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 09:22:13,414] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397733.3837097, 'message': 'Dec  7 09:22:11 hqnl0246134 sshd[307547]: Invalid user oracle from 165.22.220.5 port 36106', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 09:22:13,438] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397733.384237, 'message': 'Dec  7 09:22:11 hqnl0246134 sshd[307547]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:22:13,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397733.3845403, 'message': 'Dec  7 09:22:11 hqnl0246134 sshd[307547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 09:22:13,983] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:22:14,007] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 09:22:15,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397735.382774, 'message': 'Dec  7 09:22:14 hqnl0246134 sshd[307547]: Failed password for invalid user oracle from 165.22.220.5 port 36106 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 09:22:18,096] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:22:18,097] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:22:18,106] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:22:18,119] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 09:22:21,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:22:21,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:22:21,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:22:21,027] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 09:22:41,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397761.4221597, 'message': 'Dec  7 09:22:41 hqnl0246134 sshd[307573]: Invalid user oracle from 165.22.220.5 port 58580', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 09:22:41,477] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397761.4230733, 'message': 'Dec  7 09:22:41 hqnl0246134 sshd[307573]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 09:22:41,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397761.4232628, 'message': 'Dec  7 09:22:41 hqnl0246134 sshd[307573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:22:45,449] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397765.4252222, 'message': 'Dec  7 09:22:43 hqnl0246134 sshd[307573]: Failed password for invalid user oracle from 165.22.220.5 port 58580 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
WARNING [2022-12-07 09:22:52,780] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:22:52,781] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:23:11,489] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397791.4645317, 'message': 'Dec  7 09:23:10 hqnl0246134 sshd[307598]: Invalid user oracle from 165.22.220.5 port 52822', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 09:23:11,508] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397791.4649708, 'message': 'Dec  7 09:23:10 hqnl0246134 sshd[307598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:23:11,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397791.465145, 'message': 'Dec  7 09:23:10 hqnl0246134 sshd[307598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:23:13,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397793.4695432, 'message': 'Dec  7 09:23:12 hqnl0246134 sshd[307598]: Failed password for invalid user oracle from 165.22.220.5 port 52822 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-07 09:23:13,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:23:14,011] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0255 seconds
INFO    [2022-12-07 09:23:16,871] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:23:16,872] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:23:16,880] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:23:16,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 09:23:18,100] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:23:18,101] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:23:18,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:23:18,118] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 09:23:20,644] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:23:20,645] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:23:20,652] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:23:20,663] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 09:23:41,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397821.5171654, 'message': 'Dec  7 09:23:39 hqnl0246134 sshd[307627]: Invalid user oracle from 165.22.220.5 port 47064', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 09:23:41,563] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397821.5177243, 'message': 'Dec  7 09:23:39 hqnl0246134 sshd[307627]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:23:41,582] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397821.5178957, 'message': 'Dec  7 09:23:39 hqnl0246134 sshd[307627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:23:43,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397823.517729, 'message': 'Dec  7 09:23:41 hqnl0246134 sshd[307627]: Failed password for invalid user oracle from 165.22.220.5 port 47064 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
WARNING [2022-12-07 09:23:52,787] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:23:52,788] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:23:55,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670397835.5470362, 'message': 'Dec  7 09:23:53 hqnl0246134 sshd[307630]: Invalid user chris from 102.216.205.21 port 46369', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:23:55,586] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.216.205.21', 'timestamp': 1670397835.5472312, 'message': 'Dec  7 09:23:54 hqnl0246134 sshd[307630]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.216.205.21 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:23:55,604] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.216.205.21', 'timestamp': 1670397835.547369, 'message': 'Dec  7 09:23:54 hqnl0246134 sshd[307630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.216.205.21 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:23:57,571] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670397837.5504627, 'message': 'Dec  7 09:23:56 hqnl0246134 sshd[307630]: Failed password for invalid user chris from 102.216.205.21 port 46369 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 09:23:57,590] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670397837.5507548, 'message': 'Dec  7 09:23:57 hqnl0246134 sshd[307630]: Disconnected from invalid user chris 102.216.205.21 port 46369 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:24:09,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397849.5665376, 'message': 'Dec  7 09:24:09 hqnl0246134 sshd[307651]: Invalid user oracle from 165.22.220.5 port 41306', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 09:24:11,605] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397851.5730016, 'message': 'Dec  7 09:24:09 hqnl0246134 sshd[307651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 09:24:11,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397851.5732324, 'message': 'Dec  7 09:24:09 hqnl0246134 sshd[307651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 09:24:11,661] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397851.5734057, 'message': 'Dec  7 09:24:11 hqnl0246134 sshd[307651]: Failed password for invalid user oracle from 165.22.220.5 port 41306 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
WARNING [2022-12-07 09:24:13,999] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:24:14,022] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-07 09:24:17,775] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:24:17,775] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:24:17,783] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:24:17,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:24:19,105] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:24:19,174] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:24:19,174] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:24:19,175] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:24:19,175] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:24:19,175] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:24:19,189] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:24:19,208] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0320 seconds
WARNING [2022-12-07 09:24:19,215] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:24:19,218] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:24:19,236] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0334 seconds
INFO    [2022-12-07 09:24:19,238] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0319 seconds
INFO    [2022-12-07 09:24:20,495] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:24:20,496] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:24:20,503] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:24:20,514] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 09:24:39,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397879.6351888, 'message': 'Dec  7 09:24:39 hqnl0246134 sshd[307680]: Invalid user oracle from 165.22.220.5 port 35548', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0262 seconds
INFO    [2022-12-07 09:24:39,685] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397879.6359043, 'message': 'Dec  7 09:24:39 hqnl0246134 sshd[307680]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:24:39,704] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397879.6361344, 'message': 'Dec  7 09:24:39 hqnl0246134 sshd[307680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:24:41,662] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397881.640745, 'message': 'Dec  7 09:24:41 hqnl0246134 sshd[307680]: Failed password for invalid user oracle from 165.22.220.5 port 35548 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 09:24:49,305] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:24:49,306] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:24:49,307] im360.plugins.client360: Waiting 3 minutes before retry...
WARNING [2022-12-07 09:24:52,791] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:24:52,791] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:25:09,724] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397909.6991441, 'message': 'Dec  7 09:25:09 hqnl0246134 sshd[307717]: Invalid user oscar from 165.22.220.5 port 58022', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 09:25:09,743] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397909.699585, 'message': 'Dec  7 09:25:09 hqnl0246134 sshd[307717]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:25:09,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397909.6997435, 'message': 'Dec  7 09:25:09 hqnl0246134 sshd[307717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:25:11,729] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397911.7027256, 'message': 'Dec  7 09:25:11 hqnl0246134 sshd[307717]: Failed password for invalid user oscar from 165.22.220.5 port 58022 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
WARNING [2022-12-07 09:25:14,004] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:25:14,026] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0328 seconds
INFO    [2022-12-07 09:25:14,281] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:25:14,281] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:25:14,293] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:25:14,312] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0292 seconds
INFO    [2022-12-07 09:25:17,900] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:25:17,901] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:25:17,908] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:25:17,919] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 09:25:20,592] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:25:20,593] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:25:20,600] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:25:20,611] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
INFO    [2022-12-07 09:25:39,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397939.7473378, 'message': 'Dec  7 09:25:39 hqnl0246134 sshd[307753]: Invalid user oscar from 165.22.220.5 port 52264', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 09:25:39,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397939.748447, 'message': 'Dec  7 09:25:39 hqnl0246134 sshd[307753]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:25:39,812] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397939.748715, 'message': 'Dec  7 09:25:39 hqnl0246134 sshd[307753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:25:41,776] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397941.74857, 'message': 'Dec  7 09:25:41 hqnl0246134 sshd[307753]: Failed password for invalid user oscar from 165.22.220.5 port 52264 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
WARNING [2022-12-07 09:25:52,796] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:25:52,797] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:26:09,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397969.8148696, 'message': 'Dec  7 09:26:09 hqnl0246134 sshd[307776]: Invalid user oscar from 165.22.220.5 port 46506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 09:26:09,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397969.8153381, 'message': 'Dec  7 09:26:09 hqnl0246134 sshd[307776]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 09:26:09,892] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397969.815534, 'message': 'Dec  7 09:26:09 hqnl0246134 sshd[307776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:26:11,834] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397971.8161478, 'message': 'Dec  7 09:26:11 hqnl0246134 sshd[307776]: Failed password for invalid user oscar from 165.22.220.5 port 46506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 09:26:14,014] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:26:14,033] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0319 seconds
INFO    [2022-12-07 09:26:17,992] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:26:17,993] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:26:18,001] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:26:18,012] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 09:26:20,619] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:26:20,620] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:26:20,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:26:20,639] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 09:26:39,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397999.8893147, 'message': 'Dec  7 09:26:39 hqnl0246134 sshd[307804]: Invalid user postgres from 165.22.220.5 port 40750', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:26:39,932] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397999.8898675, 'message': 'Dec  7 09:26:39 hqnl0246134 sshd[307804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:26:39,950] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670397999.8900402, 'message': 'Dec  7 09:26:39 hqnl0246134 sshd[307804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:26:43,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398003.8934395, 'message': 'Dec  7 09:26:41 hqnl0246134 sshd[307804]: Failed password for invalid user postgres from 165.22.220.5 port 40750 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 09:26:46,451] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:26:46,452] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:26:46,460] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:26:46,473] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-07 09:26:52,801] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:26:52,802] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:26:59,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398019.9223654, 'message': 'Dec  7 09:26:59 hqnl0246134 sshd[307817]: Invalid user ts3 from 43.157.3.188 port 36454', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 09:27:01,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398021.9257371, 'message': 'Dec  7 09:27:00 hqnl0246134 sshd[307817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.3.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0421 seconds
INFO    [2022-12-07 09:27:01,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398021.9262931, 'message': 'Dec  7 09:27:00 hqnl0246134 sshd[307817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.3.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 09:27:02,029] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398021.9265554, 'message': 'Dec  7 09:27:01 hqnl0246134 sshd[307817]: Failed password for invalid user ts3 from 43.157.3.188 port 36454 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 09:27:02,074] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398021.9267848, 'message': 'Dec  7 09:27:01 hqnl0246134 sshd[307817]: Disconnected from invalid user ts3 43.157.3.188 port 36454 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0441 seconds
INFO    [2022-12-07 09:27:09,962] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398029.9363256, 'message': 'Dec  7 09:27:09 hqnl0246134 sshd[307835]: Invalid user postgres from 165.22.220.5 port 34992', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0252 seconds
INFO    [2022-12-07 09:27:09,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398029.936721, 'message': 'Dec  7 09:27:09 hqnl0246134 sshd[307835]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 09:27:10,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398029.936864, 'message': 'Dec  7 09:27:09 hqnl0246134 sshd[307835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:27:11,953] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398031.932786, 'message': 'Dec  7 09:27:11 hqnl0246134 sshd[307835]: Failed password for invalid user postgres from 165.22.220.5 port 34992 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 09:27:14,012] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:27:14,046] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0430 seconds
INFO    [2022-12-07 09:27:18,806] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:27:18,807] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:27:18,822] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:27:18,841] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0322 seconds
INFO    [2022-12-07 09:27:21,597] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:27:21,597] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:27:21,604] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:27:21,616] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 09:27:40,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398059.9846945, 'message': 'Dec  7 09:27:38 hqnl0246134 sshd[307871]: Invalid user postgres from 165.22.220.5 port 57470', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0422 seconds
INFO    [2022-12-07 09:27:40,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398059.9858491, 'message': 'Dec  7 09:27:38 hqnl0246134 sshd[307871]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 09:27:40,088] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398059.9861448, 'message': 'Dec  7 09:27:38 hqnl0246134 sshd[307871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 09:27:42,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398061.984683, 'message': 'Dec  7 09:27:41 hqnl0246134 sshd[307871]: Failed password for invalid user postgres from 165.22.220.5 port 57470 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 09:27:52,805] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:27:52,807] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:28:10,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398090.044796, 'message': 'Dec  7 09:28:08 hqnl0246134 sshd[307895]: Invalid user postgres from 165.22.220.5 port 51714', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 09:28:10,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398090.0452275, 'message': 'Dec  7 09:28:08 hqnl0246134 sshd[307895]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:28:10,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398090.0454473, 'message': 'Dec  7 09:28:08 hqnl0246134 sshd[307895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:28:12,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398092.0484343, 'message': 'Dec  7 09:28:11 hqnl0246134 sshd[307895]: Failed password for invalid user postgres from 165.22.220.5 port 51714 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
WARNING [2022-12-07 09:28:14,015] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:28:14,033] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0268 seconds
INFO    [2022-12-07 09:28:17,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:28:17,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:28:17,870] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:28:17,882] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0206 seconds
INFO    [2022-12-07 09:28:18,116] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:28:18,117] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:28:18,124] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:28:18,137] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 09:28:20,995] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:28:20,996] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:28:21,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:28:21,020] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 09:28:30,198] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:28:30,271] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:28:30,271] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:28:30,272] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:28:30,272] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:28:30,272] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:28:30,284] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:28:30,301] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0280 seconds
WARNING [2022-12-07 09:28:30,309] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:28:30,311] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:28:30,328] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0325 seconds
INFO    [2022-12-07 09:28:30,329] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0304 seconds
INFO    [2022-12-07 09:28:38,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398118.080627, 'message': 'Dec  7 09:28:37 hqnl0246134 sshd[307927]: Invalid user plex from 165.22.220.5 port 45958', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 09:28:40,108] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398120.0819318, 'message': 'Dec  7 09:28:38 hqnl0246134 sshd[307927]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 09:28:40,146] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398120.0822685, 'message': 'Dec  7 09:28:38 hqnl0246134 sshd[307927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 09:28:42,114] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398122.0822778, 'message': 'Dec  7 09:28:40 hqnl0246134 sshd[307927]: Failed password for invalid user plex from 165.22.220.5 port 45958 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
WARNING [2022-12-07 09:28:52,810] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:28:52,811] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:29:00,402] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:29:00,403] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:29:00,404] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 09:29:08,158] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398148.126765, 'message': 'Dec  7 09:29:07 hqnl0246134 sshd[307950]: Invalid user rancher from 165.22.220.5 port 40204', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:29:08,192] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398148.1275353, 'message': 'Dec  7 09:29:07 hqnl0246134 sshd[307950]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 09:29:08,224] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398148.133698, 'message': 'Dec  7 09:29:07 hqnl0246134 sshd[307950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 09:29:12,148] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398152.126752, 'message': 'Dec  7 09:29:10 hqnl0246134 sshd[307950]: Failed password for invalid user rancher from 165.22.220.5 port 40204 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 09:29:17,198] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:29:17,321] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 3.3108 seconds
INFO    [2022-12-07 09:29:21,569] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:29:21,570] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:29:21,577] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:29:21,589] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 09:29:24,330] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:29:24,331] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:29:24,338] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:29:24,349] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 09:29:38,183] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398178.1584785, 'message': 'Dec  7 09:29:37 hqnl0246134 sshd[307992]: Invalid user rancher from 165.22.220.5 port 34448', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 09:29:38,202] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398178.1590722, 'message': 'Dec  7 09:29:37 hqnl0246134 sshd[307992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:29:38,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398178.1592937, 'message': 'Dec  7 09:29:37 hqnl0246134 sshd[307992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 09:29:40,186] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398180.1606586, 'message': 'Dec  7 09:29:39 hqnl0246134 sshd[307992]: Failed password for invalid user rancher from 165.22.220.5 port 34448 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
WARNING [2022-12-07 09:29:52,815] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:29:52,816] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:29:58,206] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398198.186815, 'message': 'Dec  7 09:29:57 hqnl0246134 sshd[307996]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.216.205.21 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:29:58,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398198.1888123, 'message': 'Dec  7 09:29:57 hqnl0246134 sshd[307996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.216.205.21  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:30:00,208] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398200.1907463, 'message': 'Dec  7 09:30:00 hqnl0246134 sshd[307996]: Failed password for root from 102.216.205.21 port 49933 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:30:05,462] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:30:05,463] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:30:05,470] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:30:05,482] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 09:30:08,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398208.2005188, 'message': 'Dec  7 09:30:08 hqnl0246134 sshd[308035]: Invalid user ranger from 165.22.220.5 port 56924', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:30:08,240] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398208.200845, 'message': 'Dec  7 09:30:08 hqnl0246134 sshd[308035]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:30:08,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398208.201024, 'message': 'Dec  7 09:30:08 hqnl0246134 sshd[308035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:30:10,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398210.2026985, 'message': 'Dec  7 09:30:10 hqnl0246134 sshd[308035]: Failed password for invalid user ranger from 165.22.220.5 port 56924 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 09:30:14,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:30:14,075] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0624 seconds
INFO    [2022-12-07 09:30:17,955] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:30:17,956] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:30:17,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:30:17,976] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 09:30:22,413] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:30:22,414] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:30:22,422] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:30:22,433] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 09:30:35,645] defence360agent.files: Updating all files
INFO    [2022-12-07 09:30:35,937] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:35,938] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 09:30:36,233] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:36,234] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 09:30:36,558] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:36,558] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 09:30:36,832] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:36,832] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 09:30:36,832] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 09:30:37,094] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 07:30:37 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E7258B16EEA90'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 09:30:37,096] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 09:30:37,097] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 09:30:37,626] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:37,626] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 09:30:37,885] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:37,886] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 09:30:38,154] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:38,155] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 09:30:38,559] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:38,560] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 09:30:38,939] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 09:30:38,941] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 09:30:40,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398240.2438042, 'message': 'Dec  7 09:30:38 hqnl0246134 sshd[308073]: Invalid user ranger from 165.22.220.5 port 51168', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 09:30:40,296] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398240.244489, 'message': 'Dec  7 09:30:38 hqnl0246134 sshd[308073]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 09:30:40,326] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398240.2446785, 'message': 'Dec  7 09:30:38 hqnl0246134 sshd[308073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 09:30:42,261] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398242.2431703, 'message': 'Dec  7 09:30:40 hqnl0246134 sshd[308073]: Failed password for invalid user ranger from 165.22.220.5 port 51168 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 09:30:52,819] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:30:52,819] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:31:10,322] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398270.298007, 'message': 'Dec  7 09:31:08 hqnl0246134 sshd[308095]: Invalid user satisfactory from 165.22.220.5 port 45412', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 09:31:10,341] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398270.2985582, 'message': 'Dec  7 09:31:08 hqnl0246134 sshd[308095]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:31:10,358] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398270.2987216, 'message': 'Dec  7 09:31:08 hqnl0246134 sshd[308095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:31:12,345] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398272.2976735, 'message': 'Dec  7 09:31:10 hqnl0246134 sshd[308095]: Failed password for invalid user satisfactory from 165.22.220.5 port 45412 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0473 seconds
WARNING [2022-12-07 09:31:14,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:31:14,066] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0498 seconds
INFO    [2022-12-07 09:31:14,533] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:31:14,534] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:31:14,541] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:31:14,552] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 09:31:17,948] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:31:17,949] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:31:17,956] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:31:17,967] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 09:31:20,566] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:31:20,566] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:31:20,574] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:31:20,586] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:31:40,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398300.3406677, 'message': 'Dec  7 09:31:38 hqnl0246134 sshd[308129]: Invalid user satisfactory from 165.22.220.5 port 39656', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 09:31:40,400] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398300.3414643, 'message': 'Dec  7 09:31:38 hqnl0246134 sshd[308129]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 09:31:40,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398300.341761, 'message': 'Dec  7 09:31:38 hqnl0246134 sshd[308129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 09:31:42,366] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398302.341626, 'message': 'Dec  7 09:31:40 hqnl0246134 sshd[308129]: Failed password for invalid user satisfactory from 165.22.220.5 port 39656 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:31:52,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398312.3530595, 'message': 'Dec  7 09:31:51 hqnl0246134 sshd[308139]: Invalid user john from 102.216.205.21 port 33773', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 09:31:52,407] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398312.3533323, 'message': 'Dec  7 09:31:51 hqnl0246134 sshd[308139]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.216.205.21 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 09:31:52,431] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398312.3535106, 'message': 'Dec  7 09:31:51 hqnl0246134 sshd[308139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.216.205.21 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-07 09:31:52,822] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:31:52,823] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:31:54,359] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 09:31:54,380] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398314.3549473, 'message': 'Dec  7 09:31:53 hqnl0246134 sshd[308139]: Failed password for invalid user john from 102.216.205.21 port 33773 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 09:31:56,376] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398316.3577318, 'message': 'Dec  7 09:31:55 hqnl0246134 sshd[308139]: Disconnected from invalid user john 102.216.205.21 port 33773 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:32:08,411] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398328.3706224, 'message': 'Dec  7 09:32:08 hqnl0246134 sshd[308159]: Invalid user satisfactory from 165.22.220.5 port 33900', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0395 seconds
INFO    [2022-12-07 09:32:10,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398330.3729105, 'message': 'Dec  7 09:32:08 hqnl0246134 sshd[308159]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0224 seconds
INFO    [2022-12-07 09:32:10,415] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398330.3733165, 'message': 'Dec  7 09:32:08 hqnl0246134 sshd[308159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:32:12,427] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398332.3747556, 'message': 'Dec  7 09:32:10 hqnl0246134 sshd[308159]: Failed password for invalid user satisfactory from 165.22.220.5 port 33900 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0514 seconds
INFO    [2022-12-07 09:32:12,428] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398332.37511, 'message': 'Dec  7 09:32:10 hqnl0246134 sshd[308169]: Invalid user test from 137.184.129.218 port 33302', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0517 seconds
INFO    [2022-12-07 09:32:12,460] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398332.3752859, 'message': 'Dec  7 09:32:11 hqnl0246134 sshd[308169]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.129.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 09:32:12,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398332.375493, 'message': 'Dec  7 09:32:11 hqnl0246134 sshd[308169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.129.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
WARNING [2022-12-07 09:32:14,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:32:14,083] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0642 seconds
INFO    [2022-12-07 09:32:14,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398334.3762848, 'message': 'Dec  7 09:32:12 hqnl0246134 sshd[308169]: Failed password for invalid user test from 137.184.129.218 port 33302 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0667 seconds
INFO    [2022-12-07 09:32:14,505] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398334.3765686, 'message': 'Dec  7 09:32:13 hqnl0246134 sshd[308169]: Disconnected from invalid user test 137.184.129.218 port 33302 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0523 seconds
INFO    [2022-12-07 09:32:18,461] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:32:18,462] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:32:18,469] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:32:18,481] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 09:32:21,206] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:32:21,206] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:32:21,214] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:32:21,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 09:32:38,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398358.4094825, 'message': 'Dec  7 09:32:37 hqnl0246134 sshd[308191]: Invalid user sonar from 165.22.220.5 port 56376', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0708 seconds
INFO    [2022-12-07 09:32:38,559] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398358.4103045, 'message': 'Dec  7 09:32:37 hqnl0246134 sshd[308191]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0754 seconds
INFO    [2022-12-07 09:32:38,625] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398358.410605, 'message': 'Dec  7 09:32:37 hqnl0246134 sshd[308191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0654 seconds
INFO    [2022-12-07 09:32:40,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398360.409952, 'message': 'Dec  7 09:32:39 hqnl0246134 sshd[308191]: Failed password for invalid user sonar from 165.22.220.5 port 56376 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:32:44,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:32:44,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:32:44,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:32:44,175] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 09:32:52,826] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:32:52,827] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:33:08,478] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398388.4446115, 'message': 'Dec  7 09:33:07 hqnl0246134 sshd[308220]: Invalid user sonar from 165.22.220.5 port 50620', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 09:33:08,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398388.4452207, 'message': 'Dec  7 09:33:07 hqnl0246134 sshd[308220]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:33:08,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398388.445451, 'message': 'Dec  7 09:33:07 hqnl0246134 sshd[308220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 09:33:10,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398390.4458606, 'message': 'Dec  7 09:33:09 hqnl0246134 sshd[308220]: Failed password for invalid user sonar from 165.22.220.5 port 50620 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 09:33:14,033] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:33:14,054] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0318 seconds
INFO    [2022-12-07 09:33:17,860] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:33:17,861] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:33:17,868] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:33:17,879] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 09:33:20,959] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:33:20,959] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:33:20,977] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:33:21,002] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0374 seconds
INFO    [2022-12-07 09:33:24,366] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:33:24,427] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:33:24,428] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:33:24,428] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:33:24,428] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:33:24,429] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:33:24,439] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:33:24,454] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0251 seconds
WARNING [2022-12-07 09:33:24,461] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:33:24,463] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:33:24,480] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0312 seconds
INFO    [2022-12-07 09:33:24,481] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0292 seconds
INFO    [2022-12-07 09:33:38,498] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398418.4730384, 'message': 'Dec  7 09:33:37 hqnl0246134 sshd[308245]: Invalid user sonar from 165.22.220.5 port 44864', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 09:33:38,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398418.4734461, 'message': 'Dec  7 09:33:37 hqnl0246134 sshd[308245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:33:38,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398418.4736397, 'message': 'Dec  7 09:33:37 hqnl0246134 sshd[308245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:33:40,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398420.4735148, 'message': 'Dec  7 09:33:39 hqnl0246134 sshd[308245]: Failed password for invalid user sonar from 165.22.220.5 port 44864 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 09:33:48,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398428.488722, 'message': 'Dec  7 09:33:46 hqnl0246134 sshd[308256]: Invalid user zabbix from 102.216.205.21 port 45843', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 09:33:48,527] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398428.4890082, 'message': 'Dec  7 09:33:46 hqnl0246134 sshd[308256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 102.216.205.21 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:33:48,549] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398428.4891374, 'message': 'Dec  7 09:33:46 hqnl0246134 sshd[308256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.216.205.21 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 09:33:48,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398428.489264, 'message': 'Dec  7 09:33:48 hqnl0246134 sshd[308256]: Failed password for invalid user zabbix from 102.216.205.21 port 45843 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:33:50,509] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '102.216.205.21', 'timestamp': 1670398430.4915283, 'message': 'Dec  7 09:33:49 hqnl0246134 sshd[308256]: Disconnected from invalid user zabbix 102.216.205.21 port 45843 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
WARNING [2022-12-07 09:33:52,830] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:33:52,831] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:33:54,555] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:33:54,555] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:33:54,556] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 09:34:04,529] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398444.5092454, 'message': 'Dec  7 09:34:02 hqnl0246134 sshd[308268]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.225.146.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:34:04,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398444.5096228, 'message': 'Dec  7 09:34:02 hqnl0246134 sshd[308268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.225.146.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:34:06,531] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398446.5109, 'message': 'Dec  7 09:34:05 hqnl0246134 sshd[308268]: Failed password for root from 104.225.146.77 port 55682 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:34:08,545] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398448.513303, 'message': 'Dec  7 09:34:07 hqnl0246134 sshd[308272]: Invalid user sftp from 165.22.220.5 port 39108', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:34:08,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398448.513905, 'message': 'Dec  7 09:34:07 hqnl0246134 sshd[308272]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0320 seconds
INFO    [2022-12-07 09:34:08,600] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398448.5140615, 'message': 'Dec  7 09:34:07 hqnl0246134 sshd[308272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
INFO    [2022-12-07 09:34:10,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398450.514443, 'message': 'Dec  7 09:34:09 hqnl0246134 sshd[308272]: Failed password for invalid user sftp from 165.22.220.5 port 39108 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
WARNING [2022-12-07 09:34:14,042] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:34:14,094] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0676 seconds
INFO    [2022-12-07 09:34:14,489] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:34:14,490] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:34:14,497] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:34:14,509] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 09:34:17,780] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:34:17,780] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:34:17,788] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:34:17,801] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:34:18,544] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398458.522208, 'message': 'Dec  7 09:34:17 hqnl0246134 sshd[308294]: Invalid user xl from 43.157.3.188 port 39034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:34:18,569] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398458.5225382, 'message': 'Dec  7 09:34:17 hqnl0246134 sshd[308294]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.3.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 09:34:18,587] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398458.5227234, 'message': 'Dec  7 09:34:17 hqnl0246134 sshd[308294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.3.188 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:34:20,335] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:34:20,336] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:34:20,343] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:34:20,357] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 09:34:20,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398460.52412, 'message': 'Dec  7 09:34:19 hqnl0246134 sshd[308294]: Failed password for invalid user xl from 43.157.3.188 port 39034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:34:20,566] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398460.524424, 'message': 'Dec  7 09:34:20 hqnl0246134 sshd[308294]: Disconnected from invalid user xl 43.157.3.188 port 39034 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 09:34:38,592] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398478.550483, 'message': 'Dec  7 09:34:36 hqnl0246134 sshd[308304]: Invalid user steam from 165.22.220.5 port 33352', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0392 seconds
INFO    [2022-12-07 09:34:38,618] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398478.5512354, 'message': 'Dec  7 09:34:37 hqnl0246134 sshd[308304]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:34:38,636] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398478.5521595, 'message': 'Dec  7 09:34:37 hqnl0246134 sshd[308304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:34:40,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398480.5507362, 'message': 'Dec  7 09:34:39 hqnl0246134 sshd[308304]: Failed password for invalid user steam from 165.22.220.5 port 33352 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
WARNING [2022-12-07 09:34:52,834] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:34:52,836] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:35:08,611] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398508.5859053, 'message': 'Dec  7 09:35:07 hqnl0246134 sshd[308347]: Invalid user steam from 165.22.220.5 port 55828', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0235 seconds
INFO    [2022-12-07 09:35:08,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398508.5866168, 'message': 'Dec  7 09:35:07 hqnl0246134 sshd[308347]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:35:08,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398508.5868824, 'message': 'Dec  7 09:35:07 hqnl0246134 sshd[308347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:35:10,606] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398510.5853376, 'message': 'Dec  7 09:35:08 hqnl0246134 sshd[308347]: Failed password for invalid user steam from 165.22.220.5 port 55828 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
WARNING [2022-12-07 09:35:14,039] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:35:14,060] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-07 09:35:17,939] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:35:17,939] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:35:17,948] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:35:17,961] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 09:35:20,944] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:35:20,945] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:35:20,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:35:20,971] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0248 seconds
INFO    [2022-12-07 09:35:38,684] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398538.6311078, 'message': 'Dec  7 09:35:37 hqnl0246134 sshd[308386]: Invalid user steam from 165.22.220.5 port 50070', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0500 seconds
INFO    [2022-12-07 09:35:38,721] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398538.6319206, 'message': 'Dec  7 09:35:38 hqnl0246134 sshd[308386]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0359 seconds
INFO    [2022-12-07 09:35:38,749] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398538.6324482, 'message': 'Dec  7 09:35:38 hqnl0246134 sshd[308386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0272 seconds
INFO    [2022-12-07 09:35:40,666] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398540.6320965, 'message': 'Dec  7 09:35:40 hqnl0246134 sshd[308386]: Failed password for invalid user steam from 165.22.220.5 port 50070 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 09:35:44,637] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:35:44,638] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:35:44,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:35:44,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 09:35:48,663] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398548.6438966, 'message': 'Dec  7 09:35:47 hqnl0246134 sshd[308413]: Invalid user ldap from 137.184.129.218 port 45308', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:35:48,681] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398548.6441147, 'message': 'Dec  7 09:35:47 hqnl0246134 sshd[308413]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.129.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:35:48,699] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398548.6442745, 'message': 'Dec  7 09:35:47 hqnl0246134 sshd[308413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.129.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:35:50,675] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398550.645979, 'message': 'Dec  7 09:35:49 hqnl0246134 sshd[308413]: Failed password for invalid user ldap from 137.184.129.218 port 45308 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 09:35:50,695] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398550.6462207, 'message': 'Dec  7 09:35:49 hqnl0246134 sshd[308413]: Disconnected from invalid user ldap 137.184.129.218 port 45308 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 09:35:52,840] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:35:52,841] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:36:10,691] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398570.6667862, 'message': 'Dec  7 09:36:08 hqnl0246134 sshd[308426]: Invalid user sftpuser from 165.22.220.5 port 44316', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:36:10,709] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398570.6671991, 'message': 'Dec  7 09:36:08 hqnl0246134 sshd[308426]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 09:36:10,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398570.667357, 'message': 'Dec  7 09:36:08 hqnl0246134 sshd[308426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:36:12,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398572.6697874, 'message': 'Dec  7 09:36:11 hqnl0246134 sshd[308426]: Failed password for invalid user sftpuser from 165.22.220.5 port 44316 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 09:36:14,041] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:36:14,061] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0278 seconds
INFO    [2022-12-07 09:36:17,875] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:36:17,876] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:36:17,884] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:36:17,896] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 09:36:20,500] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:36:20,501] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:36:20,510] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:36:20,522] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 09:36:40,733] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398600.7070909, 'message': 'Dec  7 09:36:39 hqnl0246134 sshd[308453]: Invalid user test from 165.22.220.5 port 38560', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 09:36:40,765] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398600.7078059, 'message': 'Dec  7 09:36:39 hqnl0246134 sshd[308453]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 09:36:40,793] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398600.707971, 'message': 'Dec  7 09:36:39 hqnl0246134 sshd[308453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 09:36:42,741] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398602.7089503, 'message': 'Dec  7 09:36:41 hqnl0246134 sshd[308453]: Failed password for invalid user test from 165.22.220.5 port 38560 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0317 seconds
WARNING [2022-12-07 09:36:52,844] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:36:52,845] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:37:00,745] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398620.7247515, 'message': 'Dec  7 09:37:00 hqnl0246134 sshd[308470]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.3.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:37:00,764] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398620.7251065, 'message': 'Dec  7 09:37:00 hqnl0246134 sshd[308470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.3.188  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:37:02,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398622.7261512, 'message': 'Dec  7 09:37:02 hqnl0246134 sshd[308470]: Failed password for root from 43.157.3.188 port 60968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0275 seconds
INFO    [2022-12-07 09:37:05,194] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:37:05,195] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:37:05,202] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:37:05,219] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 09:37:10,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398630.7353566, 'message': 'Dec  7 09:37:09 hqnl0246134 sshd[308493]: Invalid user test from 165.22.220.5 port 32804', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 09:37:10,786] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398630.7360816, 'message': 'Dec  7 09:37:09 hqnl0246134 sshd[308493]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:37:10,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398630.7364407, 'message': 'Dec  7 09:37:09 hqnl0246134 sshd[308493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:37:12,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398632.7372916, 'message': 'Dec  7 09:37:11 hqnl0246134 sshd[308493]: Failed password for invalid user test from 165.22.220.5 port 32804 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
WARNING [2022-12-07 09:37:14,051] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:37:14,076] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0378 seconds
INFO    [2022-12-07 09:37:18,213] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:37:18,214] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:37:18,221] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:37:18,232] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 09:37:20,914] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:37:20,915] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:37:20,923] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:37:20,936] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 09:37:40,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398660.7808475, 'message': 'Dec  7 09:37:39 hqnl0246134 sshd[308525]: Invalid user test from 165.22.220.5 port 55280', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0475 seconds
INFO    [2022-12-07 09:37:40,852] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398660.7822704, 'message': 'Dec  7 09:37:39 hqnl0246134 sshd[308525]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:37:40,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398660.7826226, 'message': 'Dec  7 09:37:39 hqnl0246134 sshd[308525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:37:42,804] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398662.7807992, 'message': 'Dec  7 09:37:42 hqnl0246134 sshd[308525]: Failed password for invalid user test from 165.22.220.5 port 55280 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
WARNING [2022-12-07 09:37:52,848] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:37:52,849] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:38:10,839] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398690.810162, 'message': 'Dec  7 09:38:10 hqnl0246134 sshd[308550]: Invalid user test from 165.22.220.5 port 49524', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 09:38:10,857] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398690.8107753, 'message': 'Dec  7 09:38:10 hqnl0246134 sshd[308550]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:38:10,877] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398690.8110297, 'message': 'Dec  7 09:38:10 hqnl0246134 sshd[308550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
WARNING [2022-12-07 09:38:14,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:38:14,083] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0409 seconds
INFO    [2022-12-07 09:38:14,832] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398694.8134024, 'message': 'Dec  7 09:38:13 hqnl0246134 sshd[308550]: Failed password for invalid user test from 165.22.220.5 port 49524 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:38:18,514] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:38:18,515] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:38:18,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:38:18,591] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:38:18,592] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:38:18,609] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:38:18,623] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1073 seconds
INFO    [2022-12-07 09:38:18,630] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0373 seconds
INFO    [2022-12-07 09:38:21,382] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:38:21,382] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:38:21,389] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:38:21,400] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 09:38:30,853] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398710.8313894, 'message': 'Dec  7 09:38:30 hqnl0246134 sshd[308572]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.129.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 09:38:30,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398710.8317864, 'message': 'Dec  7 09:38:30 hqnl0246134 sshd[308572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.129.218  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:38:32,864] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398712.8333097, 'message': 'Dec  7 09:38:32 hqnl0246134 sshd[308572]: Failed password for root from 137.184.129.218 port 40852 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 09:38:34,599] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:38:34,673] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:38:34,674] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:38:34,674] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:38:34,675] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:38:34,675] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:38:34,684] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:38:34,702] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0266 seconds
WARNING [2022-12-07 09:38:34,710] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:38:34,712] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:38:34,738] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0426 seconds
INFO    [2022-12-07 09:38:34,740] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0403 seconds
INFO    [2022-12-07 09:38:34,858] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398714.8352911, 'message': 'Dec  7 09:38:34 hqnl0246134 sshd[308576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.225.146.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 09:38:34,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398714.835494, 'message': 'Dec  7 09:38:34 hqnl0246134 sshd[308576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.225.146.77  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:38:36,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398716.8367522, 'message': 'Dec  7 09:38:36 hqnl0246134 sshd[308576]: Failed password for root from 104.225.146.77 port 55306 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:38:42,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398722.8464887, 'message': 'Dec  7 09:38:41 hqnl0246134 sshd[308588]: Invalid user test from 165.22.220.5 port 43766', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:38:42,891] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398722.8469126, 'message': 'Dec  7 09:38:41 hqnl0246134 sshd[308588]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:38:42,912] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398722.8471014, 'message': 'Dec  7 09:38:41 hqnl0246134 sshd[308588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:38:44,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398724.8478308, 'message': 'Dec  7 09:38:43 hqnl0246134 sshd[308588]: Failed password for invalid user test from 165.22.220.5 port 43766 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 09:38:52,851] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:38:52,852] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:39:04,826] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:39:04,827] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:39:04,828] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 09:39:12,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398752.8753312, 'message': 'Dec  7 09:39:11 hqnl0246134 sshd[308739]: Invalid user testuser from 165.22.220.5 port 38010', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0825 seconds
INFO    [2022-12-07 09:39:13,023] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398752.876123, 'message': 'Dec  7 09:39:12 hqnl0246134 sshd[308739]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0623 seconds
INFO    [2022-12-07 09:39:13,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398752.8763828, 'message': 'Dec  7 09:39:12 hqnl0246134 sshd[308739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0351 seconds
WARNING [2022-12-07 09:39:14,053] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:39:14,074] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0288 seconds
INFO    [2022-12-07 09:39:14,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398754.8759344, 'message': 'Dec  7 09:39:13 hqnl0246134 sshd[308739]: Failed password for invalid user testuser from 165.22.220.5 port 38010 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 09:39:17,761] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:39:17,762] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:39:17,772] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:39:17,785] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0218 seconds
INFO    [2022-12-07 09:39:20,473] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:39:20,473] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:39:20,487] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:39:20,499] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-07 09:39:42,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398782.9073987, 'message': 'Dec  7 09:39:42 hqnl0246134 sshd[308769]: Invalid user testuser from 165.22.220.5 port 60486', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0451 seconds
INFO    [2022-12-07 09:39:42,956] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398782.9079976, 'message': 'Dec  7 09:39:42 hqnl0246134 sshd[308771]: pam_imunify(sshd:auth): [IM360_RBL] The IP 43.157.3.188 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0448 seconds
INFO    [2022-12-07 09:39:42,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398782.9084694, 'message': 'Dec  7 09:39:42 hqnl0246134 sshd[308769]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 09:39:42,983] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398782.9082232, 'message': 'Dec  7 09:39:42 hqnl0246134 sshd[308771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.3.188  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0267 seconds
INFO    [2022-12-07 09:39:43,002] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398782.9086814, 'message': 'Dec  7 09:39:42 hqnl0246134 sshd[308769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:39:44,937] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '43.157.3.188', 'timestamp': 1670398784.90557, 'message': 'Dec  7 09:39:44 hqnl0246134 sshd[308771]: Failed password for root from 43.157.3.188 port 39240 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0317 seconds
INFO    [2022-12-07 09:39:44,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398784.9057977, 'message': 'Dec  7 09:39:44 hqnl0246134 sshd[308769]: Failed password for invalid user testuser from 165.22.220.5 port 60486 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0318 seconds
INFO    [2022-12-07 09:39:49,347] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:39:49,348] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:39:49,364] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:39:49,385] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0326 seconds
WARNING [2022-12-07 09:39:52,855] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:39:52,857] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:40:14,061] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:40:14,085] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0356 seconds
INFO    [2022-12-07 09:40:14,957] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398814.934754, 'message': 'Dec  7 09:40:13 hqnl0246134 sshd[308823]: Invalid user tom from 165.22.220.5 port 54732', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 09:40:14,977] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398814.9350102, 'message': 'Dec  7 09:40:13 hqnl0246134 sshd[308823]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:40:14,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398814.9351864, 'message': 'Dec  7 09:40:13 hqnl0246134 sshd[308823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:40:16,960] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398816.9360037, 'message': 'Dec  7 09:40:15 hqnl0246134 sshd[308823]: Failed password for invalid user tom from 165.22.220.5 port 54732 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0236 seconds
INFO    [2022-12-07 09:40:17,910] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:40:17,911] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:40:17,918] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:40:17,930] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 09:40:22,508] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:40:22,508] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:40:22,516] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:40:22,527] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 09:40:47,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398846.9752195, 'message': 'Dec  7 09:40:46 hqnl0246134 sshd[308851]: Invalid user tom from 165.22.220.5 port 48976', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0408 seconds
INFO    [2022-12-07 09:40:47,052] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398846.975805, 'message': 'Dec  7 09:40:46 hqnl0246134 sshd[308851]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 09:40:47,077] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398846.9761095, 'message': 'Dec  7 09:40:46 hqnl0246134 sshd[308851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 09:40:49,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398848.976151, 'message': 'Dec  7 09:40:48 hqnl0246134 sshd[308851]: Failed password for invalid user tom from 165.22.220.5 port 48976 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 09:40:51,095] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:40:51,096] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:40:51,110] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:40:51,126] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0284 seconds
WARNING [2022-12-07 09:40:52,860] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:40:52,861] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:41:13,030] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398873.002623, 'message': 'Dec  7 09:41:11 hqnl0246134 sshd[308882]: Invalid user test1 from 104.225.146.77 port 39870', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0258 seconds
INFO    [2022-12-07 09:41:13,051] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398873.0034163, 'message': 'Dec  7 09:41:11 hqnl0246134 sshd[308882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.225.146.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:41:13,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398873.0037284, 'message': 'Dec  7 09:41:11 hqnl0246134 sshd[308882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.225.146.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0244 seconds
WARNING [2022-12-07 09:41:14,059] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:41:14,080] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0285 seconds
INFO    [2022-12-07 09:41:15,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398875.005071, 'message': 'Dec  7 09:41:13 hqnl0246134 sshd[308882]: Failed password for invalid user test1 from 104.225.146.77 port 39870 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 09:41:15,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670398875.0052564, 'message': 'Dec  7 09:41:15 hqnl0246134 sshd[308882]: Disconnected from invalid user test1 104.225.146.77 port 39870 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 09:41:17,957] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:41:17,957] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:41:17,965] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:41:17,977] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 09:41:19,034] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398879.0137167, 'message': 'Dec  7 09:41:17 hqnl0246134 sshd[308888]: Invalid user tom from 165.22.220.5 port 43220', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:41:19,053] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398879.0139356, 'message': 'Dec  7 09:41:17 hqnl0246134 sshd[308888]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:41:19,070] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398879.0140772, 'message': 'Dec  7 09:41:17 hqnl0246134 sshd[308888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:41:21,041] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398881.018284, 'message': 'Dec  7 09:41:19 hqnl0246134 sshd[308888]: Failed password for invalid user tom from 165.22.220.5 port 43220 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 09:41:22,608] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:41:22,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:41:22,615] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:41:22,626] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0168 seconds
INFO    [2022-12-07 09:41:23,040] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398883.0209115, 'message': 'Dec  7 09:41:21 hqnl0246134 sshd[308896]: Invalid user ubuntu from 137.184.129.218 port 34944', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 09:41:23,059] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398883.0210896, 'message': 'Dec  7 09:41:21 hqnl0246134 sshd[308896]: pam_imunify(sshd:auth): [IM360_RBL] The IP 137.184.129.218 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:41:23,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398883.021205, 'message': 'Dec  7 09:41:21 hqnl0246134 sshd[308896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.129.218 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 09:41:25,142] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398885.1074948, 'message': 'Dec  7 09:41:23 hqnl0246134 sshd[308896]: Failed password for invalid user ubuntu from 137.184.129.218 port 34944 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0342 seconds
INFO    [2022-12-07 09:41:25,162] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '137.184.129.218', 'timestamp': 1670398885.1078584, 'message': 'Dec  7 09:41:24 hqnl0246134 sshd[308896]: Disconnected from invalid user ubuntu 137.184.129.218 port 34944 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:41:49,093] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398909.0591109, 'message': 'Dec  7 09:41:47 hqnl0246134 sshd[308918]: Invalid user tomcat from 165.22.220.5 port 37464', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0325 seconds
INFO    [2022-12-07 09:41:49,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398909.0598223, 'message': 'Dec  7 09:41:48 hqnl0246134 sshd[308918]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 09:41:49,137] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398909.0599923, 'message': 'Dec  7 09:41:48 hqnl0246134 sshd[308918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:41:51,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398911.0604756, 'message': 'Dec  7 09:41:50 hqnl0246134 sshd[308918]: Failed password for invalid user tomcat from 165.22.220.5 port 37464 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0245 seconds
WARNING [2022-12-07 09:41:52,864] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:41:52,865] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:41:54,365] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 09:42:14,068] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:42:14,091] defence360agent.internals.the_sink: SensorIncidentList(<7 item(s)>) processed in 0.0329 seconds
INFO    [2022-12-07 09:42:17,903] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:42:17,904] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:42:17,911] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:42:17,922] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0172 seconds
INFO    [2022-12-07 09:42:19,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398939.1112158, 'message': 'Dec  7 09:42:18 hqnl0246134 sshd[308965]: Invalid user tomcat from 165.22.220.5 port 59940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 09:42:19,152] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398939.1114752, 'message': 'Dec  7 09:42:18 hqnl0246134 sshd[308965]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 09:42:19,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398939.1116476, 'message': 'Dec  7 09:42:18 hqnl0246134 sshd[308965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 09:42:20,575] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:42:20,575] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:42:20,601] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:42:20,630] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0410 seconds
INFO    [2022-12-07 09:42:21,133] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398941.112585, 'message': 'Dec  7 09:42:20 hqnl0246134 sshd[308965]: Failed password for invalid user tomcat from 165.22.220.5 port 59940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:42:22,943] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:42:22,944] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:42:22,952] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:42:22,965] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 09:42:49,176] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398969.1468143, 'message': 'Dec  7 09:42:49 hqnl0246134 sshd[308989]: Invalid user tomcat from 165.22.220.5 port 54184', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0285 seconds
INFO    [2022-12-07 09:42:51,172] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398971.149108, 'message': 'Dec  7 09:42:49 hqnl0246134 sshd[308989]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 09:42:51,199] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398971.1494648, 'message': 'Dec  7 09:42:49 hqnl0246134 sshd[308989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0261 seconds
WARNING [2022-12-07 09:42:52,869] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:42:52,870] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:42:53,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670398973.1509132, 'message': 'Dec  7 09:42:51 hqnl0246134 sshd[308989]: Failed password for invalid user tomcat from 165.22.220.5 port 54184 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0340 seconds
WARNING [2022-12-07 09:43:14,072] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:43:14,092] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0313 seconds
INFO    [2022-12-07 09:43:15,222] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '188.32.176.34', 'timestamp': 1670398995.2000496, 'message': 'Dec  7 09:43:14 hqnl0246134 sshd[309010]: Accepted publickey for root from 188.32.176.34 port 38390 ssh2: RSA SHA256:M5XvbkooZmQvvjfo3fKHU5lbqUaXL4LET3qhCF0FT28', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 09:43:17,846] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:43:17,847] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:43:17,856] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:43:17,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0220 seconds
INFO    [2022-12-07 09:43:20,757] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:43:20,758] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:43:20,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:43:20,788] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-07 09:43:21,226] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399001.2049854, 'message': 'Dec  7 09:43:19 hqnl0246134 sshd[309079]: Invalid user ts from 165.22.220.5 port 48428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 09:43:21,245] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399001.2059264, 'message': 'Dec  7 09:43:19 hqnl0246134 sshd[309079]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:43:21,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399001.2060611, 'message': 'Dec  7 09:43:19 hqnl0246134 sshd[309079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:43:21,282] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399001.2062018, 'message': 'Dec  7 09:43:20 hqnl0246134 sshd[309079]: Failed password for invalid user ts from 165.22.220.5 port 48428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 09:43:49,335] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:43:49,404] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:43:49,405] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:43:49,405] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:43:49,405] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:43:49,406] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:43:49,419] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:43:49,438] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0315 seconds
WARNING [2022-12-07 09:43:49,446] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:43:49,448] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:43:49,465] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0337 seconds
INFO    [2022-12-07 09:43:49,466] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0307 seconds
INFO    [2022-12-07 09:43:51,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399031.2352617, 'message': 'Dec  7 09:43:49 hqnl0246134 sshd[309112]: Invalid user ubuntu from 165.22.220.5 port 42672', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 09:43:51,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399031.2356794, 'message': 'Dec  7 09:43:49 hqnl0246134 sshd[309112]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0273 seconds
INFO    [2022-12-07 09:43:51,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399031.2375207, 'message': 'Dec  7 09:43:49 hqnl0246134 sshd[309112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:43:51,338] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399031.237668, 'message': 'Dec  7 09:43:51 hqnl0246134 sshd[309112]: Failed password for invalid user ubuntu from 165.22.220.5 port 42672 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0231 seconds
WARNING [2022-12-07 09:43:52,876] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:43:52,877] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:44:14,079] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:44:14,120] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0536 seconds
INFO    [2022-12-07 09:44:18,065] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:44:18,065] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:44:18,073] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:44:18,084] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 09:44:19,531] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:44:19,532] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:44:19,534] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 09:44:20,781] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:44:20,781] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:44:20,790] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:44:20,802] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 09:44:21,287] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399061.2686038, 'message': 'Dec  7 09:44:19 hqnl0246134 sshd[309146]: Invalid user ubuntu from 165.22.220.5 port 36916', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:44:21,306] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399061.2688324, 'message': 'Dec  7 09:44:19 hqnl0246134 sshd[309146]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:44:21,323] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399061.2689884, 'message': 'Dec  7 09:44:19 hqnl0246134 sshd[309146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:44:23,302] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399063.272233, 'message': 'Dec  7 09:44:21 hqnl0246134 sshd[309146]: Failed password for invalid user ubuntu from 165.22.220.5 port 36916 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0301 seconds
INFO    [2022-12-07 09:44:24,442] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:44:24,442] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:44:24,449] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:44:24,460] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 09:44:49,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399089.3031523, 'message': 'Dec  7 09:44:47 hqnl0246134 sshd[309166]: Invalid user cb from 190.210.135.78 port 34466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 09:44:49,351] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399089.3039196, 'message': 'Dec  7 09:44:48 hqnl0246134 sshd[309166]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.210.135.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:44:49,370] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399089.3041444, 'message': 'Dec  7 09:44:48 hqnl0246134 sshd[309166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.210.135.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:44:51,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399091.3088949, 'message': 'Dec  7 09:44:49 hqnl0246134 sshd[309173]: Invalid user ubuntu from 165.22.220.5 port 59392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0292 seconds
INFO    [2022-12-07 09:44:51,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399091.309109, 'message': 'Dec  7 09:44:49 hqnl0246134 sshd[309166]: Failed password for invalid user cb from 190.210.135.78 port 34466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 09:44:51,368] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399091.309321, 'message': 'Dec  7 09:44:49 hqnl0246134 sshd[309173]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0287 seconds
INFO    [2022-12-07 09:44:51,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399091.3096466, 'message': 'Dec  7 09:44:50 hqnl0246134 sshd[309166]: Disconnected from invalid user cb 190.210.135.78 port 34466 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 09:44:51,389] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399091.3094933, 'message': 'Dec  7 09:44:49 hqnl0246134 sshd[309173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 09:44:52,879] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:44:52,880] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:44:53,353] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399093.3092659, 'message': 'Dec  7 09:44:51 hqnl0246134 sshd[309173]: Failed password for invalid user ubuntu from 165.22.220.5 port 59392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0440 seconds
WARNING [2022-12-07 09:45:14,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:45:14,124] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0502 seconds
INFO    [2022-12-07 09:45:17,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:45:17,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:45:17,984] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:45:17,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 09:45:20,720] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:45:20,720] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:45:20,729] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:45:20,741] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 09:45:21,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399121.343181, 'message': 'Dec  7 09:45:20 hqnl0246134 sshd[309225]: Invalid user ubuntu from 165.22.220.5 port 53644', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 09:45:21,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399121.3434734, 'message': 'Dec  7 09:45:20 hqnl0246134 sshd[309225]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:45:21,406] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399121.3436475, 'message': 'Dec  7 09:45:20 hqnl0246134 sshd[309225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:45:23,377] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399123.3459997, 'message': 'Dec  7 09:45:22 hqnl0246134 sshd[309225]: Failed password for invalid user ubuntu from 165.22.220.5 port 53644 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
WARNING [2022-12-07 09:45:52,886] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:45:52,888] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:45:53,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399153.3823009, 'message': 'Dec  7 09:45:51 hqnl0246134 sshd[309246]: Invalid user ubuntu from 165.22.220.5 port 47888', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0261 seconds
INFO    [2022-12-07 09:45:53,430] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399153.3829923, 'message': 'Dec  7 09:45:51 hqnl0246134 sshd[309246]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:45:53,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399153.3831456, 'message': 'Dec  7 09:45:51 hqnl0246134 sshd[309246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:45:55,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399155.3840551, 'message': 'Dec  7 09:45:54 hqnl0246134 sshd[309246]: Failed password for invalid user ubuntu from 165.22.220.5 port 47888 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0355 seconds
INFO    [2022-12-07 09:45:59,263] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:45:59,264] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:45:59,275] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:45:59,287] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
WARNING [2022-12-07 09:46:14,093] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:46:14,121] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0399 seconds
INFO    [2022-12-07 09:46:17,937] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:46:17,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:46:17,945] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:46:17,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 09:46:20,608] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:46:20,609] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:46:20,616] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:46:20,628] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 09:46:23,455] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399183.4210293, 'message': 'Dec  7 09:46:22 hqnl0246134 sshd[309287]: Invalid user ubuntu from 165.22.220.5 port 42132', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0330 seconds
INFO    [2022-12-07 09:46:23,456] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399183.421525, 'message': 'Dec  7 09:46:23 hqnl0246134 sshd[309289]: Invalid user wei from 87.245.17.229 port 35295', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0333 seconds
INFO    [2022-12-07 09:46:23,486] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399183.421247, 'message': 'Dec  7 09:46:22 hqnl0246134 sshd[309287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 09:46:23,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399183.421961, 'message': 'Dec  7 09:46:23 hqnl0246134 sshd[309289]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.245.17.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:46:23,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399183.421411, 'message': 'Dec  7 09:46:22 hqnl0246134 sshd[309287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 09:46:23,524] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399183.4220715, 'message': 'Dec  7 09:46:23 hqnl0246134 sshd[309289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.245.17.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0363 seconds
INFO    [2022-12-07 09:46:25,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399185.4226756, 'message': 'Dec  7 09:46:25 hqnl0246134 sshd[309289]: Failed password for invalid user wei from 87.245.17.229 port 35295 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 09:46:25,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399185.422875, 'message': 'Dec  7 09:46:25 hqnl0246134 sshd[309287]: Failed password for invalid user ubuntu from 165.22.220.5 port 42132 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 09:46:27,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399187.4260209, 'message': 'Dec  7 09:46:26 hqnl0246134 sshd[309289]: Disconnected from invalid user wei 87.245.17.229 port 35295 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 09:46:52,893] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:46:52,894] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:46:55,497] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399215.4713151, 'message': 'Dec  7 09:46:55 hqnl0246134 sshd[309303]: Invalid user ubuntu from 165.22.220.5 port 36374', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:46:55,515] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399215.4726162, 'message': 'Dec  7 09:46:55 hqnl0246134 sshd[309303]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:46:55,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399215.4745004, 'message': 'Dec  7 09:46:55 hqnl0246134 sshd[309303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 09:46:59,495] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399219.4740283, 'message': 'Dec  7 09:46:57 hqnl0246134 sshd[309303]: Failed password for invalid user ubuntu from 165.22.220.5 port 36374 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
WARNING [2022-12-07 09:47:14,096] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:47:14,121] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-07 09:47:18,012] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:47:18,013] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:47:18,021] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:47:18,033] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 09:47:20,670] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:47:20,670] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:47:20,678] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:47:20,690] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 09:47:27,539] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399247.5115163, 'message': 'Dec  7 09:47:26 hqnl0246134 sshd[309349]: Invalid user ubuntu from 165.22.220.5 port 58858', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 09:47:27,572] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399247.5119133, 'message': 'Dec  7 09:47:27 hqnl0246134 sshd[309349]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 09:47:27,607] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399247.5135372, 'message': 'Dec  7 09:47:27 hqnl0246134 sshd[309349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0344 seconds
INFO    [2022-12-07 09:47:31,532] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399251.5140793, 'message': 'Dec  7 09:47:29 hqnl0246134 sshd[309349]: Failed password for invalid user ubuntu from 165.22.220.5 port 58858 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:47:34,112] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:47:34,112] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:47:34,120] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:47:34,132] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
WARNING [2022-12-07 09:47:52,901] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:47:52,904] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:47:59,591] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399279.553963, 'message': 'Dec  7 09:47:59 hqnl0246134 sshd[309375]: Invalid user uftp from 165.22.220.5 port 53102', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0360 seconds
INFO    [2022-12-07 09:47:59,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399279.5545726, 'message': 'Dec  7 09:47:59 hqnl0246134 sshd[309375]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0282 seconds
INFO    [2022-12-07 09:47:59,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399279.5617707, 'message': 'Dec  7 09:47:59 hqnl0246134 sshd[309375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 09:48:01,575] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399281.5543687, 'message': 'Dec  7 09:48:00 hqnl0246134 sshd[309375]: Failed password for invalid user uftp from 165.22.220.5 port 53102 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0209 seconds
WARNING [2022-12-07 09:48:14,099] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:48:14,118] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0281 seconds
INFO    [2022-12-07 09:48:17,892] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:48:17,892] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:48:17,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:48:17,916] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 09:48:20,517] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:48:20,518] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:48:20,528] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:48:20,546] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0280 seconds
INFO    [2022-12-07 09:48:21,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670399301.576486, 'message': 'Dec  7 09:48:20 hqnl0246134 sshd[309401]: Invalid user gituser from 160.124.103.55 port 33664', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 09:48:21,615] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '160.124.103.55', 'timestamp': 1670399301.5767045, 'message': 'Dec  7 09:48:21 hqnl0246134 sshd[309401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 160.124.103.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:48:21,633] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '160.124.103.55', 'timestamp': 1670399301.5768335, 'message': 'Dec  7 09:48:21 hqnl0246134 sshd[309401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.124.103.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:48:23,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670399303.5788302, 'message': 'Dec  7 09:48:23 hqnl0246134 sshd[309401]: Failed password for invalid user gituser from 160.124.103.55 port 33664 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:48:25,602] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670399305.582734, 'message': 'Dec  7 09:48:23 hqnl0246134 sshd[309401]: Disconnected from invalid user gituser 160.124.103.55 port 33664 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:48:31,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399311.596801, 'message': 'Dec  7 09:48:31 hqnl0246134 sshd[309409]: Invalid user uftp from 165.22.220.5 port 47346', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 09:48:31,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399311.5970519, 'message': 'Dec  7 09:48:31 hqnl0246134 sshd[309409]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:48:31,669] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399311.5972288, 'message': 'Dec  7 09:48:31 hqnl0246134 sshd[309409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 09:48:33,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399313.5998077, 'message': 'Dec  7 09:48:33 hqnl0246134 sshd[309409]: Failed password for invalid user uftp from 165.22.220.5 port 47346 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
WARNING [2022-12-07 09:48:52,909] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:48:52,911] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:49:05,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399345.7195623, 'message': 'Dec  7 09:49:03 hqnl0246134 sshd[309435]: Invalid user uftp from 165.22.220.5 port 41590', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0446 seconds
INFO    [2022-12-07 09:49:05,790] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399345.7208092, 'message': 'Dec  7 09:49:04 hqnl0246134 sshd[309435]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:49:05,809] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399345.721076, 'message': 'Dec  7 09:49:04 hqnl0246134 sshd[309435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:49:07,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399347.719063, 'message': 'Dec  7 09:49:06 hqnl0246134 sshd[309435]: Failed password for invalid user uftp from 165.22.220.5 port 41590 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 09:49:10,839] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:49:10,840] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:49:10,847] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:49:10,858] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0177 seconds
WARNING [2022-12-07 09:49:14,107] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:49:14,128] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0346 seconds
INFO    [2022-12-07 09:49:17,804] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:49:17,805] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:49:17,813] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:49:17,825] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 09:49:20,874] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:49:20,874] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:49:20,881] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:49:20,893] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 09:49:37,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399377.76322, 'message': 'Dec  7 09:49:36 hqnl0246134 sshd[309469]: Invalid user user from 165.22.220.5 port 35834', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 09:49:37,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399377.7637875, 'message': 'Dec  7 09:49:36 hqnl0246134 sshd[309469]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0251 seconds
INFO    [2022-12-07 09:49:37,840] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399377.7639482, 'message': 'Dec  7 09:49:36 hqnl0246134 sshd[309469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:49:39,783] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399379.7654696, 'message': 'Dec  7 09:49:38 hqnl0246134 sshd[309469]: Failed password for invalid user user from 165.22.220.5 port 35834 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:49:51,841] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670399391.7969518, 'message': 'Dec  7 09:49:51 hqnl0246134 sshd[309483]: Invalid user team from 104.225.146.77 port 52754', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0419 seconds
INFO    [2022-12-07 09:49:51,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '104.225.146.77', 'timestamp': 1670399391.7980144, 'message': 'Dec  7 09:49:51 hqnl0246134 sshd[309483]: pam_imunify(sshd:auth): [IM360_RBL] The IP 104.225.146.77 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 09:49:51,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '104.225.146.77', 'timestamp': 1670399391.7982407, 'message': 'Dec  7 09:49:51 hqnl0246134 sshd[309483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.225.146.77 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 09:49:52,915] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:49:52,916] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:49:53,820] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670399393.7995965, 'message': 'Dec  7 09:49:53 hqnl0246134 sshd[309483]: Failed password for invalid user team from 104.225.146.77 port 52754 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 09:49:53,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '104.225.146.77', 'timestamp': 1670399393.7997694, 'message': 'Dec  7 09:49:53 hqnl0246134 sshd[309483]: Disconnected from invalid user team 104.225.146.77 port 52754 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 09:50:07,844] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399407.8185909, 'message': 'Dec  7 09:50:07 hqnl0246134 sshd[309505]: Invalid user user from 165.22.220.5 port 58312', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 09:50:09,843] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399409.8216553, 'message': 'Dec  7 09:50:07 hqnl0246134 sshd[309505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 09:50:09,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399409.821951, 'message': 'Dec  7 09:50:07 hqnl0246134 sshd[309505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:50:09,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399409.8221478, 'message': 'Dec  7 09:50:09 hqnl0246134 sshd[309505]: Failed password for invalid user user from 165.22.220.5 port 58312 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0171 seconds
WARNING [2022-12-07 09:50:14,117] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:50:14,169] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0707 seconds
INFO    [2022-12-07 09:50:17,885] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:50:17,886] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:50:17,893] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:50:17,904] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0170 seconds
INFO    [2022-12-07 09:50:20,691] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:50:20,692] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:50:20,700] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:50:20,711] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 09:50:25,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399425.8393376, 'message': 'Dec  7 09:50:24 hqnl0246134 sshd[309537]: Invalid user appuser from 207.154.238.107 port 36218', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 09:50:25,881] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399425.8396266, 'message': 'Dec  7 09:50:25 hqnl0246134 sshd[309537]: pam_imunify(sshd:auth): [IM360_RBL] The IP 207.154.238.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 09:50:25,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399425.8397658, 'message': 'Dec  7 09:50:25 hqnl0246134 sshd[309537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.238.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:50:27,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399427.8410873, 'message': 'Dec  7 09:50:26 hqnl0246134 sshd[309537]: Failed password for invalid user appuser from 207.154.238.107 port 36218 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 09:50:27,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399427.8412788, 'message': 'Dec  7 09:50:27 hqnl0246134 sshd[309537]: Disconnected from invalid user appuser 207.154.238.107 port 36218 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:50:39,899] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399439.875747, 'message': 'Dec  7 09:50:39 hqnl0246134 sshd[309543]: Invalid user user from 165.22.220.5 port 52558', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0226 seconds
INFO    [2022-12-07 09:50:39,920] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399439.8762305, 'message': 'Dec  7 09:50:39 hqnl0246134 sshd[309543]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:50:39,938] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399439.876475, 'message': 'Dec  7 09:50:39 hqnl0246134 sshd[309543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:50:41,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399441.8781307, 'message': 'Dec  7 09:50:41 hqnl0246134 sshd[309543]: Failed password for invalid user user from 165.22.220.5 port 52558 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 09:50:46,274] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:50:46,275] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:50:46,282] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:50:46,295] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-07 09:50:52,920] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:50:52,921] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:51:02,845] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:51:02,916] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:51:02,917] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:51:02,917] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:51:02,917] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:51:02,918] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:51:02,927] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:51:02,943] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0252 seconds
WARNING [2022-12-07 09:51:02,950] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:51:02,953] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:51:02,971] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0342 seconds
INFO    [2022-12-07 09:51:02,973] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0323 seconds
INFO    [2022-12-07 09:51:12,013] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399471.9717689, 'message': 'Dec  7 09:51:10 hqnl0246134 sshd[309574]: Invalid user user from 165.22.220.5 port 46804', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0391 seconds
INFO    [2022-12-07 09:51:12,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399471.9725342, 'message': 'Dec  7 09:51:10 hqnl0246134 sshd[309574]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0280 seconds
INFO    [2022-12-07 09:51:12,063] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399471.972818, 'message': 'Dec  7 09:51:10 hqnl0246134 sshd[309574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 09:51:14,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399473.9839096, 'message': 'Dec  7 09:51:12 hqnl0246134 sshd[309574]: Failed password for invalid user user from 165.22.220.5 port 46804 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
WARNING [2022-12-07 09:51:14,112] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:51:14,133] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0298 seconds
INFO    [2022-12-07 09:51:17,879] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:51:17,879] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:51:17,888] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:51:17,899] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0191 seconds
INFO    [2022-12-07 09:51:20,668] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:51:20,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:51:20,677] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:51:20,689] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 09:51:24,031] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399483.996341, 'message': 'Dec  7 09:51:22 hqnl0246134 sshd[309596]: Invalid user mcserver from 143.198.195.192 port 44028', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 09:51:24,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399483.9967973, 'message': 'Dec  7 09:51:22 hqnl0246134 sshd[309596]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.195.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 09:51:24,076] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399483.9970202, 'message': 'Dec  7 09:51:22 hqnl0246134 sshd[309596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.195.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:51:26,032] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399485.99899, 'message': 'Dec  7 09:51:25 hqnl0246134 sshd[309596]: Failed password for invalid user mcserver from 143.198.195.192 port 44028 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0328 seconds
INFO    [2022-12-07 09:51:28,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399488.0064497, 'message': 'Dec  7 09:51:27 hqnl0246134 sshd[309596]: Disconnected from invalid user mcserver 143.198.195.192 port 44028 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 09:51:33,043] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:51:33,044] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:51:33,044] im360.plugins.client360: Waiting 6 minutes before retry...
INFO    [2022-12-07 09:51:40,183] im360.plugins.db_auto_cleanup: Deleted 0 expired records from whitelist
INFO    [2022-12-07 09:51:40,185] im360.plugins.db_auto_cleanup: Deleted 0 expired graylisted/blacklisted IPs (older than 3 days) during auto cleanup
INFO    [2022-12-07 09:51:41,028] im360.plugins.pam: PAM module has been enabled for dovecot-pam
INFO    [2022-12-07 09:51:42,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399502.0419033, 'message': 'Dec  7 09:51:41 hqnl0246134 sshd[309609]: Invalid user user1 from 165.22.220.5 port 41050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 09:51:42,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399502.042351, 'message': 'Dec  7 09:51:41 hqnl0246134 sshd[309609]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:51:42,101] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399502.0425148, 'message': 'Dec  7 09:51:41 hqnl0246134 sshd[309609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 09:51:46,083] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399506.0630834, 'message': 'Dec  7 09:51:44 hqnl0246134 sshd[309609]: Failed password for invalid user user1 from 165.22.220.5 port 41050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 09:51:52,929] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:51:52,930] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 09:51:54,367] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 09:52:14,126] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:52:14,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399534.0991528, 'message': 'Dec  7 09:52:12 hqnl0246134 sshd[309657]: Invalid user vagrant from 165.22.220.5 port 35296', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0531 seconds
INFO    [2022-12-07 09:52:14,156] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0503 seconds
INFO    [2022-12-07 09:52:14,174] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399534.0997438, 'message': 'Dec  7 09:52:12 hqnl0246134 sshd[309657]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 09:52:14,194] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399534.1000016, 'message': 'Dec  7 09:52:12 hqnl0246134 sshd[309657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 09:52:16,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399536.09851, 'message': 'Dec  7 09:52:14 hqnl0246134 sshd[309657]: Failed password for invalid user vagrant from 165.22.220.5 port 35296 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0196 seconds
INFO    [2022-12-07 09:52:17,938] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:52:17,938] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:52:17,947] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:52:17,960] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 09:52:18,361] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:52:18,362] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:52:18,370] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:52:18,381] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 09:52:21,474] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:52:21,474] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:52:21,485] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:52:21,501] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0261 seconds
INFO    [2022-12-07 09:52:44,181] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399564.157319, 'message': 'Dec  7 09:52:43 hqnl0246134 sshd[309686]: Invalid user vagrant from 165.22.220.5 port 57770', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0232 seconds
INFO    [2022-12-07 09:52:44,201] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399564.1577787, 'message': 'Dec  7 09:52:43 hqnl0246134 sshd[309686]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:52:44,219] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399564.1579285, 'message': 'Dec  7 09:52:43 hqnl0246134 sshd[309686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:52:46,179] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399566.159768, 'message': 'Dec  7 09:52:45 hqnl0246134 sshd[309686]: Failed password for invalid user vagrant from 165.22.220.5 port 57770 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
WARNING [2022-12-07 09:52:52,935] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:52:52,936] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:53:10,238] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670399590.2040927, 'message': 'Dec  7 09:53:09 hqnl0246134 sshd[309705]: Invalid user admin from 51.195.247.123 port 39604', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 09:53:10,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.195.247.123', 'timestamp': 1670399590.2047567, 'message': 'Dec  7 09:53:10 hqnl0246134 sshd[309705]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.195.247.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0315 seconds
INFO    [2022-12-07 09:53:10,289] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.195.247.123', 'timestamp': 1670399590.2050226, 'message': 'Dec  7 09:53:10 hqnl0246134 sshd[309705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.247.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 09:53:14,119] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:53:14,143] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-07 09:53:14,227] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670399594.2069066, 'message': 'Dec  7 09:53:12 hqnl0246134 sshd[309705]: Failed password for invalid user admin from 51.195.247.123 port 39604 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:53:14,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670399594.207128, 'message': 'Dec  7 09:53:13 hqnl0246134 sshd[309705]: Disconnected from invalid user admin 51.195.247.123 port 39604 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0214 seconds
INFO    [2022-12-07 09:53:16,233] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399596.209165, 'message': 'Dec  7 09:53:14 hqnl0246134 sshd[309718]: Invalid user vagrant from 165.22.220.5 port 52016', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 09:53:16,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399596.2093997, 'message': 'Dec  7 09:53:15 hqnl0246134 sshd[309718]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 09:53:16,273] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399596.2095754, 'message': 'Dec  7 09:53:15 hqnl0246134 sshd[309718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 09:53:17,924] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:53:17,925] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:53:17,932] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:53:17,944] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0183 seconds
INFO    [2022-12-07 09:53:18,230] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399598.2109382, 'message': 'Dec  7 09:53:16 hqnl0246134 sshd[309718]: Failed password for invalid user vagrant from 165.22.220.5 port 52016 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 09:53:20,573] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:53:20,573] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:53:20,580] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:53:20,592] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 09:53:48,295] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399628.2568727, 'message': 'Dec  7 09:53:46 hqnl0246134 sshd[309746]: Invalid user vnc from 165.22.220.5 port 46260', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0364 seconds
INFO    [2022-12-07 09:53:48,314] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399628.257961, 'message': 'Dec  7 09:53:47 hqnl0246134 sshd[309746]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:53:48,331] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399628.2581873, 'message': 'Dec  7 09:53:47 hqnl0246134 sshd[309746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0167 seconds
INFO    [2022-12-07 09:53:50,285] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399630.2588892, 'message': 'Dec  7 09:53:49 hqnl0246134 sshd[309746]: Failed password for invalid user vnc from 165.22.220.5 port 46260 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0255 seconds
WARNING [2022-12-07 09:53:52,941] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:53:52,942] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:53:53,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:53:53,157] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:53:53,164] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:53:53,176] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
WARNING [2022-12-07 09:54:14,123] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:54:14,144] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0300 seconds
INFO    [2022-12-07 09:54:18,505] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:54:18,506] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:54:18,555] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:54:18,578] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0536 seconds
INFO    [2022-12-07 09:54:18,579] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399658.5259109, 'message': 'Dec  7 09:54:18 hqnl0246134 sshd[309778]: Invalid user wang from 165.22.220.5 port 40504', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0522 seconds
INFO    [2022-12-07 09:54:18,596] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399658.5261867, 'message': 'Dec  7 09:54:18 hqnl0246134 sshd[309778]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 09:54:18,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399658.526413, 'message': 'Dec  7 09:54:18 hqnl0246134 sshd[309778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:54:22,447] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399662.3350182, 'message': 'Dec  7 09:54:20 hqnl0246134 sshd[309778]: Failed password for invalid user wang from 165.22.220.5 port 40504 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1116 seconds
INFO    [2022-12-07 09:54:23,239] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:54:23,239] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:54:23,264] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:54:23,357] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1111 seconds
INFO    [2022-12-07 09:54:36,378] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.100.249.182', 'timestamp': 1670399676.3546798, 'message': 'Dec  7 09:54:35 hqnl0246134 sshd[309804]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.100.249.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0231 seconds
INFO    [2022-12-07 09:54:36,397] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.100.249.182', 'timestamp': 1670399676.3550303, 'message': 'Dec  7 09:54:35 hqnl0246134 sshd[309804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.100.249.182  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 09:54:38,386] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.100.249.182', 'timestamp': 1670399678.357264, 'message': 'Dec  7 09:54:37 hqnl0246134 sshd[309804]: Failed password for root from 34.100.249.182 port 56870 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0288 seconds
INFO    [2022-12-07 09:54:50,413] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399690.3692086, 'message': 'Dec  7 09:54:48 hqnl0246134 sshd[309817]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.150.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0424 seconds
INFO    [2022-12-07 09:54:50,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399690.3700306, 'message': 'Dec  7 09:54:49 hqnl0246134 sshd[309819]: Invalid user wang from 165.22.220.5 port 34748', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0436 seconds
INFO    [2022-12-07 09:54:50,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399690.3698277, 'message': 'Dec  7 09:54:48 hqnl0246134 sshd[309817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.150.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0370 seconds
INFO    [2022-12-07 09:54:50,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399690.3701622, 'message': 'Dec  7 09:54:49 hqnl0246134 sshd[309819]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0369 seconds
INFO    [2022-12-07 09:54:50,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399690.3704696, 'message': 'Dec  7 09:54:50 hqnl0246134 sshd[309817]: Failed password for root from 164.92.150.192 port 49958 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0305 seconds
INFO    [2022-12-07 09:54:50,484] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399690.3703172, 'message': 'Dec  7 09:54:49 hqnl0246134 sshd[309819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 09:54:52,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399692.369762, 'message': 'Dec  7 09:54:51 hqnl0246134 sshd[309819]: Failed password for invalid user wang from 165.22.220.5 port 34748 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0280 seconds
WARNING [2022-12-07 09:54:52,946] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:54:52,947] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:55:02,410] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.170.233.68', 'timestamp': 1670399702.377466, 'message': 'Dec  7 09:55:01 hqnl0246134 sshd[309822]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.170.233.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 09:55:02,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.170.233.68', 'timestamp': 1670399702.3838196, 'message': 'Dec  7 09:55:01 hqnl0246134 sshd[309822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.233.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 09:55:04,398] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.170.233.68', 'timestamp': 1670399704.3777936, 'message': 'Dec  7 09:55:03 hqnl0246134 sshd[309822]: Failed password for root from 187.170.233.68 port 42824 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
WARNING [2022-12-07 09:55:14,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:55:14,165] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0393 seconds
INFO    [2022-12-07 09:55:17,972] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:55:17,972] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:55:17,981] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:55:17,993] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 09:55:20,652] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:55:20,653] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:55:20,662] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:55:20,673] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0196 seconds
INFO    [2022-12-07 09:55:22,416] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399722.395732, 'message': 'Dec  7 09:55:21 hqnl0246134 sshd[309882]: Invalid user wang from 165.22.220.5 port 57224', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 09:55:22,434] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399722.3961103, 'message': 'Dec  7 09:55:21 hqnl0246134 sshd[309882]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 09:55:22,451] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399722.3962994, 'message': 'Dec  7 09:55:21 hqnl0246134 sshd[309882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 09:55:24,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399724.3974545, 'message': 'Dec  7 09:55:23 hqnl0246134 sshd[309882]: Failed password for invalid user wang from 165.22.220.5 port 57224 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0204 seconds
INFO    [2022-12-07 09:55:27,336] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:55:27,337] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:55:27,345] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:55:27,358] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0208 seconds
INFO    [2022-12-07 09:55:52,462] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '175.192.96.215', 'timestamp': 1670399752.4297218, 'message': 'Dec  7 09:55:51 hqnl0246134 sshd[309907]: Invalid user admin from 175.192.96.215 port 57109', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0308 seconds
INFO    [2022-12-07 09:55:52,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '175.192.96.215', 'timestamp': 1670399752.4304335, 'message': 'Dec  7 09:55:51 hqnl0246134 sshd[309907]: pam_imunify(sshd:auth): [IM360_RBL] The IP 175.192.96.215 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:55:52,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '175.192.96.215', 'timestamp': 1670399752.4306657, 'message': 'Dec  7 09:55:51 hqnl0246134 sshd[309907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.192.96.215 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0196 seconds
WARNING [2022-12-07 09:55:52,951] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:55:52,952] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:55:54,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '175.192.96.215', 'timestamp': 1670399754.4302967, 'message': 'Dec  7 09:55:53 hqnl0246134 sshd[309907]: Failed password for invalid user admin from 175.192.96.215 port 57109 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0327 seconds
INFO    [2022-12-07 09:55:54,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399754.4306664, 'message': 'Dec  7 09:55:53 hqnl0246134 sshd[309911]: Invalid user weblogic from 165.22.220.5 port 51468', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 09:55:54,483] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399754.4308057, 'message': 'Dec  7 09:55:54 hqnl0246134 sshd[309911]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:55:54,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399754.4309466, 'message': 'Dec  7 09:55:54 hqnl0246134 sshd[309911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 09:55:56,452] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399756.433367, 'message': 'Dec  7 09:55:55 hqnl0246134 sshd[309911]: Failed password for invalid user weblogic from 165.22.220.5 port 51468 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 09:56:14,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:56:14,186] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0507 seconds
INFO    [2022-12-07 09:56:17,936] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:56:17,936] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:56:17,946] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:56:17,957] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 09:56:20,633] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:56:20,634] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:56:20,649] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:56:20,669] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0339 seconds
INFO    [2022-12-07 09:56:22,482] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670399782.4593694, 'message': 'Dec  7 09:56:21 hqnl0246134 sshd[309943]: Invalid user adriana from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 09:56:22,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670399782.4596992, 'message': 'Dec  7 09:56:21 hqnl0246134 sshd[309943]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 09:56:22,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670399782.459871, 'message': 'Dec  7 09:56:21 hqnl0246134 sshd[309943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 09:56:24,481] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670399784.4610953, 'message': 'Dec  7 09:56:24 hqnl0246134 sshd[309943]: Failed password for invalid user adriana from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:56:26,503] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670399786.4621072, 'message': 'Dec  7 09:56:25 hqnl0246134 sshd[309943]: Disconnected from invalid user adriana 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0402 seconds
INFO    [2022-12-07 09:56:26,504] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399786.4625058, 'message': 'Dec  7 09:56:26 hqnl0246134 sshd[309946]: Invalid user worker from 165.22.220.5 port 45712', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0405 seconds
INFO    [2022-12-07 09:56:26,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399786.462702, 'message': 'Dec  7 09:56:26 hqnl0246134 sshd[309946]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:56:26,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399786.4628725, 'message': 'Dec  7 09:56:26 hqnl0246134 sshd[309946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 09:56:28,521] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399788.4891107, 'message': 'Dec  7 09:56:28 hqnl0246134 sshd[309946]: Failed password for invalid user worker from 165.22.220.5 port 45712 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0314 seconds
INFO    [2022-12-07 09:56:34,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399794.4703622, 'message': 'Dec  7 09:56:34 hqnl0246134 sshd[309951]: Invalid user orange from 87.245.17.229 port 38049', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0638 seconds
INFO    [2022-12-07 09:56:34,617] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399794.4707143, 'message': 'Dec  7 09:56:34 hqnl0246134 sshd[309951]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.245.17.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0816 seconds
INFO    [2022-12-07 09:56:34,683] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399794.4709055, 'message': 'Dec  7 09:56:34 hqnl0246134 sshd[309951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.245.17.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0644 seconds
INFO    [2022-12-07 09:56:36,490] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399796.4713066, 'message': 'Dec  7 09:56:36 hqnl0246134 sshd[309951]: Failed password for invalid user orange from 87.245.17.229 port 38049 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 09:56:38,493] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670399798.4730165, 'message': 'Dec  7 09:56:37 hqnl0246134 sshd[309951]: Disconnected from invalid user orange 87.245.17.229 port 38049 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 09:56:42,499] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399802.4787352, 'message': 'Dec  7 09:56:42 hqnl0246134 sshd[309954]: Invalid user zhangjie from 190.210.135.78 port 39292', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 09:56:42,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399802.4790475, 'message': 'Dec  7 09:56:42 hqnl0246134 sshd[309954]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.210.135.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 09:56:42,535] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399802.479236, 'message': 'Dec  7 09:56:42 hqnl0246134 sshd[309954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.210.135.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0171 seconds
INFO    [2022-12-07 09:56:44,506] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399804.4813323, 'message': 'Dec  7 09:56:43 hqnl0246134 sshd[309954]: Failed password for invalid user zhangjie from 190.210.135.78 port 39292 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 09:56:44,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399804.4817498, 'message': 'Dec  7 09:56:44 hqnl0246134 sshd[309954]: Disconnected from invalid user zhangjie 190.210.135.78 port 39292 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
WARNING [2022-12-07 09:56:52,954] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:56:52,955] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:56:59,061] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399818.9921057, 'message': 'Dec  7 09:56:58 hqnl0246134 sshd[309972]: Invalid user worker from 165.22.220.5 port 39956', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0553 seconds
INFO    [2022-12-07 09:56:59,118] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399819.004846, 'message': 'Dec  7 09:56:58 hqnl0246134 sshd[309972]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0569 seconds
INFO    [2022-12-07 09:56:59,154] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399819.0051167, 'message': 'Dec  7 09:56:58 hqnl0246134 sshd[309972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0358 seconds
INFO    [2022-12-07 09:57:00,519] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399820.501018, 'message': 'Dec  7 09:57:00 hqnl0246134 sshd[309972]: Failed password for invalid user worker from 165.22.220.5 port 39956 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
INFO    [2022-12-07 09:57:04,150] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:57:04,151] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:57:04,159] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:04,172] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0193 seconds
WARNING [2022-12-07 09:57:14,150] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:14,176] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0364 seconds
INFO    [2022-12-07 09:57:17,930] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:57:17,931] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:57:17,939] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:17,952] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 09:57:20,640] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:57:20,641] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:57:20,648] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:20,660] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 09:57:30,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399850.539299, 'message': 'Dec  7 09:57:30 hqnl0246134 sshd[310017]: Invalid user www from 165.22.220.5 port 34200', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 09:57:30,578] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399850.5395956, 'message': 'Dec  7 09:57:30 hqnl0246134 sshd[310017]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:57:30,597] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399850.5397666, 'message': 'Dec  7 09:57:30 hqnl0246134 sshd[310017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 09:57:32,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399852.5404506, 'message': 'Dec  7 09:57:32 hqnl0246134 sshd[310017]: Failed password for invalid user www from 165.22.220.5 port 34200 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 09:57:49,779] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:57:49,779] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:57:49,790] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:49,803] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0228 seconds
INFO    [2022-12-07 09:57:50,950] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 09:57:51,016] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 09:57:51,016] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 09:57:51,017] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 09:57:51,017] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 09:57:51,017] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 09:57:51,026] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 09:57:51,041] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0235 seconds
WARNING [2022-12-07 09:57:51,048] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 09:57:51,050] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:57:51,066] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0304 seconds
INFO    [2022-12-07 09:57:51,067] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0287 seconds
WARNING [2022-12-07 09:57:52,958] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:57:52,959] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:57:58,599] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399878.5769968, 'message': 'Dec  7 09:57:57 hqnl0246134 sshd[310077]: pam_imunify(sshd:auth): [IM360_RBL] The IP 207.154.238.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 09:57:58,622] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399878.5773556, 'message': 'Dec  7 09:57:57 hqnl0246134 sshd[310077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.238.107  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 09:58:00,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '207.154.238.107', 'timestamp': 1670399880.5862126, 'message': 'Dec  7 09:58:00 hqnl0246134 sshd[310077]: Failed password for root from 207.154.238.107 port 49920 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 09:58:04,610] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399884.5896783, 'message': 'Dec  7 09:58:02 hqnl0246134 sshd[310094]: Invalid user www from 165.22.220.5 port 56676', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 09:58:04,627] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399884.5899985, 'message': 'Dec  7 09:58:02 hqnl0246134 sshd[310094]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 09:58:04,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399884.5901105, 'message': 'Dec  7 09:58:02 hqnl0246134 sshd[310094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 09:58:04,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399884.590215, 'message': 'Dec  7 09:58:04 hqnl0246134 sshd[310094]: Failed password for invalid user www from 165.22.220.5 port 56676 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 09:58:14,155] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:58:14,179] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0342 seconds
INFO    [2022-12-07 09:58:17,963] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:58:17,964] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:58:17,972] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:58:17,984] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 09:58:20,981] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:58:20,982] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:58:20,993] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:58:21,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0274 seconds
INFO    [2022-12-07 09:58:21,142] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 09:58:21,143] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 09:58:21,144] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 09:58:36,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399916.6474953, 'message': 'Dec  7 09:58:36 hqnl0246134 sshd[310120]: Invalid user www from 165.22.220.5 port 50920', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0225 seconds
INFO    [2022-12-07 09:58:36,692] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399916.6478517, 'message': 'Dec  7 09:58:36 hqnl0246134 sshd[310120]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 09:58:36,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399916.6480165, 'message': 'Dec  7 09:58:36 hqnl0246134 sshd[310120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 09:58:38,664] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399918.6375375, 'message': 'Dec  7 09:58:38 hqnl0246134 sshd[310120]: Failed password for invalid user www from 165.22.220.5 port 50920 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 09:58:41,244] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:58:41,244] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:58:41,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:58:41,263] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 09:58:52,961] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:58:52,962] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 09:59:10,739] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399950.6830232, 'message': 'Dec  7 09:59:08 hqnl0246134 sshd[310150]: Invalid user www from 165.22.220.5 port 45164', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0546 seconds
INFO    [2022-12-07 09:59:10,742] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399950.684505, 'message': 'Dec  7 09:59:10 hqnl0246134 sshd[310154]: Invalid user appuser from 164.92.150.192 port 40070', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0558 seconds
INFO    [2022-12-07 09:59:10,775] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399950.6835554, 'message': 'Dec  7 09:59:09 hqnl0246134 sshd[310150]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 09:59:10,777] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399950.684663, 'message': 'Dec  7 09:59:10 hqnl0246134 sshd[310154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.150.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0339 seconds
INFO    [2022-12-07 09:59:10,806] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399950.68429, 'message': 'Dec  7 09:59:09 hqnl0246134 sshd[310150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 09:59:10,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399950.6847644, 'message': 'Dec  7 09:59:10 hqnl0246134 sshd[310154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.150.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 09:59:12,715] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399952.6850483, 'message': 'Dec  7 09:59:10 hqnl0246134 sshd[310150]: Failed password for invalid user www from 165.22.220.5 port 45164 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
WARNING [2022-12-07 09:59:14,161] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:59:14,185] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0352 seconds
INFO    [2022-12-07 09:59:14,706] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399954.6860535, 'message': 'Dec  7 09:59:13 hqnl0246134 sshd[310154]: Failed password for invalid user appuser from 164.92.150.192 port 40070 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 09:59:16,710] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670399956.6885643, 'message': 'Dec  7 09:59:15 hqnl0246134 sshd[310154]: Disconnected from invalid user appuser 164.92.150.192 port 40070 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 09:59:18,025] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:59:18,025] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:59:18,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:59:18,043] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 09:59:20,851] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 09:59:20,852] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 09:59:20,863] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 09:59:20,876] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0237 seconds
INFO    [2022-12-07 09:59:36,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399976.7162607, 'message': 'Dec  7 09:59:34 hqnl0246134 sshd[310178]: Invalid user huawei from 190.210.135.78 port 50722', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0492 seconds
INFO    [2022-12-07 09:59:36,768] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399976.716916, 'message': 'Dec  7 09:59:35 hqnl0246134 sshd[310180]: Invalid user test from 143.198.195.192 port 56658', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-07 09:59:36,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399976.7166042, 'message': 'Dec  7 09:59:34 hqnl0246134 sshd[310178]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.210.135.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0378 seconds
INFO    [2022-12-07 09:59:36,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399976.7170227, 'message': 'Dec  7 09:59:35 hqnl0246134 sshd[310180]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.195.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0386 seconds
INFO    [2022-12-07 09:59:36,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399976.716758, 'message': 'Dec  7 09:59:34 hqnl0246134 sshd[310178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.210.135.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0541 seconds
INFO    [2022-12-07 09:59:36,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399976.717126, 'message': 'Dec  7 09:59:35 hqnl0246134 sshd[310180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.195.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0532 seconds
INFO    [2022-12-07 09:59:38,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399978.7183545, 'message': 'Dec  7 09:59:37 hqnl0246134 sshd[310178]: Failed password for invalid user huawei from 190.210.135.78 port 50722 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 09:59:38,750] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399978.718578, 'message': 'Dec  7 09:59:38 hqnl0246134 sshd[310180]: Failed password for invalid user test from 143.198.195.192 port 56658 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 09:59:40,754] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670399980.7213273, 'message': 'Dec  7 09:59:39 hqnl0246134 sshd[310178]: Disconnected from invalid user huawei 190.210.135.78 port 50722 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 09:59:42,755] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399982.7237558, 'message': 'Dec  7 09:59:40 hqnl0246134 sshd[310185]: Invalid user yarn from 165.22.220.5 port 39408', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 09:59:42,756] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '143.198.195.192', 'timestamp': 1670399982.7240005, 'message': 'Dec  7 09:59:40 hqnl0246134 sshd[310180]: Disconnected from invalid user test 143.198.195.192 port 56658 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 09:59:42,773] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399982.724157, 'message': 'Dec  7 09:59:40 hqnl0246134 sshd[310185]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 09:59:42,794] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399982.7243125, 'message': 'Dec  7 09:59:40 hqnl0246134 sshd[310185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 09:59:44,748] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670399984.7262704, 'message': 'Dec  7 09:59:43 hqnl0246134 sshd[310185]: Failed password for invalid user yarn from 165.22.220.5 port 39408 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0220 seconds
WARNING [2022-12-07 09:59:52,968] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 09:59:52,969] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:00:14,167] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:00:14,194] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0397 seconds
INFO    [2022-12-07 10:00:14,795] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400014.7645612, 'message': 'Dec  7 10:00:13 hqnl0246134 sshd[310245]: Invalid user zabbix from 165.22.220.5 port 33650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 10:00:14,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400014.7648787, 'message': 'Dec  7 10:00:13 hqnl0246134 sshd[310245]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 10:00:14,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400014.7651029, 'message': 'Dec  7 10:00:13 hqnl0246134 sshd[310245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 10:00:16,781] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400016.7616405, 'message': 'Dec  7 10:00:15 hqnl0246134 sshd[310245]: Failed password for invalid user zabbix from 165.22.220.5 port 33650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:00:18,390] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:00:18,390] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:00:18,404] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:00:18,417] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0260 seconds
INFO    [2022-12-07 10:00:18,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400018.764257, 'message': 'Dec  7 10:00:18 hqnl0246134 sshd[310264]: Invalid user server from 160.124.103.55 port 37060', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 10:00:18,827] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400018.7645288, 'message': 'Dec  7 10:00:18 hqnl0246134 sshd[310264]: pam_imunify(sshd:auth): [IM360_RBL] The IP 160.124.103.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0227 seconds
INFO    [2022-12-07 10:00:18,849] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400018.7646832, 'message': 'Dec  7 10:00:18 hqnl0246134 sshd[310264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.124.103.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 10:00:20,617] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:00:20,617] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:00:20,625] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:00:20,636] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 10:00:20,787] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400020.7679381, 'message': 'Dec  7 10:00:20 hqnl0246134 sshd[310264]: Failed password for invalid user server from 160.124.103.55 port 37060 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 10:00:22,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400022.770338, 'message': 'Dec  7 10:00:22 hqnl0246134 sshd[310264]: Disconnected from invalid user server 160.124.103.55 port 37060 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 10:00:22,802] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400022.7705932, 'message': 'Dec  7 10:00:22 hqnl0246134 sshd[310277]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.247.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 10:00:22,821] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400022.7729688, 'message': 'Dec  7 10:00:22 hqnl0246134 sshd[310277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 10:00:23,022] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:00:23,022] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:00:23,029] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:00:23,041] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 10:00:26,799] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400026.776169, 'message': 'Dec  7 10:00:24 hqnl0246134 sshd[310277]: Failed password for root from 147.182.247.29 port 43210 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 10:00:38,943] defence360agent.files: Updating all files
INFO    [2022-12-07 10:00:39,235] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:39,236] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 10:00:39,587] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:39,587] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 10:00:39,910] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:39,911] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 10:00:40,248] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:40,249] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 10:00:40,249] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 10:00:40,576] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 08:00:40 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'COMPLETED'), ('X-Amz-Request-Id', '172E73FC9979CCB0'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 10:00:40,578] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 10:00:40,579] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 10:00:41,450] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:41,451] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 10:00:41,730] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:41,731] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 10:00:42,000] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:42,000] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 10:00:42,583] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:42,584] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 10:00:42,873] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400042.8227262, 'message': 'Dec  7 10:00:42 hqnl0246134 sshd[310287]: Invalid user wei from 207.154.238.107 port 60396', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0505 seconds
INFO    [2022-12-07 10:00:43,079] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 10:00:43,080] defence360agent.files: geo files update finished (not updated)
INFO    [2022-12-07 10:00:44,826] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400044.8001258, 'message': 'Dec  7 10:00:42 hqnl0246134 sshd[310287]: pam_imunify(sshd:auth): [IM360_RBL] The IP 207.154.238.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0255 seconds
INFO    [2022-12-07 10:00:44,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400044.8005154, 'message': 'Dec  7 10:00:42 hqnl0246134 sshd[310287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.238.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:00:46,835] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400046.8042686, 'message': 'Dec  7 10:00:45 hqnl0246134 sshd[310287]: Failed password for invalid user wei from 207.154.238.107 port 60396 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0294 seconds
INFO    [2022-12-07 10:00:46,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400046.8048847, 'message': 'Dec  7 10:00:45 hqnl0246134 sshd[310297]: Invalid user zabbix from 165.22.220.5 port 56126', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 10:00:46,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400046.8067813, 'message': 'Dec  7 10:00:46 hqnl0246134 sshd[310287]: Disconnected from invalid user wei 207.154.238.107 port 60396 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 10:00:46,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400046.8051057, 'message': 'Dec  7 10:00:45 hqnl0246134 sshd[310297]: pam_imunify(sshd:auth): [IM360_RBL] The IP 165.22.220.5 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 10:00:46,880] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400046.8065975, 'message': 'Dec  7 10:00:45 hqnl0246134 sshd[310297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.220.5 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 10:00:48,824] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '165.22.220.5', 'timestamp': 1670400048.804067, 'message': 'Dec  7 10:00:48 hqnl0246134 sshd[310297]: Failed password for invalid user zabbix from 165.22.220.5 port 56126 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
WARNING [2022-12-07 10:00:52,972] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:00:52,972] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:01:10,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400070.8469417, 'message': 'Dec  7 10:01:09 hqnl0246134 sshd[310312]: Invalid user appuser from 87.245.17.229 port 33324', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0192 seconds
INFO    [2022-12-07 10:01:10,886] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400070.847313, 'message': 'Dec  7 10:01:09 hqnl0246134 sshd[310312]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.245.17.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 10:01:10,906] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400070.8474646, 'message': 'Dec  7 10:01:09 hqnl0246134 sshd[310312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.245.17.229 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 10:01:12,867] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400072.8490124, 'message': 'Dec  7 10:01:12 hqnl0246134 sshd[310312]: Failed password for invalid user appuser from 87.245.17.229 port 33324 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0182 seconds
WARNING [2022-12-07 10:01:14,267] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:01:14,300] defence360agent.internals.the_sink: SensorIncidentList(<15 item(s)>) processed in 0.1219 seconds
INFO    [2022-12-07 10:01:14,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400074.8516693, 'message': 'Dec  7 10:01:14 hqnl0246134 sshd[310312]: Disconnected from invalid user appuser 87.245.17.229 port 33324 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 10:01:17,993] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:01:17,994] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:01:18,003] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:01:18,016] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 10:01:20,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:01:20,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:01:20,931] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:01:20,943] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
WARNING [2022-12-07 10:01:52,974] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:01:52,976] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:01:52,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400112.923868, 'message': 'Dec  7 10:01:50 hqnl0246134 sshd[310350]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.64.134.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0526 seconds
INFO    [2022-12-07 10:01:53,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400112.9247525, 'message': 'Dec  7 10:01:50 hqnl0246134 sshd[310350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.64.134.14  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 10:01:53,043] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400112.9250016, 'message': 'Dec  7 10:01:52 hqnl0246134 sshd[310350]: Failed password for root from 45.64.134.14 port 23734 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0283 seconds
WARNING [2022-12-07 10:01:54,370] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 10:01:57,304] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:01:57,305] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:01:57,312] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:01:57,323] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
WARNING [2022-12-07 10:02:14,197] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:02:14,218] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0343 seconds
INFO    [2022-12-07 10:02:17,913] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:02:17,913] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:02:17,922] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:02:17,934] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 10:02:20,581] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:02:20,582] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:02:20,590] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:02:20,602] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0190 seconds
INFO    [2022-12-07 10:02:24,996] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670400144.9727008, 'message': 'Dec  7 10:02:24 hqnl0246134 sshd[310401]: Invalid user tecnici from 190.210.135.78 port 33940', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 10:02:25,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '190.210.135.78', 'timestamp': 1670400144.9730096, 'message': 'Dec  7 10:02:24 hqnl0246134 sshd[310401]: pam_imunify(sshd:auth): [IM360_RBL] The IP 190.210.135.78 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 10:02:25,048] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '190.210.135.78', 'timestamp': 1670400144.973173, 'message': 'Dec  7 10:02:24 hqnl0246134 sshd[310401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.210.135.78 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0265 seconds
INFO    [2022-12-07 10:02:26,995] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670400146.9759169, 'message': 'Dec  7 10:02:25 hqnl0246134 sshd[310401]: Failed password for invalid user tecnici from 190.210.135.78 port 33940 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 10:02:27,015] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '190.210.135.78', 'timestamp': 1670400146.9762053, 'message': 'Dec  7 10:02:26 hqnl0246134 sshd[310401]: Disconnected from invalid user tecnici 190.210.135.78 port 33940 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:02:31,581] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:02:31,651] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:02:31,651] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:02:31,652] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:02:31,652] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:02:31,652] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:02:31,662] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:02:31,678] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0252 seconds
WARNING [2022-12-07 10:02:31,685] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:02:31,687] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:02:31,705] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0320 seconds
INFO    [2022-12-07 10:02:31,706] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0300 seconds
INFO    [2022-12-07 10:02:33,020] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400152.9868803, 'message': 'Dec  7 10:02:32 hqnl0246134 sshd[310405]: Invalid user wei from 164.92.150.192 port 42196', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0324 seconds
INFO    [2022-12-07 10:02:33,042] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400152.987239, 'message': 'Dec  7 10:02:32 hqnl0246134 sshd[310405]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.150.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0211 seconds
INFO    [2022-12-07 10:02:33,060] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400152.9874427, 'message': 'Dec  7 10:02:32 hqnl0246134 sshd[310405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.150.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 10:02:35,006] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400154.9889057, 'message': 'Dec  7 10:02:34 hqnl0246134 sshd[310405]: Failed password for invalid user wei from 164.92.150.192 port 42196 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 10:02:37,017] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400156.9902701, 'message': 'Dec  7 10:02:35 hqnl0246134 sshd[310405]: Disconnected from invalid user wei 164.92.150.192 port 42196 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0263 seconds
INFO    [2022-12-07 10:02:45,036] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400164.9989963, 'message': 'Dec  7 10:02:44 hqnl0246134 sshd[310410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.195.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 10:02:45,066] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400164.999472, 'message': 'Dec  7 10:02:44 hqnl0246134 sshd[310410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.195.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0281 seconds
INFO    [2022-12-07 10:02:49,026] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400169.0078213, 'message': 'Dec  7 10:02:47 hqnl0246134 sshd[310410]: Failed password for root from 143.198.195.192 port 39752 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0180 seconds
WARNING [2022-12-07 10:02:52,980] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:02:52,981] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:02:59,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.195.247.123', 'timestamp': 1670400179.0248237, 'message': 'Dec  7 10:02:58 hqnl0246134 sshd[310421]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.195.247.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 10:02:59,065] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.195.247.123', 'timestamp': 1670400179.0260758, 'message': 'Dec  7 10:02:58 hqnl0246134 sshd[310421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.247.123  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 10:03:01,058] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '51.195.247.123', 'timestamp': 1670400181.027324, 'message': 'Dec  7 10:03:00 hqnl0246134 sshd[310421]: Failed password for root from 51.195.247.123 port 34792 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0303 seconds
INFO    [2022-12-07 10:03:01,787] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:03:01,787] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:03:01,789] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 10:03:14,199] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:03:14,223] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0338 seconds
INFO    [2022-12-07 10:03:17,085] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400197.0480742, 'message': 'Dec  7 10:03:16 hqnl0246134 sshd[310442]: Invalid user orange from 207.154.238.107 port 39650', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0362 seconds
INFO    [2022-12-07 10:03:17,117] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400197.0507002, 'message': 'Dec  7 10:03:16 hqnl0246134 sshd[310442]: pam_imunify(sshd:auth): [IM360_RBL] The IP 207.154.238.107 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0307 seconds
INFO    [2022-12-07 10:03:17,150] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400197.0508912, 'message': 'Dec  7 10:03:16 hqnl0246134 sshd[310442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.238.107 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 10:03:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:03:18,040] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:03:18,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:03:18,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0182 seconds
INFO    [2022-12-07 10:03:19,067] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400199.0481079, 'message': 'Dec  7 10:03:18 hqnl0246134 sshd[310442]: Failed password for invalid user orange from 207.154.238.107 port 39650 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 10:03:21,068] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '207.154.238.107', 'timestamp': 1670400201.0498924, 'message': 'Dec  7 10:03:19 hqnl0246134 sshd[310442]: Disconnected from invalid user orange 207.154.238.107 port 39650 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 10:03:22,798] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:03:22,799] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:03:22,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:03:22,824] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0249 seconds
INFO    [2022-12-07 10:03:31,078] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400211.0601463, 'message': 'Dec  7 10:03:29 hqnl0246134 sshd[310452]: Invalid user sbserver from 160.124.103.55 port 50938', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 10:03:31,096] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400211.0604188, 'message': 'Dec  7 10:03:29 hqnl0246134 sshd[310452]: pam_imunify(sshd:auth): [IM360_RBL] The IP 160.124.103.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 10:03:31,121] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400211.0605555, 'message': 'Dec  7 10:03:29 hqnl0246134 sshd[310452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.124.103.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0249 seconds
INFO    [2022-12-07 10:03:33,090] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400213.061749, 'message': 'Dec  7 10:03:31 hqnl0246134 sshd[310452]: Failed password for invalid user sbserver from 160.124.103.55 port 50938 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0278 seconds
INFO    [2022-12-07 10:03:33,091] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400213.0619638, 'message': 'Dec  7 10:03:32 hqnl0246134 sshd[310454]: Invalid user jackie from 128.199.234.147 port 57974', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 10:03:33,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400213.062077, 'message': 'Dec  7 10:03:32 hqnl0246134 sshd[310452]: Disconnected from invalid user sbserver 160.124.103.55 port 50938 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 10:03:33,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400213.0621827, 'message': 'Dec  7 10:03:32 hqnl0246134 sshd[310454]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.234.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0291 seconds
INFO    [2022-12-07 10:03:33,139] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400213.0622864, 'message': 'Dec  7 10:03:32 hqnl0246134 sshd[310454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:03:35,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400215.0696566, 'message': 'Dec  7 10:03:34 hqnl0246134 sshd[310454]: Failed password for invalid user jackie from 128.199.234.147 port 57974 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0268 seconds
INFO    [2022-12-07 10:03:35,097] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400215.0698564, 'message': 'Dec  7 10:03:34 hqnl0246134 sshd[310458]: Invalid user arma3server from 34.100.249.182 port 57692', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0270 seconds
INFO    [2022-12-07 10:03:35,115] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400215.0702286, 'message': 'Dec  7 10:03:34 hqnl0246134 sshd[310458]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.100.249.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 10:03:35,132] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400215.0703335, 'message': 'Dec  7 10:03:34 hqnl0246134 sshd[310458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.100.249.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 10:03:36,668] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:03:36,668] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:03:36,675] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:03:36,687] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 10:03:37,106] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400217.0729878, 'message': 'Dec  7 10:03:35 hqnl0246134 sshd[310454]: Disconnected from invalid user jackie 128.199.234.147 port 57974 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 10:03:37,107] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400217.0738745, 'message': 'Dec  7 10:03:36 hqnl0246134 sshd[310458]: Failed password for invalid user arma3server from 34.100.249.182 port 57692 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0329 seconds
INFO    [2022-12-07 10:03:39,095] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400219.0757506, 'message': 'Dec  7 10:03:38 hqnl0246134 sshd[310458]: Disconnected from invalid user arma3server 34.100.249.182 port 57692 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
WARNING [2022-12-07 10:03:52,984] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:03:52,985] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:04:14,206] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:04:14,235] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0399 seconds
INFO    [2022-12-07 10:04:17,927] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:04:17,928] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:04:17,937] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:04:17,950] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0209 seconds
INFO    [2022-12-07 10:04:20,726] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:04:20,726] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:04:20,735] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:04:20,747] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
WARNING [2022-12-07 10:04:52,991] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:04:52,992] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:05:17,886] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:05:17,887] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:05:17,898] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:05:17,912] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0230 seconds
INFO    [2022-12-07 10:05:21,175] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:05:21,176] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:05:21,189] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:05:21,211] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0346 seconds
INFO    [2022-12-07 10:05:31,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400331.2283905, 'message': 'Dec  7 10:05:30 hqnl0246134 sshd[310574]: Invalid user orange from 164.92.150.192 port 58436', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 10:05:31,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400331.228687, 'message': 'Dec  7 10:05:30 hqnl0246134 sshd[310574]: pam_imunify(sshd:auth): [IM360_RBL] The IP 164.92.150.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 10:05:31,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400331.2288406, 'message': 'Dec  7 10:05:30 hqnl0246134 sshd[310574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.150.192 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0165 seconds
INFO    [2022-12-07 10:05:33,248] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400333.2302375, 'message': 'Dec  7 10:05:33 hqnl0246134 sshd[310574]: Failed password for invalid user orange from 164.92.150.192 port 58436 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0181 seconds
INFO    [2022-12-07 10:05:35,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '164.92.150.192', 'timestamp': 1670400335.2326717, 'message': 'Dec  7 10:05:33 hqnl0246134 sshd[310574]: Disconnected from invalid user orange 164.92.150.192 port 58436 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 10:05:36,267] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:05:36,268] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:05:36,278] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:05:36,293] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0252 seconds
INFO    [2022-12-07 10:05:37,254] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400337.2356436, 'message': 'Dec  7 10:05:36 hqnl0246134 sshd[310576]: pam_imunify(sshd:auth): [IM360_RBL] The IP 87.245.17.229 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 10:05:37,271] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400337.2358317, 'message': 'Dec  7 10:05:36 hqnl0246134 sshd[310576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.245.17.229  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0170 seconds
INFO    [2022-12-07 10:05:41,262] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '87.245.17.229', 'timestamp': 1670400341.2404594, 'message': 'Dec  7 10:05:39 hqnl0246134 sshd[310576]: Failed password for root from 87.245.17.229 port 56841 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0214 seconds
WARNING [2022-12-07 10:05:52,996] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:05:52,998] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:05:59,286] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400359.259739, 'message': 'Dec  7 10:05:58 hqnl0246134 sshd[310600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 143.198.195.192 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 10:05:59,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400359.2603128, 'message': 'Dec  7 10:05:58 hqnl0246134 sshd[310600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.195.192  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 10:06:01,283] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '143.198.195.192', 'timestamp': 1670400361.2604566, 'message': 'Dec  7 10:06:00 hqnl0246134 sshd[310600]: Failed password for root from 143.198.195.192 port 60492 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 10:06:09,298] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400369.2727177, 'message': 'Dec  7 10:06:07 hqnl0246134 sshd[310611]: Invalid user gerrit from 187.170.233.68 port 53166', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 10:06:09,319] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400369.2731006, 'message': 'Dec  7 10:06:08 hqnl0246134 sshd[310611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.170.233.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 10:06:09,340] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400369.2732825, 'message': 'Dec  7 10:06:08 hqnl0246134 sshd[310611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.233.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 10:06:11,292] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400371.2739499, 'message': 'Dec  7 10:06:09 hqnl0246134 sshd[310611]: Failed password for invalid user gerrit from 187.170.233.68 port 53166 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0175 seconds
INFO    [2022-12-07 10:06:11,309] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400371.2741337, 'message': 'Dec  7 10:06:09 hqnl0246134 sshd[310611]: Disconnected from invalid user gerrit 187.170.233.68 port 53166 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0167 seconds
WARNING [2022-12-07 10:06:14,224] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:06:14,260] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0503 seconds
INFO    [2022-12-07 10:06:17,818] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:06:17,819] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:06:17,833] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:06:17,854] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0328 seconds
INFO    [2022-12-07 10:06:20,398] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:06:20,399] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:06:20,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:06:20,418] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 10:06:23,313] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400383.2889266, 'message': 'Dec  7 10:06:21 hqnl0246134 sshd[310632]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.100.249.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 10:06:23,334] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400383.2892609, 'message': 'Dec  7 10:06:21 hqnl0246134 sshd[310632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.100.249.182  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 10:06:25,310] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400385.2915335, 'message': 'Dec  7 10:06:24 hqnl0246134 sshd[310632]: Failed password for root from 34.100.249.182 port 44660 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0190 seconds
INFO    [2022-12-07 10:06:31,321] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400391.303186, 'message': 'Dec  7 10:06:29 hqnl0246134 sshd[310635]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:06:31,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400391.3034022, 'message': 'Dec  7 10:06:29 hqnl0246134 sshd[310635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 10:06:33,332] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400393.3069148, 'message': 'Dec  7 10:06:31 hqnl0246134 sshd[310635]: Failed password for root from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0254 seconds
WARNING [2022-12-07 10:06:53,009] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:06:53,010] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:06:55,363] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400415.3391216, 'message': 'Dec  7 10:06:54 hqnl0246134 sshd[310651]: Invalid user debian from 160.124.103.55 port 36598', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0234 seconds
INFO    [2022-12-07 10:06:55,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400415.3395467, 'message': 'Dec  7 10:06:54 hqnl0246134 sshd[310651]: pam_imunify(sshd:auth): [IM360_RBL] The IP 160.124.103.55 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0182 seconds
INFO    [2022-12-07 10:06:55,401] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400415.3412254, 'message': 'Dec  7 10:06:54 hqnl0246134 sshd[310651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.124.103.55 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 10:06:57,371] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400417.341096, 'message': 'Dec  7 10:06:57 hqnl0246134 sshd[310651]: Failed password for invalid user debian from 160.124.103.55 port 36598 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0299 seconds
INFO    [2022-12-07 10:07:01,395] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '160.124.103.55', 'timestamp': 1670400421.3482754, 'message': 'Dec  7 10:06:59 hqnl0246134 sshd[310651]: Disconnected from invalid user debian 160.124.103.55 port 36598 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 10:07:01,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400421.3486283, 'message': 'Dec  7 10:07:00 hqnl0246134 sshd[310655]: Invalid user Justin from 134.17.16.37 port 23074', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0459 seconds
INFO    [2022-12-07 10:07:01,418] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400421.3488677, 'message': 'Dec  7 10:07:00 hqnl0246134 sshd[310655]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0215 seconds
INFO    [2022-12-07 10:07:01,442] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400421.3490539, 'message': 'Dec  7 10:07:00 hqnl0246134 sshd[310655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
INFO    [2022-12-07 10:07:02,507] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:07:02,508] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:07:02,515] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:07:02,527] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 10:07:03,369] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400423.3472648, 'message': 'Dec  7 10:07:03 hqnl0246134 sshd[310655]: Failed password for invalid user Justin from 134.17.16.37 port 23074 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 10:07:05,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400425.3492332, 'message': 'Dec  7 10:07:03 hqnl0246134 sshd[310655]: Disconnected from invalid user Justin 134.17.16.37 port 23074 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0177 seconds
WARNING [2022-12-07 10:07:14,223] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:07:14,247] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 10:07:18,100] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:07:18,100] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:07:18,108] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:07:18,120] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 10:07:20,714] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:07:20,714] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:07:20,724] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:07:20,740] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0242 seconds
INFO    [2022-12-07 10:07:23,390] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400443.3704786, 'message': 'Dec  7 10:07:21 hqnl0246134 sshd[310696]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.247.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 10:07:23,408] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400443.370734, 'message': 'Dec  7 10:07:21 hqnl0246134 sshd[310696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 10:07:25,392] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400445.3722866, 'message': 'Dec  7 10:07:23 hqnl0246134 sshd[310696]: Failed password for root from 147.182.247.29 port 37960 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 10:07:43,433] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400463.395885, 'message': 'Dec  7 10:07:42 hqnl0246134 sshd[310708]: Invalid user cesar from 45.64.134.14 port 39187', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0357 seconds
INFO    [2022-12-07 10:07:43,436] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400463.3968253, 'message': 'Dec  7 10:07:43 hqnl0246134 sshd[310707]: Invalid user nagios from 128.199.234.147 port 56724', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0366 seconds
INFO    [2022-12-07 10:07:43,466] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400463.3965244, 'message': 'Dec  7 10:07:42 hqnl0246134 sshd[310708]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.64.134.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0316 seconds
INFO    [2022-12-07 10:07:43,468] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400463.3969462, 'message': 'Dec  7 10:07:43 hqnl0246134 sshd[310707]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.234.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0313 seconds
INFO    [2022-12-07 10:07:43,500] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400463.3967056, 'message': 'Dec  7 10:07:42 hqnl0246134 sshd[310708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.64.134.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 10:07:43,502] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400463.3976817, 'message': 'Dec  7 10:07:43 hqnl0246134 sshd[310707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0336 seconds
INFO    [2022-12-07 10:07:45,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400465.396748, 'message': 'Dec  7 10:07:44 hqnl0246134 sshd[310708]: Failed password for invalid user cesar from 45.64.134.14 port 39187 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0464 seconds
INFO    [2022-12-07 10:07:45,445] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400465.3970444, 'message': 'Dec  7 10:07:45 hqnl0246134 sshd[310707]: Failed password for invalid user nagios from 128.199.234.147 port 56724 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0465 seconds
INFO    [2022-12-07 10:07:45,473] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400465.3972383, 'message': 'Dec  7 10:07:45 hqnl0246134 sshd[310708]: Disconnected from invalid user cesar 45.64.134.14 port 39187 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 10:07:47,420] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400467.3983207, 'message': 'Dec  7 10:07:45 hqnl0246134 sshd[310707]: Disconnected from invalid user nagios 128.199.234.147 port 56724 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0215 seconds
WARNING [2022-12-07 10:07:53,013] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:07:53,014] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:08:14,232] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:08:14,260] defence360agent.internals.the_sink: SensorIncidentList(<9 item(s)>) processed in 0.0414 seconds
INFO    [2022-12-07 10:08:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:08:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:08:17,929] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:08:17,942] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0215 seconds
INFO    [2022-12-07 10:08:23,393] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:08:23,394] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:08:23,406] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:08:23,424] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0295 seconds
INFO    [2022-12-07 10:08:34,181] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:08:34,248] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:08:34,248] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:08:34,249] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:08:34,249] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:08:34,249] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:08:34,267] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:08:34,296] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0452 seconds
WARNING [2022-12-07 10:08:34,308] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:08:34,313] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:08:34,344] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0588 seconds
INFO    [2022-12-07 10:08:34,347] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0553 seconds
WARNING [2022-12-07 10:08:53,017] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:08:53,019] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:09:01,686] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400541.6454384, 'message': 'Dec  7 10:09:01 hqnl0246134 sshd[310799]: Invalid user marjorie from 34.100.249.182 port 59716', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0388 seconds
INFO    [2022-12-07 10:09:01,711] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400541.6460483, 'message': 'Dec  7 10:09:01 hqnl0246134 sshd[310799]: pam_imunify(sshd:auth): [IM360_RBL] The IP 34.100.249.182 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 10:09:01,730] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400541.6463137, 'message': 'Dec  7 10:09:01 hqnl0246134 sshd[310799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.100.249.182 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0180 seconds
INFO    [2022-12-07 10:09:03,525] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400543.5051358, 'message': 'Dec  7 10:09:03 hqnl0246134 sshd[310799]: Failed password for invalid user marjorie from 34.100.249.182 port 59716 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 10:09:04,375] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:09:04,376] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:09:04,377] im360.plugins.client360: Waiting 7 minutes before retry...
INFO    [2022-12-07 10:09:05,523] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '34.100.249.182', 'timestamp': 1670400545.506104, 'message': 'Dec  7 10:09:04 hqnl0246134 sshd[310799]: Disconnected from invalid user marjorie 34.100.249.182 port 59716 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 10:09:06,699] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:09:06,699] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:09:06,708] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:09:06,719] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 10:09:13,543] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400553.5180292, 'message': 'Dec  7 10:09:12 hqnl0246134 sshd[310919]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.170.233.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 10:09:13,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400553.5182633, 'message': 'Dec  7 10:09:12 hqnl0246134 sshd[310919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.233.68  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0237 seconds
WARNING [2022-12-07 10:09:14,235] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:09:14,265] defence360agent.internals.the_sink: SensorIncidentList(<5 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-07 10:09:15,541] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400555.5205514, 'message': 'Dec  7 10:09:13 hqnl0246134 sshd[310919]: Failed password for root from 187.170.233.68 port 43972 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0209 seconds
INFO    [2022-12-07 10:09:17,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:09:17,832] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:09:17,841] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:09:17,853] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 10:09:20,580] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:09:20,581] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:09:20,588] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:09:20,599] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0175 seconds
INFO    [2022-12-07 10:09:27,558] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400567.537404, 'message': 'Dec  7 10:09:25 hqnl0246134 sshd[310942]: Invalid user musikbot from 52.140.206.1 port 1024', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 10:09:27,576] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400567.5377553, 'message': 'Dec  7 10:09:25 hqnl0246134 sshd[310942]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 10:09:27,593] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400567.537889, 'message': 'Dec  7 10:09:25 hqnl0246134 sshd[310942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0164 seconds
INFO    [2022-12-07 10:09:29,567] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400569.5404918, 'message': 'Dec  7 10:09:28 hqnl0246134 sshd[310942]: Failed password for invalid user musikbot from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 10:09:29,595] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400569.5407689, 'message': 'Dec  7 10:09:28 hqnl0246134 sshd[310942]: Disconnected from invalid user musikbot 52.140.206.1 port 1024 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0276 seconds
WARNING [2022-12-07 10:09:53,027] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:09:53,029] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:10:14,238] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:10:14,263] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0364 seconds
INFO    [2022-12-07 10:10:17,628] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400617.6005933, 'message': 'Dec  7 10:10:17 hqnl0246134 sshd[310992]: Invalid user sir from 147.182.247.29 port 56506', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0254 seconds
INFO    [2022-12-07 10:10:17,647] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400617.6013215, 'message': 'Dec  7 10:10:17 hqnl0246134 sshd[310992]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.247.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 10:10:17,665] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400617.6015956, 'message': 'Dec  7 10:10:17 hqnl0246134 sshd[310992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.29 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
INFO    [2022-12-07 10:10:17,883] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:10:17,884] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:10:17,891] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:10:17,903] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0184 seconds
INFO    [2022-12-07 10:10:19,623] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400619.5991018, 'message': 'Dec  7 10:10:18 hqnl0246134 sshd[310992]: Failed password for invalid user sir from 147.182.247.29 port 56506 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 10:10:19,645] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400619.5993156, 'message': 'Dec  7 10:10:19 hqnl0246134 sshd[310992]: Disconnected from invalid user sir 147.182.247.29 port 56506 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0205 seconds
INFO    [2022-12-07 10:10:20,742] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:10:20,743] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:10:20,752] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:10:20,764] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0203 seconds
INFO    [2022-12-07 10:10:22,157] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:10:22,158] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:10:22,173] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:10:22,195] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
INFO    [2022-12-07 10:10:27,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400627.604404, 'message': 'Dec  7 10:10:27 hqnl0246134 sshd[311022]: Invalid user andres from 82.66.187.39 port 35034', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 10:10:29,624] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400629.6051855, 'message': 'Dec  7 10:10:27 hqnl0246134 sshd[311022]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 10:10:29,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400629.6075335, 'message': 'Dec  7 10:10:27 hqnl0246134 sshd[311022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 10:10:31,637] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400631.6071463, 'message': 'Dec  7 10:10:29 hqnl0246134 sshd[311022]: Failed password for invalid user andres from 82.66.187.39 port 35034 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0298 seconds
INFO    [2022-12-07 10:10:33,634] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400633.6084483, 'message': 'Dec  7 10:10:31 hqnl0246134 sshd[311022]: Disconnected from invalid user andres 82.66.187.39 port 35034 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0253 seconds
INFO    [2022-12-07 10:10:45,649] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400645.6268373, 'message': 'Dec  7 10:10:44 hqnl0246134 sshd[311028]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.234.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0219 seconds
INFO    [2022-12-07 10:10:45,672] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400645.6270962, 'message': 'Dec  7 10:10:44 hqnl0246134 sshd[311028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0220 seconds
INFO    [2022-12-07 10:10:47,654] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400647.6302218, 'message': 'Dec  7 10:10:46 hqnl0246134 sshd[311028]: Failed password for root from 128.199.234.147 port 45556 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0235 seconds
WARNING [2022-12-07 10:10:53,033] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:10:53,035] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:11:05,676] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400665.6510272, 'message': 'Dec  7 10:11:03 hqnl0246134 sshd[311054]: Invalid user administrator from 45.64.134.14 port 29080', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0239 seconds
INFO    [2022-12-07 10:11:05,701] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400665.6512916, 'message': 'Dec  7 10:11:03 hqnl0246134 sshd[311054]: pam_imunify(sshd:auth): [IM360_RBL] The IP 45.64.134.14 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 10:11:05,725] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400665.6515822, 'message': 'Dec  7 10:11:03 hqnl0246134 sshd[311054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.64.134.14 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 10:11:07,671] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400667.6527677, 'message': 'Dec  7 10:11:06 hqnl0246134 sshd[311054]: Failed password for invalid user administrator from 45.64.134.14 port 29080 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:11:09,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '45.64.134.14', 'timestamp': 1670400669.6574671, 'message': 'Dec  7 10:11:07 hqnl0246134 sshd[311054]: Disconnected from invalid user administrator 45.64.134.14 port 29080 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
WARNING [2022-12-07 10:11:14,243] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:11:14,271] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0368 seconds
INFO    [2022-12-07 10:11:17,867] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:11:17,868] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:11:17,877] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:11:17,891] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0216 seconds
INFO    [2022-12-07 10:11:23,009] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:11:23,010] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:11:23,034] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:11:23,059] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0411 seconds
INFO    [2022-12-07 10:11:37,803] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400697.6916077, 'message': 'Dec  7 10:11:36 hqnl0246134 sshd[311088]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.1094 seconds
INFO    [2022-12-07 10:11:37,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400697.692406, 'message': 'Dec  7 10:11:36 hqnl0246134 sshd[311088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0574 seconds
INFO    [2022-12-07 10:11:39,728] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400699.6928744, 'message': 'Dec  7 10:11:38 hqnl0246134 sshd[311088]: Failed password for root from 134.17.16.37 port 23075 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 10:11:44,166] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:11:44,166] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:11:44,175] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:11:44,195] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0279 seconds
WARNING [2022-12-07 10:11:53,042] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:11:53,043] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:11:54,372] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 10:12:09,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400729.7343917, 'message': 'Dec  7 10:12:07 hqnl0246134 sshd[311119]: Invalid user user1 from 187.170.233.68 port 34772', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0293 seconds
INFO    [2022-12-07 10:12:09,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400729.7352335, 'message': 'Dec  7 10:12:07 hqnl0246134 sshd[311119]: pam_imunify(sshd:auth): [IM360_RBL] The IP 187.170.233.68 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:12:09,805] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400729.735594, 'message': 'Dec  7 10:12:07 hqnl0246134 sshd[311119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.233.68 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 10:12:11,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400731.7350185, 'message': 'Dec  7 10:12:10 hqnl0246134 sshd[311119]: Failed password for invalid user user1 from 187.170.233.68 port 34772 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 10:12:13,767] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '187.170.233.68', 'timestamp': 1670400733.7449884, 'message': 'Dec  7 10:12:12 hqnl0246134 sshd[311119]: Disconnected from invalid user user1 187.170.233.68 port 34772 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0217 seconds
WARNING [2022-12-07 10:12:14,257] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:12:14,294] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0551 seconds
INFO    [2022-12-07 10:12:19,720] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:12:19,721] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:12:19,730] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:12:19,743] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
INFO    [2022-12-07 10:12:22,404] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:12:22,404] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:12:22,412] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:12:22,423] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 10:12:41,822] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400761.7867684, 'message': 'Dec  7 10:12:40 hqnl0246134 sshd[311154]: pam_imunify(sshd:auth): [IM360_RBL] The IP 52.140.206.1 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 10:12:41,854] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400761.7873654, 'message': 'Dec  7 10:12:40 hqnl0246134 sshd[311154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.206.1  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0312 seconds
INFO    [2022-12-07 10:12:43,816] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '52.140.206.1', 'timestamp': 1670400763.7858114, 'message': 'Dec  7 10:12:42 hqnl0246134 sshd[311154]: Failed password for root from 52.140.206.1 port 1024 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0298 seconds
WARNING [2022-12-07 10:12:53,046] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:12:53,047] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:13:02,020] defence360agent.simple_rpc: Response: method - ['health'], data - {'result': 'success', 'messages': [], 'data': {'healthy': True, 'why': 'not registered', 'strategy': 'PRIMARY_IDS', 'version': '6.7.3-1', 'eula': None, 'license': {'status': False, 'redirect_url': None}}}
WARNING [2022-12-07 10:13:02,032] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:13:02,045] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['health'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/sbin/imunify360-watchdog', '1200']}) processed in 0.0238 seconds
WARNING [2022-12-07 10:13:14,251] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:13:14,271] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0290 seconds
INFO    [2022-12-07 10:13:15,878] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400795.859536, 'message': 'Dec  7 10:13:14 hqnl0246134 sshd[311193]: pam_imunify(sshd:auth): [IM360_RBL] The IP 147.182.247.29 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 10:13:15,896] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400795.8597846, 'message': 'Dec  7 10:13:14 hqnl0246134 sshd[311193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.29  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0166 seconds
INFO    [2022-12-07 10:13:17,884] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '147.182.247.29', 'timestamp': 1670400797.8613284, 'message': 'Dec  7 10:13:16 hqnl0246134 sshd[311193]: Failed password for root from 147.182.247.29 port 46822 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0223 seconds
INFO    [2022-12-07 10:13:19,889] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:13:19,889] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:13:19,900] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:13:19,920] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0296 seconds
INFO    [2022-12-07 10:13:21,607] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:13:21,607] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:13:21,614] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:13:21,626] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 10:13:24,843] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:13:24,843] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:13:24,851] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:13:24,864] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
WARNING [2022-12-07 10:13:53,049] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:13:53,051] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:13:53,949] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400833.9174485, 'message': 'Dec  7 10:13:53 hqnl0246134 sshd[311235]: pam_imunify(sshd:auth): [IM360_RBL] The IP 128.199.234.147 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 10:13:53,972] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400833.918158, 'message': 'Dec  7 10:13:53 hqnl0246134 sshd[311235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 10:13:55,947] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '128.199.234.147', 'timestamp': 1670400835.9205055, 'message': 'Dec  7 10:13:55 hqnl0246134 sshd[311235]: Failed password for root from 128.199.234.147 port 34396 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0259 seconds
INFO    [2022-12-07 10:14:11,968] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400851.9428446, 'message': 'Dec  7 10:14:10 hqnl0246134 sshd[311256]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 10:14:11,989] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400851.943156, 'message': 'Dec  7 10:14:10 hqnl0246134 sshd[311256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 10:14:13,978] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '82.66.187.39', 'timestamp': 1670400853.9451919, 'message': 'Dec  7 10:14:13 hqnl0246134 sshd[311256]: Failed password for root from 82.66.187.39 port 34164 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0323 seconds
INFO    [2022-12-07 10:14:13,979] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400853.9454012, 'message': 'Dec  7 10:14:13 hqnl0246134 sshd[311258]: Invalid user wang from 134.17.16.37 port 23076', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0326 seconds
INFO    [2022-12-07 10:14:14,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400853.9458325, 'message': 'Dec  7 10:14:13 hqnl0246134 sshd[311258]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 10:14:14,019] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400853.945943, 'message': 'Dec  7 10:14:13 hqnl0246134 sshd[311258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.37 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0178 seconds
WARNING [2022-12-07 10:14:14,255] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:14:14,298] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0519 seconds
INFO    [2022-12-07 10:14:15,969] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400855.9480758, 'message': 'Dec  7 10:14:15 hqnl0246134 sshd[311258]: Failed password for invalid user wang from 134.17.16.37 port 23076 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0210 seconds
INFO    [2022-12-07 10:14:17,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400857.9519145, 'message': 'Dec  7 10:14:16 hqnl0246134 sshd[311258]: Disconnected from invalid user wang 134.17.16.37 port 23076 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 10:14:19,842] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:14:19,843] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:14:19,850] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:14:19,862] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0188 seconds
INFO    [2022-12-07 10:14:22,828] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:14:22,829] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:14:22,836] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:14:22,847] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 10:14:53,054] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:14:53,056] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:15:14,271] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:15:14,297] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0454 seconds
INFO    [2022-12-07 10:15:18,039] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:15:18,040] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:15:18,048] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:15:18,061] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0202 seconds
INFO    [2022-12-07 10:15:20,711] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:15:20,711] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:15:20,718] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:15:20,730] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
WARNING [2022-12-07 10:15:53,059] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:15:53,060] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:16:08,491] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:16:08,563] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:16:08,564] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:16:08,564] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:16:08,565] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:16:08,566] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:16:08,587] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:16:08,621] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0538 seconds
WARNING [2022-12-07 10:16:08,628] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:16:08,631] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:16:08,657] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0483 seconds
INFO    [2022-12-07 10:16:08,660] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0431 seconds
INFO    [2022-12-07 10:16:17,918] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:16:17,919] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:16:17,943] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:16:17,981] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0486 seconds
INFO    [2022-12-07 10:16:22,583] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:16:22,584] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:16:22,591] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:16:22,603] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 10:16:24,203] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670400984.1730335, 'message': 'Dec  7 10:16:22 hqnl0246134 sshd[311395]: Invalid user bitnami from 171.225.184.159 port 28050', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0295 seconds
INFO    [2022-12-07 10:16:24,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '171.225.184.159', 'timestamp': 1670400984.1734154, 'message': 'Dec  7 10:16:23 hqnl0246134 sshd[311395]: pam_imunify(sshd:auth): [IM360_RBL] The IP 171.225.184.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 10:16:24,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '171.225.184.159', 'timestamp': 1670400984.1737204, 'message': 'Dec  7 10:16:23 hqnl0246134 sshd[311395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.184.159 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 10:16:26,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670400986.1733494, 'message': 'Dec  7 10:16:25 hqnl0246134 sshd[311395]: Failed password for invalid user bitnami from 171.225.184.159 port 28050 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0559 seconds
INFO    [2022-12-07 10:16:29,773] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:16:29,774] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:16:29,784] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:16:29,795] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
INFO    [2022-12-07 10:16:38,234] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400998.1935449, 'message': 'Dec  7 10:16:37 hqnl0246134 sshd[311416]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.17.16.37 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0400 seconds
INFO    [2022-12-07 10:16:38,264] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.17.16.37', 'timestamp': 1670400998.1940544, 'message': 'Dec  7 10:16:37 hqnl0246134 sshd[311416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.16.37  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0290 seconds
INFO    [2022-12-07 10:16:38,691] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:16:38,691] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:16:38,692] im360.plugins.client360: Waiting 4 minutes before retry...
INFO    [2022-12-07 10:16:40,220] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.17.16.37', 'timestamp': 1670401000.1959271, 'message': 'Dec  7 10:16:39 hqnl0246134 sshd[311416]: Failed password for root from 134.17.16.37 port 23077 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0242 seconds
INFO    [2022-12-07 10:16:42,223] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670401002.1982276, 'message': 'Dec  7 10:16:41 hqnl0246134 sshd[311418]: Invalid user apps from 51.195.247.123 port 43344', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0246 seconds
INFO    [2022-12-07 10:16:44,235] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '51.195.247.123', 'timestamp': 1670401004.20253, 'message': 'Dec  7 10:16:42 hqnl0246134 sshd[311418]: pam_imunify(sshd:auth): [IM360_RBL] The IP 51.195.247.123 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0319 seconds
INFO    [2022-12-07 10:16:44,236] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401004.2029798, 'message': 'Dec  7 10:16:43 hqnl0246134 sshd[311420]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0321 seconds
INFO    [2022-12-07 10:16:44,266] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.195.247.123', 'timestamp': 1670401004.2028158, 'message': 'Dec  7 10:16:42 hqnl0246134 sshd[311418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.247.123 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
INFO    [2022-12-07 10:16:44,267] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401004.203108, 'message': 'Dec  7 10:16:43 hqnl0246134 sshd[311420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0304 seconds
INFO    [2022-12-07 10:16:44,284] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670401004.2032118, 'message': 'Dec  7 10:16:43 hqnl0246134 sshd[311418]: Failed password for invalid user apps from 51.195.247.123 port 43344 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 10:16:46,242] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401006.2064154, 'message': 'Dec  7 10:16:45 hqnl0246134 sshd[311420]: Failed password for root from 82.66.187.39 port 50944 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0353 seconds
INFO    [2022-12-07 10:16:46,243] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.195.247.123', 'timestamp': 1670401006.2068238, 'message': 'Dec  7 10:16:45 hqnl0246134 sshd[311418]: Disconnected from invalid user apps 51.195.247.123 port 43344 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0354 seconds
WARNING [2022-12-07 10:16:53,064] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:16:53,066] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:17:14,274] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:17:14,305] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0453 seconds
INFO    [2022-12-07 10:17:18,797] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:17:18,798] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:17:18,807] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:17:18,819] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 10:17:21,465] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:17:21,465] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:17:21,473] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:17:21,486] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
WARNING [2022-12-07 10:17:53,068] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:17:53,070] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:17:54,339] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401074.3093565, 'message': 'Dec  7 10:17:54 hqnl0246134 sshd[311501]: Invalid user test from 171.225.184.159 port 42871', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 10:17:56,348] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401076.3117201, 'message': 'Dec  7 10:17:54 hqnl0246134 sshd[311501]: pam_imunify(sshd:auth): [IM360_RBL] The IP 171.225.184.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0349 seconds
INFO    [2022-12-07 10:17:56,382] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401076.3120885, 'message': 'Dec  7 10:17:54 hqnl0246134 sshd[311501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.184.159 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 10:17:56,405] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401076.3125541, 'message': 'Dec  7 10:17:56 hqnl0246134 sshd[311504]: Invalid user stephen from 171.225.184.159 port 33922', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0221 seconds
INFO    [2022-12-07 10:17:58,354] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401078.3188443, 'message': 'Dec  7 10:17:56 hqnl0246134 sshd[311501]: Failed password for invalid user test from 171.225.184.159 port 42871 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 10:17:58,388] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401078.3191066, 'message': 'Dec  7 10:17:56 hqnl0246134 sshd[311504]: pam_imunify(sshd:auth): [IM360_RBL] The IP 171.225.184.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0338 seconds
INFO    [2022-12-07 10:17:58,423] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401078.3192222, 'message': 'Dec  7 10:17:56 hqnl0246134 sshd[311504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.184.159 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0341 seconds
INFO    [2022-12-07 10:17:59,650] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:17:59,651] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:17:59,659] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:17:59,672] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0192 seconds
INFO    [2022-12-07 10:18:00,342] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401080.3233485, 'message': 'Dec  7 10:17:59 hqnl0246134 sshd[311504]: Failed password for invalid user stephen from 171.225.184.159 port 33922 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 10:18:14,273] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:18:14,296] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0330 seconds
INFO    [2022-12-07 10:18:18,127] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:18:18,127] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:18:18,136] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:18:18,149] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0210 seconds
INFO    [2022-12-07 10:18:20,942] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:18:20,943] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:18:20,955] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:18:20,969] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0255 seconds
WARNING [2022-12-07 10:18:53,073] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:18:53,075] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:19:10,487] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401150.460416, 'message': 'Dec  7 10:19:10 hqnl0246134 sshd[311569]: pam_imunify(sshd:auth): [IM360_RBL] The IP 171.225.184.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0250 seconds
INFO    [2022-12-07 10:19:10,507] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401150.4610066, 'message': 'Dec  7 10:19:10 hqnl0246134 sshd[311569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.184.159  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0200 seconds
INFO    [2022-12-07 10:19:12,494] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401152.462929, 'message': 'Dec  7 10:19:12 hqnl0246134 sshd[311569]: Failed password for root from 171.225.184.159 port 21334 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0311 seconds
WARNING [2022-12-07 10:19:14,275] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:19:14,295] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0283 seconds
INFO    [2022-12-07 10:19:17,630] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:19:17,631] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:19:17,639] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:19:17,651] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 10:19:18,190] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:19:18,191] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:19:18,198] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:19:18,211] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 10:19:21,074] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:19:21,075] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:19:21,092] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:19:21,127] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0506 seconds
INFO    [2022-12-07 10:19:26,517] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401166.4959843, 'message': 'Dec  7 10:19:25 hqnl0246134 sshd[311596]: Invalid user cashier from 82.66.187.39 port 34866', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 10:19:26,536] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401166.4963207, 'message': 'Dec  7 10:19:25 hqnl0246134 sshd[311596]: pam_imunify(sshd:auth): [IM360_RBL] The IP 82.66.187.39 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0176 seconds
INFO    [2022-12-07 10:19:26,555] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401166.496472, 'message': 'Dec  7 10:19:25 hqnl0246134 sshd[311596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.187.39 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:19:28,534] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401168.4960492, 'message': 'Dec  7 10:19:28 hqnl0246134 sshd[311596]: Failed password for invalid user cashier from 82.66.187.39 port 34866 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 10:19:30,520] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '82.66.187.39', 'timestamp': 1670401170.500844, 'message': 'Dec  7 10:19:29 hqnl0246134 sshd[311596]: Disconnected from invalid user cashier 82.66.187.39 port 34866 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 10:19:36,538] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401176.5129201, 'message': 'Dec  7 10:19:36 hqnl0246134 sshd[311601]: pam_imunify(sshd:auth): [IM360_RBL] The IP 171.225.184.159 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 10:19:36,557] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401176.51323, 'message': 'Dec  7 10:19:36 hqnl0246134 sshd[311601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.184.159  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:19:38,533] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '171.225.184.159', 'timestamp': 1670401178.5147636, 'message': 'Dec  7 10:19:38 hqnl0246134 sshd[311601]: Failed password for root from 171.225.184.159 port 40253 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0186 seconds
WARNING [2022-12-07 10:19:53,080] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:19:53,081] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:20:14,282] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:20:14,304] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0325 seconds
INFO    [2022-12-07 10:20:20,236] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:20:20,237] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:20:20,246] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:20:20,261] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0229 seconds
INFO    [2022-12-07 10:20:22,893] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:20:22,894] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:20:22,902] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:20:22,914] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
WARNING [2022-12-07 10:20:53,086] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:20:53,088] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:21:18,025] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:21:18,026] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:21:18,037] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:21:18,051] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0241 seconds
INFO    [2022-12-07 10:21:19,235] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:21:19,305] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:21:19,305] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:21:19,305] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:21:19,306] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:21:19,307] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:21:19,320] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:21:19,339] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0315 seconds
WARNING [2022-12-07 10:21:19,347] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:21:19,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:21:19,378] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0446 seconds
INFO    [2022-12-07 10:21:19,380] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0427 seconds
INFO    [2022-12-07 10:21:20,793] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:21:20,793] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:21:20,801] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:21:20,812] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0178 seconds
INFO    [2022-12-07 10:21:49,433] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:21:49,438] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:21:49,439] im360.plugins.client360: Waiting 5 minutes before retry...
WARNING [2022-12-07 10:21:53,092] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:21:53,093] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:21:54,376] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
INFO    [2022-12-07 10:22:18,349] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:22:18,350] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:22:18,363] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:22:18,377] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0250 seconds
INFO    [2022-12-07 10:22:20,999] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:22:21,000] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:22:21,009] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:22:21,022] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0211 seconds
WARNING [2022-12-07 10:22:53,096] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:22:53,097] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:23:20,006] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:23:20,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:23:20,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:23:20,031] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0233 seconds
INFO    [2022-12-07 10:23:22,632] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:23:22,633] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:23:22,647] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:23:22,668] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0330 seconds
INFO    [2022-12-07 10:23:26,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401406.88607, 'message': 'Dec  7 10:23:25 hqnl0246134 sshd[311849]: Invalid user deborah from 162.241.201.224 port 53712', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0206 seconds
INFO    [2022-12-07 10:23:26,925] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401406.8864233, 'message': 'Dec  7 10:23:26 hqnl0246134 sshd[311849]: pam_imunify(sshd:auth): [IM360_RBL] The IP 162.241.201.224 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 10:23:26,945] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401406.8865747, 'message': 'Dec  7 10:23:26 hqnl0246134 sshd[311849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.201.224 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 10:23:28,905] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401408.8859768, 'message': 'Dec  7 10:23:28 hqnl0246134 sshd[311849]: Failed password for invalid user deborah from 162.241.201.224 port 53712 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 10:23:30,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401410.8883226, 'message': 'Dec  7 10:23:29 hqnl0246134 sshd[311849]: Disconnected from invalid user deborah 162.241.201.224 port 53712 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 10:23:34,386] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:23:34,386] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:23:34,393] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:23:34,404] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
WARNING [2022-12-07 10:23:53,101] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:23:53,102] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:24:14,299] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:24:14,323] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0334 seconds
INFO    [2022-12-07 10:24:17,934] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:24:17,934] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:24:17,942] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:24:17,955] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0195 seconds
INFO    [2022-12-07 10:24:20,758] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:24:20,759] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:24:20,768] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:24:20,783] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0231 seconds
INFO    [2022-12-07 10:24:47,009] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401486.9839542, 'message': 'Dec  7 10:24:45 hqnl0246134 sshd[311914]: Invalid user usuario from 185.206.134.202 port 46808', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0233 seconds
INFO    [2022-12-07 10:24:47,027] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401486.9846606, 'message': 'Dec  7 10:24:45 hqnl0246134 sshd[311914]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.206.134.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:24:47,046] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401486.984877, 'message': 'Dec  7 10:24:45 hqnl0246134 sshd[311914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.206.134.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0173 seconds
INFO    [2022-12-07 10:24:49,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401488.9852993, 'message': 'Dec  7 10:24:47 hqnl0246134 sshd[311914]: Failed password for invalid user usuario from 185.206.134.202 port 46808 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 10:24:51,010] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401490.987444, 'message': 'Dec  7 10:24:49 hqnl0246134 sshd[311914]: Disconnected from invalid user usuario 185.206.134.202 port 46808 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0223 seconds
WARNING [2022-12-07 10:24:53,107] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:24:53,107] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:25:14,304] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:25:14,325] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0293 seconds
INFO    [2022-12-07 10:25:17,982] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:25:17,983] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:25:17,992] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:25:18,004] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0201 seconds
INFO    [2022-12-07 10:25:20,759] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:25:20,760] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:25:20,774] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:25:20,794] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0327 seconds
WARNING [2022-12-07 10:25:53,111] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:25:53,112] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:26:18,156] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:26:18,156] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:26:18,171] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:26:18,187] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0293 seconds
INFO    [2022-12-07 10:26:21,007] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:26:21,007] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:26:21,018] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:26:21,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0291 seconds
WARNING [2022-12-07 10:26:53,117] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:26:53,118] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:27:21,133] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:27:21,134] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:27:21,208] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:27:21,293] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1569 seconds
INFO    [2022-12-07 10:27:24,029] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:27:24,030] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:27:24,038] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:27:24,051] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 10:27:31,305] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401651.2688396, 'message': 'Dec  7 10:27:29 hqnl0246134 sshd[312098]: Invalid user esadmin from 46.101.73.246 port 50392', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0243 seconds
INFO    [2022-12-07 10:27:31,325] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401651.2692316, 'message': 'Dec  7 10:27:29 hqnl0246134 sshd[312098]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.73.246 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 10:27:31,347] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401651.2694066, 'message': 'Dec  7 10:27:29 hqnl0246134 sshd[312098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.73.246 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0212 seconds
INFO    [2022-12-07 10:27:31,367] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401651.2695148, 'message': 'Dec  7 10:27:31 hqnl0246134 sshd[312098]: Failed password for invalid user esadmin from 46.101.73.246 port 50392 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 10:27:33,294] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401653.2690847, 'message': 'Dec  7 10:27:32 hqnl0246134 sshd[312098]: Disconnected from invalid user esadmin 46.101.73.246 port 50392 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0247 seconds
INFO    [2022-12-07 10:27:34,515] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:27:34,515] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:27:34,523] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:27:34,535] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0187 seconds
INFO    [2022-12-07 10:27:49,129] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:27:49,198] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:27:49,198] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:27:49,198] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:27:49,199] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:27:49,199] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:27:49,211] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:27:49,229] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0293 seconds
WARNING [2022-12-07 10:27:49,237] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:27:49,239] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:27:49,256] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0350 seconds
INFO    [2022-12-07 10:27:49,258] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0320 seconds
WARNING [2022-12-07 10:27:53,132] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:27:53,133] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:28:14,319] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:28:14,352] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0466 seconds
INFO    [2022-12-07 10:28:18,053] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:28:18,054] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:28:18,061] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:28:18,072] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0174 seconds
INFO    [2022-12-07 10:28:20,693] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:28:20,693] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:28:20,703] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:28:20,714] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0204 seconds
INFO    [2022-12-07 10:28:21,584] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:28:21,585] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:28:21,586] im360.plugins.client360: Waiting 5 minutes before retry...
INFO    [2022-12-07 10:28:45,396] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670401725.369934, 'message': 'Dec  7 10:28:43 hqnl0246134 sshd[312158]: Accepted password for supportwwwuser from 212.58.119.251 port 10534 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0245 seconds
WARNING [2022-12-07 10:28:53,136] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:28:53,137] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:29:14,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:29:14,395] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.0827 seconds
INFO    [2022-12-07 10:29:18,106] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:29:18,106] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:29:18,115] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:29:18,127] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0194 seconds
INFO    [2022-12-07 10:29:20,801] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:29:20,802] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:29:20,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:29:20,823] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 10:29:45,485] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670401785.458774, 'message': 'Dec  7 10:29:43 hqnl0246134 sshd[312255]: Accepted password for supportwwwuser from 212.58.119.251 port 18950 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0250 seconds
WARNING [2022-12-07 10:29:53,142] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:29:53,145] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:30:14,890] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:30:14,910] defence360agent.internals.the_sink: SensorIncidentList(<1 item(s)>) processed in 0.5933 seconds
INFO    [2022-12-07 10:30:17,767] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:30:17,768] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:30:17,780] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:30:17,799] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0297 seconds
INFO    [2022-12-07 10:30:22,326] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:30:22,326] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:30:22,335] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:30:22,347] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0200 seconds
INFO    [2022-12-07 10:30:43,082] defence360agent.files: Updating all files
INFO    [2022-12-07 10:30:43,366] defence360agent.files: ossec was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:43,367] defence360agent.files: ossec files update finished (not updated)
INFO    [2022-12-07 10:30:43,703] defence360agent.files: static-whitelist was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:43,703] defence360agent.files: static-whitelist files update finished (not updated)
INFO    [2022-12-07 10:30:43,962] defence360agent.files: realtime-av-conf was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:43,962] defence360agent.files: realtime-av-conf files update finished (not updated)
INFO    [2022-12-07 10:30:44,301] defence360agent.files: modsec-rules was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:44,301] defence360agent.files: modsec-rules files update finished (not updated)
INFO    [2022-12-07 10:30:44,302] defence360agent.files: Updating php-immunity files via file by file download
INFO    [2022-12-07 10:30:44,561] defence360agent.files: Requested gzip but got Content-Encoding=None. Read response as is [identity]. Headers: [('Server', 'nginx'), ('Date', 'Wed, 07 Dec 2022 08:30:44 GMT'), ('Content-Type', 'application/json'), ('Content-Length', '63'), ('Connection', 'close'), ('Accept-Ranges', 'bytes'), ('Content-Security-Policy', 'block-all-mixed-content'), ('ETag', '"e503f99eff37192363e96465ceca47d9"'), ('Last-Modified', 'Mon, 14 Nov 2022 09:56:25 GMT'), ('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'), ('Vary', 'Origin'), ('Vary', 'Accept-Encoding'), ('X-Amz-Replication-Status', 'REPLICA'), ('X-Amz-Request-Id', '172E75A09F452A96'), ('X-Content-Type-Options', 'nosniff'), ('X-Xss-Protection', '1; mode=block'), ('x-amz-meta-mc-attrs', 'atime:1668418915#621651540/gid:1000/mode:33261/mtime:1595317968#0/uid:1001'), ('x-amz-version-id', '87640513-205a-4f1d-a602-37677fe0cb43'), ('X-use-modsec-release', 'stable'), ('X-use-proactive-release', 'stable'), ('X-use-sigs-release', 'stable'), ('X-use-ossec-release', 'stable'), ('X-Frame-Options', 'DENY'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block')], as curl cmd:
curl -Is -H 'Accept-Encoding: gzip' 'https://files.imunify360.com/static/php-immunity/v1/description.json'
INFO    [2022-12-07 10:30:44,563] defence360agent.files: updating php-immunity: nothing to update.
INFO    [2022-12-07 10:30:44,564] defence360agent.files: php-immunity files update finished (not updated)
INFO    [2022-12-07 10:30:45,123] defence360agent.files: sigs was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:45,124] defence360agent.files: sigs files update finished (not updated)
INFO    [2022-12-07 10:30:45,389] defence360agent.files: ip-record was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:45,390] defence360agent.files: ip-record files update finished (not updated)
INFO    [2022-12-07 10:30:45,650] defence360agent.files: eula was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:45,650] defence360agent.files: eula files update finished (not updated)
INFO    [2022-12-07 10:30:46,028] defence360agent.files: proactive was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:46,029] defence360agent.files: proactive files update finished (not updated)
INFO    [2022-12-07 10:30:46,411] defence360agent.files: geo was updated less than 30 minutes ago.
INFO    [2022-12-07 10:30:46,415] defence360agent.files: geo files update finished (not updated)
WARNING [2022-12-07 10:30:53,148] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:30:53,149] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:31:18,046] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:31:18,047] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:31:18,056] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:31:18,070] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0221 seconds
INFO    [2022-12-07 10:31:20,769] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:31:20,770] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:31:20,777] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:31:20,790] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0198 seconds
INFO    [2022-12-07 10:31:23,619] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401883.5953043, 'message': 'Dec  7 10:31:22 hqnl0246134 sshd[312410]: Invalid user erika from 185.206.134.202 port 52908', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 10:31:23,638] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401883.5956764, 'message': 'Dec  7 10:31:22 hqnl0246134 sshd[312410]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.206.134.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0186 seconds
INFO    [2022-12-07 10:31:23,657] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401883.595874, 'message': 'Dec  7 10:31:22 hqnl0246134 sshd[312410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.206.134.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0179 seconds
INFO    [2022-12-07 10:31:25,616] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401885.5968685, 'message': 'Dec  7 10:31:24 hqnl0246134 sshd[312410]: Failed password for invalid user erika from 185.206.134.202 port 52908 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0193 seconds
INFO    [2022-12-07 10:31:27,620] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670401887.5974963, 'message': 'Dec  7 10:31:26 hqnl0246134 sshd[312410]: Disconnected from invalid user erika 185.206.134.202 port 52908 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0222 seconds
INFO    [2022-12-07 10:31:33,643] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401893.6053512, 'message': 'Dec  7 10:31:31 hqnl0246134 sshd[312422]: pam_imunify(sshd:auth): [IM360_RBL] The IP 162.241.201.224 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0365 seconds
INFO    [2022-12-07 10:31:33,680] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401893.605861, 'message': 'Dec  7 10:31:31 hqnl0246134 sshd[312422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.201.224  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0367 seconds
INFO    [2022-12-07 10:31:35,629] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '162.241.201.224', 'timestamp': 1670401895.6076627, 'message': 'Dec  7 10:31:34 hqnl0246134 sshd[312422]: Failed password for root from 162.241.201.224 port 60020 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0211 seconds
WARNING [2022-12-07 10:31:53,151] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:31:53,153] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:31:54,379] im360.plugins.remote_iplist: Skip iplist sync, since license is invalid
WARNING [2022-12-07 10:32:14,334] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:32:14,367] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0440 seconds
INFO    [2022-12-07 10:32:22,017] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:32:22,017] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:32:22,025] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:32:22,037] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0186 seconds
INFO    [2022-12-07 10:32:26,923] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:32:26,924] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:32:26,941] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:32:26,962] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
WARNING [2022-12-07 10:32:53,157] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:32:53,159] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:33:01,766] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401981.7353814, 'message': 'Dec  7 10:33:01 hqnl0246134 sshd[312505]: Invalid user deploy from 46.101.73.246 port 43406', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0296 seconds
INFO    [2022-12-07 10:33:01,785] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401981.7360811, 'message': 'Dec  7 10:33:01 hqnl0246134 sshd[312505]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.73.246 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0183 seconds
INFO    [2022-12-07 10:33:01,807] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401981.7381794, 'message': 'Dec  7 10:33:01 hqnl0246134 sshd[312505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.73.246 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0213 seconds
INFO    [2022-12-07 10:33:03,757] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401983.7387762, 'message': 'Dec  7 10:33:03 hqnl0246134 sshd[312505]: Failed password for invalid user deploy from 46.101.73.246 port 43406 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 10:33:05,769] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '46.101.73.246', 'timestamp': 1670401985.7430067, 'message': 'Dec  7 10:33:03 hqnl0246134 sshd[312505]: Disconnected from invalid user deploy 46.101.73.246 port 43406 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0264 seconds
INFO    [2022-12-07 10:33:06,564] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:33:06,565] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:33:06,577] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:33:06,591] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0251 seconds
WARNING [2022-12-07 10:33:14,341] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:33:14,363] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0296 seconds
INFO    [2022-12-07 10:33:17,998] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:33:17,998] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:33:18,007] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:33:18,019] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0197 seconds
INFO    [2022-12-07 10:33:20,771] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:33:20,772] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:33:20,785] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:33:20,804] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-07 10:33:37,801] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5715, 'attackers_ip': '212.58.119.251', 'timestamp': 1670402017.7768743, 'message': 'Dec  7 10:33:36 hqnl0246134 sshd[312535]: Accepted password for root from 212.58.119.251 port 10600 ssh2', 'severity': 3, 'name': 'SSHD authentication success.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 10:33:47,828] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402027.8027744, 'message': 'Dec  7 10:33:46 hqnl0246134 sshd[312591]: Invalid user michael from 62.204.41.176 port 39847', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0241 seconds
INFO    [2022-12-07 10:33:47,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402027.803215, 'message': 'Dec  7 10:33:46 hqnl0246134 sshd[312591]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.204.41.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0346 seconds
INFO    [2022-12-07 10:33:47,913] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402027.8034132, 'message': 'Dec  7 10:33:46 hqnl0246134 sshd[312591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.204.41.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0495 seconds
INFO    [2022-12-07 10:33:49,836] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402029.805036, 'message': 'Dec  7 10:33:48 hqnl0246134 sshd[312591]: Failed password for invalid user michael from 62.204.41.176 port 39847 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0309 seconds
INFO    [2022-12-07 10:33:49,872] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402029.8053532, 'message': 'Dec  7 10:33:49 hqnl0246134 sshd[312591]: Disconnected from invalid user michael 62.204.41.176 port 39847 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0343 seconds
INFO    [2022-12-07 10:33:51,848] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402031.8063774, 'message': 'Dec  7 10:33:50 hqnl0246134 sshd[312600]: Invalid user michelle from 62.204.41.176 port 42985', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0410 seconds
INFO    [2022-12-07 10:33:51,850] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402031.8070655, 'message': 'Dec  7 10:33:50 hqnl0246134 sshd[312598]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.206.134.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0409 seconds
INFO    [2022-12-07 10:33:51,887] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402031.8066843, 'message': 'Dec  7 10:33:50 hqnl0246134 sshd[312600]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.204.41.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 10:33:51,889] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402031.8072724, 'message': 'Dec  7 10:33:50 hqnl0246134 sshd[312598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.206.134.202  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 10:33:51,907] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402031.806902, 'message': 'Dec  7 10:33:50 hqnl0246134 sshd[312600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.204.41.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
WARNING [2022-12-07 10:33:53,162] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:33:53,163] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:33:53,861] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402033.8114512, 'message': 'Dec  7 10:33:51 hqnl0246134 sshd[312600]: Failed password for invalid user michelle from 62.204.41.176 port 42985 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0470 seconds
INFO    [2022-12-07 10:33:53,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402033.8124557, 'message': 'Dec  7 10:33:52 hqnl0246134 sshd[312598]: Failed password for root from 185.206.134.202 port 60602 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0474 seconds
INFO    [2022-12-07 10:33:53,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402033.812743, 'message': 'Dec  7 10:33:52 hqnl0246134 sshd[312600]: Disconnected from invalid user michelle 62.204.41.176 port 42985 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 10:33:53,902] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402033.8130133, 'message': 'Dec  7 10:33:53 hqnl0246134 sshd[312611]: Invalid user mira from 62.204.41.176 port 46907', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0195 seconds
INFO    [2022-12-07 10:33:53,922] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402033.8132203, 'message': 'Dec  7 10:33:53 hqnl0246134 sshd[312611]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.204.41.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:33:53,943] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402033.8134701, 'message': 'Dec  7 10:33:53 hqnl0246134 sshd[312611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.204.41.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 10:33:55,829] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402035.8094816, 'message': 'Dec  7 10:33:55 hqnl0246134 sshd[312611]: Failed password for invalid user mira from 62.204.41.176 port 46907 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 10:33:57,837] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402037.8146846, 'message': 'Dec  7 10:33:56 hqnl0246134 sshd[312611]: Disconnected from invalid user mira 62.204.41.176 port 46907 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0218 seconds
INFO    [2022-12-07 10:33:57,863] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402037.8150105, 'message': 'Dec  7 10:33:56 hqnl0246134 sshd[312615]: Invalid user mother from 62.204.41.176 port 51428', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0248 seconds
INFO    [2022-12-07 10:33:57,882] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402037.815194, 'message': 'Dec  7 10:33:56 hqnl0246134 sshd[312615]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.204.41.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 10:33:57,901] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402037.81535, 'message': 'Dec  7 10:33:56 hqnl0246134 sshd[312615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.204.41.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:33:59,845] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402039.820528, 'message': 'Dec  7 10:33:58 hqnl0246134 sshd[312615]: Failed password for invalid user mother from 62.204.41.176 port 51428 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0240 seconds
INFO    [2022-12-07 10:33:59,866] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402039.820843, 'message': 'Dec  7 10:33:59 hqnl0246134 sshd[312615]: Disconnected from invalid user mother 62.204.41.176 port 51428 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 10:34:01,846] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402041.8227916, 'message': 'Dec  7 10:33:59 hqnl0246134 sshd[312617]: Invalid user music from 62.204.41.176 port 54313', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 10:34:01,871] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402041.8230443, 'message': 'Dec  7 10:33:59 hqnl0246134 sshd[312617]: pam_imunify(sshd:auth): [IM360_RBL] The IP 62.204.41.176 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0238 seconds
INFO    [2022-12-07 10:34:01,900] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402041.8231964, 'message': 'Dec  7 10:33:59 hqnl0246134 sshd[312617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.204.41.176 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0286 seconds
INFO    [2022-12-07 10:34:01,919] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402041.8233068, 'message': 'Dec  7 10:34:01 hqnl0246134 sshd[312617]: Failed password for invalid user music from 62.204.41.176 port 54313 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 10:34:03,855] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '62.204.41.176', 'timestamp': 1670402043.8279004, 'message': 'Dec  7 10:34:02 hqnl0246134 sshd[312617]: Disconnected from invalid user music 62.204.41.176 port 54313 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0269 seconds
INFO    [2022-12-07 10:34:05,327] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:34:05,401] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:34:05,402] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:34:05,402] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:34:05,403] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:34:05,403] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:34:05,413] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:34:05,430] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0266 seconds
WARNING [2022-12-07 10:34:05,437] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:34:05,440] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:34:05,458] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0337 seconds
INFO    [2022-12-07 10:34:05,460] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0321 seconds
INFO    [2022-12-07 10:34:13,862] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402053.838522, 'message': 'Dec  7 10:34:12 hqnl0246134 sshd[312644]: Invalid user demouser from 162.241.201.224 port 54466', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0230 seconds
INFO    [2022-12-07 10:34:13,895] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402053.8388433, 'message': 'Dec  7 10:34:12 hqnl0246134 sshd[312644]: pam_imunify(sshd:auth): [IM360_RBL] The IP 162.241.201.224 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0306 seconds
INFO    [2022-12-07 10:34:13,914] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402053.8389883, 'message': 'Dec  7 10:34:12 hqnl0246134 sshd[312644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.201.224 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0193 seconds
WARNING [2022-12-07 10:34:14,349] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:34:14,376] defence360agent.internals.the_sink: SensorIncidentList(<10 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-07 10:34:15,860] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402055.84069, 'message': 'Dec  7 10:34:14 hqnl0246134 sshd[312644]: Failed password for invalid user demouser from 162.241.201.224 port 54466 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 10:34:15,879] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402055.8408804, 'message': 'Dec  7 10:34:15 hqnl0246134 sshd[312644]: Disconnected from invalid user demouser 162.241.201.224 port 54466 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:34:18,023] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:34:18,023] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:34:18,031] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:34:18,042] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0181 seconds
INFO    [2022-12-07 10:34:20,831] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:34:20,831] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:34:20,846] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:34:20,870] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0361 seconds
INFO    [2022-12-07 10:34:35,532] im360.plugins.client360: Server connection closed
WARNING [2022-12-07 10:34:35,534] im360.plugins.client360: Lost connection to the Server (imunify360.cloudlinux.com).
WARNING [2022-12-07 10:34:35,535] im360.plugins.client360: Waiting 6 minutes before retry...
WARNING [2022-12-07 10:34:53,166] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:34:53,167] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:35:09,954] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '154.221.25.18', 'timestamp': 1670402109.9181674, 'message': 'Dec  7 10:35:08 hqnl0246134 sshd[312710]: Invalid user diana from 154.221.25.18 port 55053', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0335 seconds
INFO    [2022-12-07 10:35:09,982] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '154.221.25.18', 'timestamp': 1670402109.9189076, 'message': 'Dec  7 10:35:08 hqnl0246134 sshd[312710]: pam_imunify(sshd:auth): [IM360_RBL] The IP 154.221.25.18 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 10:35:10,014] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '154.221.25.18', 'timestamp': 1670402109.9191997, 'message': 'Dec  7 10:35:08 hqnl0246134 sshd[312710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.18 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0311 seconds
INFO    [2022-12-07 10:35:10,033] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '154.221.25.18', 'timestamp': 1670402109.919424, 'message': 'Dec  7 10:35:09 hqnl0246134 sshd[312710]: Failed password for invalid user diana from 154.221.25.18 port 55053 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0189 seconds
INFO    [2022-12-07 10:35:11,955] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '154.221.25.18', 'timestamp': 1670402111.9214876, 'message': 'Dec  7 10:35:10 hqnl0246134 sshd[312710]: Disconnected from invalid user diana 154.221.25.18 port 55053 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 10:35:13,678] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:35:13,679] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:35:13,690] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:35:13,703] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0222 seconds
WARNING [2022-12-07 10:35:14,355] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:35:14,382] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0375 seconds
INFO    [2022-12-07 10:35:15,963] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.32.88', 'timestamp': 1670402115.923448, 'message': 'Dec  7 10:35:14 hqnl0246134 sshd[312727]: Invalid user vyatta from 134.209.32.88 port 33874', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0380 seconds
INFO    [2022-12-07 10:35:15,998] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.32.88', 'timestamp': 1670402115.9237835, 'message': 'Dec  7 10:35:14 hqnl0246134 sshd[312727]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.32.88 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0352 seconds
INFO    [2022-12-07 10:35:16,037] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.32.88', 'timestamp': 1670402115.9239979, 'message': 'Dec  7 10:35:14 hqnl0246134 sshd[312727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.32.88 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0379 seconds
INFO    [2022-12-07 10:35:17,946] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.32.88', 'timestamp': 1670402117.9257765, 'message': 'Dec  7 10:35:16 hqnl0246134 sshd[312727]: Failed password for invalid user vyatta from 134.209.32.88 port 33874 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0202 seconds
INFO    [2022-12-07 10:35:17,967] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '134.209.32.88', 'timestamp': 1670402117.9261992, 'message': 'Dec  7 10:35:17 hqnl0246134 sshd[312727]: Disconnected from invalid user vyatta 134.209.32.88 port 33874 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0197 seconds
INFO    [2022-12-07 10:35:20,108] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:35:20,108] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:35:20,118] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:35:20,130] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0207 seconds
INFO    [2022-12-07 10:35:23,015] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:35:23,016] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:35:23,047] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:35:23,157] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.1373 seconds
INFO    [2022-12-07 10:35:29,973] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '134.209.175.24', 'timestamp': 1670402129.9438906, 'message': 'Dec  7 10:35:28 hqnl0246134 sshd[312755]: pam_imunify(sshd:auth): [IM360_RBL] The IP 134.209.175.24 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0283 seconds
INFO    [2022-12-07 10:35:30,000] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '134.209.175.24', 'timestamp': 1670402129.9444294, 'message': 'Dec  7 10:35:28 hqnl0246134 sshd[312755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.175.24  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0260 seconds
INFO    [2022-12-07 10:35:31,970] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '134.209.175.24', 'timestamp': 1670402131.9489875, 'message': 'Dec  7 10:35:30 hqnl0246134 sshd[312755]: Failed password for root from 134.209.175.24 port 44932 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 10:35:39,984] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402139.9637904, 'message': 'Dec  7 10:35:38 hqnl0246134 sshd[312757]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.73.246 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 10:35:40,004] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402139.9640303, 'message': 'Dec  7 10:35:38 hqnl0246134 sshd[312757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.73.246  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0198 seconds
INFO    [2022-12-07 10:35:41,986] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402141.967503, 'message': 'Dec  7 10:35:40 hqnl0246134 sshd[312757]: Failed password for root from 46.101.73.246 port 33968 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0183 seconds
WARNING [2022-12-07 10:35:53,192] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:35:53,194] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:36:14,055] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402174.0268312, 'message': 'Dec  7 10:36:12 hqnl0246134 sshd[312784]: Invalid user spam from 185.206.134.202 port 40088', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0279 seconds
INFO    [2022-12-07 10:36:14,089] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402174.0273216, 'message': 'Dec  7 10:36:12 hqnl0246134 sshd[312784]: pam_imunify(sshd:auth): [IM360_RBL] The IP 185.206.134.202 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0322 seconds
INFO    [2022-12-07 10:36:14,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402174.0293293, 'message': 'Dec  7 10:36:12 hqnl0246134 sshd[312784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.206.134.202 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0302 seconds
WARNING [2022-12-07 10:36:14,362] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:36:14,390] defence360agent.internals.the_sink: SensorIncidentList(<12 item(s)>) processed in 0.0424 seconds
INFO    [2022-12-07 10:36:16,057] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402176.02905, 'message': 'Dec  7 10:36:14 hqnl0246134 sshd[312784]: Failed password for invalid user spam from 185.206.134.202 port 40088 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0274 seconds
INFO    [2022-12-07 10:36:16,075] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '185.206.134.202', 'timestamp': 1670402176.0293255, 'message': 'Dec  7 10:36:15 hqnl0246134 sshd[312784]: Disconnected from invalid user spam 185.206.134.202 port 40088 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0174 seconds
INFO    [2022-12-07 10:36:19,802] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:36:19,803] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:36:19,811] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:36:19,822] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0185 seconds
INFO    [2022-12-07 10:36:22,416] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:36:22,417] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:36:22,424] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:36:22,435] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0171 seconds
INFO    [2022-12-07 10:36:50,116] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402210.0869453, 'message': 'Dec  7 10:36:49 hqnl0246134 sshd[312837]: pam_imunify(sshd:auth): [IM360_RBL] The IP 162.241.201.224 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0284 seconds
INFO    [2022-12-07 10:36:50,145] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402210.087394, 'message': 'Dec  7 10:36:49 hqnl0246134 sshd[312837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.201.224  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0271 seconds
INFO    [2022-12-07 10:36:52,120] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '162.241.201.224', 'timestamp': 1670402212.089121, 'message': 'Dec  7 10:36:50 hqnl0246134 sshd[312837]: Failed password for root from 162.241.201.224 port 48810 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0308 seconds
WARNING [2022-12-07 10:36:53,197] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:36:53,198] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:36:56,104] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:36:56,104] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:36:56,113] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:36:56,127] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0213 seconds
WARNING [2022-12-07 10:37:14,362] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:37:14,392] defence360agent.internals.the_sink: SensorIncidentList(<4 item(s)>) processed in 0.0399 seconds
INFO    [2022-12-07 10:37:18,135] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:37:18,135] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:37:18,143] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:37:18,155] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0189 seconds
INFO    [2022-12-07 10:37:20,185] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '159.203.85.196', 'timestamp': 1670402240.1482618, 'message': 'Dec  7 10:37:18 hqnl0246134 sshd[312887]: pam_imunify(sshd:auth): [IM360_RBL] The IP 159.203.85.196 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0348 seconds
INFO    [2022-12-07 10:37:20,204] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '159.203.85.196', 'timestamp': 1670402240.148938, 'message': 'Dec  7 10:37:18 hqnl0246134 sshd[312887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.85.196  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0185 seconds
INFO    [2022-12-07 10:37:22,278] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '159.203.85.196', 'timestamp': 1670402242.1486661, 'message': 'Dec  7 10:37:20 hqnl0246134 sshd[312887]: Failed password for root from 159.203.85.196 port 58755 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.1290 seconds
INFO    [2022-12-07 10:37:22,498] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:37:22,499] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:37:22,534] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:37:22,575] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0749 seconds
WARNING [2022-12-07 10:37:53,202] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:37:53,203] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
INFO    [2022-12-07 10:38:02,250] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.82.98.9', 'timestamp': 1670402282.2102027, 'message': 'Dec  7 10:38:00 hqnl0246134 sshd[312936]: Invalid user tom from 92.82.98.9 port 20525', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0382 seconds
INFO    [2022-12-07 10:38:02,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '92.82.98.9', 'timestamp': 1670402282.2107105, 'message': 'Dec  7 10:38:00 hqnl0246134 sshd[312936]: pam_imunify(sshd:auth): [IM360_RBL] The IP 92.82.98.9 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0191 seconds
INFO    [2022-12-07 10:38:02,288] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '92.82.98.9', 'timestamp': 1670402282.2109153, 'message': 'Dec  7 10:38:00 hqnl0246134 sshd[312936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.82.98.9 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 10:38:04,229] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.82.98.9', 'timestamp': 1670402284.208003, 'message': 'Dec  7 10:38:02 hqnl0246134 sshd[312936]: Failed password for invalid user tom from 92.82.98.9 port 20525 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0208 seconds
INFO    [2022-12-07 10:38:04,249] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '92.82.98.9', 'timestamp': 1670402284.2082913, 'message': 'Dec  7 10:38:02 hqnl0246134 sshd[312936]: Disconnected from invalid user tom 92.82.98.9 port 20525 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0194 seconds
WARNING [2022-12-07 10:38:14,365] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:38:14,391] defence360agent.internals.the_sink: SensorIncidentList(<6 item(s)>) processed in 0.0344 seconds
INFO    [2022-12-07 10:38:18,078] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:38:18,079] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:38:18,089] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:38:18,111] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0310 seconds
INFO    [2022-12-07 10:38:20,977] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:38:20,978] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:38:20,985] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:38:20,996] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0179 seconds
INFO    [2022-12-07 10:38:22,252] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402302.2299666, 'message': 'Dec  7 10:38:21 hqnl0246134 sshd[312958]: pam_imunify(sshd:auth): [IM360_RBL] The IP 46.101.73.246 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0216 seconds
INFO    [2022-12-07 10:38:22,275] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402302.2302072, 'message': 'Dec  7 10:38:21 hqnl0246134 sshd[312958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.73.246  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0228 seconds
INFO    [2022-12-07 10:38:24,270] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '46.101.73.246', 'timestamp': 1670402304.233448, 'message': 'Dec  7 10:38:23 hqnl0246134 sshd[312958]: Failed password for root from 46.101.73.246 port 52776 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0356 seconds
INFO    [2022-12-07 10:38:28,272] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:38:28,273] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:38:28,281] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:38:28,294] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0205 seconds
WARNING [2022-12-07 10:38:53,206] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:38:53,208] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:39:14,369] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:39:14,396] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0358 seconds
INFO    [2022-12-07 10:39:18,484] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:39:18,485] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:39:18,493] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:39:18,508] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0225 seconds
INFO    [2022-12-07 10:39:21,207] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:39:21,208] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:39:21,215] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:39:21,226] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0180 seconds
INFO    [2022-12-07 10:39:22,352] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.110.58', 'timestamp': 1670402362.317768, 'message': 'Dec  7 10:39:21 hqnl0246134 sshd[313126]: Invalid user cecilia from 178.128.110.58 port 50758', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0337 seconds
INFO    [2022-12-07 10:39:22,373] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '178.128.110.58', 'timestamp': 1670402362.3180752, 'message': 'Dec  7 10:39:22 hqnl0246134 sshd[313126]: pam_imunify(sshd:auth): [IM360_RBL] The IP 178.128.110.58 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 10:39:22,394] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '178.128.110.58', 'timestamp': 1670402362.318329, 'message': 'Dec  7 10:39:22 hqnl0246134 sshd[313126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.110.58 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0207 seconds
INFO    [2022-12-07 10:39:26,346] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.110.58', 'timestamp': 1670402366.3207269, 'message': 'Dec  7 10:39:24 hqnl0246134 sshd[313126]: Failed password for invalid user cecilia from 178.128.110.58 port 50758 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0244 seconds
INFO    [2022-12-07 10:39:26,365] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '178.128.110.58', 'timestamp': 1670402366.321307, 'message': 'Dec  7 10:39:25 hqnl0246134 sshd[313126]: Disconnected from invalid user cecilia 178.128.110.58 port 50758 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0185 seconds
WARNING [2022-12-07 10:39:53,211] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:39:53,213] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped
WARNING [2022-12-07 10:40:14,377] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:40:14,407] defence360agent.internals.the_sink: SensorIncidentList(<3 item(s)>) processed in 0.0430 seconds
INFO    [2022-12-07 10:40:17,976] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:40:17,977] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:40:17,987] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:40:18,010] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0325 seconds
INFO    [2022-12-07 10:40:18,417] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '202.61.105.17', 'timestamp': 1670402418.3981128, 'message': 'Dec  7 10:40:17 hqnl0246134 sshd[313204]: pam_imunify(sshd:auth): [IM360_RBL] The IP 202.61.105.17 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0187 seconds
INFO    [2022-12-07 10:40:18,435] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '202.61.105.17', 'timestamp': 1670402418.3983524, 'message': 'Dec  7 10:40:17 hqnl0246134 sshd[313204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.61.105.17  user=root', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0172 seconds
INFO    [2022-12-07 10:40:20,421] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5716, 'attackers_ip': '202.61.105.17', 'timestamp': 1670402420.4004962, 'message': 'Dec  7 10:40:19 hqnl0246134 sshd[313204]: Failed password for root from 202.61.105.17 port 42634 ssh2', 'severity': 3, 'name': 'SSHD authentication failed.', 'tag': []}) processed in 0.0203 seconds
INFO    [2022-12-07 10:40:20,807] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:40:20,808] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:40:20,817] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:40:20,828] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0199 seconds
INFO    [2022-12-07 10:40:22,429] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670402422.4099517, 'message': 'Dec  7 10:40:21 hqnl0246134 sshd[313220]: Invalid user linaro from 206.189.113.201 port 53490', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0188 seconds
INFO    [2022-12-07 10:40:22,446] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 6003, 'attackers_ip': '206.189.113.201', 'timestamp': 1670402422.4108074, 'message': 'Dec  7 10:40:21 hqnl0246134 sshd[313220]: pam_imunify(sshd:auth): [IM360_RBL] The IP 206.189.113.201 has been locked due to Imunify RBL', 'severity': 5, 'name': 'Imunify PAM. The IP has been locked by RBL', 'tag': []}) processed in 0.0169 seconds
INFO    [2022-12-07 10:40:22,464] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '206.189.113.201', 'timestamp': 1670402422.410916, 'message': 'Dec  7 10:40:21 hqnl0246134 sshd[313220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.113.201 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0168 seconds
INFO    [2022-12-07 10:40:24,526] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670402424.423677, 'message': 'Dec  7 10:40:23 hqnl0246134 sshd[313220]: Failed password for invalid user linaro from 206.189.113.201 port 53490 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.1013 seconds
INFO    [2022-12-07 10:40:24,547] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '206.189.113.201', 'timestamp': 1670402424.4240813, 'message': 'Dec  7 10:40:24 hqnl0246134 sshd[313220]: Disconnected from invalid user linaro 206.189.113.201 port 53490 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0201 seconds
INFO    [2022-12-07 10:40:28,443] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.171.240', 'timestamp': 1670402428.4186113, 'message': 'Dec  7 10:40:27 hqnl0246134 sshd[313230]: Invalid user jackie from 51.83.171.240 port 59458', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0229 seconds
INFO    [2022-12-07 10:40:28,463] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 2501, 'attackers_ip': '51.83.171.240', 'timestamp': 1670402428.4191892, 'message': 'Dec  7 10:40:28 hqnl0246134 sshd[313230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.171.240 ', 'severity': 3, 'name': 'User authentication failure.', 'tag': []}) processed in 0.0194 seconds
INFO    [2022-12-07 10:40:30,444] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.171.240', 'timestamp': 1670402430.425975, 'message': 'Dec  7 10:40:29 hqnl0246134 sshd[313230]: Failed password for invalid user jackie from 51.83.171.240 port 59458 ssh2', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0184 seconds
INFO    [2022-12-07 10:40:32,453] defence360agent.internals.the_sink: SensorIncident({'method': 'INCIDENT', 'plugin_id': 'ossec', 'rule': 5710, 'attackers_ip': '51.83.171.240', 'timestamp': 1670402432.4329245, 'message': 'Dec  7 10:40:30 hqnl0246134 sshd[313230]: Disconnected from invalid user jackie 51.83.171.240 port 59458 [preauth]', 'severity': 3, 'name': 'Attempt to login using a non-existent user', 'tag': []}) processed in 0.0199 seconds
INFO    [2022-12-07 10:40:33,251] defence360agent.contracts.config: Failed to load license: not registered?
INFO    [2022-12-07 10:40:33,251] defence360agent.simple_rpc: Response: method - ['rstatus'], data - {'result': 'warnings', 'messages': ['License is invalid for current server']}
WARNING [2022-12-07 10:40:33,258] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:40:33,270] defence360agent.internals.the_sink: CommandInvoke({'method': 'COMMAND_INVOKE', 'command': ['rstatus'], 'params': {}, 'calling_process': ['/opt/alt/python38/bin/python3', '/usr/bin/imunify360-agent', 'rstatus']}) processed in 0.0176 seconds
INFO    [2022-12-07 10:40:37,995] im360.plugins.client360: Connecting the Server [await loop.create_connection...]
INFO    [2022-12-07 10:40:38,085] im360.plugins.client360: Connected the Server [connection_made]
INFO    [2022-12-07 10:40:38,086] im360.plugins.client360: Connected the Server [loop.create_connection() succeeded]
INFO    [2022-12-07 10:40:38,086] im360.plugins.client360: await _sink_future...
INFO    [2022-12-07 10:40:38,086] im360.plugins.client360: put ServerConnected() to the bus...
INFO    [2022-12-07 10:40:38,087] im360.plugins.client360: await _connection_lost_event...
INFO    [2022-12-07 10:40:38,098] im360.plugins.client360: All stored messages are sent.
INFO    [2022-12-07 10:40:38,119] defence360agent.internals.the_sink: ServerConnected({}) processed in 0.0316 seconds
WARNING [2022-12-07 10:40:38,127] im360.plugins.client360: message with server_id=None will not be sent to the Server.
WARNING [2022-12-07 10:40:38,129] im360.plugins.client360: message with server_id=None will not be sent to the Server.
INFO    [2022-12-07 10:40:38,148] defence360agent.internals.the_sink: Ping({'method': 'PING', 'version': '6.7.3-1'}) processed in 0.0347 seconds
INFO    [2022-12-07 10:40:38,149] defence360agent.internals.the_sink: SynclistRequest({'method': 'SYNCLIST', 'timestamp': 0.0}) processed in 0.0329 seconds
WARNING [2022-12-07 10:40:53,215] im360.subsys.panels.base: Can't get RBL whitelist path. ModSecurity ruleset error: No vendors installed
INFO    [2022-12-07 10:40:53,216] im360.subsys.whitelist_rbl: RBL whitelist path is undefined. Creation skipped